SeanOMik
/
k3s-cluster
1
0
Fork 0
Code Issues 2 Pull Requests 5 Packages Projects Releases Wiki Activity

fix(qbittorrent): switch to protonvpn, update gluetun sidecar

This commit is contained in:
SeanOMik 2023-12-13 22:18:52 -05:00
parent 72a9a73bbc
commit b608b8465f
Signed by: SeanOMik
GPG Key ID: 568F326C7EB33ACB
5 changed files with 85 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
cluster/apps/default/fireflyiii/helm-release.yaml
View File

@ -17,7 +17,7 @@ spec:
values:
image:
repository: fireflyiii/core
tag: version-6.0.26
tag: version-6.0.30
envFrom:
- secretRef:
@ -27,19 +27,7 @@ spec:
main:
ports:
http:
port: &port 8080
probes:
startup:
custom: true
spec:
httpGet:
path: /
port: *port
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 30
port: 8080
ingress:
main:
@ -64,18 +52,4 @@ spec:
type: pvc
accessMode: ReadWriteOnce
size: 8Gi
mountPath: /var/www/html/storage/upload
# podSecurityContext:
# runAsNonRoot: true
# runAsUser: 10000
# runAsGroup: 10000
# fsGroup: 10000
# fsGroupChangePolicy: OnRootMismatch
# resources:
# requests:
# cpu: 1m
# memory: 275Mi
# limits:
# memory: 500Mi
mountPath: /var/www/html/storage/upload

2
cluster/apps/default/kustomization.yaml
View File

@ -1,7 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
#- ./fireflyiii
- ./fireflyiii
- ./cdn
- ./gitea
#- ./dendron

30
cluster/apps/download/qbittorrent/helm-release.yaml
View File

@ -22,12 +22,12 @@ spec:
# Metrics sidecar
sidecars:
gluetun:
image: qmcgaw/gluetun:v3.35
image: qmcgaw/gluetun:v3.36
env:
- name: FIREWALL_VPN_INPUT_PORTS
value: "40574"
- name: FIREWALL_INPUT_PORTS
value: "8080,17871"
value: "8080,17871" # 17871 is the prometheus exporter
envFrom:
- secretRef:
name: qbittorrent-secrets
@ -35,12 +35,31 @@ spec:
capabilities:
add:
- NET_ADMIN
volumeMounts:
- name: gluetun-tmp
mountPath: /tmp/gluetun/
port-manager:
image: git.seanomik.net/seanomik/gluetun-qbit-port-updater:v0.1.1
imagePullPolicy: Always
env:
PORT_UPD_QBITTORRENT_HOST: localhost
PORT_UPD_QBITTORRENT_PORT: "8080"
# safe to have in plain text since qbittorrent is exposed through authentik.
PORT_UPD_QBITTORRENT_LOGIN: &qbitLogin admin
PORT_UPD_QBITTORRENT_PASSWORD: &qbitPass adminadmin
PORT_UPD_PORT_FILE: /tmp/gluetun/forwarded_port
volumeMounts:
- name: gluetun-tmp
mountPath: /tmp/gluetun/
metrics:
image: caseyscarborough/qbittorrent-exporter:v1.3.2
env:
- name: QBITTORRENT_BASE_URL
value: "http://localhost:8080"
QBITTORRENT_BASE_URL: "http://localhost:8080"
# safe to have in plain text since qbittorrent is exposed through authentik.
QBITTORRENT_LOGIN: *qbitLogin
QBITTORRENT_PASSWORD: *qbitPass
ports:
- name: metrics
containerPort: 17871
@ -98,6 +117,9 @@ spec:
type: secret
name: cookie-secret
mountPath: /etc/tokens
gluetun-tmp:
enabled: true
type: emptyDir
resources:
requests:

