@highstate/library 0.9.18 → 0.9.19

package/src/k8s/apps/mongodb.ts

@@ -0,0 +1,84 @@
+import { defineUnit } from "@highstate/contract"
+import { pick } from "remeda"
+import * as databases from "../../databases"
+import { l4EndpointEntity } from "../../network"
+import { serviceEntity } from "../service"
+import {
+  appName,
+  optionalSharedInputs,
+  sharedArgs,
+  sharedDatabaseArgs,
+  sharedDatabaseSecrets,
+  sharedInputs,
+  sharedSecrets,
+  source,
+} from "./shared"
+
+/**
+ * The MongoDB instance deployed on Kubernetes.
+ */
+export const mongodb = defineUnit({
+  type: "k8s.apps.mongodb.v1",
+
+  args: {
+    ...appName("mongodb"),
+    ...pick(sharedArgs, ["external"]),
+  },
+
+  secrets: {
+    ...pick(sharedSecrets, ["rootPassword", "backupPassword"]),
+  },
+
+  inputs: {
+    ...pick(sharedInputs, ["k8sCluster"]),
+    ...pick(optionalSharedInputs, ["resticRepo"]),
+  },
+
+  outputs: {
+    mongodb: databases.mongodbEntity,
+    service: serviceEntity,
+    endpoints: {
+      entity: l4EndpointEntity,
+      multiple: true,
+    },
+  },
+
+  meta: {
+    title: "MongoDB",
+    icon: "simple-icons:mongodb",
+    secondaryIcon: "mdi:database",
+    category: "Databases",
+  },
+
+  source: source("mongodb/app"),
+})
+
+/**
+ * The virtual MongoDB database created on the MongoDB instance.
+ *
+ * Requires a Kubernetes cluster to place init jobs and secrets.
+ */
+export const mongodbDatabase = defineUnit({
+  type: "k8s.apps.mongodb.database.v1",
+
+  args: sharedDatabaseArgs,
+  secrets: sharedDatabaseSecrets,
+
+  inputs: {
+    ...pick(sharedInputs, ["k8sCluster", "mongodb"]),
+    ...pick(optionalSharedInputs, ["namespace"]),
+  },
+
+  outputs: {
+    mongodb: databases.mongodbEntity,
+  },
+
+  meta: {
+    title: "MongoDB Database",
+    icon: "simple-icons:mongodb",
+    secondaryIcon: "mdi:database-plus",
+    category: "Databases",
+  },
+
+  source: source("mongodb/database"),
+})

package/src/k8s/apps/postgresql.ts

@@ -0,0 +1,86 @@
+import { defineUnit } from "@highstate/contract"
+import { pick } from "remeda"
+import * as databases from "../../databases"
+import { l4EndpointEntity } from "../../network"
+import { serviceEntity } from "../service"
+import {
+  appName,
+  optionalSharedInputs,
+  sharedArgs,
+  sharedDatabaseArgs,
+  sharedDatabaseSecrets,
+  sharedInputs,
+  sharedSecrets,
+  source,
+} from "./shared"
+
+/**
+ * The PostgreSQL instance deployed on Kubernetes.
+ */
+export const postgresql = defineUnit({
+  type: "k8s.apps.postgresql.v1",
+
+  args: {
+    ...appName("postgresql"),
+    ...pick(sharedArgs, ["external"]),
+  },
+
+  secrets: {
+    ...pick(sharedSecrets, ["rootPassword", "backupPassword"]),
+  },
+
+  inputs: {
+    ...pick(sharedInputs, ["k8sCluster"]),
+    ...pick(optionalSharedInputs, ["resticRepo"]),
+  },
+
+  outputs: {
+    postgresql: databases.postgresqlEntity,
+    service: serviceEntity,
+    endpoints: {
+      entity: l4EndpointEntity,
+      multiple: true,
+    },
+  },
+
+  meta: {
+    title: "PostgreSQL",
+    icon: "simple-icons:postgresql",
+    secondaryIcon: "mdi:database",
+    category: "Databases",
+  },
+
+  source: source("postgresql/app"),
+})
+
+/**
+ * The virtual PostgreSQL database created on the PostgreSQL instance.
+ *
+ * The provided database must be authorized to create databases and users.
+ *
+ * Requires a Kubernetes cluster to place init jobs and secrets.
+ */
+export const postgresqlDatabase = defineUnit({
+  type: "k8s.apps.postgresql.database.v1",
+
+  args: sharedDatabaseArgs,
+  secrets: sharedDatabaseSecrets,
+
+  inputs: {
+    ...pick(sharedInputs, ["k8sCluster", "postgresql"]),
+    ...pick(optionalSharedInputs, ["namespace"]),
+  },
+
+  outputs: {
+    postgresql: databases.postgresqlEntity,
+  },
+
+  meta: {
+    title: "PostgreSQL Database",
+    icon: "simple-icons:postgresql",
+    secondaryIcon: "mdi:database-plus",
+    category: "Databases",
+  },
+
+  source: source("postgresql/database"),
+})

