home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

feat(syncthing): Only expose on tailnet

Browse source
This commit is contained in:
Pim Kunis 2024-07-21 16:50:52 +02:00
parent 6f3a7a3c44
commit 8fc6961362
1 changed files with 20 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
kubenix-modules/syncthing.nix
View file

@ -1,15 +1,29 @@
{ {
kubernetes.resources = { kubernetes.resources = {
serviceAccounts.syncthing = { };
deployments.syncthing.spec = { deployments.syncthing.spec = {
selector.matchLabels.app = "syncthing"; selector.matchLabels.app = "syncthing";
strategy = {
type = "RollingUpdate";
rollingUpdate = {
maxSurge = 0;
maxUnavailable = 1;
};
};
template = { template = {
metadata.labels.app = "syncthing"; metadata.labels.app = "syncthing";
spec = { spec = {
serviceAccountName = "syncthing";
containers.syncthing = { containers.syncthing = {
image = "lscr.io/linuxserver/syncthing:1.23.6"; image = "lscr.io/linuxserver/syncthing:1.23.6";
ports.web.containerPort = 8384; ports.web.containerPort = 8384;
imagePullPolicy = "Always";
env = { env = {
PUID.value = "33"; PUID.value = "33";
@ -60,19 +74,15 @@
}; };
lab = { lab = {
ingresses.syncthing = {
host = "sync.kun.is";
entrypoint = "localsecure";
service = {
name = "syncthing";
portName = "web";
};
};
longhorn.persistentVolumeClaim.config = { longhorn.persistentVolumeClaim.config = {
volumeName = "syncthing"; volumeName = "syncthing";
storage = "400Mi"; storage = "400Mi";
}; };
tailscale = {
enable = true;
allowedServiceAccounts = [ "syncthing" ];
deploymentsWithSidecarContainers.syncthing.hostName = "syncthing";
};
}; };
} }