--- image: repository: lib42/deluge tag: "2" podSecurityContext: fsGroup: 1000 securityContext: runAsNonRoot: true privileged: false readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: - ALL ingress: main: enabled: true annotations: cert-manager.io/cluster-issuer: "vault-issuer" traefik.ingress.kubernetes.io/router.tls: 'true' nginx.ingress.kubernetes.io/proxy-body-size: 50m hosts: - host: torrent.dc paths: - path: / pathType: Prefix tls: - secretName: torrent.dc-tls hosts: - torrent.dc service: main: enabled: true ports: http: port: 8112 env: PUID: 1000 GUID: 1000 persistence: config: enabled: true mountPath: /config size: 10M # use hostpath instead downloads: enabled: true type: hostPath hostPath: /data/torrent mountPath: /downloads tmp: enabled: true type: emptyDir mountPath: /tmp cache: enabled: true type: emptyDir mountPath: /home/deluge/.cache ## VPN addons: vpn: enabled: true env: VPN_SERVICE_PROVIDER: mullvad VPN_TYPE: openvpn WIREGUARD_ADDRESSES: 10.67.135.224/32 DNS_KEEP_NAMESERVER: "on" DOT: "on" FIREWALL: "on" FIREWALL_INPUT_PORTS: "8112,8000" FIREWALL_VPN_INPUT_PORTS: 61086 envFrom: - secretRef: name: wireguard-config securityContext: capabilities: add: - NET_ADMIN livenessProbe: httpGet: path: /v1/openvpn/status port: 8000 initialDelaySeconds: 30 periodSeconds: 30 initContainers: init-config: image: lib42/deluge:2 command: ["/bin/sh"] args: [ "-c", "([ ! -f /config/core.conf ] && cp -v /defaults/core.conf /config/core.conf) || true"] volumeMounts: - name: config mountPath: /config securityContext: runAsNonRoot: true privileged: false readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: - ALL additionalContainers: deluge-daemon: image: lib42/deluge:2 volumeMounts: - name: config mountPath: /config - name: downloads mountPath: /downloads - name: cache mountPath: /home/deluge/.cache securityContext: runAsNonRoot: true privileged: false readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: - ALL