From a8d9e4f6345b30338f53b876bb8f50932494f706 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Sun, 14 Jul 2024 22:58:06 +0200 Subject: [PATCH] feat(paperless-ngx): Move to separate k8s namespace --- README.md | 1 + flake-parts/kubenix.nix | 2 + kubenix-modules/all.nix | 1 - kubenix-modules/base.nix | 1 + kubenix-modules/paperless.nix | 244 +++++++++++++++++++--------------- kubenix-modules/volumes.nix | 6 +- 6 files changed, 141 insertions(+), 114 deletions(-) diff --git a/README.md b/README.md index b513cc6..3ce0544 100644 --- a/README.md +++ b/README.md @@ -62,6 +62,7 @@ Currently, the applications being deployed like this are: - `hedgedoc` - `kitchenowl` - `forgejo` +- `paperless-ngx` ## Known bugs diff --git a/flake-parts/kubenix.nix b/flake-parts/kubenix.nix index 967fa02..3558332 100644 --- a/flake-parts/kubenix.nix +++ b/flake-parts/kubenix.nix @@ -84,4 +84,6 @@ "${self}/kubenix-modules/kitchenowl.nix" "kitchenowl" "kitchenowl"; kubenix.forgejo = mkDeployScriptAndManifest "${self}/kubenix-modules/forgejo" "forgejo" "forgejo"; + kubenix.paperless = mkDeployScriptAndManifest + "${self}/kubenix-modules/paperless.nix" "paperless" "paperless"; }) diff --git a/kubenix-modules/all.nix b/kubenix-modules/all.nix index d090f6c..0f2bf41 100644 --- a/kubenix-modules/all.nix +++ b/kubenix-modules/all.nix @@ -3,7 +3,6 @@ let ./inbucket.nix ./syncthing.nix ./pihole.nix - ./paperless.nix ./media.nix ./bind9 ./dnsmasq.nix diff --git a/kubenix-modules/base.nix b/kubenix-modules/base.nix index a26bf78..7634b80 100644 --- a/kubenix-modules/base.nix +++ b/kubenix-modules/base.nix @@ -70,6 +70,7 @@ hedgedoc = { }; kitchenowl = { }; forgejo = { }; + paperless = { }; }; nodes = diff --git a/kubenix-modules/paperless.nix b/kubenix-modules/paperless.nix index 52f3989..35caecd 100644 --- a/kubenix-modules/paperless.nix +++ b/kubenix-modules/paperless.nix @@ -1,168 +1,175 @@ { kubernetes.resources = { - configMaps = { - paperless.data = { - PAPERLESS_REDIS = "redis://paperless-redis.default.svc.cluster.local:6379"; - PAPERLESS_DBENGINE = "postgresql"; - PAPERLESS_DBHOST = "paperless-db.default.svc.cluster.local"; - PAPERLESS_DBNAME = "paperless"; - PAPERLESS_DBUSER = "paperless"; - PAPERLESS_DATA_DIR = "/data/"; - PAPERLESS_MEDIA_ROOT = "/data/"; - PAPERLESS_OCR_LANGUAGES = "nld eng"; - PAPERLESS_URL = "https://paperless.kun.is"; - PAPERLESS_TIME_ZONE = "Europe/Amsterdam"; - PAPERLESS_OCR_LANGUAGE = "nld"; - USERMAP_UID = "33"; - USERMAP_GID = "33"; - }; - - paperless-db-env.data = { - POSTGRES_DB = "paperless"; - POSTGRES_USER = "paperless"; - POSTGRES_PASSWORD = "ref+sops://secrets/kubernetes.yaml#/paperless/databasePassword"; - PGDATA = "/pgdata/data"; - }; - }; - - secrets.paperless.stringData = { - databasePassword = "ref+sops://secrets/kubernetes.yaml#/paperless/databasePassword"; - secretKey = "ref+sops://secrets/kubernetes.yaml#/paperless/secretKey"; + secrets = { + database.stringData.password = "ref+sops://secrets/kubernetes.yaml#/paperless/databasePassword"; + server.stringData.secretKey = "ref+sops://secrets/kubernetes.yaml#/paperless/secretKey"; }; deployments = { - paperless-web = { - metadata.labels = { + server.spec = { + selector.matchLabels = { app = "paperless"; component = "web"; }; - spec = { - selector.matchLabels = { + strategy = { + type = "RollingUpdate"; + + rollingUpdate = { + maxSurge = 0; + maxUnavailable = 1; + }; + }; + + template = { + metadata.labels = { app = "paperless"; component = "web"; }; - template = { - metadata.labels = { - app = "paperless"; - component = "web"; - }; + spec = { + volumes.data.persistentVolumeClaim.claimName = "data"; - spec = { - volumes.data.persistentVolumeClaim.claimName = "paperless-data"; + containers.paperless = { + image = "ghcr.io/paperless-ngx/paperless-ngx:2.3"; + imagePullPolicy = "Always"; + ports.web.containerPort = 8000; - containers.paperless = { - image = "ghcr.io/paperless-ngx/paperless-ngx:2.3"; - envFrom = [{ configMapRef.name = "paperless"; }]; - ports.web.containerPort = 8000; + env = { + PAPERLESS_REDIS.value = "redis://redis.paperless.svc.cluster.local:6379"; + PAPERLESS_DBENGINE.value = "postgresql"; + PAPERLESS_DBHOST.value = "database.paperless.svc.cluster.local"; + PAPERLESS_DBNAME.value = "paperless"; + PAPERLESS_DBUSER.value = "paperless"; + PAPERLESS_DATA_DIR.value = "/data/"; + PAPERLESS_MEDIA_ROOT.value = "/data/"; + PAPERLESS_OCR_LANGUAGES.value = "nld eng"; + PAPERLESS_URL.value = "https://paperless.kun.is"; + PAPERLESS_TIME_ZONE.value = "Europe/Amsterdam"; + PAPERLESS_OCR_LANGUAGE.value = "nld"; + USERMAP_UID.value = "33"; + USERMAP_GID.value = "33"; - env = { - PAPERLESS_DBPASS.valueFrom.secretKeyRef = { - name = "paperless"; - key = "databasePassword"; - }; - PAPERLESS_SECRET_KEY.valueFrom.secretKeyRef = { - name = "paperless"; - key = "secretKey"; - }; + PAPERLESS_DBPASS.valueFrom.secretKeyRef = { + name = "database"; + key = "password"; }; - volumeMounts = [{ - name = "data"; - mountPath = "/data"; - }]; + PAPERLESS_SECRET_KEY.valueFrom.secretKeyRef = { + name = "server"; + key = "secretKey"; + }; }; - securityContext = { - fsGroup = 33; - fsGroupChangePolicy = "OnRootMismatch"; - }; + volumeMounts = [{ + name = "data"; + mountPath = "/data"; + }]; + }; + + securityContext = { + fsGroup = 33; + fsGroupChangePolicy = "OnRootMismatch"; }; }; }; }; - paperless-redis = { - metadata.labels = { + redis.spec = { + selector.matchLabels = { app = "paperless"; component = "redis"; }; - spec = { - selector.matchLabels = { + strategy = { + type = "RollingUpdate"; + + rollingUpdate = { + maxSurge = 0; + maxUnavailable = 1; + }; + }; + + template = { + metadata.labels = { app = "paperless"; component = "redis"; }; - template = { - metadata.labels = { - app = "paperless"; - component = "redis"; + spec = { + volumes.data.persistentVolumeClaim.claimName = "redisdata"; + + containers.redis = { + image = "docker.io/library/redis:7"; + ports.redis.containerPort = 6379; + imagePullPolicy = "Always"; + + volumeMounts = [{ + name = "data"; + mountPath = "/data"; + }]; }; - spec = { - volumes.data.persistentVolumeClaim.claimName = "paperless-redisdata"; - - containers.redis = { - image = "docker.io/library/redis:7"; - ports.redis.containerPort = 6379; - - volumeMounts = [{ - name = "data"; - mountPath = "/data"; - }]; - }; - - securityContext = { - fsGroup = 999; - fsGroupChangePolicy = "OnRootMismatch"; - }; + securityContext = { + fsGroup = 999; + fsGroupChangePolicy = "OnRootMismatch"; }; }; }; }; - paperless-db = { - metadata.labels = { + database.spec = { + selector.matchLabels = { app = "paperless"; component = "database"; }; - spec = { - selector.matchLabels = { + strategy = { + type = "RollingUpdate"; + + rollingUpdate = { + maxSurge = 0; + maxUnavailable = 1; + }; + }; + + template = { + metadata.labels = { app = "paperless"; component = "database"; }; - template = { - metadata.labels = { - app = "paperless"; - component = "database"; - }; + spec = { + containers.postgres = { + image = "postgres:15"; + ports.postgres.containerPort = 5432; + imagePullPolicy = "Always"; - spec = { - containers.postgres = { - image = "postgres:15"; - imagePullPolicy = "IfNotPresent"; - ports.postgres.containerPort = 5432; - envFrom = [{ configMapRef.name = "paperless-db-env"; }]; + env = { + POSTGRES_DB.value = "paperless"; + POSTGRES_USER.value = "paperless"; + PGDATA.value = "/pgdata/data"; - volumeMounts = [{ - name = "data"; - mountPath = "/pgdata"; - }]; + POSTGRES_PASSWORD.valueFrom.secretKeyRef = { + name = "database"; + key = "password"; + }; }; - volumes.data.persistentVolumeClaim.claimName = "paperless-db"; + volumeMounts = [{ + name = "data"; + mountPath = "/pgdata"; + }]; }; + + volumes.data.persistentVolumeClaim.claimName = "database"; }; }; }; }; services = { - paperless-web.spec = { + web.spec = { selector = { app = "paperless"; component = "web"; @@ -174,7 +181,7 @@ }; }; - paperless-redis.spec = { + redis.spec = { selector = { app = "paperless"; component = "redis"; @@ -186,7 +193,7 @@ }; }; - paperless-db.spec = { + database.spec = { selector = { app = "paperless"; component = "database"; @@ -201,13 +208,30 @@ }; lab = { - ingresses.paperless = { + ingresses.web = { host = "paperless.kun.is"; service = { - name = "paperless-web"; + name = "web"; portName = "web"; }; }; + + longhorn.persistentVolumeClaim = { + data = { + volumeName = "paperless-data"; + storage = "10Gi"; + }; + + redisdata = { + volumeName = "paperless-redisdata"; + storage = "20Mi"; + }; + + database = { + volumeName = "paperless-db"; + storage = "150Mi"; + }; + }; }; } diff --git a/kubenix-modules/volumes.nix b/kubenix-modules/volumes.nix index f178c5c..bdfd8de 100644 --- a/kubenix-modules/volumes.nix +++ b/kubenix-modules/volumes.nix @@ -18,9 +18,6 @@ pihole-data.storage = "750Mi"; pihole-dnsmasq.storage = "16Mi"; syncthing.storage = "400Mi"; - paperless-data.storage = "10Gi"; - paperless-redisdata.storage = "20Mi"; - paperless-db.storage = "150Mi"; jellyfin.storage = "5Gi"; transmission.storage = "25Mi"; jellyseerr.storage = "75Mi"; @@ -45,6 +42,9 @@ hedgedoc-db.storage = "100Mi"; kitchenowl.storage = "100Mi"; forgejo.storage = "20Gi"; + paperless-data.storage = "10Gi"; + paperless-redisdata.storage = "20Mi"; + paperless-db.storage = "150Mi"; }; nfsVolumes = {