95
cluster/apps/download/qbittorrent/qbittorrent-secrets.sops.yaml
View File

@ -4,61 +4,72 @@ metadata:
name: qbittorrent-secrets
namespace: download
stringData:
VPN_SERVICE_PROVIDER: ENC[AES256_GCM,data:8R4cNgGtXqw=,iv:Q5v2R8dFfoEMecm488ykKpAtrAkSf9Aw2TbQhJFKE0g=,tag:M61J8fTVPv6HUc6c+XKAoA==,type:str]
OPENVPN_USER: ENC[AES256_GCM,data:6AN/ohElJYCof94Z7VZuqoNt,iv:ju4RUJO2GucB9nxLetaesIe7BS8GXwBh2CTRdRGqXZA=,tag:gZ0CexKMVRX+atCsADjQyQ==,type:str]
OPENVPN_PASSWORD: ENC[AES256_GCM,data:3IXUzdSTkhBwJxwzOPY=,iv:LJveQfuDwJDcbIx3c8a9BV+dCQ5hfzjtVsG339Zjkgo=,tag:SaJwsCRgSSfz0nZt4AbFzQ==,type:str]
SERVER_COUNTRIES: ENC[AES256_GCM,data:pyid,iv:gItcOstdlJ6t5uICxGHiEFjcz7pu+t62HBhja+mjaT8=,tag:4aNdJXDgyrWHa5LV0D5EfQ==,type:str]
OPENVPN_CIPHERS: ENC[AES256_GCM,data:3hnA/9KL7+Xvano=,iv:zHT1mg57rudaJQQaXLNAQzbIduetE/RLy8W/kGTWGZU=,tag:JmdHDTsGzsymSkOD4DPQZw==,type:str]
#ENC[AES256_GCM,data:kFKbnk5b5u4W6+RNeXCBEl0/9/pyIiVJMylujxzF6g==,iv:V46eLoZYOtXwaeM024jpB/Bf0J/w+pU6zgIQ6+zivPY=,tag:InrBZbzfo0LCOLmT1SZftg==,type:comment]
#ENC[AES256_GCM,data:vSyBvDlFDcmiDEqIj53Ply/fP/6+cH0jjtS0sDIadF0T4v1Y+tkXOZK/xDtTkQ==,iv:iAAt9EYb9mFOtCrzJvSuw+XSBRcOKS/TDrEWL6VfttU=,tag:kcXjQNflSJNLyLN0Ado/Cw==,type:comment]
#ENC[AES256_GCM,data:bFItZO2PhRvVUOHKFSGkcnN+0LhLPJQC9lea//e4MTHJuw==,iv:4re3gpzWBqH1OaRdMiuAx1WNCnBgQvmLtcemVmslnrw=,tag:F1oTifDf61DggEi9raR3yA==,type:comment]
#ENC[AES256_GCM,data:P6L6Ddf8v6fn4UzJNhhRmv1DykHM3ilUOjfeRNjmnb9lzw5UzyG6P9t90XF/HxDGXv4=,iv:BWcN23aQu+jW+byy/M2VRNbCgfQBRfcxV4VEAL8LSR0=,tag:9c6gUhgdqhoK8JroOcz+VA==,type:comment]
#ENC[AES256_GCM,data:ZVZM0vvuiTky9kBv7TcNKl0xCvVtFtULxqnnemzlrg==,iv:HaaAR0xiN8Lss8RoumaUCGfRxyJoJTVTAayHZ/vitGI=,tag:XMDl3T4rLz9NbHlkCOXL0g==,type:comment]
#ENC[AES256_GCM,data:s6JYwUMPoK62524G8hcOxwTzhq7iBfSqqA==,iv:+IyjOdVrOyb224D5z5HEKpy9cnmAlLcjB9ZgaCS3DaA=,tag:f7mFWCMDbgI/AlB2GkBKHg==,type:comment]
#ENC[AES256_GCM,data:HAB28P9Lh9PVfNhLce3IK6C0PqFnAvQ0bBPTmBC66rbrqSXzhvzF,iv:O/ee2fS1Q1PK9K9U+RHwBHd2UZdSVrw3mVS4lgnGsvU=,tag:/c7Dj+sL8RuaBq2exJ/eXA==,type:comment]
