home/nixos-servers
home/nixos-servers
Archived
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

feat(attic): Move to separate k8s namespace

Browse source
This commit is contained in:
Pim Kunis 2024-07-16 18:38:47 +02:00
parent d1d09da3d3
commit af9f72b76a
7 changed files with 86 additions and 74 deletions
Download patch file Download diff file Expand all files Collapse all files

1
kubenix-modules/all.nix
View file

@ -4,7 +4,6 @@ let
./media.nix
./bind9
./dnsmasq.nix
./attic.nix
# ./argo.nix
# ./minecraft.nix
];

145
kubenix-modules/attic.nix
View file

@ -2,7 +2,10 @@
kubernetes.resources =
let
atticSettings = {
database.url = "ref+sops://secrets/kubernetes.yaml#attic/databaseURL";
# The '+" is to explicitly denote the end of the Vals expression.
# This is done because we quote the template for the INI file.
# See: https://github.com/helmfile/vals?tab=readme-ov-file#expression-syntax
database.url = "ref+sops://secrets/kubernetes.yaml#attic/databaseURL+";
storage = {
type = "local";
@ -37,104 +40,99 @@
generatedConfig = (pkgs.formats.toml { }).generate "attic.toml" atticSettings;
in
{
configMaps = {
attic-env.data.ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64 = "ref+sops://secrets/kubernetes.yaml#attic/jwtToken";
attic-config.data.config = builtins.readFile generatedConfig;
configMaps.config.data.config = builtins.readFile generatedConfig;
attic-db-env.data = {
POSTGRES_DB = "attic";
POSTGRES_USER = "attic";
POSTGRES_PASSWORD = "ref+sops://secrets/kubernetes.yaml#/attic/databasePassword";
PGDATA = "/pgdata/data";
};
secrets = {
server.stringData.token = "ref+sops://secrets/kubernetes.yaml#attic/jwtToken";
database.stringData.password = "ref+sops://secrets/kubernetes.yaml#/attic/databasePassword";
};
deployments = {
attic = {
metadata.labels = {
attic.spec = {
selector.matchLabels = {
app = "attic";
component = "website";
};
spec = {
selector.matchLabels = {
template = {
metadata.labels = {
app = "attic";
component = "website";
};
template = {
metadata.labels = {
app = "attic";
component = "website";
spec = {
containers.attic = {
image = "git.kun.is/home/atticd:fd910d91c2143295e959d2c903e9ea25cf94ba27";
ports.web.containerPort = 8080;
args = [ "-f" "/etc/atticd/config.toml" ];
env.ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64.valueFrom.secretKeyRef = {
name = "server";
key = "token";
};
volumeMounts = [
{
name = "data";
mountPath = "/var/lib/atticd/storage";
}
{
name = "config";
mountPath = "/etc/atticd/config.toml";
subPath = "config";
}
];
};
spec = {
containers.attic = {
image = "git.kun.is/home/atticd:fd910d91c2143295e959d2c903e9ea25cf94ba27";
envFrom = [{ configMapRef.name = "attic-env"; }];
ports.web.containerPort = 8080;
args = [ "-f" "/etc/atticd/config.toml" ];
volumes = {
data.persistentVolumeClaim.claimName = "data";
config.configMap.name = "config";
};
volumeMounts = [
{
name = "data";
mountPath = "/var/lib/atticd/storage";
}
{
name = "config";
mountPath = "/etc/atticd/config.toml";
subPath = "config";
}
];
};
volumes = {
data.persistentVolumeClaim.claimName = "attic";
config.configMap.name = "attic-config";
};
securityContext = {
fsGroup = 0;
fsGroupChangePolicy = "OnRootMismatch";
};
securityContext = {
fsGroup = 0;
fsGroupChangePolicy = "OnRootMismatch";
};
};
};
};
attic-db = {
metadata.labels = {
attic-db.spec = {
selector.matchLabels = {
app = "attic";
component = "database";
};
spec = {
selector.matchLabels = {
template = {
metadata.labels = {
app = "attic";
component = "database";
};
template = {
metadata.labels = {
app = "attic";
component = "database";
};
spec = {
containers.postgres = {
image = "postgres:15";
imagePullPolicy = "IfNotPresent";
ports.postgres.containerPort = 5432;
spec = {
containers.postgres = {
image = "postgres:15";
imagePullPolicy = "IfNotPresent";
ports.postgres.containerPort = 5432;
envFrom = [{ configMapRef.name = "attic-db-env"; }];
env = {
POSTGRES_DB.value = "attic";
POSTGRES_USER.value = "attic";
PGDATA.value = "/pgdata/data";
volumeMounts = [{
name = "data";
mountPath = "/pgdata";
}];
POSTGRES_PASSWORD.valueFrom.secretKeyRef = {
name = "database";
key = "password";
};
};
volumes.data.persistentVolumeClaim.claimName = "attic-db";
volumeMounts = [{
name = "data";
mountPath = "/pgdata";
}];
};
volumes.data.persistentVolumeClaim.claimName = "database";
};
};
};
@ -153,7 +151,7 @@
};
};
attic-db.spec = {
database.spec = {
selector = {
app = "attic";
component = "database";
@ -170,12 +168,23 @@
lab = {
ingresses.attic = {
host = "attic.kun.is";
# entrypoint = "localsecure";
service = {
name = "attic";
portName = "web";
};
};
longhorn.persistentVolumeClaim = {
data = {
volumeName = "attic";
storage = "15Gi";
};
database = {
volumeName = "attic-db";
storage = "150Mi";
};
};
};
}

1
kubenix-modules/base.nix
View file

@ -74,6 +74,7 @@
syncthing = { };
pihole = { };
immich = { };
attic = { };
};
nodes =

4
kubenix-modules/volumes.nix
View file

@ -32,8 +32,6 @@
prowlarr.storage = "150Mi";
sonarr.storage = "150Mi";
bazarr.storage = "25Mi";
attic.storage = "15Gi";
attic-db.storage = "150Mi";
};
longhorn.persistentVolume = {
@ -55,6 +53,8 @@
pihole-dnsmasq.storage = "16Mi";
immich.storage = "50Gi";
immich-db.storage = "5Gi";
attic.storage = "15Gi";
attic-db.storage = "150Mi";
};
nfsVolumes = {