From b608b8465fc6acb3c8c3c90f98623e98cfad813a Mon Sep 17 00:00:00 2001 From: SeanOMik Date: Wed, 13 Dec 2023 22:18:52 -0500 Subject: [PATCH] fix(qbittorrent): switch to protonvpn, update gluetun sidecar --- .../apps/default/fireflyiii/helm-release.yaml | 32 +------ cluster/apps/default/kustomization.yaml | 2 +- .../download/qbittorrent/helm-release.yaml | 30 +++++- .../qbittorrent/qbittorrent-secrets.sops.yaml | 95 +++++++++++-------- cluster/apps/tools/hastebin/helm-release.yaml | 4 +- 5 files changed, 85 insertions(+), 78 deletions(-) diff --git a/cluster/apps/default/fireflyiii/helm-release.yaml b/cluster/apps/default/fireflyiii/helm-release.yaml index da651cfd..badb9cd6 100644 --- a/cluster/apps/default/fireflyiii/helm-release.yaml +++ b/cluster/apps/default/fireflyiii/helm-release.yaml @@ -17,7 +17,7 @@ spec: values: image: repository: fireflyiii/core - tag: version-6.0.26 + tag: version-6.0.30 envFrom: - secretRef: @@ -27,19 +27,7 @@ spec: main: ports: http: - port: &port 8080 - - probes: - startup: - custom: true - spec: - httpGet: - path: / - port: *port - initialDelaySeconds: 60 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 30 + port: 8080 ingress: main: @@ -64,18 +52,4 @@ spec: type: pvc accessMode: ReadWriteOnce size: 8Gi - mountPath: /var/www/html/storage/upload - -# podSecurityContext: -# runAsNonRoot: true -# runAsUser: 10000 -# runAsGroup: 10000 -# fsGroup: 10000 -# fsGroupChangePolicy: OnRootMismatch - -# resources: -# requests: -# cpu: 1m -# memory: 275Mi -# limits: -# memory: 500Mi \ No newline at end of file + mountPath: /var/www/html/storage/upload \ No newline at end of file diff --git a/cluster/apps/default/kustomization.yaml b/cluster/apps/default/kustomization.yaml index 8a3b1ffd..ca3f00a6 100644 --- a/cluster/apps/default/kustomization.yaml +++ b/cluster/apps/default/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -#- ./fireflyiii +- ./fireflyiii - ./cdn - ./gitea #- ./dendron diff --git a/cluster/apps/download/qbittorrent/helm-release.yaml b/cluster/apps/download/qbittorrent/helm-release.yaml index 3fd1b812..283b5f17 100644 --- a/cluster/apps/download/qbittorrent/helm-release.yaml +++ b/cluster/apps/download/qbittorrent/helm-release.yaml @@ -22,12 +22,12 @@ spec: # Metrics sidecar sidecars: gluetun: - image: qmcgaw/gluetun:v3.35 + image: qmcgaw/gluetun:v3.36 env: - name: FIREWALL_VPN_INPUT_PORTS value: "40574" - name: FIREWALL_INPUT_PORTS - value: "8080,17871" + value: "8080,17871" # 17871 is the prometheus exporter