{ lib, config, kubenix, ... }: { kubernetes.helm.releases.piped = { namespace = "piped"; chart = kubenix.lib.helm.fetch { repo = "https://helm.piped.video"; chart = "piped"; version = "5.0.0"; sha256 = "wfw0e37q52VW+bUMBmXILwUM0F1O1cH7Jk+6tmLAcS8="; }; values = { postgresql.enabled = false; backend.config = { FRONTEND_URL = "https://piped.gmem.ca"; API_URL = "https://pipedapi.gmem.ca"; PROXY_PART = "https://ytproxy.gmem.ca"; database.connection_url = "jdbc:postgresql://hippo-primary.default.svc:5432/piped"; database.secret = { name = "hippo-pguser-piped"; username = "user"; password = "password"; }; }; frontend.env.BACKEND_HOSTNAME = "pipedapi.gmem.ca"; ingress = { main = { tls = [ { hosts = ["piped.gmem.ca"]; } ]; hosts = [ { host = "piped.gmem.ca"; paths = [{path = "/";}]; } ]; }; backend = { tls = [ { hosts = ["pipedapi.gmem.ca"]; } ]; hosts = [ { host = "pipedapi.gmem.ca"; paths = [{path = "/";}]; } ]; }; ytproxy = { tls = [ { hosts = ["pipedproxy.gmem.ca"]; } ]; hosts = [ { host = "ytproxy.gmem.ca"; paths = [{path = "/";}]; } ]; }; }; }; }; kubernetes.resources.cronJobs.piped-refresh = { metadata.namespace = "piped"; spec = { schedule = "*/10 * * * *"; jobTemplate.spec.template.spec = { restartPolicy = "Never"; containers.refresh-subscriptions = { image = "debian:bookworm-slim"; envFrom = [{secretRef.name = "postgres-piped";}]; command = [ "/bin/bash" "-c" '' apt update && apt install -y postgresql-client curl export PGPASSWORD=$password && export subs=$(psql -U piped -h 192.168.50.236 -qtAX -c 'select id from public.pubsub;') && while IFS= read -r line; do echo "refreshing $line" curl -k -o /dev/null "http://piped-backend:8080/channel/$line" done < <(printf '%s' "$subs") '' ]; }; }; }; }; }