adding qb
This commit is contained in:
parent
02a039b199
commit
db03b996a9
18 changed files with 765 additions and 0 deletions
|
@ -0,0 +1,38 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: cross-seed
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: onepassword-connect
|
||||
target:
|
||||
name: cross-seed-secret
|
||||
template:
|
||||
engineVersion: v2
|
||||
data:
|
||||
config.js: |
|
||||
module.exports = {
|
||||
action: "inject",
|
||||
apiKey: "{{.CROSS_SEED_API_KEY}}",
|
||||
dataCategory: "cross-seed",
|
||||
delay: 30,
|
||||
duplicateCategories: true,
|
||||
includeEpisodes: true,
|
||||
includeNonVideos: true,
|
||||
includeSingleEpisodes: true,
|
||||
linkDir: "/data/nas-media/qb/downloads/complete/cross-seed",
|
||||
linkType: "hardlink",
|
||||
matchMode: "safe",
|
||||
outputDir: "/config",
|
||||
port: 80,
|
||||
qbittorrentUrl: "http://qbittorrent.qbittorrent.svc.cluster.local",
|
||||
skipRecheck: true,
|
||||
torrentDir: "/qbittorrent/qBittorrent/BT_backup",
|
||||
torznab: []
|
||||
};
|
||||
dataFrom:
|
||||
- extract:
|
||||
key: cross-seed
|
92
kubernetes/apps/qbittorrent/cross-seed/app/helmrelease.yaml
Normal file
92
kubernetes/apps/qbittorrent/cross-seed/app/helmrelease.yaml
Normal file
|
@ -0,0 +1,92 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: cross-seed
|
||||
spec:
|
||||
interval: 30m
|
||||
chart:
|
||||
spec:
|
||||
chart: app-template
|
||||
version: 3.4.0
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: bjw-s
|
||||
namespace: flux-system
|
||||
install:
|
||||
remediation:
|
||||
retries: 3
|
||||
upgrade:
|
||||
cleanupOnFail: true
|
||||
remediation:
|
||||
strategy: rollback
|
||||
retries: 3
|
||||
dependsOn:
|
||||
- name: qbittorrent
|
||||
namespace: qbittorrent
|
||||
values:
|
||||
controllers:
|
||||
cross-seed:
|
||||
nameOverride: cross-seed
|
||||
annotations:
|
||||
reloader.stakater.com/auto: "true"
|
||||
containers:
|
||||
app:
|
||||
image:
|
||||
repository: ghcr.io/cross-seed/cross-seed
|
||||
tag: 6.0.0-32@sha256:df3e63c3564d3f61a62ca966acc043d438fecbbc80bf8b4de0dec5170bce9cd7
|
||||
env:
|
||||
TZ: America/Chicago
|
||||
args: ["daemon"]
|
||||
probes:
|
||||
liveness:
|
||||
enabled: true
|
||||
readiness:
|
||||
enabled: true
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
capabilities: { drop: ["ALL"] }
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
limits:
|
||||
memory: 512Mi
|
||||
defaultPodOptions:
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 568
|
||||
runAsGroup: 568
|
||||
fsGroup: 568
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
supplementalGroups: [10000]
|
||||
seccompProfile: { type: RuntimeDefault }
|
||||
service:
|
||||
app:
|
||||
controller: cross-seed
|
||||
ports:
|
||||
http:
|
||||
port: 80
|
||||
persistence:
|
||||
config:
|
||||
type: emptyDir
|
||||
secret-file:
|
||||
type: secret
|
||||
name: cross-seed-secret
|
||||
globalMounts:
|
||||
- path: /config/config.js
|
||||
subPath: config.js