envFrom: - secretRef: name: qbittorrent-secrets @@ -35,12 +35,31 @@ spec: capabilities: add: - NET_ADMIN + volumeMounts: + - name: gluetun-tmp + mountPath: /tmp/gluetun/ + + port-manager: + image: git.seanomik.net/seanomik/gluetun-qbit-port-updater:v0.1.1 + imagePullPolicy: Always + env: + PORT_UPD_QBITTORRENT_HOST: localhost + PORT_UPD_QBITTORRENT_PORT: "8080" + # safe to have in plain text since qbittorrent is exposed through authentik. + PORT_UPD_QBITTORRENT_LOGIN: &qbitLogin admin + PORT_UPD_QBITTORRENT_PASSWORD: &qbitPass adminadmin + PORT_UPD_PORT_FILE: /tmp/gluetun/forwarded_port + volumeMounts: + - name: gluetun-tmp + mountPath: /tmp/gluetun/ metrics: image: caseyscarborough/qbittorrent-exporter:v1.3.2 env: - - name: QBITTORRENT_BASE_URL - value: "http://localhost:8080" + QBITTORRENT_BASE_URL: "http://localhost:8080" + # safe to have in plain text since qbittorrent is exposed through authentik. + QBITTORRENT_LOGIN: *qbitLogin + QBITTORRENT_PASSWORD: *qbitPass ports: - name: metrics containerPort: 17871 @@ -98,6 +117,9 @@ spec: type: secret name: cookie-secret mountPath: /etc/tokens + gluetun-tmp: + enabled: true + type: emptyDir resources: requests: diff --git a/cluster/apps/download/qbittorrent/qbittorrent-secrets.sops.yaml b/cluster/apps/download/qbittorrent/qbittorrent-secrets.sops.yaml index a6aa0816..00aadca0 100644 --- a/cluster/apps/download/qbittorrent/qbittorrent-secrets.sops.yaml +++ b/cluster/apps/download/qbittorrent/qbittorrent-secrets.sops.yaml @@ -4,61 +4,72 @@ metadata: name: qbittorrent-secrets namespace: download stringData: - VPN_SERVICE_PROVIDER: ENC[AES256_GCM,data:8R4cNgGtXqw=,iv:Q5v2R8dFfoEMecm488ykKpAtrAkSf9Aw2TbQhJFKE0g=,tag:M61J8fTVPv6HUc6c+XKAoA==,type:str] - OPENVPN_USER: ENC[AES256_GCM,data:6AN/ohElJYCof94Z7VZuqoNt,iv:ju4RUJO2GucB9nxLetaesIe7BS8GXwBh2CTRdRGqXZA=,tag:gZ0CexKMVRX+atCsADjQyQ==,type:str] - OPENVPN_PASSWORD: ENC[AES256_GCM,data:3IXUzdSTkhBwJxwzOPY=,iv:LJveQfuDwJDcbIx3c8a9BV+dCQ5hfzjtVsG339Zjkgo=,tag:SaJwsCRgSSfz0nZt4AbFzQ==,type:str] - SERVER_COUNTRIES: ENC[AES256_GCM,data:pyid,iv:gItcOstdlJ6t5uICxGHiEFjcz7pu+t62HBhja+mjaT8=,tag:4aNdJXDgyrWHa5LV0D5EfQ==,type:str] - OPENVPN_CIPHERS: ENC[AES256_GCM,data:3hnA/9KL7+Xvano=,iv:zHT1mg57rudaJQQaXLNAQzbIduetE/RLy8W/kGTWGZU=,tag:JmdHDTsGzsymSkOD4DPQZw==,type:str] + #ENC[AES256_GCM,data:kFKbnk5b5u4W6+RNeXCBEl0/9/pyIiVJMylujxzF6g==,iv:V46eLoZYOtXwaeM024jpB/Bf0J/w+pU6zgIQ6+zivPY=,tag:InrBZbzfo0LCOLmT1SZftg==,type:comment] + #ENC[AES256_GCM,data:vSyBvDlFDcmiDEqIj53Ply/fP/6+cH0jjtS0sDIadF0T4v1Y+tkXOZK/xDtTkQ==,iv:iAAt9EYb9mFOtCrzJvSuw+XSBRcOKS/TDrEWL6VfttU=,tag:kcXjQNflSJNLyLN0Ado/Cw==,type:comment] + #ENC[AES256_GCM,data:bFItZO2PhRvVUOHKFSGkcnN+0LhLPJQC9lea//e4MTHJuw==,iv:4re3gpzWBqH1OaRdMiuAx1WNCnBgQvmLtcemVmslnrw=,tag:F1oTifDf61DggEi9raR3yA==,type:comment] + #ENC[AES256_GCM,data:P6L6Ddf8v6fn4UzJNhhRmv1DykHM3ilUOjfeRNjmnb9lzw5UzyG6P9t90XF/HxDGXv4=,iv:BWcN23aQu+jW+byy/M2VRNbCgfQBRfcxV4VEAL8LSR0=,tag:9c6gUhgdqhoK8JroOcz+VA==,type:comment] + #ENC[AES256_GCM,data:ZVZM0vvuiTky9kBv7TcNKl0xCvVtFtULxqnnemzlrg==,iv:HaaAR0xiN8Lss8RoumaUCGfRxyJoJTVTAayHZ/vitGI=,tag:XMDl3T4rLz9NbHlkCOXL0g==,type:comment] + #ENC[AES256_GCM,data:s6JYwUMPoK62524G8hcOxwTzhq7iBfSqqA==,iv:+IyjOdVrOyb224D5z5HEKpy9cnmAlLcjB9ZgaCS3DaA=,tag:f7mFWCMDbgI/AlB2GkBKHg==,type:comment] + #ENC[AES256_GCM,data:HAB28P9Lh9PVfNhLce3IK6C0PqFnAvQ0bBPTmBC66rbrqSXzhvzF,iv:O/ee2fS1Q1PK9K9U+RHwBHd2UZdSVrw3mVS4lgnGsvU=,tag:/c7Dj+sL8RuaBq2exJ/eXA==,type:comment] + VPN_SERVICE_PROVIDER: ENC[AES256_GCM,data:cxJUkG+M,iv:MISXrZPCX9gjd7uyYjvfZ6/hetCVJ8qihIf1tb7ZqgU=,tag:kSXnRIdVsf6eWxc2o7rkig==,type:str] + VPN_TYPE: ENC[AES256_GCM,data:ov1gkA28jPcQ,iv:e9PQ0pT3NCsXQJ6ljtNyX2f1affBnVHYFst5S1Uq+nA=,tag:I4GM26sPnvy+a5AqJ9npLg==,type:str] + VPN_ENDPOINT_IP: ENC[AES256_GCM,data:Z5CWT5izY6QSleq/7dw=,iv:XMlPatMEuDBM3UUQKXSbzAb05JEicXY5MZv6uwhE3YI=,tag:mud3Nvk6BQSDiv3LuW4JAA==,type:str] + VPN_ENDPOINT_PORT: ENC[AES256_GCM,data:1t9FZ4c=,iv:X2clyyWPltvcg/PkGmYIytnLvImUW8ohD4JTuDdJ3Uo=,tag:I1NGPoQ3B1B94bcUay9A3g==,type:str] + WIREGUARD_PUBLIC_KEY: ENC[AES256_GCM,data:FanrtxziYQNqPhA87rWbcTkK3EDKkmCFqtNIu9cTRtGdvNdbLfy0Qwf8v44=,iv:p4xgeWOPqW/5d0yNC4gJPlplAX6Owc2xPp77LPtRdPE=,tag:MJj2Nc50OV4odKwt+mEulA==,type:str] + WIREGUARD_PRIVATE_KEY: ENC[AES256_GCM,data:kDZdUyyhm2yeuAzbD5XLnJZsdbN0DoLDnWgrp5Y37B2GA4PIvYSjwpZp500=,iv:i8w0luzzCMei+5JUj+6z1R7/Giy1Du8HfZnFCYcYz2M=,tag:pv5YXdImhD36ppyW9ans3Q==,type:str] + WIREGUARD_ADDRESSES: ENC[AES256_GCM,data:u9I+AS0TVQu8d4Q=,iv:pLSLO8Esj3PBU1OiudEf1elKlPIYdtS0SJnUO/qpxog=,tag:GM/LS6Uv0MJeA60ro62AbA==,type:str] + VPN_PORT_FORWARDING: ENC[AES256_GCM,data:ftg=,iv:CUeC3ShYGR1S0rYlcBP8U56+gP7cmyZECQYSJY6P9qI=,tag:8lEIJWNz4Smthaw0qXw8sA==,type:str] + VPN_PORT_FORWARDING_PROVIDER: ENC[AES256_GCM,data:ZqyFgHgTAr1v,iv:zXwTtuGmvNHsOZ1YhfDNY6PUixTi3dFi/UcB9qTbWh4=,tag:JOAoXu275uhyeVIdhJxJfw==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: [] - lastmodified: "2023-09-14T00:27:42Z" - mac: ENC[AES256_GCM,data:Xi5iY+lekGBZXq/d+Me7VYqegRMecBX97n5jwXQtmJfFGlkSNKzsDd3BNhQdzVFIXWub35iM9DqRi6ESTrrF21axhEG0NIRfyOgFvs2bFjvRqYbRD2N+IKkJFGohGG2oaMY0G3DFkAD1vlan0gEcRm1mytTtcMOfVnZVENyTdsM=,iv:ZlrnlnvvFDlYKECHdPLJ/oU6m8qFz1M6Z3+onZNQDU0=,tag:h4H/vVk9OUk49vfq3v7yRg==,type:str] + lastmodified: "2023-12-13T23:08:56Z" + mac: ENC[AES256_GCM,data:QDqeaz24ZbRSzQVBaaa2TgEudwtf076ZL+bKSliagZ5IKGTmXB1Diy3hGwqBZGz9VSAU8KtBYC4VgpnAFSWywy7G+lYtwrwmkTW7smqUSlfVOWcaHYEODORFSj1krxEzeUKR2ykwjtNz+4eAp9M8kTL7gc78k5As1gsrcS72hTk=,iv:84D0QpusZCtQ5xJx5lWljtxVFrvZLH9pwboXX0tOKhI=,tag:B9PAuWsIjtl76bwdepIiXA==,type:str] pgp: - - created_at: "2023-06-19T18:35:06Z" - enc: | + - created_at: "2023-12-13T23:08:56Z" + enc: |- -----BEGIN PGP MESSAGE----- - hQIMAzKleRwoSoixAQ/+LSh/Pcu6Nvg4gon1CiT6yNrOriepFC94bRm35ia1rmhw - NqqW40gjTFW1oR2rPV3fKDVozNiCIAxH+wFm8jTqpE9tFYWzSae3gq9ms8KTj8xi - EEPX/U+s1a8QCvUC2z2Pg4i4i5+j+rNcmb0capm1zpIP51PfMgvREgdLRgEa8+vq - w1h4dLMy+PERXepWZmv3b0VL9irjUHK3kHhBcTrMeL8AmPfHICBUs0zxzvlZsB3d - 8AIlvHmyuaJg2uae3HKcSWoCGQxFGGSfIgYNT20566GIHckg/hlSymxEw34sA7iR - 20X+58U7Tzm8ekGyr+y6VOuk0XmvSPSnegpvUFhhJG9r5equUmVJo7zeDwlFSDOd - dxi2R0aBitCO7XnhGKvA/x9loyUhm5IekDh1fn5jBeGeBoGdm0zXmpxINH/T8hSp - B7BcxhifxnctCRpMVpOLZcDRPzZPPqgGpnM4b8GCiy33T5wt6ufWOJh3JfRQAMpf - PnFxPWZiRsbGYMC0+sGeOPOe9oYlhAmJroDn/zn7p5rYKWIYKWfQDnOBzaO6wB6r - zG8bEFmj44ikfOTasBMTOtIdkrk33yxYvEUUqu5zDPE6I8hsmjMBQQIQMffyO0Ki - Z9eXM/A7XtR5+12D2gEl/C8LP92T2MXFTo7T6WenPBt6D7exwP4NfmHotRRM1eXU - aAEJAhD9Z79FLyo0CJwz4P9JDDzz2PBEqnkbxHD7UeNHdIg6kSJz6dRCZpAbixOs - mvqyo1PQzwj1ihYdD0fmpUCoqrNYuW/nPes3wEv6JfU6Ez97RHaknHDlOtVs9cX0 - pNhiuu2eV0V9 - =vaBY + hQIMAzKleRwoSoixAQ//XM/Pha1wEbtFtiWrTNL33Q3TqtpFOsNmWZ574SSmgEfC + OlfdK1anH0kx6b8Jy02eJ61ZzGyqM1svuvGTxHqfZ92rIm+3tPfNCtLgSydlud76 + vy6AXVHZkgSrwtj8xUXf7cmHDVIVxzFlassOWq1OEAsLay71IJcYAd9ImuMTSGUh + riBNap7rcMctbiHkomnswQxmMza10KXclXUE7HoOrdMK1+Zxpqhj+fS6Y5WOlRoa + VAuYP+Tg1nOkjC27rB68aFEGfbcXRvuNSpuflusDFicIwNUZ5LPLZF483VD4LEi9 + VZETRpRGTmJ9ZFa6+QstHmY2Ky+/2Yrxd9YUURBoGglGlelbIn+vA8RQlqcCth7Y + wqFOPNFJf0Ljduioz5jCmcK/eQRuquJKcKX91+XeJ3pNYK86ywcn7JrsKX4cUCWM + ZY2+A8xdtpQxA9RQdObIV5DQEFBTnw+4RpVj8qP1kQvKg/7rvmU8mVyFec321BF/ + vZ4iVfwPuLbvXNsLl2yeD8pP3DlqemxKQrP/sNfRqqTq1sn6rr8xYk+fE+Vw8fHu + OUKPNvr9hWrxAxeHmXu1vmJP9HtXjJor9Qnpa4puiQRrUtlHfOWRthmXdfoGbWlt + VDM5kj+Kp3OSSmL3Kpb7BUugXrl3qLEs/KB4jIx7Z1UzRKiUIidg3FfNjs6PaKjU + aAEJAhB1FKIv1m7toY6rMQ58gdoDXmnuTN92B3fNplAy8GfzYT67mV2Fr7ogVgqL + hShXltEayPTRwpHWv7aHSEo2LscIy7THEbYVsWvbEdILLtIvIfpMQwufRG4H/+oy + Htp1z9DAxjUg + =sjhc -----END PGP