infra/homelab/netboot.nix

let
  appName = "netbootxyz";
  netbootxyzImage = "ghcr.io/netbootxyz/netbootxyz";
in
{
  kubernetes.resources.services.netbootxyz = {
    spec = {
      selector.app = appName;
      ports.http = {
        port = 80;
        targetPort = 80;
      };
      ports.interface = {
        port = 3000;
        targetPort = 3000;
      };
    };
  };
  kubernetes.resources.services.netbootxyz-tftp = {
    spec = {
      externalTrafficPolicy = "Local";
      sessionAffinity = "None";
      type = "NodePort";
      selector.app = appName;
      ports.tftp = {
        port = 69;
        protocol = "UDP";
        targetPort = 69;
      };
    };
  };
  kubernetes.resources.deployments.netbootxyz.spec = {
    selector.matchLabels.app = appName;
    template = {
      metadata.labels.app = appName;
      spec = {
        volumes = [
          { name = "config"; persistentVolumeClaim.claimName = "netbootxyz-config"; }
          { name = "assets"; persistentVolumeClaim.claimName = "netbootxyz-assets"; }
        ];
        containers = {
          netbootxyz = {
            image = netbootxyzImage;
            imagePullPolicy = "Always";
            volumeMounts = [
              { mountPath = "/config"; name = "config"; }
              { mountPath = "/assets"; name = "assets"; }
            ];
            env.SUBFOLDER.value = "/ui/";
            ports.http.containerPort = 80;
            ports.interface.containerPort = 3000;
            ports.tftp = {
              containerPort = 69;
              protocol = "UDP";
            };
          };
        };
      };
    };
  };

  kubernetes.resources.persistentVolumeClaims.netbootxyz-config.spec = {
    resources.requests.storage = "1Gi";
    volumeMode = "Filesystem";
    accessModes = [ "ReadWriteMany" ];
  };
  kubernetes.resources.persistentVolumeClaims.netbootxyz-assets.spec = {
    resources.requests.storage = "10Gi";
    volumeMode = "Filesystem";
    accessModes = [ "ReadWriteMany" ];
  };

  kubernetes.resources.ingresses.netbootxyz = {
    metadata.annotations = {
      "cert-manager.io/issuer" = "le-issuer";
      "nginx.ingress.kubernetes.io/ssl-redirect" = "false";
    };
    spec = {
      tls = [ { hosts = [ "netboot.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
      rules = [ { host = "netboot.gmem.ca"; http.paths = [
        { path = "/ui"; pathType = "Prefix";
          backend.service = {
            name = "netbootxyz";
            port.number = 3000;
          };
        }
        { path = "/"; pathType = "Prefix";
          backend.service = {
            name = "netbootxyz";
            port.number = 80;
          };
        }
      ];}];
    };
  };

}