|
||||
readOnly: true
|
||||
qbittorrent:
|
||||
existingClaim: qbittorrent
|
||||
globalMounts:
|
||||
- path: /qbittorrent/qBittorrent/BT_backup
|
||||
subPath: qBittorrent/BT_backup
|
||||
readOnly: true
|
||||
media:
|
||||
type: nfs
|
||||
server: 10.1.1.13
|
||||
path: /eru/media
|
||||
globalMounts:
|
||||
- path: /data/nas-media
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ./externalsecret.yaml
|
||||
- ./helmrelease.yaml
|
||||
generatorOptions:
|
||||
disableNameSuffixHash: true
|
26
kubernetes/apps/qbittorrent/cross-seed/ks.yaml
Normal file
26
kubernetes/apps/qbittorrent/cross-seed/ks.yaml
Normal file
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: &app cross-seed
|
||||
namespace: flux-system
|
||||
spec:
|
||||
targetNamespace: qbittorrent
|
||||
commonMetadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: *app
|
||||
dependsOn:
|
||||
- name: external-secrets-stores
|
||||
path: ./kubernetes/apps/qbittorrent/cross-seed/app
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: theshire
|
||||
wait: false
|
||||
interval: 30m
|
||||
retryInterval: 1m
|
||||
timeout: 5m
|
||||
postBuild:
|
||||
substitute:
|
||||
APP: *app
|
22
kubernetes/apps/qbittorrent/flood/app/externalsecret.yaml
Normal file
22
kubernetes/apps/qbittorrent/flood/app/externalsecret.yaml
Normal file
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: flood
|
||||
namespace: qbittorrent
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: onepassword-connect
|
||||
target:
|
||||
name: flood-secret
|
||||
data:
|
||||
- secretKey: FLOOD_OPTION_QBUSER
|
||||
remoteRef:
|
||||
key: flood
|
||||
property: username
|
||||
- secretKey: FLOOD_OPTION_QBPASS
|
||||
remoteRef:
|
||||
key: flood
|
||||
property: password
|
98
kubernetes/apps/qbittorrent/flood/app/helmrelease.yaml
Normal file
98
kubernetes/apps/qbittorrent/flood/app/helmrelease.yaml
Normal file
|
@ -0,0 +1,98 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: &app flood
|
||||
namespace: default
|
||||
spec:
|
||||
interval: 30m
|
||||
chart:
|
||||
spec:
|
||||
chart: app-template
|
||||
version: 3.4.0
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: bjw-s
|
||||
namespace: flux-system
|
||||
install:
|
||||
remediation:
|
||||
retries: 3
|
||||
upgrade:
|
||||
cleanupOnFail: true
|
||||
remediation:
|
||||
strategy: rollback
|
||||
retries: 3
|
||||
dependsOn:
|
||||
- name: qbittorrent
|
||||
namespace: qbittorrent
|
||||
values:
|
||||
defaultPodOptions:
|
||||
securityContext:
|
||||
fsGroup: 568
|
||||
runAsGroup: 568
|
||||
runAsNonRoot: true
|
||||
runAsUser: 568
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
controllers:
|
||||
flood:
|
||||
annotations:
|
||||
reloader.stakater.com/auto: "true"
|
||||
containers:
|
||||
app:
|
||||
image:
|
||||
repository: jesec/flood
|
||||
tag: master@sha256:3d20df051209bff2905dec4e8328c1c464d5375e730ef7d81ca21422e2ccf06a
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: flood-secret
|
||||
env:
|
||||
FLOOD_OPTION_RUNDIR: /data
|
||||
FLOOD_OPTION_AUTH: none
|
||||
FLOOD_OPTION_QBURL: http://qbittorrent.qbittorrent.svc.cluster.local
|
||||
# FLOOD_OPTION_QBUSER is required but not used.
|
||||
# FLOOD_OPTION_QBPASS is required but not used.
|
||||
resources:
|
||||
requests:
|
||||
memory: 250Mi
|
||||
cpu: 15m
|
||||
limits:
|
||||
memory: 512Mi
|
||||
probes:
|
||||
liveness:
|
||||
enabled: true
|
||||
readiness:
|
||||
enabled: true
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
readOnlyRootFilesystem: true
|
||||
service:
|
||||
app:
|
||||
controller: *app
|
||||
ports:
|
||||
http:
|
||||
port: 3000
|
||||
ingress:
|
||||
app:
|
||||
enabled: true
|
||||
className: "internal-nginx"
|
||||
hosts:
|
||||
- host: &host "flood.jahanson.tech"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
identifier: app
|
||||
port: http
|
||||
tls:
|
||||
- hosts:
|
||||
- *host
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
existingClaim: *app
|
||||
globalMounts:
|
||||
- path: /data
|
10
kubernetes/apps/qbittorrent/flood/app/kustomization.yaml
Normal file
10
kubernetes/apps/qbittorrent/flood/app/kustomization.yaml
Normal file
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
namespace: default
|
||||
resources:
|
||||
- ./helmrelease.yaml
|
||||
- ./externalsecret.yaml
|
||||
- ../../../../templates/gatus/internal
|
||||
- ../../../../templates/volsync
|
29
kubernetes/apps/qbittorrent/flood/ks.yaml
Normal file
29
kubernetes/apps/qbittorrent/flood/ks.yaml
Normal file
|
@ -0,0 +1,29 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: &app flood
|
||||
namespace: flux-system
|
||||
spec:
|
||||
targetNamespace: qbittorrent
|
||||
commonMetadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: *app
|
||||
dependsOn:
|
||||
- name: external-secrets-stores
|
||||
- name: qbittorrent
|
||||
- name: volsync
|
||||
path: ./kubernetes/apps/qbittorrent/flood/app
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: homelab
|
||||
wait: false
|
||||
interval: 30m
|
||||
retryInterval: 1m
|
||||
timeout: 5m
|
||||
postBuild:
|
||||
substitute:
|
||||
APP: *app
|
||||
VOLSYNC_CAPACITY: 2Gi
|
11
kubernetes/apps/qbittorrent/kustomization.yaml
Normal file
11
kubernetes/apps/qbittorrent/kustomization.yaml
Normal file
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
# Pre Flux-Kustomizations
|
||||
- ./namespace.yaml
|
||||
# Flux-Kustomizations
|
||||
- ./cross-seed/ks.yaml
|
||||
- ./flood/ks.yaml
|
||||
- ./qbittorrent/ks.yaml
|
8
kubernetes/apps/qbittorrent/namespace.yaml
Normal file
8
kubernetes/apps/qbittorrent/namespace.yaml
Normal file
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: qbittorrent
|
||||
labels:
|
||||
kustomize.toolkit.fluxcd.io/prune: disabled
|
||||
volsync.backube/privileged-movers: "true"
|
|
@ -0,0 +1,20 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/externalsecret_v1beta1.json
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: qbittorrent
|
||||
namespace: qbittorrent
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: onepassword-connect
