{ elib, config', vars, ... }: let inherit (elib) nfsVolume nomadJob ; in { resource."nomad_volume"."gitea-db" = nfsVolume { volume_name = "gitea-db"; access_mode = "single-node-writer"; server = "blowhole.hosts.in.redalder.org"; share = "/mnt/kyle/infrastructure/gitea/database"; mount_flags = ["hard" "vers=4.2" "rsize=16384" "wsize=16384" "async"]; }; resource."nomad_volume"."gitea-data" = nfsVolume { volume_name = "gitea-data"; access_mode = "single-node-writer"; server = "blowhole.hosts.in.redalder.org"; share = "/mnt/kyle/infrastructure/gitea/data"; mount_flags = ["hard" "vers=4.2" "rsize=16384" "wsize=16384" "async"]; }; resource."vault_policy"."gitea-policy" = { name = "gitea-policy"; policy = '' path "kv/data/cluster/gitea/gitea" { capabilities = ["read"] } ''; }; resource."nomad_job"."gitea" = nomadJob { jobspec = ./job.hcl; vars = { flake_ref = "${vars.flake_host}?rev=${vars.flake_rev}&ref=${vars.flake_ref}"; flake_sha = vars.flake_sha; store_path = builtins.unsafeDiscardStringContext config'.flake.nixngConfigurations.gitea.config.system.build.toplevel; }; }; }