well, lets give this a go

This commit is contained in:
Joseph Hanson 2024-08-23 08:24:50 -05:00
parent ea08873634
commit 9bfbc9ceab
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o

View file

@ -47,8 +47,8 @@ spec:
QBT_Preferences__WebUI__AuthSubnetWhitelist: |-
10.244.0.0/16, 10.1.2.0/24
QBT_Preferences__WebUI__LocalHostAuth: false
QBT_BitTorrent__Session__Interface: wg0
QBT_BitTorrent__Session__InterfaceName: wg0
# QBT_BitTorrent__Session__Interface: wg0
# QBT_BitTorrent__Session__InterfaceName: wg0
resources:
requests:
cpu: 49m
@ -65,52 +65,52 @@ spec:
drop:
- ALL
gluetun:
image:
repository: ghcr.io/qdm12/gluetun
tag: latest@sha256:a7f494ec07321a6fe1bca13d8e2d72ad1011ed5ba98a07de71ff42e52d457fa2
env:
VPN_SERVICE_PROVIDER: custom
VPN_TYPE: wireguard
VPN_INTERFACE: wg0
WIREGUARD_ENDPOINT_PORT: 51820
VPN_PORT_FORWARDING: on
VPN_PORT_FORWARDING_PROVIDER: protonvpn
FIREWALL_INPUT_PORTS: *port
FIREWALL_OUTBOUND_SUBNETS: 10.32.0.0/16 # Allow access to k8s subnets
envFrom:
- secretRef:
name: qbittorrent-secret
securityContext:
# until I can debug the issues on talos 1.8.
privileged: true
capabilities:
add:
- NET_ADMIN
drop:
- ALL
# gluetun:
# image:
# repository: ghcr.io/qdm12/gluetun
# tag: latest@sha256:fb448a2eb8755b68106a386d1e5a78c781bf28a0eea0fb712824cd2dc0ec19a7
# env:
# VPN_SERVICE_PROVIDER: custom
# VPN_TYPE: wireguard
# VPN_INTERFACE: wg0
# WIREGUARD_ENDPOINT_PORT: 51820
# VPN_PORT_FORWARDING: on
# VPN_PORT_FORWARDING_PROVIDER: protonvpn
# FIREWALL_INPUT_PORTS: *port
# FIREWALL_OUTBOUND_SUBNETS: 10.32.0.0/16 # Allow access to k8s subnets
# envFrom:
# - secretRef:
# name: qbittorrent-secret
# securityContext:
# # until I can debug the issues on talos 1.8.
# privileged: true
# capabilities:
# add:
# - NET_ADMIN
# drop:
# - ALL
port-forward:
image:
repository: ghcr.io/bjw-s/gluetun-qb-port-sync
tag: v0.0.2
env:
GLUETUN_CONTROL_SERVER_HOST: localhost
GLUETUN_CONTROL_SERVER_PORT: 8000
QBITTORRENT_HOST: localhost
QBITTORRENT_WEBUI_PORT: *port
CRON_ENABLED: true
CRON_SCHEDULE: "*/5 * * * *"
LOG_TIMESTAMP: false
securityContext:
runAsUser: 568
runAsGroup: 568
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
capabilities:
drop:
- ALL
# port-forward:
# image:
# repository: ghcr.io/bjw-s/gluetun-qb-port-sync
# tag: v0.0.2
# env:
# GLUETUN_CONTROL_SERVER_HOST: localhost
# GLUETUN_CONTROL_SERVER_PORT: 8000
# QBITTORRENT_HOST: localhost
# QBITTORRENT_WEBUI_PORT: *port
# CRON_ENABLED: true
# CRON_SCHEDULE: "*/5 * * * *"
# LOG_TIMESTAMP: false
# securityContext:
# runAsUser: 568
# runAsGroup: 568
# runAsNonRoot: true
# allowPrivilegeEscalation: false
# readOnlyRootFilesystem: false
# capabilities:
# drop:
# - ALL
service:
app: