{ kubernetes.resources = { configMaps = { hedgedoc-env.data = { CMD_DOMAIN = "md.kun.is"; CMD_PORT = "3000"; CMD_URL_ADDPORT = "false"; CMD_ALLOW_ANONYMOUS = "true"; CMD_ALLOW_EMAIL_REGISTER = "false"; CMD_PROTOCOL_USESSL = "true"; CMD_CSP_ENABLE = "false"; }; # TODO: convert from nix hedgedoc-config.data.config = '' { "useSSL": false } ''; }; secrets.hedgedoc.stringData = { databaseURL = "ref+sops://secrets/sops.yaml#/hedgedoc/databaseURL"; sessionSecret = "ref+sops://secrets/sops.yaml#/hedgedoc/sessionSecret"; }; deployments.hedgedoc = { metadata.labels.app = "hedgedoc"; spec = { selector.matchLabels.app = "hedgedoc"; template = { metadata.labels.app = "hedgedoc"; spec = { containers.hedgedoc = { image = "quay.io/hedgedoc/hedgedoc:1.9.7"; envFrom = [{ configMapRef.name = "hedgedoc-env"; }]; ports = [{ containerPort = 3000; protocol = "TCP"; }]; env = [ { name = "CMD_DB_URL"; valueFrom.secretKeyRef = { name = "hedgedoc"; key = "databaseURL"; }; } { name = "CMD_SESSION_SECRET"; valueFrom.secretKeyRef = { name = "hedgedoc"; key = "sessionSecret"; }; } ]; volumeMounts = [ { name = "uploads"; mountPath = "/hedgedoc/public/uploads"; } { name = "config"; mountPath = "/hedgedoc/config.json"; subPath = "config"; } ]; }; volumes = [ { name = "uploads"; persistentVolumeClaim.claimName = "hedgedoc"; } { name = "config"; configMap.name = "hedgedoc-config"; } ]; }; }; }; }; persistentVolumes.hedgedoc.spec = { capacity.storage = "1Mi"; accessModes = [ "ReadWriteMany" ]; nfs = { server = "lewis.dmz"; path = "/mnt/data/nfs/hedgedoc/uploads"; }; }; persistentVolumeClaims.hedgedoc.spec = { accessModes = [ "ReadWriteMany" ]; storageClassName = ""; resources.requests.storage = "1Mi"; volumeName = "hedgedoc"; }; services.hedgedoc.spec = { selector.app = "hedgedoc"; ports = [{ protocol = "TCP"; port = 80; targetPort = 3000; }]; }; ingresses.hedgedoc = { metadata.annotations."cert-manager.io/cluster-issuer" = "letsencrypt"; spec = { ingressClassName = "traefik"; rules = [{ host = "md.kun.is"; http.paths = [{ path = "/"; pathType = "Prefix"; backend.service = { name = "hedgedoc"; port.number = 80; }; }]; }]; tls = [{ secretName = "hedgedoc-tls"; hosts = [ "md.kun.is" ]; }]; }; }; }; }