VPN_SERVICE_PROVIDER: ENC[AES256_GCM,data:cxJUkG+M,iv:MISXrZPCX9gjd7uyYjvfZ6/hetCVJ8qihIf1tb7ZqgU=,tag:kSXnRIdVsf6eWxc2o7rkig==,type:str]
VPN_TYPE: ENC[AES256_GCM,data:ov1gkA28jPcQ,iv:e9PQ0pT3NCsXQJ6ljtNyX2f1affBnVHYFst5S1Uq+nA=,tag:I4GM26sPnvy+a5AqJ9npLg==,type:str]
VPN_ENDPOINT_IP: ENC[AES256_GCM,data:Z5CWT5izY6QSleq/7dw=,iv:XMlPatMEuDBM3UUQKXSbzAb05JEicXY5MZv6uwhE3YI=,tag:mud3Nvk6BQSDiv3LuW4JAA==,type:str]
VPN_ENDPOINT_PORT: ENC[AES256_GCM,data:1t9FZ4c=,iv:X2clyyWPltvcg/PkGmYIytnLvImUW8ohD4JTuDdJ3Uo=,tag:I1NGPoQ3B1B94bcUay9A3g==,type:str]
WIREGUARD_PUBLIC_KEY: ENC[AES256_GCM,data:FanrtxziYQNqPhA87rWbcTkK3EDKkmCFqtNIu9cTRtGdvNdbLfy0Qwf8v44=,iv:p4xgeWOPqW/5d0yNC4gJPlplAX6Owc2xPp77LPtRdPE=,tag:MJj2Nc50OV4odKwt+mEulA==,type:str]
WIREGUARD_PRIVATE_KEY: ENC[AES256_GCM,data:kDZdUyyhm2yeuAzbD5XLnJZsdbN0DoLDnWgrp5Y37B2GA4PIvYSjwpZp500=,iv:i8w0luzzCMei+5JUj+6z1R7/Giy1Du8HfZnFCYcYz2M=,tag:pv5YXdImhD36ppyW9ans3Q==,type:str]
WIREGUARD_ADDRESSES: ENC[AES256_GCM,data:u9I+AS0TVQu8d4Q=,iv:pLSLO8Esj3PBU1OiudEf1elKlPIYdtS0SJnUO/qpxog=,tag:GM/LS6Uv0MJeA60ro62AbA==,type:str]
VPN_PORT_FORWARDING: ENC[AES256_GCM,data:ftg=,iv:CUeC3ShYGR1S0rYlcBP8U56+gP7cmyZECQYSJY6P9qI=,tag:8lEIJWNz4Smthaw0qXw8sA==,type:str]
VPN_PORT_FORWARDING_PROVIDER: ENC[AES256_GCM,data:ZqyFgHgTAr1v,iv:zXwTtuGmvNHsOZ1YhfDNY6PUixTi3dFi/UcB9qTbWh4=,tag:JOAoXu275uhyeVIdhJxJfw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-09-14T00:27:42Z"
mac: ENC[AES256_GCM,data:Xi5iY+lekGBZXq/d+Me7VYqegRMecBX97n5jwXQtmJfFGlkSNKzsDd3BNhQdzVFIXWub35iM9DqRi6ESTrrF21axhEG0NIRfyOgFvs2bFjvRqYbRD2N+IKkJFGohGG2oaMY0G3DFkAD1vlan0gEcRm1mytTtcMOfVnZVENyTdsM=,iv:ZlrnlnvvFDlYKECHdPLJ/oU6m8qFz1M6Z3+onZNQDU0=,tag:h4H/vVk9OUk49vfq3v7yRg==,type:str]
lastmodified: "2023-12-13T23:08:56Z"
mac: ENC[AES256_GCM,data:QDqeaz24ZbRSzQVBaaa2TgEudwtf076ZL+bKSliagZ5IKGTmXB1Diy3hGwqBZGz9VSAU8KtBYC4VgpnAFSWywy7G+lYtwrwmkTW7smqUSlfVOWcaHYEODORFSj1krxEzeUKR2ykwjtNz+4eAp9M8kTL7gc78k5As1gsrcS72hTk=,iv:84D0QpusZCtQ5xJx5lWljtxVFrvZLH9pwboXX0tOKhI=,tag:B9PAuWsIjtl76bwdepIiXA==,type:str]
pgp:
- created_at: "2023-06-19T18:35:06Z"
