apiVersion: apps/v1
kind: Deployment
metadata:
  name: qbittorrent
  namespace: media
spec:
  selector:
    matchLabels:
      app: qbittorrent
  template:
    metadata:
      labels:
        app: qbittorrent
    spec:
      containers:
      - name: qbittorrent
        image: lscr.io/linuxserver/qbittorrent:libtorrentv1
        envFrom:
        - configMapRef:
            name: qbittorrent-config
            optional: false
        ports:
        - containerPort: 8080
          name: http
          protocol: TCP
        volumeMounts:
        - name: qbittorrent-config
          mountPath: /config
        - name: data
          mountPath: /data/downloads
          subPath: downloads
      - name: gluetun
        image: qmcgaw/gluetun
        envFrom:
        - configMapRef:
            name: gluetun-config
        securityContext:
          capabilities:
            add:
            - NET_ADMIN
        volumeMounts:
        - name: wireguard-config-secret
          mountPath: /gluetun/wireguard
      initContainers:
      - name: init-media-filesystem
        image: busybox
        command:
        - /bin/sh
        - -c
        - |
          mkdir -p -v /data/downloads/movies /data/downloads/tv /data/downloads/books /data/downloads/audiobooks /data/media/movies /data/media/tv /data/media/books /data/media/audiobooks
          chown -R 1000:1000 /data
          chmod -R a=,a+rX,u+w,g+w /data
        volumeMounts:
        - mountPath: /data
          name: data
      volumes:
      - name: qbittorrent-config
        persistentVolumeClaim: 
          claimName: qbittorrent-config
      - name: data
        persistentVolumeClaim: 
          claimName: media-data
      - name: wireguard-config-secret
        secret:
          secretName: wireguard-config-secret