@highstate/library 0.9.16 → 0.9.19

package/src/k8s/apps/mariadb.ts

@@ -0,0 +1,83 @@
+import { defineUnit } from "@highstate/contract"
+import { pick } from "remeda"
+import * as databases from "../../databases"
+import { l4EndpointEntity } from "../../network"
+import { serviceEntity } from "../service"
+import {
+  appName,
+  optionalSharedInputs,
+  sharedArgs,
+  sharedDatabaseArgs,
+  sharedDatabaseSecrets,
+  sharedInputs,
+  sharedSecrets,
+  source,
+} from "./shared"
+
+/**
+ * The MariaDB database deployed on Kubernetes.
+ */
+export const mariadb = defineUnit({
+  type: "k8s.apps.mariadb.v1",
+  args: {
+    ...appName("mariadb"),
+    ...pick(sharedArgs, ["external"]),
+  },
+
+  secrets: {
+    ...pick(sharedSecrets, ["rootPassword", "backupPassword"]),
+  },
+
+  inputs: {
+    ...pick(sharedInputs, ["k8sCluster"]),
+    ...pick(optionalSharedInputs, ["resticRepo"]),
+  },
+
+  outputs: {
+    mariadb: databases.mariadbEntity,
+    service: serviceEntity,
+    endpoints: {
+      entity: l4EndpointEntity,
+      multiple: true,
+    },
+  },
+
+  meta: {
+    title: "MariaDB",
+    icon: "simple-icons:mariadb",
+    secondaryIcon: "mdi:database",
+    category: "Databases",
+  },
+
+  source: source("mariadb/app"),
+})
+
+/**
+ * The virtual MariaDB database created on the MariaDB instance.
+ *
+ * Requires a Kubernetes cluster to place init jobs and secrets.
+ */
+export const mariadbDatabase = defineUnit({
+  type: "k8s.apps.mariadb.database.v1",
+
+  args: sharedDatabaseArgs,
+  secrets: sharedDatabaseSecrets,
+
+  inputs: {
+    ...pick(sharedInputs, ["k8sCluster", "mariadb"]),
+    ...pick(optionalSharedInputs, ["namespace"]),
+  },
+
+  outputs: {
+    mariadb: databases.mariadbEntity,
+  },
+
+  meta: {
+    title: "MariaDB Database",
+    icon: "simple-icons:mariadb",
+    secondaryIcon: "mdi:database-plus",
+    category: "Databases",
+  },
+
+  source: source("mariadb/database"),
+})

package/src/k8s/apps/maybe.ts

@@ -0,0 +1,39 @@
+import { defineUnit, z } from "@highstate/contract"
+import { pick } from "remeda"
+import {
+  appName,
+  optionalSharedInputs,
+  sharedArgs,
+  sharedInputs,
+  sharedSecrets,
+  source,
+} from "./shared"
+
+export const maybe = defineUnit({
+  type: "k8s.apps.maybe.v1",
+
+  args: {
+    ...appName("maybe"),
+    ...pick(sharedArgs, ["fqdn"]),
+  },
+
+  secrets: {
+    ...pick(sharedSecrets, ["backupPassword"]),
+    postgresqlPassword: z.string().optional(),
+    secretKey: z.string().optional(),
+  },
+
+  inputs: {
+    ...pick(sharedInputs, ["k8sCluster", "accessPoint", "postgresql"]),
+    ...pick(optionalSharedInputs, ["resticRepo"]),
+  },
+
+  meta: {
+    title: "Maybe",
+    description: "The OS for your personal finances.",
+    icon: "arcticons:finance-manager",
+    category: "Finance",
+  },
+
+  source: source("maybe"),
+})

