diff --git a/docker_swarm/playbooks/stacks.yml b/docker_swarm/playbooks/stacks.yml index d261901..5c68cc5 100644 --- a/docker_swarm/playbooks/stacks.yml +++ b/docker_swarm/playbooks/stacks.yml @@ -4,7 +4,6 @@ roles: - {role: traefik, tags: traefik} - {role: forgejo, tags: forgejo} - - {role: hedgedoc, tags: hedgedoc} - {role: swarm_dashboard, tags: swarm_dashboard} - {role: nextcloud, tags: nextcloud} - {role: kitchenowl, tags: kitchenowl} diff --git a/docker_swarm/roles/traefik/docker-stack.yml.j2 b/docker_swarm/roles/traefik/docker-stack.yml.j2 index daeac2a..1d8f467 100644 --- a/docker_swarm/roles/traefik/docker-stack.yml.j2 +++ b/docker_swarm/roles/traefik/docker-stack.yml.j2 @@ -90,6 +90,12 @@ services: - traefik.http.routers.pihole.rule=Host(`pihole.kun.is`) - traefik.http.routers.pihole.tls=true - traefik.http.routers.pihole.tls.certresolver=letsencrypt + + - traefik.http.routers.hedgedoc.entrypoints=websecure + - traefik.http.routers.hedgedoc.service=k3s@file + - traefik.http.routers.hedgedoc.rule=Host(`md.kun.is`) + - traefik.http.routers.hedgedoc.tls=true + - traefik.http.routers.hedgedoc.tls.certresolver=letsencrypt volumes: - type: bind source: /var/run/docker.sock diff --git a/nix/flake/kubenix/default.nix b/nix/flake/kubenix/default.nix index c76c76a..a3745cd 100644 --- a/nix/flake/kubenix/default.nix +++ b/nix/flake/kubenix/default.nix @@ -15,6 +15,7 @@ ./syncthing.nix ./nextcloud.nix ./pihole.nix + # ./hedgedoc.nix ]; kubernetes.kubeconfig = "~/.kube/config"; kubenix.project = "home"; diff --git a/nix/flake/kubenix/hedgedoc.nix b/nix/flake/kubenix/hedgedoc.nix new file mode 100644 index 0000000..7d2f565 --- /dev/null +++ b/nix/flake/kubenix/hedgedoc.nix @@ -0,0 +1,138 @@ +{ + kubernetes.resources = { + configMaps = { + hedgedoc-env.data = { + CMD_DOMAIN = "md.kun.is"; + CMD_PORT = "3000"; + CMD_URL_ADDPORT = "false"; + CMD_ALLOW_ANONYMOUS = "true"; + CMD_ALLOW_EMAIL_REGISTER = "false"; + CMD_PROTOCOL_USESSL = "true"; + CMD_CSP_ENABLE = "false"; + }; + + # TODO: convert from nix + hedgedoc-config.data.config = '' + { + "useSSL": false + } + ''; + }; + + secrets.hedgedoc.stringData = { + databaseURL = "ref+file:///home/pim/.config/home/vals.yaml#/hedgedoc/databaseURL"; + sessionSecret = "ref+file:///home/pim/.config/home/vals.yaml#/hedgedoc/sessionSecret"; + }; + + deployments.hedgedoc = { + metadata.labels.app = "hedgedoc"; + + spec = { + selector.matchLabels.app = "hedgedoc"; + + template = { + metadata.labels.app = "hedgedoc"; + + spec = { + containers.hedgedoc = { + image = "quay.io/hedgedoc/hedgedoc:1.9.7"; + envFrom = [{ configMapRef.name = "hedgedoc-env"; }]; + + ports = [{ + containerPort = 3000; + protocol = "TCP"; + }]; + + env = [ + { + name = "CMD_DB_URL"; + + valueFrom.secretKeyRef = { + name = "hedgedoc"; + key = "databaseURL"; + }; + } + { + name = "CMD_SESSION_SECRET"; + + valueFrom.secretKeyRef = { + name = "hedgedoc"; + key = "sessionSecret"; + }; + } + ]; + + volumeMounts = [ + { + name = "uploads"; + mountPath = "/hedgedoc/public/uploads"; + } + { + name = "config"; + mountPath = "/hedgedoc/config.json"; + subPath = "config"; + } + ]; + }; + + volumes = [ + { + name = "uploads"; + persistentVolumeClaim.claimName = "hedgedoc"; + } + { + name = "config"; + configMap.name = "hedgedoc-config"; + } + ]; + }; + }; + }; + }; + + persistentVolumes.hedgedoc.spec = { + capacity.storage = "1Mi"; + accessModes = [ "ReadWriteMany" ]; + + nfs = { + server = "lewis.hyp"; + path = "/mnt/data/nfs/hedgedoc/uploads"; + }; + }; + + persistentVolumeClaims.hedgedoc.spec = { + accessModes = [ "ReadWriteMany" ]; + storageClassName = ""; + resources.requests.storage = "1Mi"; + volumeName = "hedgedoc"; + }; + + services.hedgedoc.spec = { + selector.app = "hedgedoc"; + + ports = [{ + protocol = "TCP"; + port = 80; + targetPort = 3000; + }]; + }; + + ingresses.hedgedoc.spec = { + ingressClassName = "traefik"; + + rules = [{ + host = "md.kun.is"; + + http.paths = [{ + path = "/"; + pathType = "Prefix"; + + backend.service = { + name = "hedgedoc"; + port.number = 80; + }; + }]; + }]; + }; + }; +}