apiVersion: apps/v1
kind: Deployment
metadata:
  name: anki-sync-server
  namespace: services
spec:
  replicas: 1
  # Recreate so the old pod fully terminates before the new one starts —
  # avoids NFS-lock races on the hostPath-backed PVC during rolling updates.
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: anki-sync-server
  template:
    metadata:
      labels:
        app: anki-sync-server
    spec:
      initContainers:
      - name: nfs-check-anki-data
        image: busybox:stable
        command:
        - sh
        - -c
        - |
          test -f /mnt/.nfs-sentinel || (
            echo "ERROR: NFS sentinel missing at /mnt/.nfs-sentinel"
            echo "refusing to start; node likely has NFS unmounted"
            echo "pod would otherwise bind-mount the local-XFS shadow"
            exit 1
          )
        volumeMounts:
        - name: anki-data
          mountPath: /mnt
          readOnly: true
      containers:
      - name: anki-sync-server
        image: registry.lan.buetow.org:30001/anki-sync-server:25.07.5b
        ports:
        - containerPort: 8080
        env:
        - name: SYNC_PORT
          value: "8080"
        - name: SYNC_USER1
          valueFrom:
            secretKeyRef:
              name: anki-sync-server-secret
              key: SYNC_USER1
        volumeMounts:
        - name: anki-data
          mountPath: /anki_data
      volumes:
      - name: anki-data
        persistentVolumeClaim:
          claimName: anki-data-pvc