enc: |
- created_at: "2023-12-13T23:08:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAzKleRwoSoixAQ/+LSh/Pcu6Nvg4gon1CiT6yNrOriepFC94bRm35ia1rmhw
NqqW40gjTFW1oR2rPV3fKDVozNiCIAxH+wFm8jTqpE9tFYWzSae3gq9ms8KTj8xi
EEPX/U+s1a8QCvUC2z2Pg4i4i5+j+rNcmb0capm1zpIP51PfMgvREgdLRgEa8+vq
w1h4dLMy+PERXepWZmv3b0VL9irjUHK3kHhBcTrMeL8AmPfHICBUs0zxzvlZsB3d
8AIlvHmyuaJg2uae3HKcSWoCGQxFGGSfIgYNT20566GIHckg/hlSymxEw34sA7iR
20X+58U7Tzm8ekGyr+y6VOuk0XmvSPSnegpvUFhhJG9r5equUmVJo7zeDwlFSDOd
dxi2R0aBitCO7XnhGKvA/x9loyUhm5IekDh1fn5jBeGeBoGdm0zXmpxINH/T8hSp
B7BcxhifxnctCRpMVpOLZcDRPzZPPqgGpnM4b8GCiy33T5wt6ufWOJh3JfRQAMpf
PnFxPWZiRsbGYMC0+sGeOPOe9oYlhAmJroDn/zn7p5rYKWIYKWfQDnOBzaO6wB6r
zG8bEFmj44ikfOTasBMTOtIdkrk33yxYvEUUqu5zDPE6I8hsmjMBQQIQMffyO0Ki
Z9eXM/A7XtR5+12D2gEl/C8LP92T2MXFTo7T6WenPBt6D7exwP4NfmHotRRM1eXU
aAEJAhD9Z79FLyo0CJwz4P9JDDzz2PBEqnkbxHD7UeNHdIg6kSJz6dRCZpAbixOs
mvqyo1PQzwj1ihYdD0fmpUCoqrNYuW/nPes3wEv6JfU6Ez97RHaknHDlOtVs9cX0
pNhiuu2eV0V9
=vaBY
hQIMAzKleRwoSoixAQ//XM/Pha1wEbtFtiWrTNL33Q3TqtpFOsNmWZ574SSmgEfC
OlfdK1anH0kx6b8Jy02eJ61ZzGyqM1svuvGTxHqfZ92rIm+3tPfNCtLgSydlud76
vy6AXVHZkgSrwtj8xUXf7cmHDVIVxzFlassOWq1OEAsLay71IJcYAd9ImuMTSGUh
riBNap7rcMctbiHkomnswQxmMza10KXclXUE7HoOrdMK1+Zxpqhj+fS6Y5WOlRoa
VAuYP+Tg1nOkjC27rB68aFEGfbcXRvuNSpuflusDFicIwNUZ5LPLZF483VD4LEi9
VZETRpRGTmJ9ZFa6+QstHmY2Ky+/2Yrxd9YUURBoGglGlelbIn+vA8RQlqcCth7Y
wqFOPNFJf0Ljduioz5jCmcK/eQRuquJKcKX91+XeJ3pNYK86ywcn7JrsKX4cUCWM
ZY2+A8xdtpQxA9RQdObIV5DQEFBTnw+4RpVj8qP1kQvKg/7rvmU8mVyFec321BF/
vZ4iVfwPuLbvXNsLl2yeD8pP3DlqemxKQrP/sNfRqqTq1sn6rr8xYk+fE+Vw8fHu
OUKPNvr9hWrxAxeHmXu1vmJP9HtXjJor9Qnpa4puiQRrUtlHfOWRthmXdfoGbWlt
VDM5kj+Kp3OSSmL3Kpb7BUugXrl3qLEs/KB4jIx7Z1UzRKiUIidg3FfNjs6PaKjU
aAEJAhB1FKIv1m7toY6rMQ58gdoDXmnuTN92B3fNplAy8GfzYT67mV2Fr7ogVgqL
hShXltEayPTRwpHWv7aHSEo2LscIy7THEbYVsWvbEdILLtIvIfpMQwufRG4H/+oy
Htp1z9DAxjUg
=sjhc
-----END PGP MESSAGE-----
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
- created_at: "2023-06-19T18:35:06Z"
enc: |
- created_at: "2023-12-13T23:08:56Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAy5t8IMoPu4VAQ//fd7iSVur7i0ontjdR1BuC8mxaxd5grBm4VZpTidySOxU