package/src/k8s/apps/mongodb.ts

@@ -0,0 +1,84 @@
+import { defineUnit } from "@highstate/contract"
+import { pick } from "remeda"
+import * as databases from "../../databases"
+import { l4EndpointEntity } from "../../network"
+import { serviceEntity } from "../service"
+import {
+  appName,
+  optionalSharedInputs,
+  sharedArgs,
+  sharedDatabaseArgs,
+  sharedDatabaseSecrets,
+  sharedInputs,
+  sharedSecrets,
+  source,
+} from "./shared"
+
+/**
+ * The MongoDB instance deployed on Kubernetes.
+ */
+export const mongodb = defineUnit({
+  type: "k8s.apps.mongodb.v1",
+
+  args: {
+    ...appName("mongodb"),
+    ...pick(sharedArgs, ["external"]),
+  },
+
+  secrets: {
+    ...pick(sharedSecrets, ["rootPassword", "backupPassword"]),
+  },
+
+  inputs: {
+    ...pick(sharedInputs, ["k8sCluster"]),
+    ...pick(optionalSharedInputs, ["resticRepo"]),
+  },
+
+  outputs: {
+    mongodb: databases.mongodbEntity,
+    service: serviceEntity,
+    endpoints: {
+      entity: l4EndpointEntity,
+      multiple: true,
+    },
+  },
+
+  meta: {
+    title: "MongoDB",
+    icon: "simple-icons:mongodb",
+    secondaryIcon: "mdi:database",
+    category: "Databases",
+  },
+
+  source: source("mongodb/app"),
+})
+
+/**
+ * The virtual MongoDB database created on the MongoDB instance.
+ *
+ * Requires a Kubernetes cluster to place init jobs and secrets.
+ */
+export const mongodbDatabase = defineUnit({
+  type: "k8s.apps.mongodb.database.v1",
+
+  args: sharedDatabaseArgs,
+  secrets: sharedDatabaseSecrets,
+
+  inputs: {
+    ...pick(sharedInputs, ["k8sCluster", "mongodb"]),
+    ...pick(optionalSharedInputs, ["namespace"]),
+  },
+
+  outputs: {
+    mongodb: databases.mongodbEntity,
+  },
+
+  meta: {
+    title: "MongoDB Database",
+    icon: "simple-icons:mongodb",
+    secondaryIcon: "mdi:database-plus",
+    category: "Databases",
+  },
+
+  source: source("mongodb/database"),
+})

package/src/k8s/apps/postgresql.ts

@@ -0,0 +1,86 @@
+import { defineUnit } from "@highstate/contract"
+import { pick } from "remeda"
+import * as databases from "../../databases"
+import { l4EndpointEntity } from "../../network"
+import { serviceEntity } from "../service"
+import {
+  appName,
+  optionalSharedInputs,
+  sharedArgs,
+  sharedDatabaseArgs,
+  sharedDatabaseSecrets,
+  sharedInputs,
+  sharedSecrets,
+  source,
+} from "./shared"
+
+/**
+ * The PostgreSQL instance deployed on Kubernetes.
+ */
+export const postgresql = defineUnit({
+  type: "k8s.apps.postgresql.v1",
+
+  args: {
+    ...appName("postgresql"),
+    ...pick(sharedArgs, ["external"]),
+  },
+
+  secrets: {
+    ...pick(sharedSecrets, ["rootPassword", "backupPassword"]),
+  },
+
+  inputs: {
+    ...pick(sharedInputs, ["k8sCluster"]),
+    ...pick(optionalSharedInputs, ["resticRepo"]),
+  },
+
+  outputs: {
+    postgresql: databases.postgresqlEntity,
+    service: serviceEntity,
+    endpoints: {
+      entity: l4EndpointEntity,
+      multiple: true,
+    },
+  },
+
+  meta: {
+    title: "PostgreSQL",
+    icon: "simple-icons:postgresql",
+    secondaryIcon: "mdi:database",
+    category: "Databases",
+  },
+
+  source: source("postgresql/app"),
+})
+
+/**
+ * The virtual PostgreSQL database created on the PostgreSQL instance.
+ *
+ * The provided database must be authorized to create databases and users.
+ *
+ * Requires a Kubernetes cluster to place init jobs and secrets.
+ */
+export const postgresqlDatabase = defineUnit({
+  type: "k8s.apps.postgresql.database.v1",
+
+  args: sharedDatabaseArgs,
+  secrets: sharedDatabaseSecrets,
+
+  inputs: {
+    ...pick(sharedInputs, ["k8sCluster", "postgresql"]),
+    ...pick(optionalSharedInputs, ["namespace"]),
+  },
+
+  outputs: {
+    postgresql: databases.postgresqlEntity,
+  },
+
+  meta: {
+    title: "PostgreSQL Database",
+    icon: "simple-icons:postgresql",
+    secondaryIcon: "mdi:database-plus",
+    category: "Databases",
+  },
+
+  source: source("postgresql/database"),
+})

