technofab/nixlets
1
0
Fork 0
mirror of https://gitlab.com/TECHNOFAB/nixlets.git synced 2025-12-12 01:50:05 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add some nixlets

Browse source
This commit is contained in:
technofab 2024-03-09 14:26:09 +00:00
parent 6d7653ff0c
commit 94cd725a82
17 changed files with 508 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
flake.nix
View file

@ -20,6 +20,9 @@
# █░▀█ █ █░█ █▄▄ ██▄ ░█░ ▄█ # █░▀█ █ █░█ █▄▄ ██▄ ░█░ ▄█
nixlets = { nixlets = {
# <name> = utils.mkNixlet ./nixlets/<name>; # <name> = utils.mkNixlet ./nixlets/<name>;
mosquitto = utils.mkNixlet ./nixlets/mosquitto;
attic = utils.mkNixlet ./nixlets/attic;
postgres = utils.mkNixlet ./nixlets/postgres;
}; };
}; };
perSystem = { perSystem = {

9
nixlets/attic/configMap.nix Normal file
View file

@ -0,0 +1,9 @@
{values, ...}: {
kubernetes.resources = {
configMaps."${values.uniqueName}-config" = {
data = {
"config.toml" = values.configToml;
};
};
};
}

7
nixlets/attic/default.nix Normal file
View file

@ -0,0 +1,7 @@
{...}: {
imports = [
./deployment.nix
./configMap.nix
./service.nix
];
}

42
nixlets/attic/deployment.nix Normal file
View file

@ -0,0 +1,42 @@
{values, ...}: {
kubernetes.resources = {
deployments."${values.uniqueName}" = {
spec = {
replicas = values.replicaCount;
selector.matchLabels.app = "${values.uniqueName}";
template = {
metadata.labels.app = "${values.uniqueName}";
spec = {
securityContext.fsGroup = 1000;
containers."api-server" = {
image = "${values.image.repository}:${values.image.tag}";
imagePullPolicy = values.image.pullPolicy;
command = ["atticd" "-f" "/etc/attic/config.toml" "--mode" "monolithic"]; # TODO: only api-server can be replicated
envFrom = [
{secretRef.name = "${values.uniqueName}-env";}
];
volumeMounts = {
"config" = {
name = "config";
mountPath = "/etc/attic";
readOnly = true;
};
};
};
volumes = {
"config".configMap = {
name = "${values.uniqueName}-config";
items = [
{
key = "config.toml";
path = "config.toml";
}
];
};
};
};
};
};
};
};
}

16
nixlets/attic/service.nix Normal file
View file

@ -0,0 +1,16 @@
{values, ...}: {
kubernetes.resources = {
services."${values.uniqueName}" = {
spec = {
selector.app = "${values.uniqueName}";
ports = [
{
name = "http";
port = 8080;
}
];
type = values.service.type;
};
};
};
}

