From 903a5f4cec97796aa5a89db54a1f5b7b4269bf15 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Fri, 29 Mar 2024 12:04:16 +0100 Subject: [PATCH] migrate nextcloud to kubernetes --- docker_swarm/playbooks/stacks.yml | 1 - .../roles/traefik/docker-stack.yml.j2 | 6 ++ nix/flake/kubenix/nextcloud.nix | 79 +++++++++++++++++++ 3 files changed, 85 insertions(+), 1 deletion(-) diff --git a/docker_swarm/playbooks/stacks.yml b/docker_swarm/playbooks/stacks.yml index 5c68cc5..beafc57 100644 --- a/docker_swarm/playbooks/stacks.yml +++ b/docker_swarm/playbooks/stacks.yml @@ -5,7 +5,6 @@ - {role: traefik, tags: traefik} - {role: forgejo, tags: forgejo} - {role: swarm_dashboard, tags: swarm_dashboard} - - {role: nextcloud, tags: nextcloud} - {role: kitchenowl, tags: kitchenowl} - {role: paperless-ngx, tags: paperless-ngx} - {role: media, tags: media} diff --git a/docker_swarm/roles/traefik/docker-stack.yml.j2 b/docker_swarm/roles/traefik/docker-stack.yml.j2 index 1d8f467..182c35c 100644 --- a/docker_swarm/roles/traefik/docker-stack.yml.j2 +++ b/docker_swarm/roles/traefik/docker-stack.yml.j2 @@ -96,6 +96,12 @@ services: - traefik.http.routers.hedgedoc.rule=Host(`md.kun.is`) - traefik.http.routers.hedgedoc.tls=true - traefik.http.routers.hedgedoc.tls.certresolver=letsencrypt + + - traefik.http.routers.nextcloud.entrypoints=websecure + - traefik.http.routers.nextcloud.service=k3s@file + - traefik.http.routers.nextcloud.rule=Host(`cloud.kun.is`) + - traefik.http.routers.nextcloud.tls=true + - traefik.http.routers.nextcloud.tls.certresolver=letsencrypt volumes: - type: bind source: /var/run/docker.sock diff --git a/nix/flake/kubenix/nextcloud.nix b/nix/flake/kubenix/nextcloud.nix index 7d9f3f2..3796814 100644 --- a/nix/flake/kubenix/nextcloud.nix +++ b/nix/flake/kubenix/nextcloud.nix @@ -1,5 +1,56 @@ { kubernetes.resources = { + configMaps.nextcloud.data = { + POSTGRES_USER = "nextcloud"; + POSTGRES_DB = "nextcloud"; + POSTGRES_HOST = "lewis.dmz"; + }; + + secrets.nextcloud.stringData.databasePassword = "ref+file:///home/pim/.config/home/vals.yaml#/nextcloud/databasePassword"; + + deployments.nextcloud = { + metadata.labels.app = "nextcloud"; + + spec = { + selector.matchLabels.app = "nextcloud"; + + template = { + metadata.labels.app = "nextcloud"; + + spec = { + containers.nextcloud = { + image = "nextcloud:27"; + envFrom = [{ configMapRef.name = "nextcloud"; }]; + + ports = [{ + containerPort = 80; + protocol = "TCP"; + }]; + + env = [{ + name = "POSTGRES_PASSWORD"; + + valueFrom.secretKeyRef = { + name = "nextcloud"; + key = "databasePassword"; + }; + }]; + + volumeMounts = [{ + name = "data"; + mountPath = "/var/www/html"; + }]; + }; + + volumes = [{ + name = "data"; + persistentVolumeClaim.claimName = "nextcloud"; + }]; + }; + }; + }; + }; + persistentVolumes.nextcloud.spec = { capacity.storage = "1Mi"; accessModes = [ "ReadWriteMany" ]; @@ -16,5 +67,33 @@ resources.requests.storage = "1Mi"; volumeName = "nextcloud"; }; + + services.nextcloud.spec = { + selector.app = "nextcloud"; + + ports = [{ + protocol = "TCP"; + port = 80; + targetPort = 80; + }]; + }; + + ingresses.nextcloud.spec = { + ingressClassName = "traefik"; + + rules = [{ + host = "cloud.kun.is"; + + http.paths = [{ + path = "/"; + pathType = "Prefix"; + + backend.service = { + name = "nextcloud"; + port.number = 80; + }; + }]; + }]; + }; }; }