package/src/k8s/apps/shared.ts

@@ -0,0 +1,149 @@
+/** biome-ignore-all lint/style/noNonNullAssertion: to define shared inputs */
+
+import type { Simplify } from "type-fest"
+import {
+  $args,
+  $inputs,
+  $secrets,
+  type FullComponentArgumentOptions,
+  type FullComponentInputOptions,
+  z,
+} from "@highstate/contract"
+import { mapValues } from "remeda"
+import { accessPointEntity } from "../../common"
+import { mariadbEntity, mongodbEntity, postgresqlEntity } from "../../databases"
+import { providerEntity } from "../../dns"
+import { repositoryEntity } from "../../restic"
+import { namespaceEntity, persistentVolumeClaimEntity } from "../resources"
+import { clusterEntity } from "../shared"
+
+export const sharedArgs = $args({
+  /**
+   * The FQDN where the application will be accessible.
+   */
+  fqdn: z.string(),
+
+  /**
+   * The endpoints where the application will or should be accessible.
+   */
+  endpoints: z.string().array(),
+
+  /**
+   * Whether the application should be exposed externally by NodePort or LoadBalancer service.
+   */
+  external: z.boolean().default(false),
+
+  /**
+   * The number of replicas for the application.
+   */
+  replicas: z.number().default(1),
+})
+
+type ToOptionalArgs<T extends Record<string, FullComponentArgumentOptions>> = Simplify<{
+  [K in keyof T]: Simplify<Omit<T[K], "schema"> & { schema: z.ZodOptional<T[K]["schema"]> }>
+}>
+
+export const optionalSharedArgs = mapValues(sharedArgs, arg => ({
+  ...arg,
+  schema: arg.schema.optional(),
+})) as ToOptionalArgs<typeof sharedArgs>
+
+/**
+ * Return the arguments definition for the application name.
+ *
+ * @param defaultAppName The default name of the application.
+ */
+export function appName(defaultAppName: string) {
+  return {
+    appName: {
+      schema: z.string().default(defaultAppName),
+      meta: {
+        description: "The name of the application to deploy.",
+      },
+    },
+  }
+}
+
+export const sharedSecrets = $secrets({
+  /**
+   * The root password for the database instance. If not provided, a random password will be generated.
+   */
+  rootPassword: z.string().optional(),
+
+  /**
+   * The password to use for backup encryption. If not provided, a random password will be generated.
+   */
+  backupPassword: z.string().optional(),
+})
+
+export const sharedDatabaseArgs = $args({
+  /**
+   * The username for the database user.
+   *
+   * If not provided, defaults to the name of the instance.
+   */
+  username: z.string().optional(),
+
+  /**
+   * The name of the database to create.
+   *
+   * If not provided, defaults to the username.
+   */
+  database: z.string().optional(),
+})
+
+export const sharedDatabaseSecrets = $secrets({
+  /**
+   * The password for the database user.
+   *
+   * If not provided, a random password will be generated.
+   */
+  password: z.string().optional(),
+})
+
+export const sharedInputs = $inputs({
+  k8sCluster: {
+    entity: clusterEntity,
+  },
+  namespace: {
+    entity: namespaceEntity,
+  },
+  accessPoint: {
+    entity: accessPointEntity,
+  },
+  resticRepo: {
+    entity: repositoryEntity,
+  },
+  dnsProviders: {
+    entity: providerEntity,
+    multiple: true,
+  },
+  volume: {
+    entity: persistentVolumeClaimEntity,
+  },
+  mariadb: {
+    entity: mariadbEntity,
+  },
+  postgresql: {
+    entity: postgresqlEntity,
+  },
+  mongodb: {
+    entity: mongodbEntity,
+  },
+})
+
+type ToOptionalInputs<T extends Record<string, FullComponentInputOptions>> = Simplify<{
+  [K in keyof T]: T[K] & { required: false }
+}>
+
+export const optionalSharedInputs = mapValues(sharedInputs, input => ({
+  ...input,
+  required: false,
+})) as ToOptionalInputs<typeof sharedInputs>
+
+export function source(path: string) {
+  return {
+    package: "@highstate/k8s.apps",
+    path,
+  }
+}