177
nixlets/attic/values.nix Normal file
View file

@ -0,0 +1,177 @@
{
lib,
utils,
project,
...
}:
with lib; {
# for some basic values see https://github.com/helm/examples/blob/4888ba8fb8180dd0c36d1e84c1fcafc6efd81532/charts/hello-world/values.yaml
options = {
replicaCount = mkOption {
type = types.int;
default = 1;
};
image = utils.mkNestedOption {
repository = mkOption {
type = types.str;
default = "ghcr.io/zhaofengli/attic";
};
pullPolicy = mkOption {
type = types.str;
default = "IfNotPresent";
};
tag = mkOption {
type = types.str;
default = "latest";
};
};
configToml = mkOption {
type = types.str;
default = ''
# Socket address to listen on
listen = "[::]:8080"
# Allowed `Host` headers
#
# This _must_ be configured for production use. If unconfigured or the
# list is empty, all `Host` headers are allowed.
allowed-hosts = []
# The canonical API endpoint of this server
#
# This is the endpoint exposed to clients in `cache-config` responses.
#
# This _must_ be configured for production use. If not configured, the
# API endpoint is synthesized from the client's `Host` header which may
# be insecure.
#
# The API endpoint _must_ end with a slash (e.g., `https://domain.tld/attic/`
# not `https://domain.tld/attic`).
#api-endpoint = "https://your.domain.tld/"
# Whether to soft-delete caches
#
# If this is enabled, caches are soft-deleted instead of actually
# removed from the database. Note that soft-deleted caches cannot
# have their names reused as long as the original database records
# are there.
#soft-delete-caches = false
# Whether to require fully uploading a NAR if it exists in the global cache.
#
# If set to false, simply knowing the NAR hash is enough for
# an uploader to gain access to an existing NAR in the global
# cache.
#require-proof-of-possession = true
# JWT signing token
#
# Set this to the Base64 encoding of some random data.
# You can also set it via the `ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64` environment
# variable.
token-hs256-secret-base64 = ""
# Database connection
[database]
# Connection URL
#
# For production use it's recommended to use PostgreSQL.
url = "sqlite:///data/attic.db"
# Whether to enable sending on periodic heartbeat queries
#
# If enabled, a heartbeat query will be sent every minute
#heartbeat = false
# File storage configuration
[storage]
# Storage type
#
# Can be "local" or "s3".
type = "local"
# ## Local storage
# The directory to store all files under
path = "/data/storage"
# ## S3 Storage (set type to "s3" and uncomment below)
# The AWS region
#region = "us-east-1"
# The name of the bucket
#bucket = "some-bucket"
# Custom S3 endpoint
#
# Set this if you are using an S3-compatible object storage (e.g., Minio).
#endpoint = "https://xxx.r2.cloudflarestorage.com"
# Credentials
#
# If unset, the credentials are read from the `AWS_ACCESS_KEY_ID` and
# `AWS_SECRET_ACCESS_KEY` environment variables.
#[storage.credentials]
# access_key_id = ""
# secret_access_key = ""
# Data chunking
#
# Warning: If you change any of the values here, it will be
# difficult to reuse existing chunks for newly-uploaded NARs
# since the cutpoints will be different. As a result, the
# deduplication ratio will suffer for a while after the change.
[chunking]
# The minimum NAR size to trigger chunking
#
# If 0, chunking is disabled entirely for newly-uploaded NARs.
# If 1, all NARs are chunked.
nar-size-threshold = 65536 # chunk files that are 64 KiB or larger
# The preferred minimum size of a chunk, in bytes
min-size = 16384 # 16 KiB
# The preferred average size of a chunk, in bytes
avg-size = 65536 # 64 KiB
# The preferred maximum size of a chunk, in bytes
max-size = 262144 # 256 KiB
# Compression
[compression]
# Compression type
#
# Can be "none", "brotli", "zstd", or "xz"
type = "zstd"
# Compression level
#level = 8
# Garbage collection
[garbage-collection]
# The frequency to run garbage collection at
#
# By default it's 12 hours. You can use natural language
# to specify the interval, like "1 day".
#
# If zero, automatic garbage collection is disabled, but
# it can still be run manually with `atticd --mode garbage-collector-once`.
interval = "12 hours"
# Default retention period
#
# Zero (default) means time-based garbage-collection is
# disabled by default. You can enable it on a per-cache basis.
#default-retention-period = "6 months"
'';
};
# internal
uniqueName = mkOption {
internal = true;
type = types.str;
default = "${project}-atticd";
};
};
}

9
nixlets/mosquitto/configMap.nix Normal file
View file

@ -0,0 +1,9 @@
{values, ...}: {
kubernetes.resources = {
configMaps."${values.uniqueName}-config" = {
data = {
"mosquitto.conf" = values.configContent;
};
};
};
}

8
nixlets/mosquitto/default.nix Normal file
View file

@ -0,0 +1,8 @@
{...}: {
imports = [
./statefulSet.nix
./service.nix
./configMap.nix
./persistentVolumeClaim.nix
];
}

8
nixlets/mosquitto/persistentVolumeClaim.nix Normal file
View file

@ -0,0 +1,8 @@
{values, ...}: {
kubernetes.resources = {
persistentVolumeClaims."${values.uniqueName}-data".spec = {
accessModes = ["ReadWriteOnce"];
resources.requests.storage = values.storage;
};
};
}

17
nixlets/mosquitto/service.nix Normal file
View file

@ -0,0 +1,17 @@
{values, ...}: {
kubernetes.resources = {
services."${values.uniqueName}" = {
spec = {
selector.app = "${values.uniqueName}";
ports = [
{
name = "mqtt";
port = values.service.port;
targetPort = 1883;
}
];
type = values.service.type;
};
};
};
}

40
nixlets/mosquitto/statefulSet.nix Normal file
View file

@ -0,0 +1,40 @@
{values, ...}: {
kubernetes.resources = {
statefulSets."${values.uniqueName}".spec = {
replicas = values.replicaCount;
selector.matchLabels.name = "${values.uniqueName}";
serviceName = "${values.uniqueName}";
template = {
metadata.labels.name = "${values.uniqueName}";
spec = {
containers."mosquitto" = {
image = "${values.image.repository}:${values.image.tag}";
imagePullPolicy = values.image.pullPolicy;
ports."mqtt".containerPort = 1883;
volumeMounts = {
"password-file" = {
name = "password-file";
mountPath = "/mosquitto/config/password_file";
subPath = "password_file";
};
"config" = {
name = "config";
mountPath = "/mosquitto/config/mosquitto.conf";
subPath = "mosquitto.conf";
};
"data" = {
name = "data";
mountPath = "/mosquitto/data";
};
};
};
volumes = {
"password-file".secret.secretName = "${values.uniqueName}";
"config".configMap.name = "${values.uniqueName}-config";
"data".persistentVolumeClaim.claimName = "${values.uniqueName}-data";
};
};
};
};
};
}

