From e27193d798b45333dc78eb475db1176375f450fa Mon Sep 17 00:00:00 2001
From: Michael Thomson <mthomson@konradgroup.com>
Date: Tue, 5 Dec 2023 10:17:58 -0500
Subject: [PATCH] transmission-openvpn

---
 .../kustomization-transmission-openvpn.yaml   |  19 ++
 .../namespace-transmission-openvpn.yaml       |   4 +
 .../dns-endpoint-transmission-openvpn.yaml    |  12 +
 .../helmrelease-transmission-openvpn.yaml     | 214 ++++++++++++++++++
 4 files changed, 249 insertions(+)
 create mode 100644 bootstrap/kustomizations/kustomization-transmission-openvpn.yaml
 create mode 100644 bootstrap/namespaces/namespace-transmission-openvpn.yaml
 create mode 100644 transmission-openvpn/dns-endpoint-transmission-openvpn.yaml
 create mode 100644 transmission-openvpn/helmrelease-transmission-openvpn.yaml

diff --git a/bootstrap/kustomizations/kustomization-transmission-openvpn.yaml b/bootstrap/kustomizations/kustomization-transmission-openvpn.yaml
new file mode 100644
index 0000000..2acfa75
--- /dev/null
+++ b/bootstrap/kustomizations/kustomization-transmission-openvpn.yaml
@@ -0,0 +1,19 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+  name: transmission-openvpn
+  namespace: flux-system
+spec:
+  interval: 15m
+  path: transmission-openvpn
+  prune: true # remove any elements later removed from the above path
+  timeout: 2m # if not set, this defaults to interval duration, which is 1h
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  validation: server
+  healthChecks:
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      name: transmission-openvpn
+      namespace: transmission-openvpn
diff --git a/bootstrap/namespaces/namespace-transmission-openvpn.yaml b/bootstrap/namespaces/namespace-transmission-openvpn.yaml
new file mode 100644
index 0000000..b38c743
--- /dev/null
+++ b/bootstrap/namespaces/namespace-transmission-openvpn.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: transmission-openvpn
diff --git a/transmission-openvpn/dns-endpoint-transmission-openvpn.yaml b/transmission-openvpn/dns-endpoint-transmission-openvpn.yaml
new file mode 100644
index 0000000..344fd1c
--- /dev/null
+++ b/transmission-openvpn/dns-endpoint-transmission-openvpn.yaml
@@ -0,0 +1,12 @@
+apiVersion: externaldns.k8s.io/v1alpha1
+kind: DNSEndpoint
+metadata:
+  name: transmission.michaelthomson.dev
+  namespace: transmission-openvpn
+spec:
+  endpoints:
+  - dnsName: transmission.michaelthomson.dev
+    recordTTL: 180
+    recordType: CNAME
+    targets:
+    - server.michaelthomson.dev
diff --git a/transmission-openvpn/helmrelease-transmission-openvpn.yaml b/transmission-openvpn/helmrelease-transmission-openvpn.yaml
new file mode 100644
index 0000000..453bedf
--- /dev/null
+++ b/transmission-openvpn/helmrelease-transmission-openvpn.yaml
@@ -0,0 +1,214 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: transmission-openvpn
+  namespace: transmission-openvpn
+spec:
+  chart:
+    spec:
+      chart: transmission-openvpn
+      version: 2.x
+      sourceRef:
+        kind: HelmRepository
+        name: utkuozdemir
+        namespace: flux-system
+  interval: 15m
+  timeout: 5m
+  releaseName: transmission-openvpn
+  values:
+    # -- Number of replicas to run. Chart is not designed to scale horizontally, use at your own risk
+    replicaCount: 1
+
+    # -- Use host network
+    hostNetwork: false
+
+    hostPort:
+      # -- Use host port for the application
+      enabled: false
+      # -- Host port to bind to
+      port: 9091
+
+    # -- Common labels for all resources of the chart
+    commonLabels: {}
+
+    # -- Additional port definitions for the pod
+    additionalPorts: []
+
+    # -- Additional port definitions for the service
+    additionalServicePorts: []
+
+    image:
+      # -- Image repository
+      repository: haugene/transmission-openvpn
+      # -- Image pull policy
+      pullPolicy: IfNotPresent
+      # -- Image tag (if not specified, defaults to the chart's appVersion)
+      tag: ""
+
+    # -- Image pull secrets
+    imagePullSecrets: []
+    # -- String to partially override fullname template with a string (will prepend the release name)
+    nameOverride: ""
+    # -- String to fully override fullname template with a string
+    fullnameOverride: ""
+
+    serviceAccount:
+      # -- Specifies whether a service account should be created
+      create: true
+      # -- Annotations to add to the service account
+      annotations: {}
+      # -- The name of the service account to use. If not set and create is true, a name is generated using the fullname template
+      name: ""
+
+    # -- Annotations for the pods
+    podAnnotations: {}
+
+    # -- Security context for the pods
+    podSecurityContext: {}
+
+    # -- Security context for the container. NET_ADMIN capability is required for the VPN to work properly.
