dotfiles/apps/base/maintenance-vm1/job.yaml

apiVersion: batch/v1
kind: Job
metadata:
  name: guix-deploy-vm1
spec:
  backoffLimit: 0
  template:
    spec:
      hostNetwork: true
      hostPID: true
      nodeSelector:
        kubernetes.io/hostname: kube1
      restartPolicy: Never
      containers:
      - command:
        - nsenter
        - --target
        - "1"
        - --mount
        - --uts
        - --ipc
        - --net
        - --pid
        - --no-fork
        - sh
        - -l
        - -c
        - sudo --chdir=$WORKSPACE --user=oleg --login guix time-machine --disable-authentication --channels=dotfiles/channels-current-local-file.scm -- deploy --load-path=dotfiles/guixsd/modules dotfiles/guixsd/deploy-vm1.wugi.info.scm
        env:
        - name: WORKSPACE
          value: /home/oleg/.local/share/chezmoi
        image: docker-registry.wugi.info/library/alpine
        name: refresh
        resources:
          limits:
            cpu: 8000m
            memory: 4096Mi
          requests:
            cpu: 1000m
            memory: 512Mi
        securityContext:
          privileged: true