jaggar/iac-cljs-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revise nextcloud to use reusable template

Browse Source
This commit is contained in:
GigiaJ
2025-09-30 02:25:56 -05:00
parent 7fa88642d3
commit 0aa705bd84
1 changed files with 25 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
iac/src/main/k8s/services/nextcloud/service.cljs
View File

@@ -1,22 +1,18 @@
(ns k8s.services.nextcloud.service
(:require
["@pulumi/kubernetes" :as k8s]
["@pulumi/pulumi" :as pulumi]
["@pulumi/vault" :as vault]
["fs" :as fs]
["js-yaml" :as yaml]
["path" :as path]
[utils.vault :refer [get-secret-val]]))
[utils.vault :as vault-utils]
[utils.ingress :as ingress-utils]))
(defn- add-skip-await-transformation
"A Pulumi transformation that adds the skipAwait annotation to problematic resources."
[args _opts]
(let [kind (get-in args [:kind])]
(if (or (= kind "StatefulSet")
(= kind "PersistentVolumeClaim")
(= kind "Ingress"))
(let [
metadata (get-in args [:metadata] {})
(if (or
(= kind "StatefulSet")
(= kind "PersistentVolumeClaim")
(= kind "Ingress"))
(let [metadata (get-in args [:metadata] {})
annotations (get metadata :annotations {})
new-annotations (assoc annotations "pulumi.com/skipAwait" "true")
new-metadata (assoc metadata :annotations new-annotations)]
@@ -26,58 +22,29 @@
(defn deploy-nextcloud
"Deploy Nextcloud using direct vault connection info."
[provider vault-provider]
(let [core-v1 (.. k8s -core -v1)
helm-v3 (.. k8s -helm -v3)
nextcloud-secrets (.getSecret (.-generic vault)
(clj->js {:path "secret/nextcloud"})
(clj->js {:provider vault-provider}))
(let [{:keys [helm-v3 secrets yaml-values service-name namespace bind-secrets]} (vault-utils/prepare vault-provider "nextcloud" provider)
ns (new (.. core-v1 -Namespace)
"nextcloud-ns"
(clj->js {:metadata {:name "my-nextcloud"}})
(clj->js {:provider provider}))
hostname (.. secrets -host)
admin-secret (new (.. core-v1 -Secret)
"nextcloud-admin-secret"
(clj->js {:metadata {:name "nextcloud-admin-secret"
:namespace (.. ns -metadata -name)}
:stringData {:password (get-secret-val nextcloud-secrets "adminPassword")}})
(clj->js {:provider provider}))
db-secret (new (.. core-v1 -Secret)
"nextcloud-db-secret"
(clj->js {:metadata {:name "nextcloud-db-secret"
:namespace (.. ns -metadata -name)}
:stringData {"mariadb-root-password" (get-secret-val nextcloud-secrets "dbPassword")
"mariadb-password" (get-secret-val nextcloud-secrets "dbPassword")}})
(clj->js {:provider provider}))
values-path (.join path js/__dirname ".." "resources" "nextcloud.yml")
helm-values (js->clj (-> values-path
(fs/readFileSync "utf8")
(yaml/load)))
hostname (get-secret-val nextcloud-secrets "host")
final-helm-values (-> helm-values
(assoc-in [:ingress :hosts 0 :host] hostname)
(assoc-in [:ingress :enabled] true)
final-helm-values (-> yaml-values
(assoc-in [:ingress :enabled] false)
(assoc-in [:nextcloud :host] hostname)
(assoc-in [:nextcloud :trusted_domains] [hostname]))
(assoc-in [:nextcloud :trusted_domains] [hostname]))
chart (new (.. helm-v3 -Chart)
"nextcloud"
(clj->js {:chart "nextcloud"
service-name
(clj->js {:chart service-name
:fetchOpts {:repo "https://nextcloud.github.io/helm/"}
:namespace (.. ns -metadata -name)
:namespace namespace
:values final-helm-values})
(clj->js {:provider provider
:dependsOn [admin-secret db-secret]
:transformations [add-skip-await-transformation]}))]
{:namespace ns
:admin-secret admin-secret
:db-secret db-secret
:dependsOn [bind-secrets]
:transformations [add-skip-await-transformation]
}))
ingress (ingress-utils/create-ingress hostname namespace service-name 80 chart)
;;cert (ingress-utils/create-certificate hostname namespace service-name ingress)
]
{:namespace namespace
:nextcloud-secrets bind-secrets
:chart chart
:nextcloud-url (.then nextcloud-secrets
#(str "https://" (aget (.-data %) "host")))}))
:ingress ingress
:nextcloud-url (str "https://" hostname)}))