gluetun

media/qbittorrent/deployment.yaml

@@ -23,44 +23,24 @@ spec:
         - containerPort: 8080
           name: http
           protocol: TCP
-        - containerPort: 6881
-          name: udp
-          protocol: UDP
-        - containerPort: 6881
-          name: tcp
-          protocol: TCP
         volumeMounts:
         - name: qbittorrent-config
           mountPath: /config
-        - mountPath: /data/downloads
-          name: data
+        - name: data
+          mountPath: /data/downloads
           subPath: downloads
-      - name: wireguard
-        image: lscr.io/linuxserver/wireguard:latest
+      - name: gluetun
+        image: qmcgaw/gluetun
         envFrom:
         - configMapRef:
-            name: wireguard-config
-            optional: false
+            name: gluetun-config
         securityContext:
           capabilities:
             add:
             - NET_ADMIN
-            - SYS_MODULE
-          privileged: true
-        ports:
-        - containerPort: 51820
-          name: tun
-          protocol: UDP
-        lifecycle:
-          postStart:
-            exec:
-              command: ['cp', '/wireguard-secret/qbittorrent.conf', '/config/wg_confs/wg0.conf']
         volumeMounts:
-        - name: wireguard-config
-          mountPath: /config
-        - name: wireguard-secret
-          readOnly: true
-          mountPath: /wireguard-secret
+        - name: wireguard-config-secret
+          mountPath: /gluetun/wireguard
       initContainers:
       - name: init-media-filesystem
         image: busybox
@@ -78,14 +58,11 @@ spec:
       - name: qbittorrent-config
         persistentVolumeClaim: 
           claimName: qbittorrent-config
-      - name: wireguard-config
-        persistentVolumeClaim: 
-          claimName: wireguard-config
       - name: data
         persistentVolumeClaim: 
           claimName: media-data
-      - name: wireguard-secret
+      - name: wireguard-config-secret
         secret:
-          secretName: wireguard-secret
+          secretName: wireguard-config-secret
             
           

media/qbittorrent/gluetun-config.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: gluetun-config
+  namespace: media
+data:
+  VPN_SERVICE_PROVIDER: custom
+  VPN_TYPE: wireguard
+  VPN_PORT_FORWARDING: on
+  VPN_PORT_FORWARDING_PROVIDER: protonvpn

media/qbittorrent/pvc-wireguard-config.yaml

@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: wireguard-config
-  namespace: media
-spec:
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: longhorn
-  accessModes:
-    - ReadWriteOnce

media/qbittorrent/wireguard-config-secret.yaml

@@ -0,0 +1,14 @@
+kind: SealedSecret
+apiVersion: bitnami.com/v1alpha1
+metadata:
+  name: wireguard-config-secret
+  namespace: media
+  creationTimestamp:
+spec:
+  template:
+    metadata:
+      name: wireguard-config-secret
+      namespace: media
+      creationTimestamp:
+  encryptedData:
+    wg0.conf: AgBl96INYxQD4Pr5dxYnRmUfhfgCT6v+R+anYAvk/ETJT6RbEF9AhFB7hOe0blxDxLo61R36P7vh9DpCSBP23JHVEZroIW6uT2M9l8hrGEgVcjZ59d7oCI+/OJnKsFJfBJsBvQRX5WFG25Mr0qXFFYtKVisP2uZrZa/vIZ1Cz16N89Lmbqy8CXSKP4R5M89KrqyH0q85J4kg9NtsZlh9mfWfelb96/BwbWVNuAP+dT3dvx/L0uWgvSj07ks8sxDVlBUJ5hccA3Z6Rg4x2x1tRl5sXFTuGmnkNYR6fFCiomt/YJCczRzF7hUgL3LLml8Sk33xlX8u7dNK0J8byYvEokSD3ZDxLsZLmFTgps3gj3yKa2Q8dRhXZp4o+OBUHT2DFyrNWdw0Km6EAMwJ13G3Lvmif2TXoronbYa8JA+mcV93LpOC1Aubj1QjFTkrK3/4u3DIPK0XmjXS6TeHLD5Rxx8VQIojwWeGTEJRCuvSE2vrxeqv1KQ2Q7OuOyFjAxxlpdVKBdXNnrYAg/yT0zTLZuNBeKRgCCykX0CM+sB/72f606i2ZNLqWI4NAivk99y19Yk7M+iw92qWecAfk1QwYwwdUKUZLqVOtYToHpOKAhZULYy1edTwRbZo+tx+BB1c0z1KVD6j3GiyjDifNME+h5PNLmQplMDHeKZd2mZxaEkwAe++brktnySKkxHxSOMizxkN2wVScqN7lwJfjswV3WOwGcl0V6XXGf59XP5qHDDIAfbYJN/2e//fw1ccYMNrhMFCt3eYvzufQLcCDGsSQxuJa69z4NQT6L4P5LwKCzIef79mJ3ZrTQXMsU55eg42AKPLsympV5GJ8UAYlviGd3n0quLb/LsG0HbnNhw+iHdQw6gtfQWxXI3pdBzx+d4Cel0nS8eyRriBPNHUYN91aJo+afFre/ADMNZq6aqW4eoUmgpHuIjkfVBkvRWQiDCLJjJvb4JcdgwxJUjzfGU3rLKX/G0cGHzXySMwZaojQS3cE0AzGMcSlybSDbEbeDtBKzDhJ4cE44Tv8qVGRyihScEE84dXeRdU8flz8i36jGbD7wA9ID80QfP8NhyU7HS+z9xhnzgo05FWbQun+E19RSXDfTg251s7UshT+/4y3XXU22aD2IoWTG+Qd6A5/KAXf02YGBkkDN1pz0ANKCvK1EdfOWe/42pKGYqaf/z+

