{ myLib, ... }: { kubernetes.resources = { secrets.database.stringData = { databasePassword = "ref+sops://secrets/kubernetes.yaml#/atuin/databasePassword"; databaseURL = "ref+sops://secrets/kubernetes.yaml#/atuin/databaseURL"; }; deployments.server.spec = { selector.matchLabels.app = "atuin"; strategy = { type = "RollingUpdate"; rollingUpdate = { maxSurge = 0; maxUnavailable = 1; }; }; template = { metadata.labels.app = "atuin"; spec = { volumes = { data.persistentVolumeClaim.claimName = "data"; database.persistentVolumeClaim.claimName = "database"; }; containers = { atuin = { image = myLib.globals.images.atuin; imagePullPolicy = "IfNotPresent"; ports.web.containerPort = 8888; args = [ "server" "start" ]; env = { ATUIN_HOST.value = "0.0.0.0"; ATUIN_PORT.value = "8888"; ATUIN_OPEN_REGISTRATION.value = "false"; ATUIN_DB_URI.valueFrom.secretKeyRef = { name = "database"; key = "databaseURL"; }; }; volumeMounts = [{ name = "data"; mountPath = "/config"; }]; }; database = { image = myLib.globals.images.postgres14; ports.web.containerPort = 5432; env = { POSTGRES_DB.value = "atuin"; POSTGRES_USER.value = "atuin"; POSTGRES_PASSWORD.valueFrom.secretKeyRef = { name = "database"; key = "databasePassword"; }; }; volumeMounts = [{ name = "database"; mountPath = "/var/lib/postgresql/data"; }]; }; }; }; }; }; services.server.spec = { selector.app = "atuin"; ports.web = { port = 80; targetPort = "web"; }; }; }; lab = { ingresses.server = { host = "atuin.kun.is"; service = { name = "server"; portName = "web"; }; }; longhorn.persistentVolumeClaim = { data = { volumeName = "atuin"; storage = "300Mi"; }; database = { volumeName = "atuin-db"; storage = "300Mi"; }; }; }; }