{ kubernetes.resources = { configMaps.radicale.data = { users = "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ."; # TODO: Can this be generated with nix? config = '' [server] hosts = 0.0.0.0:5232, [::]:5232 ssl = False [encoding] request = utf-8 stock = utf-8 [auth] realm = Radicale - Password Required type = htpasswd htpasswd_filename = /config/users htpasswd_encryption = md5 [rights] type = owner_only [storage] type = multifilesystem filesystem_folder = /data [logging] [headers] ''; }; deployments.radicale = { metadata.labels.app = "radicale"; spec = { selector.matchLabels.app = "radicale"; template = { metadata.labels.app = "radicale"; spec = { containers.radicale = { image = "tomsquest/docker-radicale"; ports.web.containerPort = 5232; volumeMounts = [ { name = "data"; mountPath = "/data"; } { name = "config"; mountPath = "/config/config"; subPath = "config"; } { name = "config"; mountPath = "/config/users"; subPath = "users"; } ]; }; volumes = { data.persistentVolumeClaim.claimName = "radicale"; config.configMap.name = "radicale"; }; }; }; }; }; persistentVolumes.radicale.spec = { capacity.storage = "1Mi"; accessModes = [ "ReadWriteMany" ]; nfs = { server = "lewis.dmz"; path = "/mnt/data/nfs/radicale"; }; }; persistentVolumeClaims.radicale.spec = { accessModes = [ "ReadWriteMany" ]; storageClassName = ""; resources.requests.storage = "1Mi"; volumeName = "radicale"; }; services.radicale.spec = { selector.app = "radicale"; ports.web = { port = 80; targetPort = "web"; }; }; ingresses.radicale = { metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt"; spec = { ingressClassName = "traefik"; rules = [{ host = "dav.kun.is"; http.paths = [{ path = "/"; pathType = "Prefix"; backend.service = { name = "radicale"; port.name = "web"; }; }]; }]; tls = [{ secretName = "radicale-tls"; hosts = [ "dav.kun.is" ]; }]; }; }; }; }