From eb050bca05f48e83651de8aba13acdfe7b9749fb Mon Sep 17 00:00:00 2001
From: Jess <jess@jessie.cafe>
Date: Sat, 11 Jan 2025 12:40:01 +1300
Subject: [PATCH] k8s: init attic api instances

---
 k8s/attic/attic.yaml                | 18 +++++++++++
 k8s/attic/namespace.yaml            |  4 +++
 k8s/attic/resources/config.yaml     | 19 +++++++++++
 k8s/attic/resources/deployment.yaml | 49 +++++++++++++++++++++++++++++
 k8s/attic/resources/ingress.yaml    | 20 ++++++++++++
 k8s/attic/resources/service.yaml    | 13 ++++++++
 nixos/ari/argocd/app.nix            |  1 -
 7 files changed, 123 insertions(+), 1 deletion(-)
 create mode 100644 k8s/attic/attic.yaml
 create mode 100644 k8s/attic/namespace.yaml
 create mode 100644 k8s/attic/resources/config.yaml
 create mode 100644 k8s/attic/resources/deployment.yaml
 create mode 100644 k8s/attic/resources/ingress.yaml
 create mode 100644 k8s/attic/resources/service.yaml

diff --git a/k8s/attic/attic.yaml b/k8s/attic/attic.yaml
new file mode 100644
index 0000000..d63acda
--- /dev/null
+++ b/k8s/attic/attic.yaml
@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: attic
+  namespace: apps
+spec:
+  project: apps
+  source:
+    repoURL: "https://github.com/ttrssreal/jix"
+    path: "k8s/attic/resources"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: attic
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
diff --git a/k8s/attic/namespace.yaml b/k8s/attic/namespace.yaml
new file mode 100644
index 0000000..5369f0b
--- /dev/null
+++ b/k8s/attic/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: attic
diff --git a/k8s/attic/resources/config.yaml b/k8s/attic/resources/config.yaml
new file mode 100644
index 0000000..0c12620
--- /dev/null
+++ b/k8s/attic/resources/config.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: attic-config
+data:
+  atticd.yaml: |
+    listen = "[::]:8080"
+
+    [chunking]
+    avg-size = 65536
+    max-size = 262144
+    min-size = 16384
+    nar-size-threshold = 65536
+    
+    [storage]
+    bucket = "nix-cache-b5eea907c395"
+    endpoint = "https://nix-cache-b5eea907c395.s3.us-west-002.backblazeb2.com"
+    region = "us-west-002"
+    type = "s3"
diff --git a/k8s/attic/resources/deployment.yaml b/k8s/attic/resources/deployment.yaml
new file mode 100644
index 0000000..f73617c
--- /dev/null
+++ b/k8s/attic/resources/deployment.yaml
@@ -0,0 +1,49 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: attic-api
+  namespace: attic
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: attic-api
+  template:
+    metadata:
+      labels:
+        app: attic-api
+    spec:
+      containers:
+      - name: attic-api
+        image: ghcr.io/zhaofengli/attic:b8c5ab4518f776624fee261385abb98348cd26cf
+        args: ["--mode", "api-server", "-f", "/etc/attic/atticd.yaml"]
+        env:
+        - name: ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64
+          valueFrom:
+            secretKeyRef:
+              name: attic-creds
+              key: token
+        - name: AWS_ACCESS_KEY_ID
+          valueFrom:
+            secretKeyRef:
+              name: attic-creds
+              key: key-id
+        - name: AWS_SECRET_ACCESS_KEY
+          valueFrom:
+            secretKeyRef:
+              name: attic-creds
+              key: secret-key
+        volumeMounts:
+        - name: config
+          mountPath: "/etc/attic"
+          readOnly: true
+        ports:
+        - containerPort: 8080
+      volumes:
+      - name: config
+        configMap:
+          name: attic-config
+          items:
+            - key: "atticd.yaml"
+              path: "atticd.yaml"
+
diff --git a/k8s/attic/resources/ingress.yaml b/k8s/attic/resources/ingress.yaml
new file mode 100644
index 0000000..8648148
--- /dev/null
+++ b/k8s/attic/resources/ingress.yaml
@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: attic-api
+  namespace: attic
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: cache.jessie.cafe
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: attic-api
+                port:
+                  name: http
diff --git a/k8s/attic/resources/service.yaml b/k8s/attic/resources/service.yaml
new file mode 100644
index 0000000..4ff960c
--- /dev/null
+++ b/k8s/attic/resources/service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: attic-api
+  namespace: attic
+spec:
+  selector:
+    app: attic-api
+  ports:
+    - name: http
+      protocol: TCP
+      port: 80
+      targetPort: 8080
diff --git a/nixos/ari/argocd/app.nix b/nixos/ari/argocd/app.nix
index d412211..3418f34 100644
--- a/nixos/ari/argocd/app.nix
+++ b/nixos/ari/argocd/app.nix
@@ -111,7 +111,6 @@ in
             inherit (config.jix.argocd) targetRevision;
             repoURL = "https://github.com/ttrssreal/jix";
             inherit path;
-            directory.recurse = true;
           }) config.jix.argocd.sources;
 
           destination = {