[ci skip] complete NFS CSI migration: complex stacks + platform modules

Migrate remaining multi-volume stacks and all platform modules from inline NFS volumes to CSI-backed PV/PVC with nfs-truenas StorageClass (soft,timeo=30,retrans=3 mount options). Complex stacks: openclaw (4 vols), immich (8 vols), frigate (2 vols), nextcloud (2 vols + old PV replaced), rybbit (1 vol) Remaining stacks: affine, ebook2audiobook, f1-stream, osm_routing, real-estate-crawler Platform modules: monitoring (prometheus, loki, alertmanager PVs converted from native NFS to CSI), redis, dbaas, technitium, headscale, vaultwarden, uptime-kuma, mailserver, infra-maintenance
2026-03-02 01:24:07 +00:00 · 2026-03-02 01:24:07 +00:00 · 0e324df545
commit 0e324df545
parent 11b3d92684
24 changed files with 411 additions and 179 deletions
--- a/stacks/platform/modules/technitium/ha.tf
+++ b/stacks/platform/modules/technitium/ha.tf
@ -6,6 +6,14 @@
 # Both pods share the `dns-server=true` label so the DNS LoadBalancer
 # in main.tf routes queries to whichever pod is healthy.

+module "nfs_secondary_config" {
+  source     = "../../../../modules/kubernetes/nfs_volume"
+  name       = "technitium-secondary-config"
+  namespace  = kubernetes_namespace.technitium.metadata[0].name
+  nfs_server = var.nfs_server
+  nfs_path   = "/mnt/main/technitium-secondary"
+}
+
 # Primary-only service for zone transfers (AXFR) and API access
 resource "kubernetes_service" "technitium_primary" {
  metadata {
@ -135,9 +143,8 @@ resource "kubernetes_deployment" "technitium_secondary" {
        }
        volume {
          name = "nfs-config"
-          nfs {
-            path   = "/mnt/main/technitium-secondary"
-            server = var.nfs_server
+          persistent_volume_claim {
+            claim_name = module.nfs_secondary_config.claim_name
          }
        }
        dns_config {
--- a/stacks/platform/modules/technitium/main.tf
+++ b/stacks/platform/modules/technitium/main.tf
@ -81,6 +81,14 @@ resource "kubernetes_config_map" "coredns" {
  }
 }

+module "nfs_config" {
+  source     = "../../../../modules/kubernetes/nfs_volume"
+  name       = "technitium-config"
+  namespace  = kubernetes_namespace.technitium.metadata[0].name
+  nfs_server = var.nfs_server
+  nfs_path   = "/mnt/main/technitium"
+}
+
 resource "kubernetes_deployment" "technitium" {
  # resource "kubernetes_daemonset" "technitium" {
  metadata {
@ -196,9 +204,8 @@ resource "kubernetes_deployment" "technitium" {
        }
        volume {
          name = "nfs-config"
-          nfs {
-            path   = "/mnt/main/technitium"
-            server = var.nfs_server
+          persistent_volume_claim {
+            claim_name = module.nfs_config.claim_name
          }
        }
        volume {