Generate various config from nix

2024-05-09 21:03:27 +02:00 · 2024-05-09 21:03:27 +02:00 · 93d03d6513
commit 93d03d6513
parent 1e4707ee3e
3 changed files with 47 additions and 50 deletions
--- a/kubenix-modules/hedgedoc.nix
+++ b/kubenix-modules/hedgedoc.nix
@ -1,4 +1,4 @@
-{
+{ lib, ... }: {
  kubernetes.resources = {
    configMaps = {
      hedgedoc-env.data = {
@ -11,12 +11,9 @@
        CMD_CSP_ENABLE = "false";
      };
-      # TODO: convert from nix
+      hedgedoc-config.data.config = lib.generators.toJSON { } {
-      hedgedoc-config.data.config = ''
+        useSSL = false;
-        {
+      };
          "useSSL": false
        }
      '';
    };
    secrets.hedgedoc.stringData = {
--- a/kubenix-modules/radicale.nix
+++ b/kubenix-modules/radicale.nix
@ -1,35 +1,36 @@
-{
+{ lib, ... }: {
  kubernetes.resources = {
    configMaps.radicale.data = {
      users = "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ.";
-      # TODO: Can this be generated with nix?
+      config = lib.generators.toINI { } {
-      config = ''
+        server = {
-        [server]
+          hosts = "0.0.0.0:5232, [::]:5232";
-        hosts = 0.0.0.0:5232, [::]:5232
+          ssl = false;
-        ssl = False
+        };
-        [encoding]
+        encoding = {
-        request = utf-8
+          request = "utf-8";
-        stock = utf-8
+          stock = "utf-8";
        };
-        [auth]
+        auth = {
-        realm = Radicale - Password Required
+          realm = "Radicale - Password Required";
-        type = htpasswd
+          type = "htpasswd";
-        htpasswd_filename = /config/users
+          htpasswd_filename = "/config/users";
-        htpasswd_encryption = md5
+          htpasswd_encryption = "md5";
        };
-        [rights]
+        rights.type = "owner_only";
        type = owner_only
-        [storage]
+        storage = {
-        type = multifilesystem
+          type = "multifilesystem";
-        filesystem_folder = /data
+          filesystem_folder = "/data";
        };
-        [logging]
+        logging = { };
-
+        headers = { };
-        [headers]
+      };
      '';
    };
    deployments.radicale = {
--- a/kubenix-modules/traefik.nix
+++ b/kubenix-modules/traefik.nix
@ -1,4 +1,4 @@
-{ myLib, ... }: {
+{ lib, myLib, ... }: {
  kubernetes.resources.helmChartConfigs = {
    traefik = {
      metadata.namespace = "kube-system";
@ -6,25 +6,24 @@
      # Override Traefik's service with a static load balancer IP.
      # Create endpoint for HTTPS on port 444.
      # Allow external name services for esrom.
-      spec.valuesContent = ''
+      spec.valuesContent = lib.generators.toYAML { } {
-        service:
+        service.spec.annotations."metallb.universe.tf/loadBalancerIPs" = myLib.globals.traefikIPv4;
-          spec:
+        providers.kubernetesIngress.allowExternalNameServices = true;
-            annotations: {"metallb.universe.tf/loadBalancerIPs":"${myLib.globals.traefikIPv4}"}
+
-        ports:
+        ports.localsecure = {
-          localsecure:
+          port = 8444;
-            port: 8444
+          expose = true;
-            expose: true
+          exposedPort = 444;
-            exposedPort: 444
+          protocol = "TCP";
-            protocol: TCP
+
-            tls:
+          tls = {
-              enabled: true
+            enabled = true;
-              options: ""
+            options = "";
-              certResolver: ""
+            certResolver = "";
-              domains: []
+            domains = [ ];
-        providers:
+          };
-          kubernetesIngress:
+        };
-            allowExternalNameServices: true
+      };
      '';
    };
  };