feat(syncthing): Only expose on tailnet

2024-07-21 16:50:52 +02:00 · 2024-07-21 16:50:52 +02:00 · 8fc6961362
commit 8fc6961362
parent 6f3a7a3c44
1 changed files with 20 additions and 10 deletions
--- a/kubenix-modules/syncthing.nix
+++ b/kubenix-modules/syncthing.nix
@ -1,15 +1,29 @@
 {
  kubernetes.resources = {
+    serviceAccounts.syncthing = { };
+
    deployments.syncthing.spec = {
      selector.matchLabels.app = "syncthing";

+      strategy = {
+        type = "RollingUpdate";
+
+        rollingUpdate = {
+          maxSurge = 0;
+          maxUnavailable = 1;
+        };
+      };
+
      template = {
        metadata.labels.app = "syncthing";

        spec = {
+          serviceAccountName = "syncthing";
+
          containers.syncthing = {
            image = "lscr.io/linuxserver/syncthing:1.23.6";
            ports.web.containerPort = 8384;
+            imagePullPolicy = "Always";

            env = {
              PUID.value = "33";
@ -60,19 +74,15 @@
  };

  lab = {
-    ingresses.syncthing = {
-      host = "sync.kun.is";
-      entrypoint = "localsecure";
-
-      service = {
-        name = "syncthing";
-        portName = "web";
-      };
-    };
-
    longhorn.persistentVolumeClaim.config = {
      volumeName = "syncthing";
      storage = "400Mi";
    };
+
+    tailscale = {
+      enable = true;
+      allowedServiceAccounts = [ "syncthing" ];
+      deploymentsWithSidecarContainers.syncthing.hostName = "syncthing";
+    };
  };
 }