diff --git a/iac/src/main/k8s/services/nextcloud/nextcloud.cljs b/iac/src/main/k8s/services/nextcloud/nextcloud.cljs index 3d20c4b..af7c844 100644 --- a/iac/src/main/k8s/services/nextcloud/nextcloud.cljs +++ b/iac/src/main/k8s/services/nextcloud/nextcloud.cljs @@ -13,35 +13,34 @@ [secret-promise key] (.then secret-promise #(aget (.-data %) key))) -(defn deploy-nextcloud-app - "Deploy Nextcloud using Vault‑managed secrets and a Helm chart." - [provider] +(defn deploy-nextcloud + "Deploy Nextcloud using direct vault connection info." + [provider vault-params] (let [core-v1 (.. k8s -core -v1) - helm-v3 (.. k8s -helm -v3) + helm-v3 (.. k8s -helm -v3) - vault-cfg (pulumi/Config. "vault") - vault-provider (vault/Provider. + vault-provider (new vault/Provider "vault-provider" - (clj->js {:address (.require vault-cfg "address") - :token (.requireSecret vault-cfg "token")})) + (clj->js vault-params)) - nextcloud-secrets (.getSecret (.-generic vault) - (clj->js {:path "secret/nextcloud"}) - (clj->js {:provider vault-provider})) + nextcloud-secrets (.getSecret (.-generic vault) + (clj->js {:path "secret/nextcloud"}) + (clj->js {:provider vault-provider + :dependsOn [(get vault-params :vault-port-forward)]})) - ns ((.. core-v1 -Namespace) + ns (new (.. core-v1 -Namespace) "nextcloud-ns" (clj->js {:metadata {:name "nextcloud"}}) (clj->js {:provider provider})) - admin-secret ((.. core-v1 -Secret) + admin-secret (new (.. core-v1 -Secret) "nextcloud-admin-secret" (clj->js {:metadata {:name "nextcloud-admin-secret" :namespace (.. ns -metadata -name)} :stringData {:password (get-secret-val nextcloud-secrets "adminPassword")}}) (clj->js {:provider provider})) - db-secret ((.. core-v1 -Secret) + db-secret (new (.. core-v1 -Secret) "nextcloud-db-secret" (clj->js {:metadata {:name "nextcloud-db-secret" :namespace (.. ns -metadata -name)} @@ -49,26 +48,26 @@ "mariadb-password" (get-secret-val nextcloud-secrets "dbPassword")}}) (clj->js {:provider provider})) - values-path (.join path js/__dirname "values.yaml") - helm-values (-> values-path - (fs/readFileSync "utf8") - (yaml/load)) - _ (aset (aget (aget (aget helm-values "ingress") "hosts") 0) - "host" - (get-secret-val nextcloud-secrets "host")) + values-path (.join path js/__dirname "resources" "nextcloud.yml") + helm-values (-> values-path + (fs/readFileSync "utf8") + (yaml/load)) + _ (aset (aget (aget (aget helm-values "ingress") "hosts") 0) + "host" + (get-secret-val nextcloud-secrets "host")) - chart ((.. helm-v3 -Chart) + chart (new (.. helm-v3 -Chart) "my-nextcloud" (clj->js {:chart "nextcloud" :fetchOpts {:repo "https://nextcloud.github.io/helm/"} :namespace (.. ns -metadata -name) :values helm-values}) (clj->js {:provider provider - :dependsOn [admin-secret db-secret]}))] + :dependsOn [admin-secret db-secret (clj->js (get vault-params :vault-port-forward))]}))] - {:namespace ns - :admin-secret admin-secret - :db-secret db-secret - :chart chart - :nextcloud-url (.then nextcloud-secrets - #(str "https://" (aget (.-data %) "host")))})) + {:namespace ns + :admin-secret admin-secret + :db-secret db-secret + :chart chart + :nextcloud-url (.then nextcloud-secrets + #(str "https://" (aget (.-data %) "host")))}))