|
||||
target:
|
||||
name: qbittorrent-secret
|
||||
template:
|
||||
engineVersion: v2
|
||||
data:
|
||||
CROSS_SEED_API_KEY: "{{ .CROSS_SEED_API_KEY }}"
|
||||
dataFrom:
|
||||
- extract:
|
||||
key: cross-seed
|
127
kubernetes/apps/qbittorrent/qbittorrent/app/helmrelease.yaml
Normal file
127
kubernetes/apps/qbittorrent/qbittorrent/app/helmrelease.yaml
Normal file
|
@ -0,0 +1,127 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: &app qbittorrent
|
||||
spec:
|
||||
interval: 30m
|
||||
chart:
|
||||
spec:
|
||||
chart: app-template
|
||||
version: 3.4.0
|
||||
interval: 30m
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: bjw-s
|
||||
namespace: flux-system
|
||||
install:
|
||||
remediation:
|
||||
retries: 3
|
||||
upgrade:
|
||||
cleanupOnFail: true
|
||||
remediation:
|
||||
retries: 3
|
||||
strategy: rollback
|
||||
values:
|
||||
controllers:
|
||||
qbittorrent:
|
||||
annotations:
|
||||
configmap.reloader.stakater.com/reload: qbittorrent-scripts
|
||||
secret.reloader.stakater.com/reload: qbittorrent-secret
|
||||
pod:
|
||||
securityContext:
|
||||
fsGroup: 568
|
||||
fsGroupChangePolicy: "OnRootMismatch"
|
||||
containers:
|
||||
app:
|
||||
nameOverride: qbittorrent
|
||||
image:
|
||||
repository: ghcr.io/onedr0p/qbittorrent
|
||||
tag: 4.6.6@sha256:2fd0eba46205055c3f758411a79d5fa175df324f707dab9ad9a3a5be2ab92071
|
||||
env:
|
||||
UMASK: "022"
|
||||
QBITTORRENT__PORT: &port 80
|
||||
QBITTORRENT__BT_PORT: &bittorrentPort 50413
|
||||
QBT_Preferences__WebUI__AlternativeUIEnabled: false
|
||||
QBT_Preferences__WebUI__AuthSubnetWhitelistEnabled: true
|
||||
QBT_Preferences__WebUI__AuthSubnetWhitelist: |-
|
||||
10.244.0.0/16, 10.1.2.0/24
|
||||
QBT_Preferences__WebUI__LocalHostAuth: false
|
||||
CROSS_SEED_HOST: cross-seed.qbittorrent.svc.cluster.local
|
||||
CROSS_SEED_PORT: 80
|
||||
CROSS_SEED_SLEEP_INTERVAL: 0
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: qbittorrent-secret
|
||||
resources:
|
||||
requests:
|
||||
cpu: 49m
|
||||
memory: 1024Mi
|
||||
limits:
|
||||
memory: 24Gi
|
||||
securityContext:
|
||||
runAsUser: 568
|
||||
runAsGroup: 568
|
||||
runAsNonRoot: true
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
|
||||
service:
|
||||
app:
|
||||
controller: *app
|
||||
type: LoadBalancer
|
||||
annotations:
|
||||
io.cilium/lb-ipam-ips: 10.1.1.34
|
||||
nameOverride: *app
|
||||
ports:
|
||||
http:
|
||||
port: *port
|
||||
bittorrent:
|
||||
enabled: true
|
||||
port: *bittorrentPort
|
||||
protocol: TCP
|
||||
|
||||
ingress:
|
||||
app:
|
||||
className: "internal-nginx"
|
||||
hosts:
|
||||
- host: "qb.jahanson.tech"
|
||||
paths:
|
||||
- path: /
|
||||
service:
|
||||
identifier: app
|
||||
port: http
|
||||
tls:
|
||||
- hosts:
|
||||
- "qb.jahanson.tech"
|
||||
|
||||
persistence:
|
||||
config:
|
||||
existingClaim: qbittorrent
|
||||
scripts:
|
||||
type: configMap
|
||||
name: qbittorrent-scripts
|
||||
defaultMode: 0775
|
||||
globalMounts:
|
||||
- path: /scripts/cross-seed.sh
|
||||
subPath: cross-seed.sh
|
||||
readOnly: true