package/src/k8s/apps/shared.ts

@@ -0,0 +1,149 @@
+/** biome-ignore-all lint/style/noNonNullAssertion: to define shared inputs */
+
+import type { Simplify } from "type-fest"
+import {
+  $args,
+  $inputs,
+  $secrets,
+  type FullComponentArgumentOptions,
+  type FullComponentInputOptions,
+  z,
+} from "@highstate/contract"
+import { mapValues } from "remeda"
+import { accessPointEntity } from "../../common"
+import { mariadbEntity, mongodbEntity, postgresqlEntity } from "../../databases"
+import { providerEntity } from "../../dns"
+import { repositoryEntity } from "../../restic"
+import { namespaceEntity, persistentVolumeClaimEntity } from "../resources"
+import { clusterEntity } from "../shared"
+
+export const sharedArgs = $args({
+  /**
+   * The FQDN where the application will be accessible.
+   */
+  fqdn: z.string(),
+
+  /**
+   * The endpoints where the application will or should be accessible.
+   */
+  endpoints: z.string().array(),
+
+  /**
+   * Whether the application should be exposed externally by NodePort or LoadBalancer service.
+   */
+  external: z.boolean().default(false),
+
+  /**
+   * The number of replicas for the application.
+   */
+  replicas: z.number().default(1),
+})
+
+type ToOptionalArgs<T extends Record<string, FullComponentArgumentOptions>> = Simplify<{
+  [K in keyof T]: Simplify<Omit<T[K], "schema"> & { schema: z.ZodOptional<T[K]["schema"]> }>
+}>
+
+export const optionalSharedArgs = mapValues(sharedArgs, arg => ({
+  ...arg,
+  schema: arg.schema.optional(),
+})) as ToOptionalArgs<typeof sharedArgs>
+
+/**
+ * Return the arguments definition for the application name.
+ *
+ * @param defaultAppName The default name of the application.
+ */
+export function appName(defaultAppName: string) {
+  return {
+    appName: {
+      schema: z.string().default(defaultAppName),
+      meta: {
+        description: "The name of the application to deploy.",
+      },
+    },
+  }
+}
+
+export const sharedSecrets = $secrets({
+  /**
+   * The root password for the database instance. If not provided, a random password will be generated.
+   */
+  rootPassword: z.string().optional(),
+
+  /**
+   * The password to use for backup encryption. If not provided, a random password will be generated.
+   */
+  backupPassword: z.string().optional(),
+})
+
+export const sharedDatabaseArgs = $args({
+  /**
+   * The username for the database user.
+   *
+   * If not provided, defaults to the name of the instance.
+   */
+  username: z.string().optional(),
+
+  /**
+   * The name of the database to create.
+   *
+   * If not provided, defaults to the username.
+   */
+  database: z.string().optional(),
+})
+
+export const sharedDatabaseSecrets = $secrets({
+  /**
+   * The password for the database user.
+   *
+   * If not provided, a random password will be generated.
+   */
+  password: z.string().optional(),
+})
+
+export const sharedInputs = $inputs({
+  k8sCluster: {
+    entity: clusterEntity,
+  },
+  namespace: {
+    entity: namespaceEntity,
+  },
+  accessPoint: {
+    entity: accessPointEntity,
+  },
+  resticRepo: {
+    entity: repositoryEntity,
+  },
+  dnsProviders: {
+    entity: providerEntity,
+    multiple: true,
+  },
+  volume: {
+    entity: persistentVolumeClaimEntity,
+  },
+  mariadb: {
+    entity: mariadbEntity,
+  },
+  postgresql: {
+    entity: postgresqlEntity,
+  },
+  mongodb: {
+    entity: mongodbEntity,
+  },
+})
+
+type ToOptionalInputs<T extends Record<string, FullComponentInputOptions>> = Simplify<{
+  [K in keyof T]: T[K] & { required: false }
+}>
+
+export const optionalSharedInputs = mapValues(sharedInputs, input => ({
+  ...input,
+  required: false,
+})) as ToOptionalInputs<typeof sharedInputs>
+
+export function source(path: string) {
+  return {
+    package: "@highstate/k8s.apps",
+    path,
+  }
+}

