home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

Migrate hedgedoc database to kubernetes

Browse source
This commit is contained in:
Pim Kunis 2024-05-25 16:07:11 +02:00
parent 0fe9bf287f
commit 99893f2ed2
4 changed files with 119 additions and 46 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

84
kubenix-modules/hedgedoc.nix
View file

@ -14,6 +14,13 @@
hedgedoc-config.data.config = lib.generators.toJSON { } { hedgedoc-config.data.config = lib.generators.toJSON { } {
useSSL = false; useSSL = false;
}; };
hedgedoc-db-env.data = {
POSTGRES_DB = "hedgedoc";
POSTGRES_USER = "hedgedoc";
POSTGRES_PASSWORD = "ref+sops://secrets/sops.yaml#/hedgedoc/databasePassword";
PGDATA = "/pgdata/data";
};
}; };
secrets.hedgedoc.stringData = { secrets.hedgedoc.stringData = {
@ -21,14 +28,24 @@
sessionSecret = "ref+sops://secrets/sops.yaml#/hedgedoc/sessionSecret"; sessionSecret = "ref+sops://secrets/sops.yaml#/hedgedoc/sessionSecret";
}; };
deployments.hedgedoc = { deployments = {
metadata.labels.app = "hedgedoc"; hedgedoc = {
metadata.labels = {
app = "hedgedoc";
component = "website";
};
spec = { spec = {
selector.matchLabels.app = "hedgedoc"; selector.matchLabels = {
app = "hedgedoc";
component = "website";
};
template = { template = {
metadata.labels.app = "hedgedoc"; metadata.labels = {
app = "hedgedoc";
component = "website";
};
spec = { spec = {
containers.hedgedoc = { containers.hedgedoc = {
@ -75,14 +92,69 @@
}; };
}; };
services.hedgedoc.spec = { hedgedoc-db = {
selector.app = "hedgedoc"; metadata.labels = {
app = "hedgedoc";
component = "database";
};
spec = {
selector.matchLabels = {
app = "hedgedoc";
component = "database";
};
template = {
metadata.labels = {
app = "hedgedoc";
component = "database";
};
spec = {
containers.postgres = {
image = "postgres:15";
imagePullPolicy = "IfNotPresent";
ports.postgres.containerPort = 5432;
envFrom = [{ configMapRef.name = "hedgedoc-db-env"; }];
volumeMounts = [{
name = "data";
mountPath = "/pgdata";
}];
};
volumes.data.persistentVolumeClaim.claimName = "hedgedoc-db";
};
};
};
};
};
services = {
hedgedoc.spec = {
selector = {
app = "hedgedoc";
component = "website";
};
ports.web = { ports.web = {
port = 80; port = 80;
targetPort = "web"; targetPort = "web";
}; };
}; };
hedgedoc-db.spec = {
selector = {
app = "hedgedoc";
component = "database";
};
ports.postgres = {
port = 5432;
targetPort = "postgres";
};
};
};
}; };
lab = { lab = {

1
kubenix-modules/volumes.nix
View file

@ -2,6 +2,7 @@
lab = { lab = {
longhornVolumes = { longhornVolumes = {
hedgedoc-uploads.storage = "50Mi"; hedgedoc-uploads.storage = "50Mi";
hedgedoc-db.storage = "100Mi";
freshrss.storage = "400Mi"; freshrss.storage = "400Mi";
radicale.storage = "200Mi"; radicale.storage = "200Mi";
minecraft.storage = "1Gi"; minecraft.storage = "1Gi";

1
nixos-modules/data-sharing.nix
View file

@ -69,7 +69,6 @@ in
authentication = '' authentication = ''
host nextcloud nextcloud all md5 host nextcloud nextcloud all md5
host hedgedoc hedgedoc all md5
host paperless paperless all md5 host paperless paperless all md5
host attic attic all md5 host attic attic all md5
''; '';