package/src/k8s/apps/syncthing.ts

@@ -0,0 +1,72 @@
+import { defineUnit, z } from "@highstate/contract"
+import { pick } from "remeda"
+import { l4EndpointEntity } from "../../network"
+import { persistentVolumeClaimEntity } from "../resources"
+import { serviceEntity } from "../service"
+import {
+  appName,
+  optionalSharedInputs,
+  sharedArgs,
+  sharedInputs,
+  sharedSecrets,
+  source,
+} from "./shared"
+
+export const backupModeSchema = z.enum(["state", "full"])
+
+/**
+ * The Syncthing instance deployed on Kubernetes.
+ */
+export const syncthing = defineUnit({
+  type: "k8s.apps.syncthing.v1",
+
+  args: {
+    ...appName("syncthing"),
+    ...pick(sharedArgs, ["fqdn", "external"]),
+
+    /**
+     * The FQDN of the Syncthing instance used to sync with other devices.
+     *
+     * The `fqdn` argument unlike this one points to the gateway and used to
+     * access the Syncthing Web UI.
+     */
+    deviceFqdn: z.string().optional(),
+
+    /**
+     * The backup mode to use for the Syncthing instance.
+     *
+     * - `state`: Only the state is backed up. When the instance is restored, it will
+     * sync files from the other devices automatically.
+     * - `full`: A full backup is created including all files.
+     *
+     * The default is `state`.
+     */
+    backupMode: backupModeSchema.default("state"),
+  },
+
+  secrets: {
+    ...pick(sharedSecrets, ["backupPassword"]),
+  },
+
+  inputs: {
+    ...pick(sharedInputs, ["k8sCluster", "accessPoint"]),
+    ...pick(optionalSharedInputs, ["resticRepo", "volume"]),
+  },
+
+  outputs: {
+    volume: persistentVolumeClaimEntity,
+    service: serviceEntity,
+    endpoints: {
+      entity: l4EndpointEntity,
+      multiple: true,
+    },
+  },
+
+  meta: {
+    title: "Syncthing",
+    icon: "simple-icons:syncthing",
+    category: "File Sync",
+  },
+
+  source: source("syncthing"),
+})

package/src/k8s/apps/traefik.ts

@@ -0,0 +1,40 @@
+import { defineUnit, z } from "@highstate/contract"
+import { pick } from "remeda"
+import { gatewayEntity } from "../../common"
+import { l4EndpointEntity } from "../../network"
+import { serviceEntity } from "../service"
+import { appName, sharedArgs, sharedInputs, source } from "./shared"
+
+/**
+ * The Traefik instance + gateway implementation.
+ */
+export const traefik = defineUnit({
+  type: "k8s.apps.traefik.v1",
+
+  args: {
+    ...appName("traefik"),
+    ...pick(sharedArgs, ["external", "replicas"]),
+    className: z.string().optional(),
+  },
+
+  inputs: {
+    ...pick(sharedInputs, ["k8sCluster"]),
+  },
+
+  outputs: {
+    gateway: gatewayEntity,
+    service: serviceEntity,
+    endpoints: {
+      entity: l4EndpointEntity,
+      multiple: true,
+    },
+  },
+
+  meta: {
+    title: "Traefik Gateway",
+    icon: "simple-icons:traefikproxy",
+    category: "Network",
+  },
+
+  source: source("traefik"),
+})

package/src/k8s/apps/vaultwarden.ts

@@ -0,0 +1,31 @@
+import { defineUnit, z } from "@highstate/contract"
+import { pick } from "remeda"
+import { appName, sharedArgs, sharedInputs, source } from "./shared"
+
+/**
+ * The Vaultwarden password manager deployed on Kubernetes.
+ */
+export const vaultwarden = defineUnit({
+  type: "k8s.apps.vaultwarden.v1",
+
+  args: {
+    ...appName("vaultwarden"),
+    ...pick(sharedArgs, ["fqdn"]),
+  },
+
+  secrets: {
+    mariadbPassword: z.string().optional(),
+  },
+
+  inputs: {
+    ...pick(sharedInputs, ["k8sCluster", "accessPoint", "mariadb"]),
+  },
+
+  meta: {
+    title: "Vaultwarden",
+    icon: "simple-icons:vaultwarden",
+    category: "Security",
+  },
+
+  source: source("vaultwarden"),
+})