media/qbittorrent/wireguard-config.yaml

@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: wireguard-config
-  namespace: media
-data:
-  PUID: "1000"
-  PGID: "1000"

media/qbittorrent/wireguard-secret.yaml

@@ -1,14 +0,0 @@
-kind: SealedSecret
-apiVersion: bitnami.com/v1alpha1
-metadata:
-  name: wireguard-secret
-  namespace: media
-  creationTimestamp:
-spec:
-  template:
-    metadata:
-      name: wireguard-secret
-      namespace: media
-      creationTimestamp:
-  encryptedData:
-    qbittorrent.conf: AgDOZEDPObCxcy62EMno7OffD9DVz2TVySgD3BR8MNq//vAbXkJszxoI2/4r/EhYSfiBem/4P+JZ9BBgscrh+FfE2yYkQdRx7RaQQgvy32l4xUyfzCuhz1mcpHhaNxdmSMgb8Jm9rf/Lw1lFZn0A7Te4tV21usw2L8+Rcz/dFseVUeiUhL0Hsawp1BtUH8fEFqseY6reRsYnHXt85uPDORiy8SaWKoJevgrzpBPLa/rf/d+Cnr5RJwCXV3q7q0e47fbKD7nVDkSIFsxF4Ar5D06d9mB+E/JMuXMRJL5tfLjCuk4H4QpF4jiXCF5p1HOzL2otElZeADJh/PRFMhRHAkvbfHhD73j5FM+RVeLBTImx9i3YW25SdDGNLeYdAUeua2x4nQwDSBxON9MtXi2sWqedwgusG7CPNStWSD5s7gZzEm6JkZvKb0mu5zoiUsdV7bJtskrL1GmFW2odcvvfi1gaff9iFOqsxm3jC5vXmsfUrIEMphmhNlrfj6i3x9UTIKETOSVsLAm1Wburq0johRiaEZ0zb2bfHEaNF60bl+XJioX98BCaW59h9yrdzotxmHB9bVcSZm1AWjhQ8s9V6Z6m84OlQ7HSZdg5jBiaTAPNLQ+halzGkqGvN67gv+i/r/OsKqbOeBHm5agdipK+hCOxHtkuGL9/G8oz2XtQNI7QMsDdOA6CmjxjMXXnu0lrxDWdGuS0RhTX41v4Gz0b8WxxFztY4Fzw+KcmMLgM47YQ8SChDOTYnpOhuQcNHCCU+9bgfj+p0kl0xr3tzEzJYqrw+ZewliELhlBjrr03SDiUIMpN0Mux++7oKFbPuwmt4stdHQ7VF896j2MPkcnfKF+pgyrHfUsZYlRSAQC0KuWmxU6AxkimVbm2jxkNbxYrFEkomNY47CXU6XLGT+HA/rWkmWK4mU+lFDchzvJPs0TksJ2mvCwrOHjip5S4m3k5PK1SdqqyFleLs85yEHICqyJAt3eBb/KT2WlPb8cQlu0lj1mG2aU40qdyd6/1jbD0Bc2elMrniQ17u5syKmIIE09ACGa7O7kv94jvnvzO1kafFrz/pJ8aLKIdBQlC7+Uw1wnsQHF5hxx426qpnqZ95hPxvpNpaC/cpTJAtH2H3kota4vlMN2I5/9LEPwuYxtYaE6Km06SHF67/kohx9h8PVDk5h920ewrrQNuKQnb