+    securityContext:
+      capabilities:
+        add:
+          - NET_ADMIN
+
+    # -- Deployment strategy
+    strategy:
+      type: Recreate
+
+    service:
+      # -- Type of the service
+      type: ClusterIP
+      # -- Port for the service to use
+      port: 80
+      # -- Service annotations
+      annotations: {}
+      # -- clusterIP for the service
+      clusterIP: ""
+      # -- loadBalancerIP for the service
+      loadBalancerIP: ""
+      # -- externalName for the service
+      externalName: ""
+      # -- loadBalancerClass for the service
+      loadBalancerClass: ""
+
+    ingress:
+      # -- Expose the app using an ingress
+      enabled: true
+      # -- Ingress class name
+      className: traefik
+      # -- Annotations for the ingress
+      annotations:
+        traefik.ingress.kubernetes.io/router.tls: "true"
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
+      # -- Ingress hosts configuration
+      # @default -- see [values.yaml](values.yaml)
+      hosts:
+        - host: transmission.michaelthomson.dev
+          paths:
+            - path: /
+              pathType: ImplementationSpecific
+      # -- The TLS configuration for the Ingress
+      tls:
+        - secretName: letsencrypt-wildcard-cert-michaelthomson.dev
+          hosts:
+            - transmission.michaelthomson.dev
+
+    # -- The resource requests and limits of the container
+    resources: {}
+
+    # -- The node selector for the deployment
+    nodeSelector: {}
+
+    # -- Tolerations for the pod assignment
+    tolerations: []
+
+    # -- Affinity for the pod assignment
+    affinity: {}
+
+    persistence:
+      # -- Enable persistence
+      enabled: true
+      # -- Persistence type is pvc. When `false`, data volume definition is read from `persistence.dataVolume`
+      isPvc: true
+      # -- Name of the existing claim to be used
+      existingClaim: "jellyfin-data"
+      # -- Storage class for the data volume
+      storageClass: ""
+      # -- Volume name override for the pvc
+      volumeName: ""
+      # -- Annotations for the claim
+      annotations: {}
+        # helm.sh/resource-policy: keep
+      # -- Access modes for the claim
+      accessModes:
+        - ReadWriteOnce
+      # -- Size for the claim
+      size: 64Gi
+      # -- Alternative data volume definition (e.g. nfs, hostPath). Used when `persistence.isPvc` is `false`
+      dataVolume: {}
+        # hostPath:
+        #   path: /path/on/host
+
+    # -- Non-sensitive environment variables to be set in the pods. See the [application docs](https://haugene.github.io/docker-transmission-openvpn/config-options/)
+    env:
+      OPENVPN_PROVIDER: PROTONVPN
+      OPENVPN_CONFIG: us.protonvpn.net.udp
+      CREATE_TUN_DEVICE: "true"
+      LOCAL_NETWORK: 10.42.0.0/24
+      PUID: "1000"
+      PGID: "1000"
+      OPENVPN_OPTS: --inactive 3600 --ping 10 --ping-exit 60
+
+    # -- Sensitive environment variables to be set in the pods. See the [application docs](https://haugene.github.io/docker-transmission-openvpn/config-options/)
+    secretEnv:
+      OPENVPN_USERNAME: wSNJV3UTu7K8fxBV
+      OPENVPN_PASSWORD: fh7dwMzYzJGmHgTo5nTlirjaO0LANcUa
+
+    # -- Mount the /dev/net/tun device into the pod. Required by OpenVPN when a `tun` device is used
+    mountTunDevice: true
+
+    # -- DNS configuration for the pod
+    dnsConfig: {}
+
+    # -- DNS policy for the pod
+    dnsPolicy: ClusterFirst
+
+    # -- Arbitrary extra volume definitions for the pod
+    extraVolumes: []
+      # - name: custom-provider-config
+      #   secret:
+      #     defaultMode: 420
+      #     secretName: openvpn-custom
+
+    # -- Arbitrary extra volume mounts for the pod
+    extraVolumeMounts: {}
+      # - mountPath: /etc/openvpn/custom/
+      #   name: custom-provider-config
+
+    # -- Pod liveness probe
+    livenessProbe: {}
+
+    # -- Pod readiness probe
+    readinessProbe:
+      tcpSocket:
+        port: http
+
+    # -- Init containers
+    initContainers: []
+      # - name: init
+      #   image: busybox:stable-musl
+      #   command:
+      #     - sh
+      #     - -c
+      #     - echo "initializing..."
+
+    # -- Sidecar containers
+    sidecarContainers: []
+      # - name: sidecar
+      #   image: busybox:stable-musl
+      #   command:
+      #     - tail
+      #     - -f
+      #     - /dev/null