k8s: init attic api instances

ttrssreal · Jan 11, 2025 · 3f0a9e9 · 3f0a9e9
1 parent dbf4888
commit 3f0a9e9
Show file tree

Hide file tree

Showing 9 changed files with 155 additions and 1 deletion.
diff --git a/k8s/attic/attic.yaml b/k8s/attic/attic.yaml
@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: attic
+  namespace: apps
+spec:
+  project: apps
+  source:
+    repoURL: "https://github.com/ttrssreal/jix"
+    path: "k8s/attic/resources"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: attic
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
diff --git a/k8s/attic/namespace.yaml b/k8s/attic/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: attic
diff --git a/k8s/attic/resources/config.yaml b/k8s/attic/resources/config.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: attic-config
+data:
+  atticd.yaml: |
+    listen = "[::]:8080"
+
+    [chunking]
+    avg-size = 65536
+    max-size = 262144
+    min-size = 16384
+    nar-size-threshold = 65536
+
+    [database]
+    url = "postgresql://attic@ari/attic"
+    
+    [storage]
+    bucket = "nix-cache-b5eea907c395"
+    endpoint = "https://nix-cache-b5eea907c395.s3.us-west-002.backblazeb2.com"
+    region = "us-west-002"
+    type = "s3"
diff --git a/k8s/attic/resources/deployment.yaml b/k8s/attic/resources/deployment.yaml
@@ -0,0 +1,51 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: attic-api
+  namespace: attic
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: attic-api
+  template:
+    metadata:
+      labels:
+        app: attic-api
+    spec:
+      containers:
+      - name: attic-api
+        image: ghcr.io/zhaofengli/attic:b8c5ab4518f776624fee261385abb98348cd26cf
+        args: ["--mode", "api-server", "-f", "/etc/attic/atticd.yaml"]
+        env:
+        - name: ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64
+          valueFrom:
+            secretKeyRef:
+              # FIXME: part of declarative secret management
+              name: attic-creds
+              key: token
+        - name: AWS_ACCESS_KEY_ID
+          valueFrom:
+            secretKeyRef:
+              # FIXME: part of declarative secret management
+              name: attic-creds
+              key: key-id
+        - name: AWS_SECRET_ACCESS_KEY
+          valueFrom:
+            secretKeyRef:
+              # FIXME: part of declarative secret management
+              name: attic-creds
+              key: secret-key
+        volumeMounts:
+        - name: config
+          mountPath: "/etc/attic"
+          readOnly: true
+        ports:
+        - containerPort: 8080
+      volumes:
+      - name: config
+        configMap:
+          name: attic-config
+          items:
+            - key: "atticd.yaml"
+              path: "atticd.yaml"
diff --git a/k8s/attic/resources/ingress.yaml b/k8s/attic/resources/ingress.yaml
@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: attic-api
+  namespace: attic
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: cache.jessie.cafe
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: attic-api
+                port:
+                  name: http
+  tls:
+  - hosts:
+    - cache.jessie.cafe
+    secretName: attic-api-cert
diff --git a/k8s/attic/resources/service.yaml b/k8s/attic/resources/service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: attic-api
+  namespace: attic
+spec:
+  selector:
+    app: attic-api
+  ports:
+    - name: http
+      protocol: TCP
+      port: 80
+      targetPort: 8080
diff --git a/nixos/ari/argocd/app.nix b/nixos/ari/argocd/app.nix
@@ -111,7 +111,6 @@ in
             inherit (config.jix.argocd) targetRevision;
             repoURL = "https://github.com/ttrssreal/jix";
             inherit path;
-            directory.recurse = true;
           }) config.jix.argocd.sources;
 
           destination = {

diff --git a/nixos/ari/kubernetes.nix b/nixos/ari/kubernetes.nix
@@ -14,6 +14,7 @@
           targetRevision = "e175c71b696752df431c2b313bd406731e7e149f";
 
           sources = [
+            "k8s/attic"
             "k8s/argocd-server"
             "k8s/cert-manager"
             "k8s/github-runners"

diff --git a/nixos/ari/system.nix b/nixos/ari/system.nix
@@ -20,6 +20,8 @@
           endpoint = "https://nix-cache-b5eea907c395.s3.us-west-002.backblazeb2.com";
         };
 
+        database.url = "postgresql://attic@ari/attic";
+
         # Data chunking
         #
         # Warning: If you change any of the values here, it will be
@@ -44,6 +46,26 @@
         };
       };
     };
+
+    postgresql = {
+      enable = true;
+      enableTCPIP = true;
+
+      authentication = ''
+        host all all all trust
+      '';
+
+      ensureDatabases = [
+        "attic"
+      ];
+
+      ensureUsers = [
+        {
+          name = "attic";
+          ensureDBOwnership = true;
+        }
+      ];
+    };
   };
 
   boot.loader.grub = {