From 8fc6961362a73fd31633e28b0c42608c0181a11f Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Sun, 21 Jul 2024 16:50:52 +0200 Subject: [PATCH] feat(syncthing): Only expose on tailnet --- kubenix-modules/syncthing.nix | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/kubenix-modules/syncthing.nix b/kubenix-modules/syncthing.nix index 4d46388..472cfdf 100644 --- a/kubenix-modules/syncthing.nix +++ b/kubenix-modules/syncthing.nix @@ -1,15 +1,29 @@ { kubernetes.resources = { + serviceAccounts.syncthing = { }; + deployments.syncthing.spec = { selector.matchLabels.app = "syncthing"; + strategy = { + type = "RollingUpdate"; + + rollingUpdate = { + maxSurge = 0; + maxUnavailable = 1; + }; + }; + template = { metadata.labels.app = "syncthing"; spec = { + serviceAccountName = "syncthing"; + containers.syncthing = { image = "lscr.io/linuxserver/syncthing:1.23.6"; ports.web.containerPort = 8384; + imagePullPolicy = "Always"; env = { PUID.value = "33"; @@ -60,19 +74,15 @@ }; lab = { - ingresses.syncthing = { - host = "sync.kun.is"; - entrypoint = "localsecure"; - - service = { - name = "syncthing"; - portName = "web"; - }; - }; - longhorn.persistentVolumeClaim.config = { volumeName = "syncthing"; storage = "400Mi"; }; + + tailscale = { + enable = true; + allowedServiceAccounts = [ "syncthing" ]; + deploymentsWithSidecarContainers.syncthing.hostName = "syncthing"; + }; }; }