|
||||
media:
|
||||
type: nfs
|
||||
server: 10.1.1.13
|
||||
path: /eru/media
|
||||
advancedMounts:
|
||||
qbittorrent:
|
||||
app:
|
||||
- path: /data/nas-media
|
||||
qbtun:
|
||||
type: hostPath
|
||||
hostPath: /dev/net
|
||||
advancedMounts:
|
||||
qbittorrent:
|
||||
gluetun:
|
||||
- path: /dev/net
|
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ./externalsecret.yaml
|
||||
- ./helmrelease.yaml
|
||||
- ../../../../templates/volsync
|
||||
configMapGenerator:
|
||||
- name: qbittorrent-scripts
|
||||
files:
|
||||
- cross-seed.sh=./resources/cross-seed.sh
|
||||
generatorOptions:
|
||||
disableNameSuffixHash: true
|
||||
annotations:
|
||||
kustomize.toolkit.fluxcd.io/substitute: disabled
|
|
@ -0,0 +1,32 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
export CROSS_SEED_HOST=${CROSS_SEED_HOST:-cross-seed.default.svc.cluster.local}
|
||||
export CROSS_SEED_PORT=${CROSS_SEED_PORT:-80}
|
||||
export CROSS_SEED_API_KEY=${CROSS_SEED_API_KEY:-unset}
|
||||
export CROSS_SEED_SLEEP_INTERVAL=${CROSS_SEED_SLEEP_INTERVAL:-30}
|
||||
|
||||
SEARCH_PATH=$1
|
||||
|
||||
# Update permissions on the search path
|
||||
chmod -R 750 "${SEARCH_PATH}"
|
||||
|
||||
# Search for cross-seed
|
||||
response=$(
|
||||
curl \
|
||||
--silent \
|
||||
--output /dev/null \
|
||||
--write-out "%{http_code}" \
|
||||
--request POST \
|
||||
--data-urlencode "path=${SEARCH_PATH}" \
|
||||
--header "X-Api-Key: ${CROSS_SEED_API_KEY}" \
|
||||
"http://${CROSS_SEED_HOST}:${CROSS_SEED_PORT}/api/webhook"
|
||||
)
|
||||
|
||||
if [[ "${response}" != "204" ]]; then
|
||||
printf "Failed to search cross-seed for '%s'\n" "${SEARCH_PATH}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
printf "Successfully searched cross-seed for '%s'\n" "${SEARCH_PATH}"
|
||||
|
||||
sleep "${CROSS_SEED_SLEEP_INTERVAL}"
|
48
kubernetes/apps/qbittorrent/qbittorrent/ks.yaml
Normal file
48
kubernetes/apps/qbittorrent/qbittorrent/ks.yaml
Normal file
|
@ -0,0 +1,48 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: &app qbittorrent
|
||||
namespace: flux-system
|
||||
spec:
|
||||
targetNamespace: qbittorrent
|
||||
commonMetadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: *app
|
||||
interval: 10m
|
||||
path: "./kubernetes/apps/qbittorrent/qbittorrent/app"
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: theshire
|
||||
wait: true
|
||||
dependsOn:
|
||||
- name: openebs
|
||||
- name: volsync
|
||||
- name: external-secrets-stores
|
||||
postBuild:
|
||||
substitute:
|
||||
APP: *app
|
||||
VOLSYNC_CAPACITY: 2Gi
|
||||
---
|
||||
# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: &app qbittorrent-tools
|
||||
namespace: flux-system
|
||||
spec:
|
||||
targetNamespace: qbittorrent
|
||||
commonMetadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: *app
|
||||
path: ./kubernetes/apps/qbittorrent/qbittorrent/tools
|
||||
prune: true
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: theshire
|
||||
wait: false
|
||||
interval: 30m
|
||||
retryInterval: 1m
|
||||
timeout: 5m
|
146