64
nixlets/mosquitto/values.nix Normal file
View file

@ -0,0 +1,64 @@
{
lib,
utils,
project,
...
}:
with lib; {
# for some basic values see https://github.com/helm/examples/blob/4888ba8fb8180dd0c36d1e84c1fcafc6efd81532/charts/hello-world/values.yaml
options = {
replicaCount = mkOption {
type = types.int;
default = 1;
};
image = utils.mkNestedOption {
repository = mkOption {
type = types.str;
default = "eclipse-mosquitto";
};
tag = mkOption {
type = types.str;
default = "latest";
};
pullPolicy = mkOption {
type = types.str;
default = "IfNotPresent";
};
};
service = utils.mkNestedOption {
port = mkOption {
type = types.int;
default = 1883;
};
type = mkOption {
type = types.str;
default = "ClusterIP";
};
};
storage = mkOption {
type = types.str;
default = "5G";
};
passwordAuthEnabled = mkOption {
type = types.bool;
default = true;
};
configContent = mkOption {
type = types.str;
default = ''
listener 1883
persistence true
persistence_location /mosquitto/data
autosave_interval 1800
password_file /mosquitto/config/password_file
'';
};
# internal
uniqueName = mkOption {
internal = true;
type = types.str;
default = "${project}-mosquitto";
};
};
}

7
nixlets/postgres/default.nix Normal file
View file

@ -0,0 +1,7 @@
{...}: {
imports = [
./statefulSet.nix
./service.nix
./persistentVolumeClaim.nix
];
}

8
nixlets/postgres/persistentVolumeClaim.nix Normal file
View file

@ -0,0 +1,8 @@
{values, ...}: {
kubernetes.resources = {
persistentVolumeClaims."${values.uniqueName}-data".spec = {
accessModes = ["ReadWriteOnce"];
resources.requests.storage = values.storage;
};
};
}

17
nixlets/postgres/service.nix Normal file
View file

@ -0,0 +1,17 @@
{values, ...}: {
kubernetes.resources = {
services."${values.uniqueName}" = {
spec = {
selector.app = "${values.uniqueName}";
ports = [
{
name = "tcp";
port = values.service.port;
targetPort = 5432;
}
];
type = values.service.type;
};
};
};
}

26
nixlets/postgres/statefulSet.nix Normal file
View file

@ -0,0 +1,26 @@
{values, ...}: {
kubernetes.resources = {
statefulSets."${values.uniqueName}".spec = {
replicas = values.replicaCount;
selector.matchLabels.name = "${values.uniqueName}";
serviceName = "${values.uniqueName}";
template = {
metadata.labels.name = "${values.uniqueName}";
spec = {
containers."postgres" = {
image = "${values.image.repository}:${values.image.tag}";
imagePullPolicy = values.image.pullPolicy;
ports."tcp".containerPort = 5432;
volumeMounts."data" = {
name = "data";
mountPath = "/var/lib/postgresql/data";
};
};
volumes = {
"data".persistentVolumeClaim.claimName = "${values.uniqueName}-data";
};
};
};
};
};
}

50
nixlets/postgres/values.nix Normal file
View file

@ -0,0 +1,50 @@
{
lib,
utils,
project,
...
}:
with lib; {
# for some basic values see https://github.com/helm/examples/blob/4888ba8fb8180dd0c36d1e84c1fcafc6efd81532/charts/hello-world/values.yaml
options = {
replicaCount = mkOption {
type = types.int;
default = 1;
};
image = utils.mkNestedOption {
repository = mkOption {
type = types.str;
default = "postgres";
};
tag = mkOption {
type = types.str;
default = "latest";
};
pullPolicy = mkOption {
type = types.str;
default = "IfNotPresent";
};
};
service = utils.mkNestedOption {
port = mkOption {
type = types.int;
default = 5432;
};
type = mkOption {
type = types.str;
default = "ClusterIP";
};
};
storage = mkOption {
type = types.str;
default = "5G";
};
# internal
uniqueName = mkOption {
internal = true;
type = types.str;
default = "${project}-postgres";
};
};
}