{ globals, config, lib, ... }: { options.syncthing.enable = lib.mkEnableOption "syncthing"; config = lib.mkIf config.syncthing.enable { kubernetes.resources = { serviceAccounts.syncthing = {}; deployments.syncthing.spec = { selector.matchLabels.app = "syncthing"; strategy = { type = "RollingUpdate"; rollingUpdate = { maxSurge = 0; maxUnavailable = 1; }; }; template = { metadata.labels.app = "syncthing"; spec = { serviceAccountName = "syncthing"; containers.syncthing = { image = globals.images.syncthing; ports.web.containerPort = 8384; imagePullPolicy = "IfNotPresent"; env = { PUID.value = "33"; PGID.value = "33"; TZ.value = "Europe/Amsterdam"; }; volumeMounts = [ { name = "config"; mountPath = "/config"; } { name = "music"; mountPath = "/music"; } ]; }; volumes = { config.persistentVolumeClaim.claimName = "config"; music.persistentVolumeClaim.claimName = "music"; }; securityContext = { fsGroup = 33; fsGroupChangePolicy = "OnRootMismatch"; }; }; }; }; services.syncthing.spec = { type = "LoadBalancer"; loadBalancerIP = globals.syncthingIPv4; selector.app = "syncthing"; ports.web = { port = 80; targetPort = "web"; }; }; persistentVolumeClaims.music.spec = { accessModes = ["ReadWriteMany"]; storageClassName = ""; resources.requests.storage = "1Mi"; volumeName = "music-syncthing"; }; }; lab = { longhorn.persistentVolumeClaim.config = { volumeName = "syncthing"; storage = "400Mi"; }; tailscaleIngresses.tailscale = { host = "syncthing"; service.name = "syncthing"; }; }; }; }