kubernetes/apps/qbittorrent/qbittorrent/tools/helmrelease.yaml
Normal file
146
kubernetes/apps/qbittorrent/qbittorrent/tools/helmrelease.yaml
Normal file
|
@ -0,0 +1,146 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: qbtools
|
||||
spec:
|
||||
interval: 30m
|
||||
chart:
|
||||
spec:
|
||||
chart: app-template
|
||||
version: 3.4.0
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: bjw-s
|
||||
namespace: flux-system
|
||||
install:
|
||||
remediation:
|
||||
retries: 3
|
||||
upgrade:
|
||||
cleanupOnFail: true
|
||||
remediation:
|
||||
strategy: rollback
|
||||
retries: 3
|
||||
dependsOn:
|
||||
- name: qbittorrent
|
||||
namespace: qbittorrent
|
||||
values:
|
||||
controllers:
|
||||
tagging:
|
||||
type: cronjob
|
||||
cronjob: &cronJobSpec
|
||||
schedule: "@hourly"
|
||||
timeZone: &timeZone America/Chicago
|
||||
concurrencyPolicy: Forbid
|
||||
successfulJobsHistory: 1
|
||||
failedJobsHistory: 1
|
||||
initContainers:
|
||||
tagging: &container
|
||||
image:
|
||||
repository: ghcr.io/buroa/qbtools
|
||||
tag: v0.16.10@sha256:fec06dd13ec90694110ca912eb9003d3a46d29be83944538599b35fc78dcbf18
|
||||
env:
|
||||
TZ: *timeZone
|
||||
POD_NAMESPACE:
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
args: [
|
||||
"tagging",
|
||||
"--added-on",
|
||||
"--expired",
|
||||
"--last-activity",
|
||||
"--sites",
|
||||
"--unregistered",
|
||||
"--server", "qbittorrent.$(POD_NAMESPACE).svc.cluster.local",
|
||||
"--port", "80",
|
||||
"--config", "/config/config.yaml"
|
||||
]
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
capabilities: { drop: ["ALL"] }
|
||||
resources:
|
||||
requests:
|
||||
cpu: 25m
|
||||
limits:
|
||||
memory: 256M
|
||||
containers:
|
||||
unregistered:
|
||||
<<: *container
|
||||
args: [
|
||||
"prune",
|
||||
"--exclude-category", "manual",
|
||||
"--exclude-category", "music",
|
||||
"--exclude-tag", "added:24h",
|
||||
"--include-tag", "unregistered",
|
||||
"--dry-run",
|
||||
"--server", "qbittorrent.$(POD_NAMESPACE).svc.cluster.local",
|
||||
"--port", "80"
|
||||
]
|
||||
expired:
|
||||
<<: *container
|
||||
args: [
|
||||
"prune",
|
||||
"--exclude-category", "manual",
|
||||
"--exclude-category", "music",
|
||||
"--include-tag", "expired", # defined in config.yaml
|
||||
"--include-tag", "added:7d",
|
||||
"--dry-run",
|
||||
"--server", "qbittorrent.$(POD_NAMESPACE).svc.cluster.local",
|
||||
"--port", "80"
|
||||
]
|
||||
pod:
|
||||
restartPolicy: OnFailure
|
||||
orphaned:
|
||||
type: cronjob
|
||||
cronjob:
|
||||
<<: *cronJobSpec
|
||||
schedule: "@daily"
|
||||
containers:
|
||||
app:
|
||||
<<: *container
|
||||
args: [
|
||||
"orphaned",
|
||||
"--exclude-pattern", "*_unpackerred*",
|
||||
"--exclude-pattern", "*/manual/*",
|
||||
# "--dry-run",
|
||||
"--server", "qbittorrent.$(POD_NAMESPACE).svc.cluster.local",
|
||||
"--port", "80"
|
||||
]
|
||||
pod:
|
||||
restartPolicy: OnFailure
|
||||
reannounce:
|
||||
containers:
|
||||
app:
|
||||
<<: *container
|
||||
args: [
|
||||
"reannounce",
|
||||
"--process-seeding",
|
||||
