{ kubernetes.resources = { configMaps.freshrss.data = { TZ = "Europe/Amsterdam"; CRON_MIN = "2,32"; ADMIN_EMAIL = "pim@kunis.nl"; PUBLISHED_PORT = "443"; }; # TODO: encrypt this with sops and commit to git repo. secrets.freshrss.stringData.adminPassword = "ref+file:///home/pim/.config/home/vals.yaml#/freshrss/password"; deployments.freshrss = { metadata.labels.app = "freshrss"; spec = { selector.matchLabels.app = "freshrss"; template = { metadata.labels.app = "freshrss"; spec = { containers.freshrss = { image = "freshrss/freshrss:edge"; envFrom = [{ configMapRef.name = "freshrss"; }]; ports = [{ containerPort = 80; protocol = "TCP"; }]; env = [ { name = "ADMIN_PASSWORD"; valueFrom.secretKeyRef = { name = "freshrss"; key = "adminPassword"; }; } { name = "ADMIN_API_PASSWORD"; valueFrom.secretKeyRef = { name = "freshrss"; key = "adminPassword"; }; } ]; volumeMounts = [{ name = "data"; mountPath = "/var/www/FreshRSS/data"; }]; }; volumes = [{ name = "data"; persistentVolumeClaim.claimName = "freshrss"; }]; }; }; }; }; persistentVolumes.freshrss.spec = { capacity.storage = "1Mi"; accessModes = [ "ReadWriteMany" ]; nfs = { server = "lewis.hyp"; path = "/mnt/data/nfs/freshrss/data"; }; }; persistentVolumeClaims.freshrss.spec = { accessModes = [ "ReadWriteMany" ]; storageClassName = ""; resources.requests.storage = "1Mi"; volumeName = "freshrss"; }; services.freshrss.spec = { selector.app = "freshrss"; ports = [{ protocol = "TCP"; port = 80; targetPort = 80; }]; }; ingresses.freshrss.spec = { ingressClassName = "traefik"; rules = [{ host = "rss.kun.is"; http.paths = [{ path = "/"; pathType = "Prefix"; backend.service = { name = "freshrss"; port.number = 80; }; }]; }]; }; }; }