diff --git a/kubernetes/apps/qbittorrent/cross-seed/app/externalsecret.yaml b/kubernetes/apps/qbittorrent/cross-seed/app/externalsecret.yaml new file mode 100644 index 0000000..249d7ee --- /dev/null +++ b/kubernetes/apps/qbittorrent/cross-seed/app/externalsecret.yaml @@ -0,0 +1,38 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: cross-seed +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: cross-seed-secret + template: + engineVersion: v2 + data: + config.js: | + module.exports = { + action: "inject", + apiKey: "{{.CROSS_SEED_API_KEY}}", + dataCategory: "cross-seed", + delay: 30, + duplicateCategories: true, + includeEpisodes: true, + includeNonVideos: true, + includeSingleEpisodes: true, + linkDir: "/data/nas-media/qb/downloads/complete/cross-seed", + linkType: "hardlink", + matchMode: "safe", + outputDir: "/config", + port: 80, + qbittorrentUrl: "http://qbittorrent.qbittorrent.svc.cluster.local", + skipRecheck: true, + torrentDir: "/qbittorrent/qBittorrent/BT_backup", + torznab: [] + }; + dataFrom: + - extract: + key: cross-seed diff --git a/kubernetes/apps/qbittorrent/cross-seed/app/helmrelease.yaml b/kubernetes/apps/qbittorrent/cross-seed/app/helmrelease.yaml new file mode 100644 index 0000000..0f36325 --- /dev/null +++ b/kubernetes/apps/qbittorrent/cross-seed/app/helmrelease.yaml @@ -0,0 +1,92 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: cross-seed +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.4.0 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + dependsOn: + - name: qbittorrent + namespace: qbittorrent + values: + controllers: + cross-seed: + nameOverride: cross-seed + annotations: + reloader.stakater.com/auto: "true" + containers: + app: + image: + repository: ghcr.io/cross-seed/cross-seed + tag: 6.0.0-32@sha256:df3e63c3564d3f61a62ca966acc043d438fecbbc80bf8b4de0dec5170bce9cd7 + env: + TZ: America/Chicago + args: ["daemon"] + probes: + liveness: + enabled: true + readiness: + enabled: true + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + resources: + requests: + cpu: 10m + limits: + memory: 512Mi + defaultPodOptions: + securityContext: + runAsNonRoot: true + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 + fsGroupChangePolicy: OnRootMismatch + supplementalGroups: [10000] + seccompProfile: { type: RuntimeDefault } + service: + app: + controller: cross-seed + ports: + http: + port: 80 + persistence: + config: + type: emptyDir + secret-file: + type: secret + name: cross-seed-secret + globalMounts: + - path: /config/config.js + subPath: config.js + readOnly: true + qbittorrent: + existingClaim: qbittorrent + globalMounts: + - path: /qbittorrent/qBittorrent/BT_backup + subPath: qBittorrent/BT_backup + readOnly: true + media: + type: nfs + server: 10.1.1.13 + path: /eru/media + globalMounts: + - path: /data/nas-media diff --git a/kubernetes/apps/qbittorrent/cross-seed/app/kustomization.yaml b/kubernetes/apps/qbittorrent/cross-seed/app/kustomization.yaml new file mode 100644 index 0000000..3351d8d --- /dev/null +++ b/kubernetes/apps/qbittorrent/cross-seed/app/kustomization.yaml @@ -0,0 +1,9 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./externalsecret.yaml + - ./helmrelease.yaml +generatorOptions: + disableNameSuffixHash: true diff --git a/kubernetes/apps/qbittorrent/cross-seed/ks.yaml b/kubernetes/apps/qbittorrent/cross-seed/ks.yaml new file mode 100644 index 