diff --git a/docker_swarm/playbooks/stacks.yml b/docker_swarm/playbooks/stacks.yml index f0c73b2..dac1960 100644 --- a/docker_swarm/playbooks/stacks.yml +++ b/docker_swarm/playbooks/stacks.yml @@ -4,7 +4,6 @@ roles: - {role: traefik, tags: traefik} - {role: forgejo, tags: forgejo} - - {role: radicale, tags: radicale} - {role: hedgedoc, tags: hedgedoc} - {role: swarm_dashboard, tags: swarm_dashboard} - {role: pihole, tags: pihole} diff --git a/docker_swarm/roles/traefik/docker-stack.yml.j2 b/docker_swarm/roles/traefik/docker-stack.yml.j2 index bffa3ed..97aee88 100644 --- a/docker_swarm/roles/traefik/docker-stack.yml.j2 +++ b/docker_swarm/roles/traefik/docker-stack.yml.j2 @@ -72,6 +72,12 @@ services: - traefik.http.routers.inbucket.rule=Host(`inbucket.kun.is`) - traefik.http.routers.inbucket.tls=true - traefik.http.routers.inbucket.tls.certresolver=letsencrypt + + - traefik.http.routers.radicale.entrypoints=websecure + - traefik.http.routers.radicale.service=k3s@file + - traefik.http.routers.radicale.rule=Host(`dav.kun.is`) + - traefik.http.routers.radicale.tls=true + - traefik.http.routers.radicale.tls.certresolver=letsencrypt volumes: - type: bind source: /var/run/docker.sock diff --git a/nix/flake/kubenix/default.nix b/nix/flake/kubenix/default.nix index beb8058..0bc0522 100644 --- a/nix/flake/kubenix/default.nix +++ b/nix/flake/kubenix/default.nix @@ -11,6 +11,7 @@ ./cyberchef.nix ./kms.nix ./inbucket.nix + ./radicale.nix ]; kubernetes.kubeconfig = "~/.kube/config"; kubenix.project = "home"; diff --git a/nix/flake/kubenix/radicale.nix b/nix/flake/kubenix/radicale.nix new file mode 100644 index 0000000..967152e --- /dev/null +++ b/nix/flake/kubenix/radicale.nix @@ -0,0 +1,131 @@ +{ + kubernetes.resources = { + configMaps.radicale.data = { + users = "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ."; + + # TODO: Can this be generated with nix? + config = '' + [server] + hosts = 0.0.0.0:5232, [::]:5232 + ssl = False + + [encoding] + request = utf-8 + stock = utf-8 + + [auth] + realm = Radicale - Password Required + type = htpasswd + htpasswd_filename = /config/users + htpasswd_encryption = md5 + + [rights] + type = owner_only + + [storage] + type = multifilesystem + filesystem_folder = /data + + [logging] + + [headers] + ''; + }; + + deployments.radicale = { + metadata.labels.app = "radicale"; + + spec = { + selector.matchLabels.app = "radicale"; + + template = { + metadata.labels.app = "radicale"; + + spec = { + containers.radicale = { + image = "tomsquest/docker-radicale"; + + ports = [{ + containerPort = 5232; + protocol = "TCP"; + }]; + + volumeMounts = [ + { + name = "data"; + mountPath = "/data"; + } + { + name = "config"; + mountPath = "/config/config"; + subPath = "config"; + } + { + name = "config"; + mountPath = "/config/users"; + subPath = "users"; + } + ]; + }; + + volumes = [ + { + name = "data"; + persistentVolumeClaim.claimName = "radicale"; + } + { + name = "config"; + configMap.name = "radicale"; + } + ]; + }; + }; + }; + }; + + persistentVolumes.radicale.spec = { + capacity.storage = "1Mi"; + accessModes = [ "ReadWriteMany" ]; + + nfs = { + server = "lewis.hyp"; + path = "/mnt/data/nfs/radicale"; + }; + }; + + persistentVolumeClaims.radicale.spec = { + accessModes = [ "ReadWriteMany" ]; + storageClassName = ""; + resources.requests.storage = "1Mi"; + volumeName = "radicale"; + }; + + services.radicale.spec = { + selector.app = "radicale"; + + ports = [{ + protocol = "TCP"; + port = 80; + targetPort = 5232; + }]; + }; + + ingresses.radicale.spec = { + ingressClassName = "traefik"; + + rules = [{ + host = "dav.kun.is"; + + http.paths = [{ + path = "/"; + pathType = "Prefix"; + + backend.service = { + name = "radicale"; + port.number = 80; + }; + }]; + }]; + }; + }; +}