{ kubernetes.resources = { secrets = { database.stringData.password = "ref+sops://secrets/kubernetes.yaml#/paperless/databasePassword"; server.stringData.secretKey = "ref+sops://secrets/kubernetes.yaml#/paperless/secretKey"; }; deployments = { server.spec = { selector.matchLabels = { app = "paperless"; component = "web"; }; strategy = { type = "RollingUpdate"; rollingUpdate = { maxSurge = 0; maxUnavailable = 1; }; }; template = { metadata.labels = { app = "paperless"; component = "web"; }; spec = { volumes.data.persistentVolumeClaim.claimName = "data"; containers.paperless = { image = "ghcr.io/paperless-ngx/paperless-ngx:2.3"; imagePullPolicy = "Always"; ports.web.containerPort = 8000; env = { PAPERLESS_REDIS.value = "redis://redis.paperless.svc.cluster.local:6379"; PAPERLESS_DBENGINE.value = "postgresql"; PAPERLESS_DBHOST.value = "database.paperless.svc.cluster.local"; PAPERLESS_DBNAME.value = "paperless"; PAPERLESS_DBUSER.value = "paperless"; PAPERLESS_DATA_DIR.value = "/data/"; PAPERLESS_MEDIA_ROOT.value = "/data/"; PAPERLESS_OCR_LANGUAGES.value = "nld eng"; PAPERLESS_URL.value = "https://paperless.kun.is"; PAPERLESS_TIME_ZONE.value = "Europe/Amsterdam"; PAPERLESS_OCR_LANGUAGE.value = "nld"; USERMAP_UID.value = "33"; USERMAP_GID.value = "33"; PAPERLESS_DBPASS.valueFrom.secretKeyRef = { name = "database"; key = "password"; }; PAPERLESS_SECRET_KEY.valueFrom.secretKeyRef = { name = "server"; key = "secretKey"; }; }; volumeMounts = [{ name = "data"; mountPath = "/data"; }]; }; securityContext = { fsGroup = 33; fsGroupChangePolicy = "OnRootMismatch"; }; }; }; }; redis.spec = { selector.matchLabels = { app = "paperless"; component = "redis"; }; strategy = { type = "RollingUpdate"; rollingUpdate = { maxSurge = 0; maxUnavailable = 1; }; }; template = { metadata.labels = { app = "paperless"; component = "redis"; }; spec = { volumes.data.persistentVolumeClaim.claimName = "redisdata"; containers.redis = { image = "docker.io/library/redis:7"; ports.redis.containerPort = 6379; imagePullPolicy = "Always"; volumeMounts = [{ name = "data"; mountPath = "/data"; }]; }; securityContext = { fsGroup = 999; fsGroupChangePolicy = "OnRootMismatch"; }; }; }; }; database.spec = { selector.matchLabels = { app = "paperless"; component = "database"; }; strategy = { type = "RollingUpdate"; rollingUpdate = { maxSurge = 0; maxUnavailable = 1; }; }; template = { metadata.labels = { app = "paperless"; component = "database"; }; spec = { containers.postgres = { image = "postgres:15"; ports.postgres.containerPort = 5432; imagePullPolicy = "Always"; env = { POSTGRES_DB.value = "paperless"; POSTGRES_USER.value = "paperless"; PGDATA.value = "/pgdata/data"; POSTGRES_PASSWORD.valueFrom.secretKeyRef = { name = "database"; key = "password"; }; }; volumeMounts = [{ name = "data"; mountPath = "/pgdata"; }]; }; volumes.data.persistentVolumeClaim.claimName = "database"; }; }; }; }; services = { web.spec = { selector = { app = "paperless"; component = "web"; }; ports.web = { port = 80; targetPort = "web"; }; }; redis.spec = { selector = { app = "paperless"; component = "redis"; }; ports.redis = { port = 6379; targetPort = "redis"; }; }; database.spec = { selector = { app = "paperless"; component = "database"; }; ports.postgres = { port = 5432; targetPort = "postgres"; }; }; }; }; lab = { ingresses.web = { host = "paperless.kun.is"; service = { name = "web"; portName = "web"; }; }; longhorn.persistentVolumeClaim = { data = { volumeName = "paperless-data"; storage = "10Gi"; }; redisdata = { volumeName = "paperless-redisdata"; storage = "20Mi"; }; database = { volumeName = "paperless-db"; storage = "150Mi"; }; }; }; }