MESSAGE----- fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5 - - created_at: "2023-06-19T18:35:06Z" - enc: | + - created_at: "2023-12-13T23:08:56Z" + enc: |- -----BEGIN PGP MESSAGE----- - hQIMAy5t8IMoPu4VAQ//fd7iSVur7i0ontjdR1BuC8mxaxd5grBm4VZpTidySOxU - XvKlQ3eEaW5Ekt2aCDsTR0B8oHAxyiq9qjh9492i2nZJhdwZVMgmFuLcLr1YuVGs - 5j54Rig8Kf47VegFuppq/qR9Se240u5lMyngouU6+fDv7Nz2dkk+tmyvIvuXaXK2 - xr9coQ89gKTINOFle+dlf1lKam4nMRvnXF/FPoGzt2/T8QFGpRyT6gM4OO8ab+qb - Qtw7CYSjX5bzLeo+Yphv6QArC3cyixQJD6CCxbcyyz6W5NOMWqakF3JlqBZvU2XK - ypXg7d1884xPEZv6W2ENJ1fgtu88hbsLX/D8BWPGenRoYKAfLJanA+bt8XfCipg6 - aXYlkRRHkQuEKnZ8H7uEgYgp4IQv7Ae231GRBVXeLwSzX/TX7DpVDDcuyYyRJsV0 - FNF4/xpgJOhb4DSl5OW6pW3SDTAn/jtC1M0Rrx6dDSCgUUyFXYK+klsu0LXtDbvf - e1kRpOrq9urpPnpqdTK0hE4qawWkuAc3CniFJ89zr4rlRdPLFychonr/ELWlt5Hs - vyKiGJVj3nFwGzb/FGQm1lWts6j/a+tFSprneMh5hkrVDvIjd+qSLELacGZOkp1C - sSMzkurhd3xHedQA261rXfOFxhooWMofFiUEp3CFCHC1n9IA1me2RxfcFu5x/kzU - aAEJAhCgz5TIm8pQa1zQIE10FMCkQouhTeimyWOeQRcrZVFZZPQLOFxhUQwFxbtg - B+gjo8q2XMq4szzKa6ZEp8C1Qkw9zOXWxmhjug/oGHlGwsh2BK5aAFlvGSkZf9yA - yTDIrThWUe1w - =lQX5 + hQIMAy5t8IMoPu4VAQ//UXW9kQwk+9tl6yC0BPHlOGyusDQySQThnq6aHtF0lLTh + d57Ngz2d/4yV3ADCuDteT9NKqBpnFD5yndD01RfpfrC/LVIIUk3I0StDg1Rwb6/w + Q/cfSUX0hJ0qSmR/Bd/zOVPBvGnNSQgu9h73pbjuRwqBYIjV557JB6kq68aAJbi8 + JvClBjwmdW8r/oraiCLbUXWPF8VHBPwSn210QPML0lRjN7rGtkR88hg+0OKgm9fw + Hq51Hr6KvWCh0j6xa70TdHGmahVEqb0l/2LV3yw2WpS5G0A2aL2EWMECdPjS84eI + 8hK6oNF5sg5D3JwJd74FX+fXQxsRwzZO0B1Pf6Ea6ZYLkVb9wbDKDU30V+LxprLJ + Y9WGnLeOoDZVYqMCgEVkzrdRo9LC3UeKQ7yMwXpMHPbNUVv5v9VUjpCfpAf4FNpl + nTo1AYV5+Tqvb7XRMraIRR9AzaZ91HQAO/w23vpJCMB+jdcr5UgxhN0apqOAcZlt + igpDnj0wRxa6GpHr6TkPx+YRRDoOzlCinot++udmFMsprz4MSz8KM8oiRsD9eM6X + QIAR+n8MoyWAVNFGbnTEZqdkfI0VoTRg09BpryB36IEpxBpAq5fcL/w+dL34JROT + n/pF7DyKfgtnbUQt6GIQO62Ld2F/Rtg2HkFt3qOw+YuEPnPBLVrtjlrUJbInWsbU + aAEJAhB8OvYpr/HfGIZ5wIgG5MsdZ0bWXUOm8kXLnQKu6iNG2Y6ocKGKjzr7ILg5 + KBneXE+mIO+FkAmvuIcZZAHzaHgYAGxoet4qtVVF0JIz6FF2AMdpqf8ed+f1HIvm + WqW5nFqKsDXZ + =tLH9 -----END PGP MESSAGE----- fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D encrypted_regex: ^(data|stringData)$ - version: 3.7.3 + version: 3.8.1 diff --git a/cluster/apps/tools/hastebin/helm-release.yaml b/cluster/apps/tools/hastebin/helm-release.yaml index 47c2dc2a..c6df53f4 100644 --- a/cluster/apps/tools/hastebin/helm-release.yaml +++ b/cluster/apps/tools/hastebin/helm-release.yaml @@ -67,5 +67,5 @@ spec: cpu: 1m memory: 14Mi - limits: - memory: 50Mi \ No newline at end of file +# limits: +# memory: 50Mi \ No newline at end of file