chore: implement backups for qbittorrent

This commit is contained in:
SeanOMik 2024-12-13 19:15:32 -05:00
parent 66b712c9c7
commit aa38b5b826
Signed by: SeanOMik
GPG key ID: FEC9E2FC15235964
10 changed files with 44 additions and 32 deletions

View file

@ -3,7 +3,7 @@ kind: Kustomization
resources:
- ./namespace.yaml
#- ./network_policy.yaml
- ./qbittorrent
- ./qbittorrent/ks.yaml
- ./qbit-manage
- ./radarr/ks.yaml
- ./sonarr/ks.yaml

View file

@ -9,60 +9,51 @@ spec:
chart:
spec:
chart: app-template
version: 3.1.0
version: 3.5.1
sourceRef:
kind: HelmRepository
name: bjws-charts
namespace: flux-system
values:
controllers:
main:
pod:
securityContext:
fsGroup: 10000
fsGroupChangePolicy: "OnRootMismatch"
containers:
app:
image:
repository: ghcr.io/onedr0p/qbittorrent
tag: 4.6.6
env:
QBITTORRENT__PORT: 8080
QBITTORRENT__PORT: &qbitPort 8080
securityContext:
runAsGroup: 10000
runAsUser: 10000
fsGroup: 10000
fsGroupChangePolicy: "OnRootMismatch"
gluetun:
image:
repository: qmcgaw/gluetun
tag: latest
env:
FIREWALL_INPUT_PORTS: "8080,17871" # 17871 is the prometheus exporter
FIREWALL_VPN_INPUT_PORTS: "41500"
HEALTH_VPN_DURATION_INITIAL: "120s"
envFrom:
- secretRef:
name: qbittorrent-secrets
securityContext:
capabilities:
add:
- NET_ADMIN
metrics:
image:
repository: caseyscarborough/qbittorrent-exporter
tag: v1.3.5
env:
QBITTORRENT_BASE_URL: "http://localhost:8080"
# safe to have in plain text since qbittorrent is exposed through authentik.
@ -72,11 +63,9 @@ spec:
service:
app:
controller: main
ports:
http:
port: 8080
port: *qbitPort
metrics:
port: 17871
protocol: HTTP
@ -85,10 +74,8 @@ spec:
app:
enabled: true
serviceName: qbittorrent
labels:
release: kube-prometheus-stack
endpoints:
- port: metrics
scheme: http
@ -102,18 +89,13 @@ spec:
cert-manager.io/cluster-issuer: letsencrypt-production
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
hosts:
- host: &host "qbit.${SECRET_NEW_DOMAIN}"
- host: "qbit.${SECRET_NEW_DOMAIN}"
paths:
- path: /
service:
identifier: app
port: http
tls:
- hosts:
- *host
persistence:
storage:
@ -121,21 +103,18 @@ spec:
hostPath: /mnt/MainPool/Media/Torrents
globalMounts:
- path: /storage/Torrents
config:
type: hostPath
hostPath: /mnt/MainPool/Kubernetes/qbittorrent
existingClaim: qbittorrent
advancedMounts:
main: # controller name
app: # container name
- path: /config
gluetun-tmp:
type: emptyDir
advancedMounts:
main: # controller name
gluetun: # container name
- path: /tmp/gluetun/
- path: /tmp/gluetun
port-manager:
- path: /tmp/gluetun/
readOnly: true
- path: /tmp/gluetun
readOnly: true

View file

@ -1,6 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../common/templates/volsync
- ./qbittorrent-secrets.sops.yaml
- ./helm-release.yaml
#- ./qbittorrent-metrics.yaml

View file

@ -0,0 +1,32 @@
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: &app qbittorrent
namespace: flux-system
spec:
timeout: 5m
interval: 10m
targetNamespace: download
path: ./kubernetes/main/apps/download/qbittorrent/app
prune: true
sourceRef:
kind: GitRepository
name: home-cluster
decryption:
provider: sops
secretRef:
name: sops-gpg
dependsOn:
- name: openebs
- name: openebs-sc
- name: volsync
postBuild:
substituteFrom:
- kind: ConfigMap
name: cluster-settings
- kind: Secret
name: cluster-secrets
substitute:
APP: *app
VOLSYNC_CAPACITY: 1Gi