feat: add poketwo-staging and poketwo-staging-private

kubernetes/poketwo-staging-private/gateway-proxy.nix

@@ -0,0 +1,76 @@
+{ ... }:
+
+{
+  namespaces.poketwo-staging-private.resources = {
+    "apps/v1".Deployment.gateway-proxy.spec = {
+      replicas = 1;
+      selector.matchLabels.app = "gateway-proxy";
+      template = {
+        metadata.labels.app = "gateway-proxy";
+        spec = {
+          containers = [{
+            name = "server";
+            image = "ghcr.io/poketwo/gateway-proxy:latest";
+            ports = [{ containerPort = 7878; }];
+            resources = {
+              limits = { memory = "2Gi"; };
+              requests = { memory = "2Gi"; cpu = "50m"; };
+            };
+            readinessProbe = {
+              httpGet = { path = "/metrics"; port = 7878; };
+              initialDelaySeconds = 5;
+              periodSeconds = 5;
+            };
+            volumeMounts = [{
+              name = "config";
+              mountPath = "/config";
+            }];
+            env = [{ name = "CONFIG"; value = "/config/config.json"; }];
+            envFrom = [{ secretRef = { name = "poketwo"; }; }];
+          }];
+          volumes = [{
+            name = "config";
+            configMap = { name = "gateway-proxy"; };
+          }];
+          imagePullSecrets = [{ name = "ghcr-auth"; }];
+        };
+      };
+    };
+
+    v1.Service.gateway-proxy.spec = {
+      selector.app = "gateway-proxy";
+      ports = [{ port = 80; targetPort = 7878; }];
+    };
+
+    v1.Secret.poketwo.stringData = {
+      TOKEN = "";
+    };
+
+    v1.ConfigMap.gateway-proxy.data = {
+      "config.json" = builtins.toJSON {
+        log_level = "info";
+        shards = 1;
+        intents = 32509;
+        port = 7878;
+        activity = { type = 0; name = "@Pokétwo help"; };
+        status = "online";
+        backpressure = 100;
+        validate_token = true;
+        externally_accessible_url = "ws://gateway-proxy";
+        cache = {
+          channels = true;
+          presences = false;
+          emojis = false;
+          current_member = true;
+          members = false;
+          roles = true;
+          scheduled_events = false;
+          stage_instances = false;
+          stickers = false;
+          users = true;
+          voice_states = false;
+        };
+      };
+    };
+  };
+}

kubernetes/poketwo-staging-private/ghcr-auth.nix

@@ -0,0 +1,10 @@
+{ ... }:
+
+{
+  namespaces.poketwo-staging-private.resources = {
+    v1.Secret.ghcr-auth = {
+      type = "kubernetes.io/dockerconfigjson";
+      stringData.".dockerconfigjson" = "";
+    };
+  };
+}

kubernetes/poketwo-staging-private/mongodb.nix

@@ -0,0 +1,40 @@
+{ ... }:
+
+{
+  namespaces.poketwo-staging-private.resources = {
+    "mongodbcommunity.mongodb.com/v1".MongoDBCommunity.mongodb.spec = {
+      type = "ReplicaSet";
+      members = 3;
+      version = "7.0.11";
+      security = { };
+      users = [{
+        name = "poketwo";
+        scramCredentialsSecretName = "poketwo";
+        passwordSecretRef.name = "mongodb-user";
+        roles = [{ name = "root"; db = "admin"; }];
+      }];
+      additionalMongodConfig."net.ipv6" = true;
+      statefulSet.spec = {
+        volumeClaimTemplates = [{
+          metadata.name = "data-volume";
+          spec = {
+            resources.requests.storage = "8Gi";
+            storageClassName = "rbd-nvme-retain";
+          };
+        }];
+        template.spec.containers = [{
+          name = "mongod";
+          resources = {
+            limits = { cpu = 1; memory = "20Gi"; };
+            requests = { cpu = "100m"; memory = "1Gi"; };
+          };
+        }];
+      };
+    };
+
+    v1.Secret."mongodb-user" = {
+      type = "Opaque";
+      stringData.password = "";
+    };
+  };
+}