0000000..a071e48 --- /dev/null +++ b/kubernetes/apps/qbittorrent/cross-seed/ks.yaml @@ -0,0 +1,26 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app cross-seed + namespace: flux-system +spec: + targetNamespace: qbittorrent + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: external-secrets-stores + path: ./kubernetes/apps/qbittorrent/cross-seed/app + prune: true + sourceRef: + kind: GitRepository + name: theshire + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m + postBuild: + substitute: + APP: *app diff --git a/kubernetes/apps/qbittorrent/flood/app/externalsecret.yaml b/kubernetes/apps/qbittorrent/flood/app/externalsecret.yaml new file mode 100644 index 0000000..4fa2a6c --- /dev/null +++ b/kubernetes/apps/qbittorrent/flood/app/externalsecret.yaml @@ -0,0 +1,22 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: flood + namespace: qbittorrent +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: flood-secret + data: + - secretKey: FLOOD_OPTION_QBUSER + remoteRef: + key: flood + property: username + - secretKey: FLOOD_OPTION_QBPASS + remoteRef: + key: flood + property: password diff --git a/kubernetes/apps/qbittorrent/flood/app/helmrelease.yaml b/kubernetes/apps/qbittorrent/flood/app/helmrelease.yaml new file mode 100644 index 0000000..2ea4e27 --- /dev/null +++ b/kubernetes/apps/qbittorrent/flood/app/helmrelease.yaml @@ -0,0 +1,98 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app flood + namespace: default +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.4.0 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + dependsOn: + - name: qbittorrent + namespace: qbittorrent + values: + defaultPodOptions: + securityContext: + fsGroup: 568 + runAsGroup: 568 + runAsNonRoot: true + runAsUser: 568 + seccompProfile: + type: RuntimeDefault + controllers: + flood: + annotations: + reloader.stakater.com/auto: "true" + containers: + app: + image: + repository: jesec/flood + tag: master@sha256:3d20df051209bff2905dec4e8328c1c464d5375e730ef7d81ca21422e2ccf06a + envFrom: + - secretRef: + name: flood-secret + env: + FLOOD_OPTION_RUNDIR: /data + FLOOD_OPTION_AUTH: none + FLOOD_OPTION_QBURL: http://qbittorrent.qbittorrent.svc.cluster.local + # FLOOD_OPTION_QBUSER is required but not used. + # FLOOD_OPTION_QBPASS is required but not used. + resources: + requests: + memory: 250Mi + cpu: 15m + limits: + memory: 512Mi + probes: + liveness: + enabled: true + readiness: + enabled: true + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + service: + app: + controller: *app + ports: + http: + port: 3000 + ingress: + app: + enabled: true + className: "internal-nginx" + hosts: + - host: &host "flood.jahanson.tech" + paths: + - path: / + service: + identifier: app + port: http + tls: + - hosts: + - *host + persistence: + config: + enabled: true + existingClaim: *app + globalMounts: + - path: /data diff --git a/kubernetes/apps/qbittorrent/flood/app/kustomization.yaml b/kubernetes/apps/qbittorrent/flood/app/kustomization.yaml new file mode 100644 index 0000000..47667ae --- /dev/null +++ b/kubernetes/apps/qbittorrent/flood/app/kustomization.yaml @@ -0,0 +1,10 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - ./helmrelease.yaml + - ./externalsecret.yaml + - ../../../../templates/gatus/internal + - ../../../../templates/volsync diff --git a/kubernetes/apps/qbittorrent/flood/ks.yaml b/kubernetes/apps/qbittorrent/flood/ks.yaml