package/src/{apps → k8s/apps}/syncthing.ts

@@ -1,15 +1,28 @@
 import { defineUnit, z } from "@highstate/contract"
-import { persistentVolumeClaimEntity, serviceEntity } from "../k8s"
-import { l4EndpointEntity } from "../network"
-import { createArgs, createInputs, createSecrets, createSource } from "./shared"
+import { pick } from "remeda"
+import { l4EndpointEntity } from "../../network"
+import { persistentVolumeClaimEntity } from "../resources"
+import { serviceEntity } from "../service"
+import {
+  appName,
+  optionalSharedInputs,
+  sharedArgs,
+  sharedInputs,
+  sharedSecrets,
+  source,
+} from "./shared"
 
 export const backupModeSchema = z.enum(["state", "full"])
 
+/**
+ * The Syncthing instance deployed on Kubernetes.
+ */
 export const syncthing = defineUnit({
-  type: "apps.syncthing",
+  type: "k8s.apps.syncthing.v1",
 
   args: {
-    ...createArgs("syncthing", ["fqdn", "external"]),
+    ...appName("syncthing"),
+    ...pick(sharedArgs, ["fqdn", "external"]),
 
     /**
      * The FQDN of the Syncthing instance used to sync with other devices.
@@ -31,8 +44,14 @@ export const syncthing = defineUnit({
     backupMode: backupModeSchema.default("state"),
   },
 
-  secrets: createSecrets(["backupPassword"]),
-  inputs: createInputs(["accessPoint", "resticRepo", "volume"]),
+  secrets: {
+    ...pick(sharedSecrets, ["backupPassword"]),
+  },
+
+  inputs: {
+    ...pick(sharedInputs, ["k8sCluster", "accessPoint"]),
+    ...pick(optionalSharedInputs, ["resticRepo", "volume"]),
+  },
 
   outputs: {
     volume: persistentVolumeClaimEntity,
@@ -45,10 +64,9 @@ export const syncthing = defineUnit({
 
   meta: {
     title: "Syncthing",
-    description: "The Syncthing instance deployed on Kubernetes.",
     icon: "simple-icons:syncthing",
     category: "File Sync",
   },
 
-  source: createSource("syncthing"),
+  source: source("syncthing"),
 })

package/src/k8s/apps/traefik.ts

@@ -0,0 +1,40 @@
+import { defineUnit, z } from "@highstate/contract"
+import { pick } from "remeda"
+import { gatewayEntity } from "../../common"
+import { l4EndpointEntity } from "../../network"
+import { serviceEntity } from "../service"
+import { appName, sharedArgs, sharedInputs, source } from "./shared"
+
+/**
+ * The Traefik instance + gateway implementation.
+ */
+export const traefik = defineUnit({
+  type: "k8s.apps.traefik.v1",
+
+  args: {
+    ...appName("traefik"),
+    ...pick(sharedArgs, ["external", "replicas"]),
+    className: z.string().optional(),
+  },
+
+  inputs: {
+    ...pick(sharedInputs, ["k8sCluster"]),
+  },
+
+  outputs: {
+    gateway: gatewayEntity,
+    service: serviceEntity,
+    endpoints: {
+      entity: l4EndpointEntity,
+      multiple: true,
+    },
+  },
+
+  meta: {
+    title: "Traefik Gateway",
+    icon: "simple-icons:traefikproxy",
+    category: "Network",
+  },
+
+  source: source("traefik"),
+})