kubernetes/poketwo-staging-private/poketwo.nix

@@ -0,0 +1,42 @@
+{ ... }:
+
+{
+  namespaces.poketwo-staging-private.resources = {
+    v1.Service.poketwo.spec = {
+      selector.app = "poketwo";
+      clusterIP = "None";
+    };
+
+    "apps/v1".StatefulSet.poketwo.spec = {
+      replicas = 1;
+      selector.matchLabels.app = "poketwo";
+      serviceName = "poketwo";
+      template = {
+        metadata.labels.app = "poketwo";
+        spec = {
+          containers = [{
+            name = "poketwo";
+            image = "ghcr.io/poketwo/poketwo:production";
+            imagePullPolicy = "Always";
+            resources = {
+              limits = { memory = "4Gi"; };
+              requests = { memory = "2Gi"; cpu = "100m"; };
+            };
+            envFrom = [{ secretRef.name = "poketwo"; }];
+            env = [
+              { name = "DATABASE_URI"; valueFrom.secretKeyRef = { name = "mongodb-admin-poketwo"; key = "connectionString.standard"; }; }
+              { name = "DATABASE_NAME"; value = "pokemon_dev"; }
+              { name = "REDIS_URI"; value = "redis://redis-master"; }
+              { name = "REDIS_PASSWORD"; valueFrom.secretKeyRef = { name = "redis"; key = "redis-password"; }; }
+              { name = "SERVER_URL"; value = "http://image-server.poketwo"; }
+              { name = "EXT_SERVER_URL"; value = "https://server.poketwo.io"; }
+              { name = "IMGEN_URL"; value = "http://imgen-rust.poketwo"; }
+              { name = "API_GATEWAY"; value = "ws://gateway-proxy"; }
+            ];
+          }];
+          imagePullSecrets = [{ name = "ghcr-auth"; }];
+        };
+      };
+    };
+  };
+}

kubernetes/poketwo-staging-private/redis.nix

@@ -0,0 +1,26 @@
+{ transpire, ... }:
+
+{
+  namespaces.poketwo-staging-private.helmReleases.redis = {
+    chart = transpire.fetchFromHelm {
+      repo = "https://charts.bitnami.com/bitnami";
+      name = "redis";
+      version = "19.6.1";
+      sha256 = "z7M/oHv2x9LVaMaPXk5KfYYqZs7m7+PmLxnKjL0Thxs=";
+    };
+
+    values = {
+      architecture = "standalone";
+      usePassword = true;
+      master = {
+        persistence.size = "2Gi";
+        resources = {
+          requests = { memory = "1Gi"; };
+          limits = { memory = "1Gi"; cpu = "20m"; };
+        };
+      };
+      metrics.enabled = true;
+      networkPolicy.enabled = false;
+    };
+  };
+}

kubernetes/poketwo-staging/gateway-proxy.nix

@@ -0,0 +1,76 @@
+{ ... }:
+
+{
+  namespaces.poketwo-staging.resources = {
+    "apps/v1".Deployment.gateway-proxy.spec = {
+      replicas = 1;
+      selector.matchLabels.app = "gateway-proxy";
+      template = {
+        metadata.labels.app = "gateway-proxy";
+        spec = {
+          containers = [{
+            name = "server";
+            image = "ghcr.io/poketwo/gateway-proxy:latest";
+            ports = [{ containerPort = 7878; }];
+            resources = {
+              limits = { memory = "2Gi"; };
+              requests = { memory = "2Gi"; cpu = "50m"; };
+            };
+            readinessProbe = {
+              httpGet = { path = "/metrics"; port = 7878; };
+              initialDelaySeconds = 5;
+              periodSeconds = 5;
+            };
+            volumeMounts = [{
+              name = "config";
+              mountPath = "/config";
+            }];
+            env = [{ name = "CONFIG"; value = "/config/config.json"; }];
+            envFrom = [{ secretRef = { name = "poketwo"; }; }];
+          }];
+          volumes = [{
+            name = "config";
+            configMap = { name = "gateway-proxy"; };
+          }];
+          imagePullSecrets = [{ name = "ghcr-auth"; }];
+        };
+      };
+    };
+
+    v1.Service.gateway-proxy.spec = {
+      selector.app = "gateway-proxy";
+      ports = [{ port = 80; targetPort = 7878; }];
+    };
+
+    v1.Secret.poketwo.stringData = {
+      TOKEN = "";
+    };
+
+    v1.ConfigMap.gateway-proxy.data = {
+      "config.json" = builtins.toJSON {
+        log_level = "info";
+        shards = 1;
+        intents = 32509;
+        port = 7878;
+        activity = { type = 0; name = "@Pokétwo help"; };
+        status = "online";
+        backpressure = 100;
+        validate_token = true;
+        externally_accessible_url = "ws://gateway-proxy";
+        cache = {
+          channels = true;
+          presences = false;
+          emojis = false;
+          current_member = true;
+          members = false;
+          roles = true;
+          scheduled_events = false;
+          stage_instances = false;
+          stickers = false;
+          users = true;
+          voice_states = false;
+        };
+      };
+    };
+  };
+}

kubernetes/poketwo-staging/ghcr-auth.nix

@@ -0,0 +1,10 @@
+{ ... }:
+
+{
+  namespaces.poketwo-staging.resources = {
+    v1.Secret.ghcr-auth = {
+      type = "kubernetes.io/dockerconfigjson";
+      stringData.".dockerconfigjson" = "";
+    };
+  };
+}

kubernetes/poketwo-staging/mongodb.nix

@@ -0,0 +1,40 @@
+{ ... }:
+
+{
+  namespaces.poketwo-staging.resources = {
+    "mongodbcommunity.mongodb.com/v1".MongoDBCommunity.mongodb.spec = {
+      type = "ReplicaSet";
+      members = 3;
+      version = "7.0.11";
+      security = { };
+      users = [{
+        name = "poketwo";
+        scramCredentialsSecretName = "poketwo";
+        passwordSecretRef.name = "mongodb-user";
+        roles = [{ name = "root"; db = "admin"; }];
+      }];
+      additionalMongodConfig."net.ipv6" = true;
+      statefulSet.spec = {
+        volumeClaimTemplates = [{
+          metadata.name = "data-volume";
+          spec = {
+            resources.requests.storage = "8Gi";
+            storageClassName = "rbd-nvme-retain";
+          };
+        }];
+        template.spec.containers = [{
+          name = "mongod";
+          resources = {
+            limits = { cpu = 1; memory = "20Gi"; };
+            requests = { cpu = "100m"; memory = "1Gi"; };
+          };
+        }];
+      };
+    };
+
+    v1.Secret."mongodb-user" = {
+      type = "Opaque";
+      stringData.password = "";
+    };
+  };
+}

kubernetes/poketwo-staging/poketwo.nix

@@ -0,0 +1,42 @@
+{ ... }:
+
+{
+  namespaces.poketwo-staging.resources = {
+    v1.Service.poketwo.spec = {
+      selector.app = "poketwo";
+      clusterIP = "None";
+    };
+
+    "apps/v1".StatefulSet.poketwo.spec = {
+      replicas = 1;
+      selector.matchLabels.app = "poketwo";
+      serviceName = "poketwo";
+      template = {
+        metadata.labels.app = "poketwo";
+        spec = {
+          containers = [{
+            name = "poketwo";
+            image = "ghcr.io/poketwo/poketwo:production";
+            imagePullPolicy = "Always";
+            resources = {
+              limits = { memory = "4Gi"; };
+              requests = { memory = "2Gi"; cpu = "100m"; };
+            };
+            envFrom = [{ secretRef.name = "poketwo"; }];
+            env = [
+              { name = "DATABASE_URI"; valueFrom.secretKeyRef = { name = "mongodb-admin-poketwo"; key = "connectionString.standard"; }; }
+              { name = "DATABASE_NAME"; value = "pokemon_dev"; }
+              { name = "REDIS_URI"; value = "redis://redis-master"; }
+              { name = "REDIS_PASSWORD"; valueFrom.secretKeyRef = { name = "redis"; key = "redis-password"; }; }
+              { name = "SERVER_URL"; value = "http://image-server.poketwo"; }
+              { name = "EXT_SERVER_URL"; value = "https://server.poketwo.io"; }
+              { name = "IMGEN_URL"; value = "http://imgen-rust.poketwo"; }
+              { name = "API_GATEWAY"; value = "ws://gateway-proxy"; }
+            ];
+          }];
+          imagePullSecrets = [{ name = "ghcr-auth"; }];
+        };
+      };
+    };
+  };
+}

kubernetes/poketwo-staging/redis.nix

@@ -0,0 +1,26 @@
+{ transpire, ... }:
+
+{
+  namespaces.poketwo-staging.helmReleases.redis = {
+    chart = transpire.fetchFromHelm {
+      repo = "https://charts.bitnami.com/bitnami";
+      name = "redis";
+      version = "19.6.1";
+      sha256 = "z7M/oHv2x9LVaMaPXk5KfYYqZs7m7+PmLxnKjL0Thxs=";
+    };
+
+    values = {
+      architecture = "standalone";
+      usePassword = true;
+      master = {
+        persistence.size = "2Gi";
+        resources = {
+          requests = { memory = "1Gi"; };
+          limits = { memory = "1Gi"; cpu = "20m"; };
+        };
+      };
+      metrics.enabled = true;
+      networkPolicy.enabled = false;
+    };
+  };
+}