let
  appName = "redlib";
  appImage = "git.gmem.ca/arch/redlib:latest";
in
  {
    lib,
    config,
    kubenix,
    ...
  }: {
    kubernetes.resources.services.redlib = {
      metadata.namespace = "redlib";
      metadata.labels.app = appName;
      spec = {
        selector.app = appName;
        ports.http = {
          port = 8080;
          targetPort = 8080;
        };
      };
    };
    kubernetes.resources.deployments.redlib = {
      metadata.namespace = "redlib";
      spec = {
        selector.matchLabels.app = appName;
        replicas = 2;
        template = {
          metadata.labels.app = appName;
          spec = {
            volumes = {
              config.configMap.name = "redlib";
            };
            containers = {
              redlib = {
                image = appImage;
                imagePullPolicy = "Always";
                ports.http.containerPort = 8080;
                resources = {
                  requests = {
                    cpu = "100m";
                    memory = "64Mi";
                  };
                  limits = {
                    memory = "128Mi";
                  };
                };
              };
            };
          };
        };
      };
    };

    kubernetes.resources.ingresses.redlib = {
      metadata = {
        name = appName;
        namespace = "redlib";
        annotations = {
          "cert-manager.io/cluster-issuer" = "le-issuer";
        };
      };
      spec = {
        tls = [
          {
            hosts = ["red.gmem.ca"];
          }
        ];
        rules = [
          {
            host = "red.gmem.ca";
            http.paths = [
              {
                path = "/";
                pathType = "Prefix";
                backend.service = {
                  name = appName;
                  port.name = "http";
                };
              }
            ];
          }
        ];
      };
    };
  }