From 93d03d65134d5bb697e52dae3c4fa1cbb1a304b1 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Thu, 9 May 2024 21:03:27 +0200 Subject: [PATCH] Generate various config from nix --- kubenix-modules/hedgedoc.nix | 11 +++------ kubenix-modules/radicale.nix | 47 ++++++++++++++++++------------------ kubenix-modules/traefik.nix | 39 +++++++++++++++--------------- 3 files changed, 47 insertions(+), 50 deletions(-) diff --git a/kubenix-modules/hedgedoc.nix b/kubenix-modules/hedgedoc.nix index 327b112..23242b0 100644 --- a/kubenix-modules/hedgedoc.nix +++ b/kubenix-modules/hedgedoc.nix @@ -1,4 +1,4 @@ -{ +{ lib, ... }: { kubernetes.resources = { configMaps = { hedgedoc-env.data = { @@ -11,12 +11,9 @@ CMD_CSP_ENABLE = "false"; }; - # TODO: convert from nix - hedgedoc-config.data.config = '' - { - "useSSL": false - } - ''; + hedgedoc-config.data.config = lib.generators.toJSON { } { + useSSL = false; + }; }; secrets.hedgedoc.stringData = { diff --git a/kubenix-modules/radicale.nix b/kubenix-modules/radicale.nix index b5b531f..8262f83 100644 --- a/kubenix-modules/radicale.nix +++ b/kubenix-modules/radicale.nix @@ -1,35 +1,36 @@ -{ +{ lib, ... }: { kubernetes.resources = { configMaps.radicale.data = { users = "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ."; - # TODO: Can this be generated with nix? - config = '' - [server] - hosts = 0.0.0.0:5232, [::]:5232 - ssl = False + config = lib.generators.toINI { } { + server = { + hosts = "0.0.0.0:5232, [::]:5232"; + ssl = false; + }; - [encoding] - request = utf-8 - stock = utf-8 + encoding = { + request = "utf-8"; + stock = "utf-8"; + }; - [auth] - realm = Radicale - Password Required - type = htpasswd - htpasswd_filename = /config/users - htpasswd_encryption = md5 + auth = { + realm = "Radicale - Password Required"; + type = "htpasswd"; + htpasswd_filename = "/config/users"; + htpasswd_encryption = "md5"; + }; - [rights] - type = owner_only + rights.type = "owner_only"; - [storage] - type = multifilesystem - filesystem_folder = /data + storage = { + type = "multifilesystem"; + filesystem_folder = "/data"; + }; - [logging] - - [headers] - ''; + logging = { }; + headers = { }; + }; }; deployments.radicale = { diff --git a/kubenix-modules/traefik.nix b/kubenix-modules/traefik.nix index f431de7..d6ee15e 100644 --- a/kubenix-modules/traefik.nix +++ b/kubenix-modules/traefik.nix @@ -1,4 +1,4 @@ -{ myLib, ... }: { +{ lib, myLib, ... }: { kubernetes.resources.helmChartConfigs = { traefik = { metadata.namespace = "kube-system"; @@ -6,25 +6,24 @@ # Override Traefik's service with a static load balancer IP. # Create endpoint for HTTPS on port 444. # Allow external name services for esrom. - spec.valuesContent = '' - service: - spec: - annotations: {"metallb.universe.tf/loadBalancerIPs":"${myLib.globals.traefikIPv4}"} - ports: - localsecure: - port: 8444 - expose: true - exposedPort: 444 - protocol: TCP - tls: - enabled: true - options: "" - certResolver: "" - domains: [] - providers: - kubernetesIngress: - allowExternalNameServices: true - ''; + spec.valuesContent = lib.generators.toYAML { } { + service.spec.annotations."metallb.universe.tf/loadBalancerIPs" = myLib.globals.traefikIPv4; + providers.kubernetesIngress.allowExternalNameServices = true; + + ports.localsecure = { + port = 8444; + expose = true; + exposedPort = 444; + protocol = "TCP"; + + tls = { + enabled = true; + options = ""; + certResolver = ""; + domains = [ ]; + }; + }; + }; }; };