package/src/k8s/apps/vaultwarden.ts

@@ -0,0 +1,31 @@
+import { defineUnit, z } from "@highstate/contract"
+import { pick } from "remeda"
+import { appName, sharedArgs, sharedInputs, source } from "./shared"
+
+/**
+ * The Vaultwarden password manager deployed on Kubernetes.
+ */
+export const vaultwarden = defineUnit({
+  type: "k8s.apps.vaultwarden.v1",
+
+  args: {
+    ...appName("vaultwarden"),
+    ...pick(sharedArgs, ["fqdn"]),
+  },
+
+  secrets: {
+    mariadbPassword: z.string().optional(),
+  },
+
+  inputs: {
+    ...pick(sharedInputs, ["k8sCluster", "accessPoint", "mariadb"]),
+  },
+
+  meta: {
+    title: "Vaultwarden",
+    icon: "simple-icons:vaultwarden",
+    category: "Security",
+  },
+
+  source: source("vaultwarden"),
+})

package/src/k8s/apps/workload.ts

@@ -0,0 +1,214 @@
+import { defineUnit, z } from "@highstate/contract"
+import { pick } from "remeda"
+import { portSchema } from "../../network"
+import { serviceEntity, serviceTypeSchema } from "../service"
+import { deploymentEntity } from "../workload"
+import { optionalSharedInputs, sharedInputs, source } from "./shared"
+
+export const databaseConfigKeySchema = z.enum([
+  "url",
+  "host",
+  "port",
+  "username",
+  "password",
+  "database",
+])
+
+export const environmentVariableSchema = z.union([
+  z.string(),
+  z.object({
+    dependencyKey: z.templateLiteral([
+      z.enum(["mariadb", "postgresql", "mongodb"]),
+      z.literal("."),
+      databaseConfigKeySchema,
+    ]),
+  }),
+  z.object({
+    configKey: z.string(),
+  }),
+  z.object({
+    secretKey: z.string(),
+  }),
+])
+
+/**
+ * The generic Kubernetes workload with optional service and gateway routes.
+ *
+ * May reference known databases and other services.
+ */
+export const workload = defineUnit({
+  type: "k8s.apps.workload.v1",
+
+  args: {
+    /**
+     * The name of the application.
+     *
+     * If not provided, the name of the unit will be used.
+     */
+    appName: z.string().optional(),
+
+    /**
+     * The name of the new namespace to create for the workload.
+     *
+     * If not provided, the `appName` will be used as the namespace name.
+     */
+    namespace: z.string().optional(),
+
+    /**
+     * The name of the existing namespace to use for the workload.
+     */
+    existingNamespace: z.string().optional(),
+
+    /**
+     * The type of the workload to create.
+     */
+    type: z
+      .enum(["Deployment", "StatefulSet", "DaemonSet", "Job", "CronJob"])
+      .default("Deployment"),
+
+    /**
+     * The image to use for the workload.
+     */
+    image: z.string(),
+
+    /**
+     * The port to expose for the workload.
+     *
+     * If specified, a service will be created for the workload.
+     */
+    port: portSchema.optional(),
+
+    /**
+     * The FQDN of the workload.
+     *
+     * If specified, a service and an HTTP route will be created for the workload.
+     */
+    fqdn: z.string().optional(),
+
+    /**
+     * The type of the service to create for the workload.
+     */
+    serviceType: serviceTypeSchema.default("ClusterIP"),
+
+    /**
+     * The number of replicas for the workload.
+     *
+     * By default, it is set to 1.
+     */
+    replicas: z.number().default(1),
+
+    /**
+     * The path where the workload data will be stored.
+     *
+     * If specified, a persistent volume claim will be created for the workload.
+     *
+     * If `resticRepo` input is provided, the automatic backup will be enabled for this path.
+     */
+    dataPath: z.string().optional(),
+
+    /**
+     * The environment variables to set for the workload.
