fix(deluge): use local testing chart - FIXME

projects/downloader/charts/.helmignore

@@ -0,0 +1,30 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS
+
+# helm-docs templates
+*.gotmpl
+
+# helm unit tests
+tests/

projects/downloader/charts/deluge/Chart.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v2
+description: Deluge Torrent Client & Webinterface
+name: deluge
+version: 1.0.1
+kubeVersion: ">=1.22.0-0"
+maintainers:
+  - name: nold
+    email: nold@gnu.one
+dependencies:
+  - name: common
+    repository: https://bjw-s.github.io/helm-charts
+    version: 1.0.1

projects/downloader/charts/deluge/templates/common.yaml

@@ -0,0 +1,4 @@
+---
+{{- include "bjw-s.common.loader.init" . }}
+{{/* Render the templates */}}
+{{ include "bjw-s.common.loader.generate" . }}

projects/downloader/charts/deluge/values.yaml

@@ -0,0 +1,111 @@
+---
+image:
+  repository: reg.dc/deluge
+  tag: 2.1.1
+
+command: [ "/usr/bin/deluge-web" ]
+args: [ "-d", "-c", "/config", "-L", "info" ]
+
+securityContext:
+  runAsNonRoot: true
+  privileged: false
+  readOnlyRootFilesystem: true
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+    - ALL
+
+ingress:
+  main:
+    enabled: true
+    annotations:
+      cert-manager.io/cluster-issuer: "vault-issuer"
+      traefik.ingress.kubernetes.io/router.tls: 'true'
+      nginx.ingress.kubernetes.io/proxy-body-size: 50m
+    hosts:
+      - host: torrent.dc
+        paths:
+          - path: /
+            pathType: Prefix
+    tls:
+      - secretName: torrent.dc-tls
+        hosts:
+          - torrent.dc
+
+service:
+  main:
+    enabled: true
+    ports:
+      http:
+        port: 8112
+
+env:
+  PUID: 1000
+  GUID: 1000
+
+probes:
+  liveness:
+    enabled: false
+  readiness:
+    enabled: false
+  startup:
+    enabled: false
+
+persistence:
+  config:
+    enabled: true
+    mountPath: /config
+    size: 10M
+
+  # use hostpath instead
+  downloads:
+    enabled: true
+    type: hostPath
+    hostPath: /data/torrent
+    mountPath: /downloads
+
+  startupProbe:
+    initialDelaySeconds: 600
+    periodSeconds: 120
+    failureThreshold: 6
+
+## VPN
+addons:
+  vpn:
+    enabled: true
+
+    env:
+      VPN_SERVICE_PROVIDER: mullvad
+      VPN_TYPE: openvpn
+      WIREGUARD_ADDRESSES: 10.67.135.224/32
+
+      DNS_KEEP_NAMESERVER: "on"
+      DOT: "on"
+      FIREWALL: "on"
+      FIREWALL_INPUT_PORTS: "8112,8000"
+      FIREWALL_VPN_INPUT_PORTS: 61086
+
+    envFrom:
+    - secretRef:
+        name: wireguard-config
+
+    securityContext:
+      capabilities:
+        add:
+          - NET_ADMIN
+
+    livenessProbe:
+      httpGet:
+        path: /v1/openvpn/status
+        port: 8000
+      initialDelaySeconds: 30
+      periodSeconds: 30
+
+additionalContainers:
+  deluge-daemon:
+    image: reg.dc/deluge:2.1.1
+    volumeMounts:
+    - name: config
+      mountPath: /config
+    - name: downloads
+      mountPath: /downloads

projects/downloader/project.yml

@@ -2,9 +2,9 @@ config:
   description: Tools for downloading linux isos
 apps:
 - name: deluge
-  repoURL: https://k8s-at-home.com/charts/
+  repoURL: https://github.com/nold360/hive-apps
-  chart: deluge
+  path: projects/downloader/charts/deluge
-  targetRevision: 5.4.2
+  targetRevision: main
   secrets:
   - name: openvpn
     keys:

projects/downloader/values/deluge.yaml

@@ -1,31 +1,56 @@
+---
 image:
-  repository: linuxserver/deluge
+  repository: reg.dc/deluge
   tag: 2.1.1
 
+command: [ "/usr/bin/deluge-web" ]
+args: [ "-d", "-c", "/config", "-L", "info" ]
+
+securityContext:
+  runAsNonRoot: true
+  privileged: false
+  readOnlyRootFilesystem: true
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+    - ALL
+
 ingress:
   main:
     enabled: true
     annotations:
       cert-manager.io/cluster-issuer: "vault-issuer"
       traefik.ingress.kubernetes.io/router.tls: 'true'
-      #FIXME:
       nginx.ingress.kubernetes.io/proxy-body-size: 50m
-
     hosts:
       - host: torrent.dc
         paths:
           - path: /
             pathType: Prefix
-
     tls:
       - secretName: torrent.dc-tls
         hosts:
           - torrent.dc
 
+service:
+  main:
+    enabled: true
+    ports:
+      http:
+        port: 8112
+
 env:
   PUID: 1000
   GUID: 1000
 
+probes:
+  liveness:
+    enabled: false
+  readiness:
+    enabled: false
+  startup:
+    enabled: false
+
 persistence:
   config:
     enabled: true
@@ -49,22 +74,38 @@ addons:
   vpn:
     enabled: true
 
-    openvpn:
+    env:
-      authSecret: openvpn
+      VPN_SERVICE_PROVIDER: mullvad
-    configFileSecret: openvpn
+      VPN_TYPE: openvpn
+      WIREGUARD_ADDRESSES: 10.67.135.224/32
+
+      DNS_KEEP_NAMESERVER: "on"
+      DOT: "on"
+      FIREWALL: "on"
+      FIREWALL_INPUT_PORTS: "8112,8000"
+      FIREWALL_VPN_INPUT_PORTS: 61086
+
+    envFrom:
+    - secretRef:
+        name: wireguard-config
 
     securityContext:
       capabilities:
         add:
           - NET_ADMIN
-          - SYS_MODULE
 
     livenessProbe:
-      exec:
+      httpGet:
-        command:
+        path: /v1/openvpn/status
-          - sh
+        port: 8000
-          - -c
-          - if [ $(curl -s https://ipinfo.io/country) == 'NL' ]; then exit 0; else exit $?; fi
       initialDelaySeconds: 30
-      periodSeconds: 60
+      periodSeconds: 30
-      failureThreshold: 3
+
+additionalContainers:
+  deluge-daemon:
+    image: reg.dc/deluge:2.1.1
+    volumeMounts:
+    - name: config
+      mountPath: /config
+    - name: downloads
+      mountPath: /downloads