home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

feat(longhorn): Reference PV from PVC

Browse source 
refactor(freshrss): Rename k8s resources
This commit is contained in:
Pim Kunis 2024-07-14 12:25:20 +02:00
parent 07bd2e1e01
commit e724ff94a9
3 changed files with 129 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

152
kubenix-modules/custom/longhorn-volume.nix
View file

@ -12,6 +12,28 @@ let
};
};
};
longhornPVOpts = { name, ... }: {
options = {
storage = lib.mkOption {
type = lib.types.str;
};
};
};
longhornPVCOpts = { name, ... }: {
options = {
volumeName = lib.mkOption {
type = lib.types.str;
default = name;
};
# TODO: ideally we take this from the longhornPV so we don't duplicate this information.
storage = lib.mkOption {
type = lib.types.str;
};
};
};
in
{
options = {
@ -19,55 +41,109 @@ in
type = with lib.types; attrsOf (submodule longhornVolumeOpts);
default = { };
};
lab.longhorn = {
persistentVolume = lib.mkOption {
type = with lib.types; attrsOf (submodule longhornPVOpts);
default = { };
};
persistentVolumeClaim = lib.mkOption {
type = with lib.types; attrsOf (submodule longhornPVCOpts);
default = { };
};
};
};
config = {
kubernetes.resources = {
persistentVolumes = builtins.mapAttrs
(name: longhornVolume: {
spec = {
accessModes = [ "ReadWriteOnce" ];
capacity.storage = longhornVolume.storage;
persistentVolumeReclaimPolicy = "Delete";
volumeMode = "Filesystem";
persistentVolumes = lib.mergeAttrs
(builtins.mapAttrs
(name: longhornVolume: {
spec = {
accessModes = [ "ReadWriteOnce" ];
capacity.storage = longhornVolume.storage;
persistentVolumeReclaimPolicy = "Delete";
volumeMode = "Filesystem";
claimRef = {
inherit name;
namespace = longhornVolume.namespace;
};
claimRef = {
inherit name;
namespace = longhornVolume.namespace;
};
csi = {
driver = "driver.longhorn.io";
fsType = "ext4";
volumeHandle = name;
volumeAttributes = {
dataLocality = "disabled";
fromBackup = "";
csi = {
driver = "driver.longhorn.io";
fsType = "ext4";
numberOfReplicas = "2";
staleReplicaTimeout = "30";
unmapMarkSnapChainRemoved = "ignored";
volumeHandle = name;
recurringJobSelector = lib.generators.toYAML { } [{
name = "backup-nfs";
isGroup = false;
}];
volumeAttributes = {
dataLocality = "disabled";
fromBackup = "";
fsType = "ext4";
numberOfReplicas = "2";
staleReplicaTimeout = "30";
unmapMarkSnapChainRemoved = "ignored";
recurringJobSelector = lib.generators.toYAML { } [{
name = "backup-nfs";
isGroup = false;
}];
};
};
};
};
})
config.lab.longhornVolumes;
})
config.lab.longhornVolumes)
(builtins.mapAttrs
(name: longhornPV: {
spec = {
accessModes = [ "ReadWriteOnce" ];
capacity.storage = longhornPV.storage;
persistentVolumeReclaimPolicy = "Delete";
volumeMode = "Filesystem";
persistentVolumeClaims = builtins.mapAttrs
(name: longhornVolume: {
spec = {
accessModes = [ "ReadWriteOnce" ];
resources.requests.storage = longhornVolume.storage;
storageClassName = "";
};
})
config.lab.longhornVolumes;
csi = {
driver = "driver.longhorn.io";
fsType = "ext4";
volumeHandle = name;
volumeAttributes = {
dataLocality = "disabled";
fromBackup = "";
fsType = "ext4";
numberOfReplicas = "2";
staleReplicaTimeout = "30";
unmapMarkSnapChainRemoved = "ignored";
recurringJobSelector = lib.generators.toYAML { } [{
name = "backup-nfs";
isGroup = false;
}];
};
};
};
})
config.lab.longhorn.persistentVolume);
persistentVolumeClaims = lib.mergeAttrs
(builtins.mapAttrs
(name: longhornVolume: {
spec = {
accessModes = [ "ReadWriteOnce" ];
resources.requests.storage = longhornVolume.storage;
storageClassName = "";
};
})
config.lab.longhornVolumes)
(builtins.mapAttrs
(name: longhornPVC: {
spec = {
accessModes = [ "ReadWriteOnce" ];
resources.requests.storage = longhornPVC.storage;
storageClassName = "";
volumeName = longhornPVC.volumeName;
};
})
config.lab.longhorn.persistentVolumeClaim);
};
};
}

25
kubenix-modules/freshrss.nix
View file

@ -1,8 +1,8 @@
{ namespace, ... }: {
{
kubernetes.resources = {
secrets.freshrss.stringData.adminPassword = "ref+sops://secrets/kubernetes.yaml#/freshrss/password";
secrets.server.stringData.adminPassword = "ref+sops://secrets/kubernetes.yaml#/freshrss/password";
deployments.freshrss = {
deployments.server = {
metadata.labels.app = "freshrss";
spec = {
@ -33,12 +33,12 @@
PUBLISHED_PORT.value = "443";
ADMIN_PASSWORD.valueFrom.secretKeyRef = {
name = "freshrss";
name = "server";
key = "adminPassword";
};
ADMIN_API_PASSWORD.valueFrom.secretKeyRef = {
name = "freshrss";
name = "server";
key = "adminPassword";
};
};
@ -49,7 +49,7 @@
}];
};
volumes.data.persistentVolumeClaim.claimName = "freshrss";
volumes.data.persistentVolumeClaim.claimName = "data";
securityContext = {
fsGroup = 33;
@ -60,7 +60,7 @@
};
};
services.freshrss.spec = {
services.web.spec = {
selector.app = "freshrss";
ports.web = {
@ -71,21 +71,18 @@
};
lab = {
ingresses.freshrss = {
ingresses.web = {
host = "rss.kun.is";
service = {
name = "freshrss";
name = "web";
portName = "web";
};
};
# TODO: Maybe we should revisit this architecture?
# The PVs are cluster-wide and should probably be defined elsewhere.
# Then the PVC should reference the PV probably.
longhornVolumes.freshrss = {
longhorn.persistentVolumeClaim.data = {
volumeName = "freshrss";
storage = "1Gi";
inherit namespace;
};
};
}

5
kubenix-modules/volumes.nix
View file

@ -16,7 +16,6 @@
longhornVolumes = {
hedgedoc-uploads.storage = "50Mi";
hedgedoc-db.storage = "100Mi";
# freshrss.storage = "1Gi";
radicale.storage = "200Mi";
minecraft.storage = "1Gi";
nextcloud.storage = "50Gi";
@ -44,6 +43,10 @@
immich-db.storage = "5Gi";
};
longhorn.persistentVolume = {
freshrss.storage = "1Gi";
};
nfsVolumes = {
media.path = "media";
music.path = "media/music";