{ lib, ... }: { kubernetes.resources = { configMaps = { hedgedoc-env.data = { CMD_DOMAIN = "md.kun.is"; CMD_PORT = "3000"; CMD_URL_ADDPORT = "false"; CMD_ALLOW_ANONYMOUS = "true"; CMD_ALLOW_EMAIL_REGISTER = "false"; CMD_PROTOCOL_USESSL = "true"; CMD_CSP_ENABLE = "false"; }; hedgedoc-config.data.config = lib.generators.toJSON { } { useSSL = false; }; }; secrets.hedgedoc.stringData = { databaseURL = "ref+sops://secrets/sops.yaml#/hedgedoc/databaseURL"; sessionSecret = "ref+sops://secrets/sops.yaml#/hedgedoc/sessionSecret"; }; deployments.hedgedoc = { metadata.labels.app = "hedgedoc"; spec = { selector.matchLabels.app = "hedgedoc"; template = { metadata.labels.app = "hedgedoc"; spec = { containers.hedgedoc = { image = "quay.io/hedgedoc/hedgedoc:1.9.9"; envFrom = [{ configMapRef.name = "hedgedoc-env"; }]; ports.web.containerPort = 3000; env = { CMD_DB_URL.valueFrom.secretKeyRef = { name = "hedgedoc"; key = "databaseURL"; }; CMD_SESSION_SECRET.valueFrom.secretKeyRef = { name = "hedgedoc"; key = "sessionSecret"; }; }; volumeMounts = [ { name = "uploads"; mountPath = "/hedgedoc/public/uploads"; } { name = "config"; mountPath = "/hedgedoc/config.json"; subPath = "config"; } ]; }; volumes = { uploads.persistentVolumeClaim.claimName = "hedgedoc-uploads"; config.configMap.name = "hedgedoc-config"; }; securityContext = { fsGroup = 65534; fsGroupChangePolicy = "OnRootMismatch"; }; }; }; }; }; services.hedgedoc.spec = { selector.app = "hedgedoc"; ports.web = { port = 80; targetPort = "web"; }; }; }; lab = { ingresses.hedgedoc = { host = "md.kun.is"; service = { name = "hedgedoc"; portName = "web"; }; }; }; }