7
secrets/sops.yaml
View file

@ -3,8 +3,9 @@ freshrss:
pihole: pihole:
password: ENC[AES256_GCM,data:RkKI/R+mdN0vJRMVKjBJF4y5PKj2J2keg0CsjCiXgZPvFl6jnPqTnQ==,iv:5waAzXb42SHEKAHmEVoIBCkhIJDCunrvaUNg4YI+1xw=,tag:FjGeyZ5G5Cp0imoIbkoBVw==,type:str] password: ENC[AES256_GCM,data:RkKI/R+mdN0vJRMVKjBJF4y5PKj2J2keg0CsjCiXgZPvFl6jnPqTnQ==,iv:5waAzXb42SHEKAHmEVoIBCkhIJDCunrvaUNg4YI+1xw=,tag:FjGeyZ5G5Cp0imoIbkoBVw==,type:str]
hedgedoc: hedgedoc:
databaseURL: ENC[AES256_GCM,data:8VS1+EWCWAA3uQ8MVloSD57o3QKPmhvww8utnE2JJGDFMKb6irCNVwkwjRxr8fSnV+wjUvTONfAv+Wm/VBI2PfYgyaSgQD66BdjnQDicTPR9UHqB,iv:d2VHutdOkeyM1Sqwn3khHPOdZkV43RyDb0jQQUe5AxE=,tag:L3EFLzFW6KJNuWqK8IZ3yw==,type:str] databaseURL: ENC[AES256_GCM,data:hFJIu3Jan1XknGDl5v//kpwafIz05gdH9n8S9BduWq18tPhwdl3ZPzGuQpCAmbLmZj9TVnTySmb9hVP2j9XEc8czH8J1Kvi5WyR4l58+DZO6XM44l8ttO/EMmx/d2oO0UNMrG3piVPAbpL5iMMIypw==,iv:85XDeM8VEGi3nDsU6TxJZJt5yH8R9UWUJOf2uebf9gQ=,tag:1N6B/JQnqOOAt9VCkLcIRQ==,type:str]
sessionSecret: ENC[AES256_GCM,data:Qq2FzcIXWbf7FWm0/K1yMl8tmVdNtv3+DGVST3NM2t9N3IJ+Vbz2PKRy3UX2oPJGthIoXChAaWTNU7WGV2zEBA==,iv:aQvXrbUX3ZCpY2OkFDpbl2XHwCDwLwXjiV2Ny4bjoyE=,tag:wPmROgRmWcvilj/W0RANVQ==,type:str] sessionSecret: ENC[AES256_GCM,data:Qq2FzcIXWbf7FWm0/K1yMl8tmVdNtv3+DGVST3NM2t9N3IJ+Vbz2PKRy3UX2oPJGthIoXChAaWTNU7WGV2zEBA==,iv:aQvXrbUX3ZCpY2OkFDpbl2XHwCDwLwXjiV2Ny4bjoyE=,tag:wPmROgRmWcvilj/W0RANVQ==,type:str]
databasePassword: ENC[AES256_GCM,data:h3xt+libyQVvG51ttyYF6Lhq3QmYptu7Vx7/lZBytw5I8I1/zLMB6g==,iv:DuWMA82HyuupALguemWJmZ0hUA9oPyXB6tTcy3VFGKk=,tag:4ExOslyo8Kjyn7STpjqYAg==,type:str]
nextcloud: nextcloud:
databasePassword: ENC[AES256_GCM,data:9mkwB4uKUlt1E20n7Wxr9PnKc1bxkYVO5Ph/dFfcuGA=,iv:U3IUz+7izoaeQi03xghDM1dZK01ICi3+r6r3mvNh8u0=,tag:aGKQyzZX210SNTRlvoHUig==,type:str] databasePassword: ENC[AES256_GCM,data:9mkwB4uKUlt1E20n7Wxr9PnKc1bxkYVO5Ph/dFfcuGA=,iv:U3IUz+7izoaeQi03xghDM1dZK01ICi3+r6r3mvNh8u0=,tag:aGKQyzZX210SNTRlvoHUig==,type:str]
paperless-ngx: paperless-ngx:
@ -42,8 +43,8 @@ sops:
cHJRZWpDdWZlSnh3Qm1GZ28vZ0p0ZjAK7+BS6YQ2cUD21XCISBeNLSUNgNFQfSKI cHJRZWpDdWZlSnh3Qm1GZ28vZ0p0ZjAK7+BS6YQ2cUD21XCISBeNLSUNgNFQfSKI
zL/AAqsVoBTrEs7s9fxmWmVm21/M3ZTYfU6Z6gIr6YEWe1pehRd6ZQ== zL/AAqsVoBTrEs7s9fxmWmVm21/M3ZTYfU6Z6gIr6YEWe1pehRd6ZQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-23T18:15:08Z" lastmodified: "2024-05-25T14:05:10Z"
mac: ENC[AES256_GCM,data:NUI//u2YJ5w3FyfFBaN7hzdeCKBzmoqMBQ60hhN5vLHf45QNgDtpVo7owaGOClSjaJWMwXHwvVsHWHgu4FlHh6ZPcevjNfZEW8E/kYiczcJTBOyvwuPz7hxSyIRmNC1ijChZgHgKF4ldxm/IscblSIMiLovmgpO5yQre1m89CLg=,iv:uJ22dS/jEKR3/kLbu9CgwgNgEn5YFyv/Kn8dxIwsvFg=,tag:LttLQ6yPD+/kpi7Zt5tZYQ==,type:str] mac: ENC[AES256_GCM,data:x0PAMb5EtfuOSzfBv0chWBQUz4+grZEZbzRpXp0xKgMX72jFV+RmmJGL4jfaVXFKnNyFRecQn92UhBNHx1JOVmDMdnEY50CNe3+H6oTTNJpgXRjebIs82NtwbQM/0wUB7PPSFjC0cKAONx5djAnXEs9pRUmRyWMI5I0Uhxz9FCA=,iv:H0JuHLcP0P83e4kaY0mPQRFbMRr6uUcTdRquWSD/VbQ=,tag:k72CmvwU5doNldpFlUy/TQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1