{ namespace, ... }: { kubernetes.resources = { secrets.freshrss.stringData.adminPassword = "ref+sops://secrets/kubernetes.yaml#/freshrss/password"; deployments.freshrss = { metadata.labels.app = "freshrss"; spec = { selector.matchLabels.app = "freshrss"; strategy = { type = "RollingUpdate"; rollingUpdate = { maxSurge = 0; maxUnavailable = 1; }; }; template = { metadata.labels.app = "freshrss"; spec = { containers.freshrss = { image = "freshrss/freshrss:1.24.1"; imagePullPolicy = "Always"; ports.web.containerPort = 80; env = { TZ.value = "Europe/Amsterdam"; CRON_MIN.value = "2,32"; ADMIN_EMAIL.value = "pim@kunis.nl"; PUBLISHED_PORT.value = "443"; ADMIN_PASSWORD.valueFrom.secretKeyRef = { name = "freshrss"; key = "adminPassword"; }; ADMIN_API_PASSWORD.valueFrom.secretKeyRef = { name = "freshrss"; key = "adminPassword"; }; }; volumeMounts = [{ name = "data"; mountPath = "/var/www/FreshRSS/data"; }]; }; volumes.data.persistentVolumeClaim.claimName = "freshrss"; securityContext = { fsGroup = 33; fsGroupChangePolicy = "OnRootMismatch"; }; }; }; }; }; services.freshrss.spec = { selector.app = "freshrss"; ports.web = { port = 80; targetPort = "web"; }; }; }; lab = { ingresses.freshrss = { host = "rss.kun.is"; service = { name = "freshrss"; portName = "web"; }; }; # TODO: Maybe we should revisit this architecture? # The PVs are cluster-wide and should probably be defined elsewhere. # Then the PVC should reference the PV probably. longhornVolumes.freshrss = { storage = "1Gi"; inherit namespace; }; }; }