---
image:
  repository: ghcr.io/onedr0p/qbittorrent
  tag: 5.0.3

ingress:
  main:
    enabled: true
    annotations:
      cert-manager.io/cluster-issuer: "vault-issuer"
      nginx.ingress.kubernetes.io/proxy-body-size: 50m
    hosts:
      - host: qbittorrent.dc
        paths:
          - path: /
            pathType: Prefix
    tls:
      - secretName: qbittorrent-tls
        hosts:
           - qbittorrent.dc

service:
  main:
    enabled: true
    ports:
      http:
        port: 8080

podSecurityContext:
  # Disable IPv6 support for gluetun:
  sysctls:
    - name: net.ipv6.conf.all.disable_ipv6
      value: "1"
  fsGroup: 2420
  fsGroupChangePolicy: "OnRootMismatch"
  supplementalGroups:
    - 1000
    - 568

persistence:
  config:
    enabled: true
    mountPath: /config
    size: 10M

  # for custom themes:
  theme:
    enabled: false
    mountpath: /theme
    type: emptyDir

  ## example used hostpath instead
  downloads:
    enabled: true
    type: hostPath
    hostPath: /data/media/torrent
    mountPath: /downloads


## Install custom Theme
# initContainers:
#   init-config:
#     image: alpine/git
#     args: 
#       - "clone"
#       - "--depth"
#       - "1"
#       - "https://github.com/dracula/qbittorrent.git"
#       - "/theme"
#     volumeMounts:
#     - name: theme
#       mountPath: /theme
#     securityContext:
#       runAsNonRoot: true
#       privileged: false
#       readOnlyRootFilesystem: true
#       allowPrivilegeEscalation: false
#       capabilities:
#         drop:
#         - ALL

## VPN
addons:
  vpn:
    enabled: true

    env:
      VPN_SERVICE_PROVIDER: mullvad
      VPN_TYPE: openvpn
      WIREGUARD_ADDRESSES: 10.67.135.224/32
     
      # Fix: https://github.com/qdm12/gluetun/issues/1569#issuecomment-1549992099
      OPENVPN_CIPHERS: AES-256-GCM

      DNS_KEEP_NAMESERVER: "on"
      DOT: "on"
      FIREWALL: "on"
      FIREWALL_INPUT_PORTS: "8080,8000"
      FIREWALL_VPN_INPUT_PORTS: 61086

    envFrom:
    - secretRef:
        name: wireguard-config

    securityContext:
      capabilities:
        add:
          - NET_ADMIN

    livenessProbe:
      httpGet:
        path: /v1/openvpn/status
        port: 8000
      initialDelaySeconds: 30
      periodSeconds: 30