new file mode 100644 index 0000000..4d80a30 --- /dev/null +++ b/kubernetes/apps/qbittorrent/flood/ks.yaml @@ -0,0 +1,29 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app flood + namespace: flux-system +spec: + targetNamespace: qbittorrent + commonMetadata: + labels: + app.kubernetes.io/name: *app + dependsOn: + - name: external-secrets-stores + - name: qbittorrent + - name: volsync + path: ./kubernetes/apps/qbittorrent/flood/app + prune: true + sourceRef: + kind: GitRepository + name: homelab + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m + postBuild: + substitute: + APP: *app + VOLSYNC_CAPACITY: 2Gi diff --git a/kubernetes/apps/qbittorrent/kustomization.yaml b/kubernetes/apps/qbittorrent/kustomization.yaml new file mode 100644 index 0000000..5106afe --- /dev/null +++ b/kubernetes/apps/qbittorrent/kustomization.yaml @@ -0,0 +1,11 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + # Pre Flux-Kustomizations + - ./namespace.yaml + # Flux-Kustomizations + - ./cross-seed/ks.yaml + - ./flood/ks.yaml + - ./qbittorrent/ks.yaml diff --git a/kubernetes/apps/qbittorrent/namespace.yaml b/kubernetes/apps/qbittorrent/namespace.yaml new file mode 100644 index 0000000..f771b45 --- /dev/null +++ b/kubernetes/apps/qbittorrent/namespace.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: qbittorrent + labels: + kustomize.toolkit.fluxcd.io/prune: disabled + volsync.backube/privileged-movers: "true" diff --git a/kubernetes/apps/qbittorrent/qbittorrent/app/externalsecret.yaml b/kubernetes/apps/qbittorrent/qbittorrent/app/externalsecret.yaml new file mode 100644 index 0000000..288892c --- /dev/null +++ b/kubernetes/apps/qbittorrent/qbittorrent/app/externalsecret.yaml @@ -0,0 +1,20 @@ +--- +# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: qbittorrent + namespace: qbittorrent +spec: + secretStoreRef: + kind: ClusterSecretStore + name: onepassword-connect + target: + name: qbittorrent-secret + template: + engineVersion: v2 + data: + CROSS_SEED_API_KEY: "{{ .CROSS_SEED_API_KEY }}" + dataFrom: + - extract: + key: cross-seed diff --git a/kubernetes/apps/qbittorrent/qbittorrent/app/helmrelease.yaml b/kubernetes/apps/qbittorrent/qbittorrent/app/helmrelease.yaml new file mode 100644 index 0000000..056ec6f --- /dev/null +++ b/kubernetes/apps/qbittorrent/qbittorrent/app/helmrelease.yaml @@ -0,0 +1,127 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: &app qbittorrent +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.4.0 + interval: 30m + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + strategy: rollback + values: + controllers: + qbittorrent: + annotations: + configmap.reloader.stakater.com/reload: qbittorrent-scripts + secret.reloader.stakater.com/reload: qbittorrent-secret + pod: + securityContext: + fsGroup: 568 + fsGroupChangePolicy: "OnRootMismatch" + containers: + app: + nameOverride: qbittorrent + image: + repository: ghcr.io/onedr0p/qbittorrent + tag: 4.6.6@sha256:2fd0eba46205055c3f758411a79d5fa175df324f707dab9ad9a3a5be2ab92071 + env: + UMASK: "022" + QBITTORRENT__PORT: &port 80 + QBITTORRENT__BT_PORT: &bittorrentPort 50413 + QBT_Preferences__WebUI__AlternativeUIEnabled: false + QBT_Preferences__WebUI__AuthSubnetWhitelistEnabled: true + QBT_Preferences__WebUI__AuthSubnetWhitelist: |- + 10.244.0.0/16, 10.1.2.0/24 + QBT_Preferences__WebUI__LocalHostAuth: false + CROSS_SEED_HOST: cross-seed.qbittorrent.svc.cluster.local + CROSS_SEED_PORT: 80 + CROSS_SEED_SLEEP_INTERVAL: 0 + envFrom: + - secretRef: + name: qbittorrent-secret + resources: + requests: + cpu: 49m + memory: 1024Mi + limits: + memory: 24Gi + securityContext: + runAsUser: 568 + runAsGroup: 568 + runAsNonRoot: true + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + + service: + app: + controller: *app + type: LoadBalancer + annotations: + io.cilium/lb-ipam-ips: 10.1.1.34 + nameOverride: *app + ports: + http: + port: *port + bittorrent: + enabled: true + port: *bittorrentPort + protocol: TCP + + ingress: + app: + className: "internal-nginx" + hosts: + - host: "qb.jahanson.tech" + paths: + - path: / + service: + identifier: app + port: http + tls: + - hosts: + - "qb.jahanson.tech" + + persistence: + config: + existingClaim: qbittorrent + scripts: + type: configMap + name: qbittorrent-scripts + defaultMode: 0775 + globalMounts: + - path: /scripts/cross-seed.sh + subPath: cross-seed.sh + readOnly: true + media: + type: nfs + server: 10.1.1.13 + path: /eru/media + advancedMounts: + qbittorrent: + app: + - path: /data/nas-media + qbtun: + type: hostPath + hostPath: /dev/net + advancedMounts: + qbittorrent: + gluetun: + - path: /dev/net diff --git a/kubernetes/apps/qbittorrent/qbittorrent/app/kustomization.yaml b/kubernetes/apps/qbittorrent/qbittorrent/app/kustomization.yaml new file mode 100644 index 0000000..0f2d15c --- /dev/null +++ b/kubernetes/apps/qbittorrent/qbittorrent/app/kustomization.yaml @@ -0,0 +1,16 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./externalsecret.yaml + - ./helmrelease.yaml + - ../../../../templates/volsync +configMapGenerator: + - name: qbittorrent-scripts + files: + - cross-seed.sh=./resources/cross-seed.sh +generatorOptions: + disableNameSuffixHash: true + annotations: + kustomize.toolkit.fluxcd.io/substitute: disabled diff --git a/kubernetes/apps/qbittorrent/qbittorrent/app/resources/cross-seed.sh b/kubernetes/apps/qbittorrent/qbittorrent/app/resources/cross-seed.sh new file mode 100644 index 0000000..34fc5bb --- /dev/null +++ b/kubernetes/apps/qbittorrent/qbittorrent/app/resources/cross-seed.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env bash + +export CROSS_SEED_HOST=${CROSS_SEED_HOST:-cross-seed.default.svc.cluster.local} +export CROSS_SEED_PORT=${CROSS_SEED_PORT:-80} +export CROSS_SEED_API_KEY=${CROSS_SEED_API_KEY:-unset} +export CROSS_SEED_SLEEP_INTERVAL=${CROSS_SEED_SLEEP_INTERVAL:-30} + +SEARCH_PATH=$1 + +# Update permissions on the search path +chmod -R 750 "${SEARCH_PATH}" + +# Search for cross-seed +response=$( + curl \ + --silent \ + --output /dev/null \ + --write-out "%{http_code}" \ + --request POST \ + --data-urlencode "path=${SEARCH_PATH}" \ + --header "X-Api-Key: ${CROSS_SEED_API_KEY}" \ + "http://${CROSS_SEED_HOST}:${CROSS_SEED_PORT}/api/webhook" +) + +if [[ "${response}" != "204" ]]; then + printf "Failed to search cross-seed for '%s'\n" "${SEARCH_PATH}" + exit 1 +fi + +printf "Successfully searched cross-seed for '%s'\n" "${SEARCH_PATH}" + +sleep "${CROSS_SEED_SLEEP_INTERVAL}" diff --git a/kubernetes/apps/qbittorrent/qbittorrent/ks.yaml b/kubernetes/apps/qbittorrent/qbittorrent/ks.yaml new file mode 100644 index 0000000..9e109e4 --- /dev/null +++ b/kubernetes/apps/qbittorrent/qbittorrent/ks.yaml @@ -0,0 +1,48 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app qbittorrent + namespace: flux-system +spec: + targetNamespace: qbittorrent + commonMetadata: + labels: + app.kubernetes.io/name: *app + interval: 10m + path: "./kubernetes/apps/qbittorrent/qbittorrent/app" + prune: true + sourceRef: + kind: GitRepository + name: theshire + wait: true + dependsOn: + - name: openebs + - name: volsync + - name: external-secrets-stores + postBuild: + substitute: + APP: *app + VOLSYNC_CAPACITY: 2Gi +--- +# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app qbittorrent-tools + namespace: flux-system +spec: + targetNamespace: qbittorrent + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/apps/qbittorrent/qbittorrent/tools + prune: true + sourceRef: + kind: GitRepository + name: theshire + wait: false + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/apps/qbittorrent/qbittorrent/tools/helmrelease.yaml b/kubernetes/apps/qbittorrent/qbittorrent/tools/helmrelease.yaml new file mode 100644 index 0000000..23694f0 --- /dev/null +++ b/kubernetes/apps/qbittorrent/qbittorrent/tools/helmrelease.yaml @@ -0,0 +1,146 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: qbtools +spec: + interval: 30m + chart: + spec: + chart: app-template + version: 3.4.0 + sourceRef: + kind: HelmRepository + name: bjw-s + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + strategy: rollback + retries: 3 + dependsOn: + - name: qbittorrent + namespace: qbittorrent + values: + controllers: + tagging: + type: cronjob + cronjob: &cronJobSpec + schedule: "@hourly" + timeZone: &timeZone America/Chicago + concurrencyPolicy: Forbid + successfulJobsHistory: 1 + failedJobsHistory: 1 + initContainers: + tagging: &container + image: + repository: ghcr.io/buroa/qbtools + tag: v0.16.10@sha256:fec06dd13ec90694110ca912eb9003d3a46d29be83944538599b35fc78dcbf18 + env: + TZ: *timeZone + POD_NAMESPACE: + valueFrom: + fieldRef: + fieldPath: metadata.namespace + args: [ + "tagging", + "--added-on", + "--expired", + "--last-activity", + "--sites", + "--unregistered", + "--server", "qbittorrent.$(POD_NAMESPACE).svc.cluster.local", + "--port", "80", + "--config", "/config/config.yaml" + ] + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: { drop: ["ALL"] } + resources: + requests: + cpu: 25m + limits: + memory: 256M + containers: + unregistered: + <<: *container + args: [ + "prune", + "--exclude-category", "manual", + "--exclude-category", "music", + "--exclude-tag", "added:24h", + "--include-tag", "unregistered", + "--dry-run", + "--server", "qbittorrent.$(POD_NAMESPACE).svc.cluster.local", + "--port", "80" + ] + expired: + <<: *container + args: [ + "prune", + "--exclude-category", "manual", + "--exclude-category", "music", + "--include-tag", "expired", # defined in config.yaml + "--include-tag", "added:7d", + "--dry-run", + "--server", "qbittorrent.$(POD_NAMESPACE).svc.cluster.local", + "--port", "80" + ] + pod: + restartPolicy: OnFailure + orphaned: + type: cronjob + cronjob: + <<: *cronJobSpec + schedule: "@daily" + containers: + app: + <<: *container + args: [ + "orphaned", + "--exclude-pattern", "*_unpackerred*", + "--exclude-pattern", "*/manual/*", + # "--dry-run", + "--server", "qbittorrent.$(POD_NAMESPACE).svc.cluster.local", + "--port", "80" + ] + pod: + restartPolicy: OnFailure + reannounce: + containers: + app: + <<: *container + args: [ + "reannounce", + "--process-seeding", + "--server", "qbittorrent.