Add affine

Author: dzervas

docker/affine/Dockerfile

@@ -0,0 +1,7 @@
+# syntax=docker/dockerfile:1.7
+
+FROM ghcr.io/toeverything/affine:stable
+
+RUN useradd -u 1000 -g 1000 -ms /bin/bash affine
+
+USER affine:affine

envs/affine/main.jsonnet

@@ -0,0 +1,57 @@
+local externalSecrets = import 'external-secrets-libsonnet/0.19/main.libsonnet';
+local k = import 'k.libsonnet';
+local labsonnet = import 'labsonnet/main.libsonnet';
+local externalSecret = externalSecrets.nogroup.v1.externalSecret;
+
+{
+  affine:
+    labsonnet.new('affine', 'ghcr.io/dzervas/affine')
+    + labsonnet.withCreateNamespace()
+    + labsonnet.withType('StatefulSet')
+    + labsonnet.withPort({ port: 3010 })
+    + labsonnet.withPV('/root/.affine/storage', { name: 'affine-storage', size: '10Gi' })
+    + labsonnet.withPV('/root/.affine/config', { name: 'affine-config', size: '1Gi' })
+    // + labsonnet.withEnv('AFFINE_INDEXER_ENABLED', 'false')
+    + labsonnet.withEnv({ REDIS_SERVER_HOST: 'redis' })
+    + labsonnet.withInitContainer({
+      name: 'migrations',
+      image: 'ghcr.io/toeverything/affine:stable',
+      command: ['sh', '-c', 'node ./scripts/self-host-predeploy.js'],
+    })
+    + labsonnet.withSecretEnv({
+      DATABASE_SERVER_URL: { name: 'affine-secrets-op', key: 'postgres_url' },
+    })
+  ,
+
+  redis:
+    labsonnet.new('redis', 'redis')
+    + labsonnet.withNamespace('affine')
+    + labsonnet.withPort({ port: 6379 }),
+
+  postgres:
+    labsonnet.new('postgres', 'pgvector/pgvector:pg16')
+    + labsonnet.withNamespace('affine')
+    + labsonnet.withType('StatefulSet')
+    + labsonnet.withPort({ port: 5432 })
+    + labsonnet.withPV('/var/lib/postgresql/data', { size: '2Gi' })
+    + labsonnet.withEnv({
+      POSTGRES_USER: 'affine',
+      POSTGRES_DB: 'affine',
+      POSTGRES_INITDB_ARGS: '--data-checksums',
+      // + labsonnet.withEnv('POSTGRES_HOST_AUTH_METHOD', 'trust')
+    })
+    + labsonnet.withSecretEnv({
+      POSTGRES_PASSWORD: { name: 'affine-secrets-op', key: 'password' },
+    })
+  ,
+
+  passwords:
+    externalSecret.new('affine-secrets-op')
+    + externalSecret.spec.secretStoreRef.withKind('ClusterSecretStore')
+    + externalSecret.spec.secretStoreRef.withName('1password')
+    + externalSecret.spec.withDataFrom([{ extract: { key: 'affine' } }])
+    + externalSecret.spec.target.template.withData({
+      password: '{{ .password }}',
+      postgres_url: 'postgres://affine@{{ .password }}:5432/affine',
+    }),
+}

envs/affine/spec.json

@@ -0,0 +1,15 @@
+{
+	"apiVersion": "tanka.dev/v1alpha1",
+	"kind": "Environment",
+	"metadata": {
+		"name": "envs/affine"
+	},
+	"spec": {
+		"contextNames": ["gr"],
+		"namespace": "affine",
+		"applyStrategy": "server",
+		"injectLabels": true,
+		"resourceDefaults": {},
+		"expectVersions": {}
+	}
+}

envs/headscale/main.jsonnet

@@ -1,10 +1,8 @@
 local dockerService = import 'docker-service.libsonnet';
 local containerLib = import 'docker-service/container.libsonnet';
 local opsecretLib = import 'docker-service/opsecret.libsonnet';
-local externalSecrets = import 'external-secrets-libsonnet/0.19/main.libsonnet';
 local gatewayApi = import 'gateway-api-libsonnet/1.4-experimental/main.libsonnet';
 local k = import 'k.libsonnet';
-local externalSecret = externalSecrets.nogroup.v1.externalSecret;
 local serviceAccount = k.core.v1.serviceAccount;
 local clusterRole = k.rbac.v1.clusterRole;
 local clusterRoleBinding = k.rbac.v1.clusterRoleBinding;