apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: qbittorrent
  namespace: download
spec:
  interval: 5m
  chart:
    spec:
      chart: app-template
      version: 1.3.x
      sourceRef:
        kind: HelmRepository
        name: bjws-charts
        namespace: flux-system

  values:
    image:
      repository: lscr.io/linuxserver/qbittorrent
      tag: "4.5.4"

    sidecars:
      gluetun:
        image: qmcgaw/gluetun:v3.36
        env:
        - name: FIREWALL_INPUT_PORTS
          value: "8080,17871" # 17871 is the prometheus exporter
        envFrom:
        - secretRef:
            name: qbittorrent-secrets
        securityContext:
          capabilities:
            add:
            - NET_ADMIN
        volumeMounts:
        - name: gluetun-tmp
          mountPath: /tmp/gluetun/

      port-manager:
        image: git.seanomik.net/seanomik/gluetun-qbit-port-updater:v0.1.1
        imagePullPolicy: Always
        env:
          PORT_UPD_QBITTORRENT_HOST: localhost
          PORT_UPD_QBITTORRENT_PORT: "8080"
          # safe to have in plain text since qbittorrent is exposed through authentik.
          PORT_UPD_QBITTORRENT_LOGIN: &qbitLogin admin
          PORT_UPD_QBITTORRENT_PASSWORD: &qbitPass adminadmin
          PORT_UPD_PORT_FILE: /tmp/gluetun/forwarded_port
        volumeMounts:
        - name: gluetun-tmp
          mountPath: /tmp/gluetun/

      metrics:
        image: caseyscarborough/qbittorrent-exporter:v1.3.5
        env:
          QBITTORRENT_BASE_URL: "http://localhost:8080"
          # safe to have in plain text since qbittorrent is exposed through authentik.
          QBITTORRENT_LOGIN: *qbitLogin
          QBITTORRENT_PASSWORD: *qbitPass
        ports:
        - name: metrics
          containerPort: 17871

    env:
      TZ: America/New_York
      PGID: "10000"
      PUID: "10000"
      WEBUI_PORT: "8080"

    service:
      main:
        labels:
          app: qbittorrent-service

        ports:
          http:
            port: 8080

          metrics:
            enabled: true
            port: 17871
            protocol: HTTP

    ingress:
      main:
        enabled: true
        annotations:
          cert-manager.io/cluster-issuer: letsencrypt-production
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
          traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
        hosts:
        - host: &host "qbit.${SECRET_NEW_DOMAIN}"
          paths:
          - path: /
            pathType: Prefix
        tls:
        - hosts:
          - *host
          secretName: wildcard-main-tls

    persistence:
      storage:
        enabled: true
        type: hostPath
        hostPath: /mnt/MainPool/Media/Torrents
        mountPath: /storage/Torrents
      config:
        enabled: true
        type: hostPath
        hostPath: /mnt/MainPool/Kubernetes/qbittorrent
        mountPath: /config
      cookies:
        enabled: true
        type: secret
        name: cookie-secret
        mountPath: /etc/tokens
      gluetun-tmp:
        enabled: true
        type: emptyDir
      
    resources:
      requests:
        cpu: 10m
        memory: 250Mi
      limits:
        memory: 6000Mi