---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: slskd-main
  labels:
    app.kubernetes.io/controller: main
    app.kubernetes.io/instance: slskd
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: slskd
    helm.sh/chart: slskd-4.4.0
  namespace: slskd
spec:
  revisionHistoryLimit: 3
  replicas: 1
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app.kubernetes.io/controller: main
      app.kubernetes.io/name: slskd
      app.kubernetes.io/instance: slskd
  template:
    metadata:
      labels:
        app.kubernetes.io/controller: main
        app.kubernetes.io/instance: slskd
        app.kubernetes.io/name: slskd
    spec:
      enableServiceLinks: false
      serviceAccountName: default
      automountServiceAccountToken: true
      hostIPC: false
      hostNetwork: false
      hostPID: false
      dnsPolicy: ClusterFirst
      initContainers:
        - args:
            - -ec
            - |
              sysctl -w net.ipv4.ip_forward=1;
              sysctl -w net.ipv6.conf.all.disable_ipv6=1
          command:
            - /bin/sh
          image: busybox:1.37.0
          imagePullPolicy: IfNotPresent
          name: init-sysctl
          resources:
            requests:
              cpu: 10m
              memory: 128Mi
          securityContext:
            privileged: true
      containers:
        - env:
            - name: VPN_SERVICE_PROVIDER
              value: protonvpn
            - name: VPN_TYPE
              value: wireguard
            - name: WIREGUARD_PRIVATE_KEY
              valueFrom:
                secretKeyRef:
                  key: private-key
                  name: slskd-wireguard-conf
            - name: VPN_PORT_FORWARDING
              value: "on"
            - name: PORT_FORWARD_ONLY
              value: "on"
            - name: FIREWALL_OUTBOUND_SUBNETS
              value: 192.168.1.0/24,10.244.0.0/16
            - name: FIREWALL_INPUT_PORTS
              value: 5030,50300
            - name: DOT
              value: "off"
          image: ghcr.io/qdm12/gluetun:v3.40.3@sha256:ef4a44819a60469682c7b5e69183e6401171891feaa60186652d292c59e41b30
          imagePullPolicy: IfNotPresent
          name: gluetun
          resources:
            limits:
              devic.es/tun: "1"
            requests:
              cpu: 10m
              devic.es/tun: "1"
              memory: 128Mi
          securityContext:
            capabilities:
              add:
                - NET_ADMIN
                - SYS_MODULE
            privileged: true
        - env:
            - name: TZ
              value: US/Central
            - name: PUID
              value: "1000"
            - name: PGID
              value: "1000"
            - name: SLSKD_UMASK
              value: "0"
          image: slskd/slskd:0.24.1
          imagePullPolicy: IfNotPresent
          name: main
          resources:
            requests:
              cpu: 100m
              memory: 512Mi
          volumeMounts:
            - mountPath: /mnt/store
              name: data
            - mountPath: /app/slskd.yml
              mountPropagation: None
              name: slskd-config
              readOnly: true
              subPath: slskd.yml
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: slskd-nfs-storage
        - name: slskd-config
          secret:
            secretName: slskd-config-secret