dotfiles/apps/cluster1/maintenance-dotfiles-update-commit/job.yaml

apiVersion: batch/v1
kind: Job
metadata:
  name: dotfiles-update-commit
  annotations:
    # Setting spec.force to true will make Flux recreate the Job when any
    # immutable field is changed, forcing the Job to run every time the
    # container image tag changes.
    kustomize.toolkit.fluxcd.io/force: enabled
spec:
  backoffLimit: 0
  template:
    metadata:
      annotations:
        guix-default-channel-commit: e24b690e
    spec:
      nodeSelector:
        kubernetes.io/hostname: kube1
      hostNetwork: true
      hostPID: true
      restartPolicy: Never
      containers:
      - command:
        - nsenter
        - --target
        - "1"
        - --mount
        - --uts
        - --ipc
        - --net
        - --pid
        - --no-fork
        - /bin/sh
        - -l
        - -c
        - sudo --chdir=$WORKSPACE --user=oleg --login bash -ic 'dot_local/bin/executable_dotfiles-update-commit'
        env:
        - name: WORKSPACE
          value: /home/oleg/.local/share/chezmoi
        image: docker-registry.wugi.info/library/util-linux-with-udev
        name: refresh
        resources:
          limits:
            cpu: 14000m
            memory: 4096Mi
          requests:
            cpu: 1000m
            memory: 512Mi
        securityContext:
          privileged: true