diff --git a/projects/downloader/charts/.helmignore b/projects/downloader/charts/.helmignore new file mode 100644 index 00000000..ab04375e --- /dev/null +++ b/projects/downloader/charts/.helmignore @@ -0,0 +1,30 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# OWNERS file for Kubernetes +OWNERS + +# helm-docs templates +*.gotmpl + +# helm unit tests +tests/ diff --git a/projects/downloader/charts/deluge/Chart.yaml b/projects/downloader/charts/deluge/Chart.yaml new file mode 100644 index 00000000..1d45bdae --- /dev/null +++ b/projects/downloader/charts/deluge/Chart.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v2 +description: Deluge Torrent Client & Webinterface +name: deluge +version: 1.0.1 +kubeVersion: ">=1.22.0-0" +maintainers: + - name: nold + email: nold@gnu.one +dependencies: + - name: common + repository: https://bjw-s.github.io/helm-charts + version: 1.0.1 diff --git a/projects/downloader/charts/deluge/templates/common.yaml b/projects/downloader/charts/deluge/templates/common.yaml new file mode 100644 index 00000000..f98c9e95 --- /dev/null +++ b/projects/downloader/charts/deluge/templates/common.yaml @@ -0,0 +1,4 @@ +--- +{{- include "bjw-s.common.loader.init" . }} +{{/* Render the templates */}} +{{ include "bjw-s.common.loader.generate" . }} diff --git a/projects/downloader/charts/deluge/values.yaml b/projects/downloader/charts/deluge/values.yaml new file mode 100644 index 00000000..ffbf9c35 --- /dev/null +++ b/projects/downloader/charts/deluge/values.yaml @@ -0,0 +1,111 @@ +--- +image: + repository: reg.dc/deluge + tag: 2.1.1 + +command: [ "/usr/bin/deluge-web" ] +args: [ "-d", "-c", "/config", "-L", "info" ] + +securityContext: + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + +ingress: + main: + enabled: true + annotations: + cert-manager.io/cluster-issuer: "vault-issuer" + traefik.ingress.kubernetes.io/router.tls: 'true' + nginx.ingress.kubernetes.io/proxy-body-size: 50m + hosts: + - host: torrent.dc + paths: + - path: / + pathType: Prefix + tls: + - secretName: torrent.dc-tls + hosts: + - torrent.dc + +service: + main: + enabled: true + ports: + http: + port: 8112 + +env: + PUID: 1000 + GUID: 1000 + +probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false + +persistence: + config: + enabled: true + mountPath: /config + size: 10M + + # use hostpath instead + downloads: + enabled: true + type: hostPath + hostPath: /data/torrent + mountPath: /downloads + + startupProbe: + initialDelaySeconds: 600 + periodSeconds: 120 + failureThreshold: 6 + +## VPN +addons: + vpn: + enabled: true + + env: + VPN_SERVICE_PROVIDER: mullvad + VPN_TYPE: openvpn + WIREGUARD_ADDRESSES: 10.67.135.224/32 + + DNS_KEEP_NAMESERVER: "on" + DOT: "on" + FIREWALL: "on" + FIREWALL_INPUT_PORTS: "8112,8000" + FIREWALL_VPN_INPUT_PORTS: 61086 + + envFrom: + - secretRef: + name: wireguard-config + + securityContext: + capabilities: + add: + - NET_ADMIN + + livenessProbe: + httpGet: + path: /v1/openvpn/status + port: 8000 + initialDelaySeconds: 30 + periodSeconds: 30 + +additionalContainers: + deluge-daemon: + image: reg.dc/deluge:2.1.1 + volumeMounts: + - name: config + mountPath: /config + - name: downloads + mountPath: /downloads diff --git a/projects/downloader/project.yml b/projects/downloader/project.yml index 6c24f0fd..2f151290 100644 --- a/projects/downloader/project.yml +++ b/projects/downloader/project.yml @@ -2,9 +2,9 @@ config: description: Tools for downloading linux isos apps: - name: deluge - repoURL: https://k8s-at-home.com/charts/ - chart: deluge - targetRevision: 5.4.2 + repoURL: https://github.com/nold360/hive-apps + path: projects/downloader/charts/deluge + targetRevision: main secrets: - name: openvpn keys: diff --git a/projects/downloader/values/deluge.yaml b/projects/downloader/values/deluge.yaml index 540ec208..ffbf9c35 100644 --- a/projects/downloader/values/deluge.yaml +++ b/projects/downloader/values/deluge.yaml @@ -1,31 +1,56 @@ +--- image: - repository: linuxserver/deluge + repository: reg.dc/deluge tag: 2.1.1 +command: [ "/usr/bin/deluge-web" ] +args: [ "-d", "-c", "/config", "-L", "info" ] + +securityContext: + runAsNonRoot: true + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + ingress: main: enabled: true annotations: cert-manager.io/cluster-issuer: "vault-issuer" traefik.ingress.kubernetes.io/router.tls: 'true' - #FIXME: nginx.ingress.kubernetes.io/proxy-body-size: 50m - hosts: - host: torrent.dc paths: - path: / pathType: Prefix - tls: - secretName: torrent.dc-tls hosts: - torrent.dc +service: + main: + enabled: true + ports: + http: + port: 8112 + env: PUID: 1000 GUID: 1000 +probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false + persistence: config: enabled: true @@ -49,22 +74,38 @@ addons: vpn: enabled: true - openvpn: - authSecret: openvpn - configFileSecret: openvpn + env: + VPN_SERVICE_PROVIDER: mullvad + VPN_TYPE: openvpn + WIREGUARD_ADDRESSES: 10.67.135.224/32 + + DNS_KEEP_NAMESERVER: "on" + DOT: "on" + FIREWALL: "on" + FIREWALL_INPUT_PORTS: "8112,8000" + FIREWALL_VPN_INPUT_PORTS: 61086 + + envFrom: + - secretRef: + name: wireguard-config securityContext: capabilities: add: - NET_ADMIN - - SYS_MODULE livenessProbe: - exec: - command: - - sh - - -c - - if [ $(curl -s https://ipinfo.io/country) == 'NL' ]; then exit 0; else exit $?; fi + httpGet: + path: /v1/openvpn/status + port: 8000 initialDelaySeconds: 30 - periodSeconds: 60 - failureThreshold: 3 + periodSeconds: 30 + +additionalContainers: + deluge-daemon: + image: reg.dc/deluge:2.1.1 + volumeMounts: + - name: config + mountPath: /config + - name: downloads + mountPath: /downloads