XvKlQ3eEaW5Ekt2aCDsTR0B8oHAxyiq9qjh9492i2nZJhdwZVMgmFuLcLr1YuVGs
5j54Rig8Kf47VegFuppq/qR9Se240u5lMyngouU6+fDv7Nz2dkk+tmyvIvuXaXK2
xr9coQ89gKTINOFle+dlf1lKam4nMRvnXF/FPoGzt2/T8QFGpRyT6gM4OO8ab+qb
Qtw7CYSjX5bzLeo+Yphv6QArC3cyixQJD6CCxbcyyz6W5NOMWqakF3JlqBZvU2XK
ypXg7d1884xPEZv6W2ENJ1fgtu88hbsLX/D8BWPGenRoYKAfLJanA+bt8XfCipg6
aXYlkRRHkQuEKnZ8H7uEgYgp4IQv7Ae231GRBVXeLwSzX/TX7DpVDDcuyYyRJsV0
FNF4/xpgJOhb4DSl5OW6pW3SDTAn/jtC1M0Rrx6dDSCgUUyFXYK+klsu0LXtDbvf
e1kRpOrq9urpPnpqdTK0hE4qawWkuAc3CniFJ89zr4rlRdPLFychonr/ELWlt5Hs
vyKiGJVj3nFwGzb/FGQm1lWts6j/a+tFSprneMh5hkrVDvIjd+qSLELacGZOkp1C
sSMzkurhd3xHedQA261rXfOFxhooWMofFiUEp3CFCHC1n9IA1me2RxfcFu5x/kzU
aAEJAhCgz5TIm8pQa1zQIE10FMCkQouhTeimyWOeQRcrZVFZZPQLOFxhUQwFxbtg
B+gjo8q2XMq4szzKa6ZEp8C1Qkw9zOXWxmhjug/oGHlGwsh2BK5aAFlvGSkZf9yA
yTDIrThWUe1w
=lQX5
hQIMAy5t8IMoPu4VAQ//UXW9kQwk+9tl6yC0BPHlOGyusDQySQThnq6aHtF0lLTh
d57Ngz2d/4yV3ADCuDteT9NKqBpnFD5yndD01RfpfrC/LVIIUk3I0StDg1Rwb6/w
Q/cfSUX0hJ0qSmR/Bd/zOVPBvGnNSQgu9h73pbjuRwqBYIjV557JB6kq68aAJbi8
JvClBjwmdW8r/oraiCLbUXWPF8VHBPwSn210QPML0lRjN7rGtkR88hg+0OKgm9fw
Hq51Hr6KvWCh0j6xa70TdHGmahVEqb0l/2LV3yw2WpS5G0A2aL2EWMECdPjS84eI
8hK6oNF5sg5D3JwJd74FX+fXQxsRwzZO0B1Pf6Ea6ZYLkVb9wbDKDU30V+LxprLJ
Y9WGnLeOoDZVYqMCgEVkzrdRo9LC3UeKQ7yMwXpMHPbNUVv5v9VUjpCfpAf4FNpl
nTo1AYV5+Tqvb7XRMraIRR9AzaZ91HQAO/w23vpJCMB+jdcr5UgxhN0apqOAcZlt
igpDnj0wRxa6GpHr6TkPx+YRRDoOzlCinot++udmFMsprz4MSz8KM8oiRsD9eM6X
QIAR+n8MoyWAVNFGbnTEZqdkfI0VoTRg09BpryB36IEpxBpAq5fcL/w+dL34JROT
n/pF7DyKfgtnbUQt6GIQO62Ld2F/Rtg2HkFt3qOw+YuEPnPBLVrtjlrUJbInWsbU
aAEJAhB8OvYpr/HfGIZ5wIgG5MsdZ0bWXUOm8kXLnQKu6iNG2Y6ocKGKjzr7ILg5
KBneXE+mIO+FkAmvuIcZZAHzaHgYAGxoet4qtVVF0JIz6FF2AMdpqf8ed+f1HIvm
WqW5nFqKsDXZ
=tLH9
-----END PGP MESSAGE-----
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
encrypted_regex: ^(data|stringData)$
version: 3.7.3
version: 3.8.1

4
cluster/apps/tools/hastebin/helm-release.yaml
View File

@ -67,5 +67,5 @@ spec:
cpu: 1m
memory: 14Mi
limits:
memory: 50Mi
# limits:
# memory: 50Mi