apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: qbittorrent
  namespace: download
spec:
  interval: 5m
  chart:
    spec:
      chart: app-template
      version: 1.3.x
      sourceRef:
        kind: HelmRepository
        name: bjws-charts
        namespace: flux-system

  values:
    image:
      repository: lscr.io/linuxserver/qbittorrent
      tag: latest

    # Metrics sidecar
    sidecars:
      gluetun:
        image: qmcgaw/gluetun:latest
        env:
          - name: FIREWALL
            value: "off"
          - name: DOT
            value: "off"
        envFrom:
        - secretRef:
            name: qbittorrent-secrets
        securityContext:
          capabilities:
            add:
              - NET_ADMIN

          runAsNonRoot: true
          runAsUser: 10000
          runAsGroup: 10000
          fsGroup: 10000
          fsGroupChangePolicy: OnRootMismatch

      metrics:
        image: caseyscarborough/qbittorrent-exporter:latest
        env:
          - name: QBITTORRENT_BASE_URL
            value: "http://localhost:8080"
        ports:
        - name: metrics
          containerPort: 17871

    env:
      TZ: America/New_York
      PGID: "1000"
      PUID: "1000"
      WEBUI_PORT: "8080"

    service:
      main:
        labels:
          app: qbittorrent-service

        ports:
          http:
            port: 8080

          metrics:
            enabled: true
            port: 17871
            protocol: HTTP

    ingress:
      main:
        enabled: true
        annotations:
          cert-manager.io/cluster-issuer: letsencrypt-production
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
          traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
        hosts:
        - host: &host "qbit.${SECRET_NEW_DOMAIN}"
          paths:
          - path: /
            pathType: Prefix
        tls:
        - hosts:
          - *host
          secretName: wildcard-main-tls

    persistence:
      storage:
        enabled: true
        type: hostPath
        hostPath: /mnt/MainPool/Media/Torrents
        mountPath: /storage/Torrents
      config:
        enabled: true
        type: hostPath
        hostPath: /mnt/MainPool/Kubernetes/qbittorrent
        mountPath: /config

    podSecurityContext:
      runAsNonRoot: true
      runAsUser: 10000
      runAsGroup: 10000
      fsGroup: 10000
      fsGroupChangePolicy: OnRootMismatch

#    resources:
#      requests:
#        cpu: 2m
#        memory: 150Mi
#      limits:
#        memory: 500Mi