From 7639fd384204626f0eab0e2201ccbcde09bf086d Mon Sep 17 00:00:00 2001
From: Michael Thomson <mthomson@konradgroup.com>
Date: Tue, 19 Dec 2023 14:09:12 -0500
Subject: [PATCH] wireguard maybe?

---
 .../{config.yaml => deluge-config.yaml}       |  0
 media/deluge/deployment.yaml                  | 43 ++++++++++++++++++-
 ...pvc-config.yaml => pvc-deluge-config.yaml} |  0
 media/deluge/pvc-wireguard-config.yaml        | 12 ++++++
 media/deluge/wireguard-config.yaml            |  8 ++++
 media/deluge/wireguard-secret.yaml            | 14 ++++++
 6 files changed, 75 insertions(+), 2 deletions(-)
 rename media/deluge/{config.yaml => deluge-config.yaml} (100%)
 rename media/deluge/{pvc-config.yaml => pvc-deluge-config.yaml} (100%)
 create mode 100644 media/deluge/pvc-wireguard-config.yaml
 create mode 100644 media/deluge/wireguard-config.yaml
 create mode 100644 media/deluge/wireguard-secret.yaml

diff --git a/media/deluge/config.yaml b/media/deluge/deluge-config.yaml
similarity index 100%
rename from media/deluge/config.yaml
rename to media/deluge/deluge-config.yaml
diff --git a/media/deluge/deployment.yaml b/media/deluge/deployment.yaml
index 43f3235..6a7c23b 100644
--- a/media/deluge/deployment.yaml
+++ b/media/deluge/deployment.yaml
@@ -33,11 +33,30 @@ spec:
           name: thinclient
           protocol: TCP
         volumeMounts:
-        - name: config
+        - name: deluge-config
           mountPath: /config
         - mountPath: /downloads
           name: data
           subPath: downloads
+      - name: wireguard
+        image: lscr.io/linuxserver/wireguard:latest
+        envFrom:
+        - configMapRef:
+            name: wireguard-config
+            optional: false
+        securityContext:
+          capabilities:
+            add:
+            - NET_ADMIN
+            - SYS_MODULE
+          privileged: true
+        ports:
+        - containerPort: 51820
+          name: tun
+          protocol: UDP
+        volumeMounts:
+        - name: wireguard-config
+          mountPath: /config
       initContainers:
       - name: init-media-filesystem
         image: busybox
@@ -51,12 +70,32 @@ spec:
         volumeMounts:
         - mountPath: /data
           name: data
+      - name: init-wireguard-conf
+        image: busybox
+        command:
+        - /bin/sh
+        - -c
+        - |
+          mkdir -p -v /config/wg_confs
+          cp /wireguard-secret/deluge.conf /config/wg_confs/wg0.conf
+        volumeMounts:
+        - name: wireguard-config
+          mountPath: /config
+        - name: wireguard-secret
+          readOnly: true
+          mountPath: /wireguard-secret
       volumes:
-      - name: config
+      - name: deluge-config
         persistentVolumeClaim: 
           claimName: deluge-config
+      - name: wireguard-config
+        persistentVolumeClaim: 
+          claimName: wireguard-config
       - name: data
         persistentVolumeClaim: 
           claimName: media-data
+      - name: wireguard-secret
+        secret:
+          secretName: wireguard-secret
             
           
diff --git a/media/deluge/pvc-config.yaml b/media/deluge/pvc-deluge-config.yaml
similarity index 100%
rename from media/deluge/pvc-config.yaml
rename to media/deluge/pvc-deluge-config.yaml
diff --git a/media/deluge/pvc-wireguard-config.yaml b/media/deluge/pvc-wireguard-config.yaml
new file mode 100644
index 0000000..e217773
--- /dev/null
+++ b/media/deluge/pvc-wireguard-config.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: wireguard-config
+  namespace: media
+spec:
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: longhorn
+  accessModes:
+    - ReadWriteOnce
diff --git a/media/deluge/wireguard-config.yaml b/media/deluge/wireguard-config.yaml
new file mode 100644
index 0000000..05274fa
--- /dev/null
+++ b/media/deluge/wireguard-config.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: wireguard-config
+  namespace: media
+data:
+  PUID: "1000"
+  PGID: "1000"
diff --git a/media/deluge/wireguard-secret.yaml b/media/deluge/wireguard-secret.yaml
new file mode 100644
index 0000000..687ebdd
--- /dev/null
+++ b/media/deluge/wireguard-secret.yaml
@@ -0,0 +1,14 @@
+kind: SealedSecret
+apiVersion: bitnami.com/v1alpha1
+metadata:
+  name: wireguard-secret
+  namespace: media
+  creationTimestamp:
+spec:
+  template:
+    metadata:
+      name: wireguard-secret
+      namespace: media
+      creationTimestamp:
+  encryptedData:
+    deluge.conf: AgAGasaRn64/JK2L1t1mQWRnxtjAUTgRR0vv/MQpWRnPoPHHD4lh2Uc2w7PIASILKgRmQRcSavsV8JRd3B5qDe/NBiSM6zhBpDMssmKPx1cTCQBsjd3tpAZiFd9dRuImFLTPYh7Z4KFSx34ljWI5m4W6H9rszJ5XaZuRwOrM2gwuD0EXVUZvBrts8nPT+9iV77JdXClHNKtNLuSjkfrcT9gUJspP1SfFi+4/A0lw0nYpugipJt35VraWTQqXtklh+vHBZEAg/mwEK2OnYjqWjgS1m1Jy2JFkBpojf0xe8RvzplDdHGuZFNMVOK1kxQDZB1eCNAAfg4gF969OR2CmN/yzidVYaCKjnhGDBtH2lHJ6yglxDHq+8Psl5cX4UBICaicVcUk7uKN8HjaIDJa58BnYnM3pq+xZM5Uxgf8z9ueSsMjeNneCmE8xMxJnUhbJSrYK/olIdmgil+amOy6oOT1CMXL2aEpu0zMIoNeO2Wmps63UWnB9HCw2AWv9jddEjJ/lm+rx/pDXD0fTqFyPdWvkGNeW5dZc3wri8a89bJAB1grO1+epQagI8Q2XhCIk/hUNOL828I+nuW/2c/dqlCQzPMzzAu5IrofYSut0/Olfw2lX+Cv2qTHZAumjNnbfBHc0AMWlxMBIHRPIDFRkNkx64861IQ32UAiChtYMWTa+ExWDK7N+SdK5XhTHUSTtUgJZFpHV/OScw/W1n+Agcp6J/8r82fYprDoK+d9qK/K2b1vFddap09gG4h7fVb/DunT4Yjh3wWRnSCwRuSHj9uzrrbsIPjuN4S/VJxmOAQUDdgb578srGXc4CsayVr51PVkrUIGDm6GyWaDEopYCzC8yZWAdKRBDTxJT4elPOwF3Um5X6owozRsKQaRWMO5GWpekKmOffOFoLW6UUU1tJGbTgKK4LzFvZ01EvqAk5jPFhz/H+LlIS+NYGh7LNmLNIVi+SEGvVhS29GMli0Fj+AzY6kdUSoC6iBP0WI+bBigWjb7ufiiSNBjLGLYLBsqz9Zkz5mOeLl8lmGHf1jS//xyfEhNwkiDCx/PQPMX9UicPGV874v+y0XtVGBihwNTO4JeChoq/TEIIjmWY8w6Bcj4E8RkRHFCSh7VEpP1NLeEzaoxZbmNrrU/8iyJk7KEfSYbGZG27PxBJ/CxaL/lCTG2vpeydlq4tDP0=