magic_rb/dotfiles
1
0
Fork 0
mirror of https://git.sr.ht/~magic_rb/dotfiles synced 2024-12-03 05:26:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
dotfiles/terranix/main/kubernetes/gitea.nix
magic_rb a7454842d1
Correct istio version 
Signed-off-by: magic_rb <magic_rb@redalder.org>
2024-07-15 19:32:08 +02:00

234 lines
4.9 KiB
Nix
Raw Blame History

{
pkgs,
inputs,
tflib,
elib,
...
}: let
inherit
(elib)
copyNixNGImage
;
inherit
(elib.kube)
pvAndPvc
;
inherit
(tflib)
tf
;
in {
imports = [
(pvAndPvc {
name = "gitea-data";
namespace = "gitea";
capacity = "20Gi";
labels.type = "local";
hostPath = "/data/gitea/data";
})
(pvAndPvc {
name = "gitea-database";
namespace = "gitea";
capacity = "2Gi";
labels.type = "local";
hostPath = "/data/gitea/database";
})
(copyNixNGImage {
name = "gitea";
image =
(inputs.nix-snapshotter.packages.${pkgs.stdenv.system}.nix-snapshotter.buildImage {
name = "gitea";
resolvedByNix = true;
config.entrypoint = ["${inputs.self.nixngConfigurations.gitea.config.system.build.toplevel}/init"];
})
.image;
hosts = [
"blowhole.hosts.in.redalder.org"
];
})
];
resource."kubernetes_namespace"."gitea" = {
metadata = {
name = "gitea";
labels = {
visibility = "public";
# has to be kept in sync with `prepare` profile
"istio.io/rev" = "1-22-0";
};
};
};
resource."kubernetes_manifest"."gitea-deployment" = {
manifest = {
apiVersion = "apps/v1";
kind = "Deployment";
metadata = {
name = "gitea";
namespace = "gitea";
labels = {
app = "gitea";
};
};
spec = {
replicas = 1;
strategy.type = "Recreate";
selector.matchLabels.app = "gitea";
template = {
metadata.labels.app = "gitea";
spec = {
containers = [
{
name = "gitea";
image =
tf "data.external.nixng-image-gitea.result.out";
ports = [
{
containerPort = 3000;
}
];
volumeMounts = [
{
name = "gitea-data";
mountPath = "/var/lib/gitea";
}
{
name = "gitea-database";
mountPath = "/var/lib/postgresql";
}
];
}
];
volumes = [
{
name = "gitea-data";
persistentVolumeClaim.claimName = "gitea-data";
}
{
name = "gitea-database";
persistentVolumeClaim.claimName = "gitea-database";
}
];
};
};
};
};
};
resource."kubernetes_manifest"."gitea-service" = {
manifest = {
apiVersion = "v1";
kind = "Service";
metadata = {
name = "gitea";
namespace = "gitea";
};
spec = {
ports = [
{
port = 80;
protocol = "TCP";
targetPort = 3000;
}
];
selector.app = "gitea";
};
};
};
resource."kubernetes_manifest"."gitea-reference-grant" = {
manifest = {
apiVersion = "gateway.networking.k8s.io/v1alpha2";
kind = "ReferenceGrant";
metadata = {
name = "gitea";
namespace = "gitea";
};
spec = {
from = [
{
group = "gateway.networking.k8s.io";
kind = "HTTPRoute";
namespace = "ingress";
}
];
to = [
{
group = "";
kind = "Service";
name = "gitea";
}
];
};
};
};
resource."kubernetes_manifest"."gitea_authorization_policy" = {
manifest = {
apiVersion = "security.istio.io/v1";
kind = "AuthorizationPolicy";
metadata = {
name = "gitea";
namespace = "gitea";
};
spec = {
action = "ALLOW";
rules = [
{
from = [
{
source = {
namespaces = ["ingress"];
};
}
];
to = [
{
operation = {
methods = ["*"];
paths = ["/*"];
};
}
];
}
];
selector = {
matchLabels.app = "gitea";
};
};
};
};
resource."kubernetes_manifest"."gitea-httproute" = {
manifest = {
apiVersion = "gateway.networking.k8s.io/v1";
kind = "HTTPRoute";
metadata = {
name = "gitea";
namespace = "ingress";
};
spec = {
parentRefs = [
{name = "website";}
];
hostnames = ["gitea.redalder.org"];
rules = [
{
backendRefs = [
{
name = "gitea";
namespace = "gitea";
port = 80;
}
];
}
];
};
};
};
}
Reference in a new issue View git blame Copy permalink