+     *
+     * The values can be:
+     * 1. a static string value;
+     * 2. a dependency key to service configuration (e.g., `mariadb.username`);
+     * 3. a config key to reference a configuration value provided via `config` argument;
+     * 4. a secret key to reference a secret value provided via `secretData` secret.
+     */
+    env: z.record(z.string(), environmentVariableSchema).default({}),
+
+    /**
+     * The configuration for the workload.
+     *
+     * If provided, the config map will be created.
+     *
+     * You can reference the configuration values in the environment variables using `configKey`.
+     */
+    config: z.record(z.string(), z.unknown()).default({}),
+
+    /**
+     * The Kubernetes manifest patch for the deployment.
+     *
+     * Will be applied to the deployment manifest before it is created.
+     */
+    manifest: z.record(z.string(), z.unknown()).default({}),
+
+    /**
+     * The Kubernetes service manifest for the deployment.
+     *
+     * Will be applied to the service manifest before it is created.
+     */
+    serviceManifest: z.record(z.string(), z.unknown()).default({}),
+
+    /**
+     * The Kubernetes HTTP route manifest for the deployment.
+     *
+     * Will be applied to the HTTP route manifest before it is created.
+     */
+    httpRouteManifest: z.record(z.string(), z.unknown()).default({}),
+  },
+
+  secrets: {
+    /**
+     * The password for the MariaDB database.
+     *
+     * If not provided and requested, a random password will be generated.
+     */
+    mariadbPassword: z.string().optional(),
+
+    /**
+     * The password for the PostgreSQL database.
+     *
+     * If not provided and requested, a random password will be generated.
+     */
+    postgresqlPassword: z.string().optional(),
+
+    /**
+     * The password for the MongoDB database.
+     *
+     * If not provided and requested, a random password will be generated.
+     */
+    mongodbPassword: z.string().optional(),
+
+    /**
+     * The password for the backup.
+     *
+     * If not provided and requested, a random password will be generated.
+     */
+    backupPassword: z.string().optional(),
+
+    /**
+     * The secret configuration for the workload.
+     *
+     * If provided, the secret will be created with the specified content.
+     *
+     * You can reference the secret values in the environment variables using `secretKey`.
+     */
+    secretData: z.record(z.string(), z.string()).default({}),
+  },
+
+  inputs: {
+    ...pick(sharedInputs, ["k8sCluster"]),
+    ...pick(optionalSharedInputs, [
+      "accessPoint",
+      "resticRepo",
+      "mariadb",
+      "postgresql",
+      "mongodb",
+    ]),
+  },
+
+  outputs: {
+    deployment: deploymentEntity,
+    service: serviceEntity,
+  },
+
+  meta: {
+    title: "Kubernetes Workload",
+    icon: "devicon:kubernetes",
+    secondaryIcon: "mdi:cube-outline",
+    category: "Kubernetes",
+  },
+
+  source: source("deployment"),
+})

package/src/k8s/apps/zitadel.ts

@@ -0,0 +1,26 @@
+import { defineUnit } from "@highstate/contract"
+import { pick } from "remeda"
+import { appName, sharedArgs, sharedInputs, source } from "./shared"
+
+/**
+ * The Zitadel IAM deployed on Kubernetes.
+ */
+export const zitadel = defineUnit({
+  type: "k8s.apps.zitadel.v1",
+
+  args: {
+    ...appName("zitadel"),
+    ...pick(sharedArgs, ["fqdn"]),
+  },
+
+  inputs: {
+    ...pick(sharedInputs, ["k8sCluster", "accessPoint", "postgresql"]),
+  },
+
+  meta: {
+    title: "Zitadel",
+    icon: "hugeicons:access",
+  },
+
+  source: source("zitadel"),
+})