Generate various config from nix

2024-05-09 21:03:27 +02:00 · 2024-05-09 21:03:27 +02:00 · 93d03d6513
commit 93d03d6513
parent 1e4707ee3e
3 changed files with 47 additions and 50 deletions
--- a/kubenix-modules/hedgedoc.nix
+++ b/kubenix-modules/hedgedoc.nix
@ -1,4 +1,4 @@
-{
+{ lib, ... }: {
  kubernetes.resources = {
    configMaps = {
      hedgedoc-env.data = {
@ -11,12 +11,9 @@
        CMD_CSP_ENABLE = "false";
      };

-      # TODO: convert from nix
-      hedgedoc-config.data.config = ''
-        {
-          "useSSL": false
-        }
-      '';
+      hedgedoc-config.data.config = lib.generators.toJSON { } {
+        useSSL = false;
+      };
    };

    secrets.hedgedoc.stringData = {
--- a/kubenix-modules/radicale.nix
+++ b/kubenix-modules/radicale.nix
@ -1,35 +1,36 @@
-{
+{ lib, ... }: {
  kubernetes.resources = {
    configMaps.radicale.data = {
      users = "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ.";

-      # TODO: Can this be generated with nix?
-      config = ''
-        [server]
-        hosts = 0.0.0.0:5232, [::]:5232
-        ssl = False
+      config = lib.generators.toINI { } {
+        server = {
+          hosts = "0.0.0.0:5232, [::]:5232";
+          ssl = false;
+        };

-        [encoding]
-        request = utf-8
-        stock = utf-8
+        encoding = {
+          request = "utf-8";
+          stock = "utf-8";
+        };

-        [auth]
-        realm = Radicale - Password Required
-        type = htpasswd
-        htpasswd_filename = /config/users
-        htpasswd_encryption = md5
+        auth = {
+          realm = "Radicale - Password Required";
+          type = "htpasswd";
+          htpasswd_filename = "/config/users";
+          htpasswd_encryption = "md5";
+        };

-        [rights]
-        type = owner_only
+        rights.type = "owner_only";

-        [storage]
-        type = multifilesystem
-        filesystem_folder = /data
+        storage = {
+          type = "multifilesystem";
+          filesystem_folder = "/data";
+        };

-        [logging]
-
-        [headers]
-      '';
+        logging = { };
+        headers = { };
+      };
    };

    deployments.radicale = {
--- a/kubenix-modules/traefik.nix
+++ b/kubenix-modules/traefik.nix
@ -1,4 +1,4 @@
-{ myLib, ... }: {
+{ lib, myLib, ... }: {
  kubernetes.resources.helmChartConfigs = {
    traefik = {
      metadata.namespace = "kube-system";
@ -6,25 +6,24 @@
      # Override Traefik's service with a static load balancer IP.
      # Create endpoint for HTTPS on port 444.
      # Allow external name services for esrom.
-      spec.valuesContent = ''
-        service:
-          spec:
-            annotations: {"metallb.universe.tf/loadBalancerIPs":"${myLib.globals.traefikIPv4}"}
-        ports:
-          localsecure:
-            port: 8444
-            expose: true
-            exposedPort: 444
-            protocol: TCP
-            tls:
-              enabled: true
-              options: ""
-              certResolver: ""
-              domains: []
-        providers:
-          kubernetesIngress:
-            allowExternalNameServices: true
-      '';
+      spec.valuesContent = lib.generators.toYAML { } {
+        service.spec.annotations."metallb.universe.tf/loadBalancerIPs" = myLib.globals.traefikIPv4;
+        providers.kubernetesIngress.allowExternalNameServices = true;
+
+        ports.localsecure = {
+          port = 8444;
+          expose = true;
+          exposedPort = 444;
+          protocol = "TCP";
+
+          tls = {
+            enabled = true;
+            options = "";
+            certResolver = "";
+            domains = [ ];
+          };
+        };
+      };
    };
  };