$(POD_NAMESPACE).svc.cluster.local", + "--port", "80" + ] + defaultPodOptions: + securityContext: + runAsNonRoot: true + runAsUser: 568 + runAsGroup: 568 + seccompProfile: { type: RuntimeDefault } + persistence: + secret-file: + type: secret + name: qbtools-secret + globalMounts: + - path: /config/config.yaml + subPath: config.yaml + readOnly: true + media: + type: nfs + server: 10.1.1.13 + path: /eru/media + advancedMounts: + orphaned: + app: + - path: /data/nas-media + subPath: qb/downloads diff --git a/kubernetes/apps/qbittorrent/qbittorrent/tools/kustomization.yaml b/kubernetes/apps/qbittorrent/qbittorrent/tools/kustomization.yaml new file mode 100644 index 0000000..6b4d0b3 --- /dev/null +++ b/kubernetes/apps/qbittorrent/qbittorrent/tools/kustomization.yaml @@ -0,0 +1,7 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./qbtools.secret.sops.yaml + - ./helmrelease.yaml diff --git a/kubernetes/apps/qbittorrent/qbittorrent/tools/qbtools.secret.sops.yaml b/kubernetes/apps/qbittorrent/qbittorrent/tools/qbtools.secret.sops.yaml new file mode 100644 index 0000000..ea848a7 --- /dev/null +++ b/kubernetes/apps/qbittorrent/qbittorrent/tools/qbtools.secret.sops.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Secret +metadata: + name: qbtools-secret +stringData: + config.yaml: ENC[AES256_GCM,data:NZq8GKG05lEp6lLvE/IMOkt6FrzJ8Hoj3KJ57y5rumsTxqydyxzmrt9IVf34nQ1SgSGKMdI8KgEIVnHBj/4jfYgJZ5+1AfKiTe0DW3NZSK3LkDJcs6Mcwu6f5lbil1vfaS3YgJ2K1pv5ys7GCmE/zMqiNsTpmc1niY/JMOs/0eJaUYNACHl0I1w3fLJVPjnhdK99IhFYo42XywODyVSRdMeFTP6Q7Y4NRNJKA3u9W0ix12yaTdfBk5ia1sIRb9H3Gvl5z/XTvr0X6IzIpfoP46wf/EXLU7Y7Rt5fvnymQgzQr7JtUL90NBkKvqOko4NSl36uEol5jsu9gj9o+FZbA2CnDbZ6mp6BqJIB9HuaWCrgb6ideNTUYL/ASU6Wp17A1CzPDjlm+b6kGZpJKQYFEZ/VO8BEoeW3Yx9D0dG1ep9xFTu6xDKo7JxF4pbMWgWU5I+mE6xiCK7XGrab1latVhcPHBAVoxBrdHvAgwgvs1WmAe0ofP0vPpq6ZHd+kgQg2qHPbkj4viXl1Hf9M9Q7HJm+hlgfCmjaT9m5/1ipzbj9xlu0vG5GFTbf6hcPJXlthaEubHggKD1Idx1k7NUvJzQi/Y6KpUCM4BUOGOgYpGWic7kTSUoqdqKQNAJr77EKOIRGkI+LCPSOWx4atUS8jgS8/tbeXYAb9eBhovGWXZsGyPQt1bpfXmfiBRTqyRC66qPw5+AcruVaJY3C7Aj0f6BhqkDWScBiF3H3ZJj0Wp6wWKh/KCxSqO+AqcB36nVa62zLy6sIZHclwQwgxLzXFiaHxblRWxNuyAASNnrbAutLTsQ4HXCQPaiJ/9LxK+QAow7hryQsikq4XhCRV0TdEYzBpB3eatpB5G02kApvbMRW5kYvR8GHJzF8eqWgcRit4g0Q+kJn5p+UAi1rOP2bh/9lwPadn7TuuW3J9SzUOOmP2eajsicUkqnxsrxQFJbxkztLkPpLGHpd4zI8Y3riHtv2di57/ktUP9acc4kIk2LyYiN6jwKEOc2HTmSE3l2qdBXoy6Rcl/V/Uz1hOE3vOFUNJQL2sRyBf/0R7IKzXRieghR9h17pKYAsvbN9vO02dLevSYsqktowjwA1QXxxR2Vzp15tMV45T/nP5XLe3+f4zfJjRSuNM13ddowXp6smUOZ0Myw=,iv:FszW51oSi/iKN1cquyhF+HwStHgpgmioyopdJriuiOw=,tag:GYaRuyCgXuGVWyxShyH39Q==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eqlaq205y5jre9hu5hvulywa7w3d4qyxwmafneamxcn7nejesedsf4q9g6 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5UzFWbHB0bVlGQXV4dEVt + ZUxrcnZ1MlFOY2o2eTl0cDV3T3BKdmNMUXg0CmcyejMzV1loSUNIMEw0K09yc3Ax + NGZOTE1tamV2a05kZm9lNkpoeG9OWm8KLS0tIEVVM01nSjhQYzBOZ0MrY2JpODRz + MGNWSGJmaXdkbUJDOHpCRk9YWUZVSm8KGGHivrtQfHayo6BGbH+Tch3fzVlFNU3s + lLec6VZauGjIXifXBLC5e65SrSO/nZS4xsurrZovOLn3DpeDQu/4+Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-08-15T17:21:52Z" + mac: ENC[AES256_GCM,data:V+K/2CEFommRZ7kkJlUSjOIMQL8c3OtnJnPT7heHpkGUm/XJ8JFAhqHc5G6D6bjN6vsXcr7X7b9Tm6OBNPHBCJIekBahySUThHc6IxhQrNVTMu2lNOS9B7+VwZN2oezmEwbpY+5dT+3angWiBy2k5XW/7hmVlz1mQX8tJBTUHOM=,iv:LorlvJFs067H6FI/UPvIgRi9xTReOTfv13IdInFhcAU=,tag:72TTcNC6Fh3SiWlJa2xgzg==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.8.1