"--server", "qbittorrent.$(POD_NAMESPACE).svc.cluster.local",
|
||||
"--port", "80"
|
||||
]
|
||||
defaultPodOptions:
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 568
|
||||
runAsGroup: 568
|
||||
seccompProfile: { type: RuntimeDefault }
|
||||
persistence:
|
||||
secret-file:
|
||||
type: secret
|
||||
name: qbtools-secret
|
||||
globalMounts:
|
||||
- path: /config/config.yaml
|
||||
subPath: config.yaml
|
||||
readOnly: true
|
||||
media:
|
||||
type: nfs
|
||||
server: 10.1.1.13
|
||||
path: /eru/media
|
||||
advancedMounts:
|
||||
orphaned:
|
||||
app:
|
||||
- path: /data/nas-media
|
||||
subPath: qb/downloads
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ./qbtools.secret.sops.yaml
|
||||
- ./helmrelease.yaml
|
|
@ -0,0 +1,26 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: qbtools-secret
|
||||
stringData:
|
||||
config.yaml: ENC[AES256_GCM,data:NZq8GKG05lEp6lLvE/IMOkt6FrzJ8Hoj3KJ57y5rumsTxqydyxzmrt9IVf34nQ1SgSGKMdI8KgEIVnHBj/4jfYgJZ5+1AfKiTe0DW3NZSK3LkDJcs6Mcwu6f5lbil1vfaS3YgJ2K1pv5ys7GCmE/zMqiNsTpmc1niY/JMOs/0eJaUYNACHl0I1w3fLJVPjnhdK99IhFYo42XywODyVSRdMeFTP6Q7Y4NRNJKA3u9W0ix12yaTdfBk5ia1sIRb9H3Gvl5z/XTvr0X6IzIpfoP46wf/EXLU7Y7Rt5fvnymQgzQr7JtUL90NBkKvqOko4NSl36uEol5jsu9gj9o+FZbA2CnDbZ6mp6BqJIB9HuaWCrgb6ideNTUYL/ASU6Wp17A1CzPDjlm+b6kGZpJKQYFEZ/VO8BEoeW3Yx9D0dG1ep9xFTu6xDKo7JxF4pbMWgWU5I+mE6xiCK7XGrab1latVhcPHBAVoxBrdHvAgwgvs1WmAe0ofP0vPpq6ZHd+kgQg2qHPbkj4viXl1Hf9M9Q7HJm+hlgfCmjaT9m5/1ipzbj9xlu0vG5GFTbf6hcPJXlthaEubHggKD1Idx1k7NUvJzQi/Y6KpUCM4BUOGOgYpGWic7kTSUoqdqKQNAJr77EKOIRGkI+LCPSOWx4atUS8jgS8/tbeXYAb9eBhovGWXZsGyPQt1bpfXmfiBRTqyRC66qPw5+AcruVaJY3C7Aj0f6BhqkDWScBiF3H3ZJj0Wp6wWKh/KCxSqO+AqcB36nVa62zLy6sIZHclwQwgxLzXFiaHxblRWxNuyAASNnrbAutLTsQ4HXCQPaiJ/9LxK+QAow7hryQsikq4XhCRV0TdEYzBpB3eatpB5G02kApvbMRW5kYvR8GHJzF8eqWgcRit4g0Q+kJn5p+UAi1rOP2bh/9lwPadn7TuuW3J9SzUOOmP2eajsicUkqnxsrxQFJbxkztLkPpLGHpd4zI8Y3riHtv2di57/ktUP9acc4kIk2LyYiN6jwKEOc2HTmSE3l2qdBXoy6Rcl/V/Uz1hOE3vOFUNJQL2sRyBf/0R7IKzXRieghR9h17pKYAsvbN9vO02dLevSYsqktowjwA1QXxxR2Vzp15tMV45T/nP5XLe3+f4zfJjRSuNM13ddowXp6smUOZ0Myw=,iv:FszW51oSi/iKN1cquyhF+HwStHgpgmioyopdJriuiOw=,tag:GYaRuyCgXuGVWyxShyH39Q==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1eqlaq205y5jre9hu5hvulywa7w3d4qyxwmafneamxcn7nejesedsf4q9g6
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5UzFWbHB0bVlGQXV4dEVt
|
||||
ZUxrcnZ1MlFOY2o2eTl0cDV3T3BKdmNMUXg0CmcyejMzV1loSUNIMEw0K09yc3Ax
|
||||
NGZOTE1tamV2a05kZm9lNkpoeG9OWm8KLS0tIEVVM01nSjhQYzBOZ0MrY2JpODRz
|
||||
MGNWSGJmaXdkbUJDOHpCRk9YWUZVSm8KGGHivrtQfHayo6BGbH+Tch3fzVlFNU3s
|
||||
lLec6VZauGjIXifXBLC5e65SrSO/nZS4xsurrZovOLn3DpeDQu/4+Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-08-15T17:21:52Z"
|
||||
mac: ENC[AES256_GCM,data:V+K/2CEFommRZ7kkJlUSjOIMQL8c3OtnJnPT7heHpkGUm/XJ8JFAhqHc5G6D6bjN6vsXcr7X7b9Tm6OBNPHBCJIekBahySUThHc6IxhQrNVTMu2lNOS9B7+VwZN2oezmEwbpY+5dT+3angWiBy2k5XW/7hmVlz1mQX8tJBTUHOM=,iv:LorlvJFs067H6FI/UPvIgRi9xTReOTfv13IdInFhcAU=,tag:72TTcNC6Fh3SiWlJa2xgzg==,type:str]
|
||||
pgp: []
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.8.1
|
Loading…
Reference in a new issue