From 86d4dc87589c6d823bfedce93c3e27023350c8f6 Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Thu, 29 Jan 2026 13:57:32 +0100 Subject: [PATCH] feat: Add qBittorrent --- k8s-peterg/argocd/applications-wheatley.yaml | 19 ++++ k8s-wheatley/qbittorrent/configmap.yaml | 36 +++++++ k8s-wheatley/qbittorrent/deployments.yaml | 103 +++++++++++++++++++ k8s-wheatley/qbittorrent/ingress.yaml | 16 +++ k8s-wheatley/qbittorrent/kustomization.yaml | 13 +++ k8s-wheatley/qbittorrent/namespace.yaml | 7 ++ k8s-wheatley/qbittorrent/pvc.yaml | 45 ++++++++ k8s-wheatley/qbittorrent/secrets.yaml | 19 ++++ k8s-wheatley/qbittorrent/services.yaml | 12 +++ 9 files changed, 270 insertions(+) create mode 100644 k8s-wheatley/qbittorrent/configmap.yaml create mode 100644 k8s-wheatley/qbittorrent/deployments.yaml create mode 100644 k8s-wheatley/qbittorrent/ingress.yaml create mode 100644 k8s-wheatley/qbittorrent/kustomization.yaml create mode 100644 k8s-wheatley/qbittorrent/namespace.yaml create mode 100644 k8s-wheatley/qbittorrent/pvc.yaml create mode 100644 k8s-wheatley/qbittorrent/secrets.yaml create mode 100644 k8s-wheatley/qbittorrent/services.yaml diff --git a/k8s-peterg/argocd/applications-wheatley.yaml b/k8s-peterg/argocd/applications-wheatley.yaml index 3896053..2c8ae2a 100644 --- a/k8s-peterg/argocd/applications-wheatley.yaml +++ b/k8s-peterg/argocd/applications-wheatley.yaml @@ -155,3 +155,22 @@ spec: automated: prune: true selfHeal: true +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: qbittorrent + namespace: argocd +spec: + project: default + source: + repoURL: https://code.peterg.nl/wheatley/kubernetes.git + path: k8s-wheatley/qbittorrent + targetRevision: HEAD + destination: + server: https://10.13.37.10:6443 + namespace: qbittorrent + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/k8s-wheatley/qbittorrent/configmap.yaml b/k8s-wheatley/qbittorrent/configmap.yaml new file mode 100644 index 0000000..593c7fc --- /dev/null +++ b/k8s-wheatley/qbittorrent/configmap.yaml @@ -0,0 +1,36 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: gluetun-envs +data: + TZ: Europe/Amsterdam + VPN_SERVICE_PROVIDER: "custom" + VPN_TYPE: "wireguard" + VPN_PORT_FORWARDING: on + VPN_PORT_FORWARDING_PROVIDER: protonvpn + VPN_PORT_FORWARDING_UP_COMMAND: | + /bin/sh -c ' + wget -O- --retry-connrefused \ + --post-data "json={\"listen_port\":{{PORT}},\"current_network_interface\":\"{{VPN_INTERFACE}}\",\"random_port\":false,\"upnp\":false}" \ + http://127.0.0.1:8112/api/v2/app/setPreferences 2>&1 + ' + VPN_PORT_FORWARDING_DOWN_COMMAND: | + /bin/sh -c ' + wget -O- --retry-connrefused \ + --post-data "json={\"listen_port\":0,\"current_network_interface\":\"lo\"}" \ + http://127.0.0.1:8112/api/v2/app/setPreferences 2>&1 + ' + FIREWALL_OUTBOUND_SUBNETS: 10.244.0.0/16,10.96.0.0/12 + FIREWALL_INPUT_PORTS: "8112" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: qbittorrent-envs +data: + TZ: Europe/Amsterdam + PUID: "1000" + PGID: "1000" + QBT_LEGAL_NOTICE: confirm + QBT_WEBUI_PORT: "8112" diff --git a/k8s-wheatley/qbittorrent/deployments.yaml b/k8s-wheatley/qbittorrent/deployments.yaml new file mode 100644 index 0000000..c2856e5 --- /dev/null +++ b/k8s-wheatley/qbittorrent/deployments.yaml @@ -0,0 +1,103 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: qbittorrent + namespace: qbittorrent + labels: + app: qbittorrent +spec: + replicas: 1 + selector: + matchLabels: + app: qbittorrent + template: + metadata: + labels: + app: qbittorrent + spec: + initContainers: + - name: gluetun + image: ghcr.io/qdm12/gluetun:v3.40.0 + ports: + - name: http + containerPort: 8112 + protocol: TCP + envFrom: + - configMapRef: + name: gluetun-envs + volumeMounts: + - mountPath: /dev/net/tun + name: dev-tun + - mountPath: "/gluetun/wireguard" + name: gluetun-wgconfig + readOnly: true + restartPolicy: Always + readinessProbe: + exec: + command: + - sh + - -c + - "ping -c 1 9.9.9.9" + initialDelaySeconds: 5 + periodSeconds: 3 + timeoutSeconds: 2 + failureThreshold: 3 + livenessProbe: + exec: + command: + - sh + - -c + - "ping -c 1 9.9.9.9" + initialDelaySeconds: 10 + periodSeconds: 15 + timeoutSeconds: 2 + failureThreshold: 3 + securityContext: + seccompProfile: + type: RuntimeDefault + runAsUser: 0 + runAsGroup: 0 + allowPrivilegeEscalation: true + capabilities: + drop: + - "ALL" + add: + - "NET_ADMIN" + containers: + - name: qbittorrent-nox + image: docker.io/qbittorrentofficial/qbittorrent-nox:5.1.2-2 + imagePullPolicy: IfNotPresent + ports: + - containerPort: 8112 + envFrom: + - configMapRef: + name: qbittorrent-envs + volumeMounts: + - mountPath: /config + name: qbittorrent-config + - mountPath: /shared/media + name: nfs-media + securityContext: + seccompProfile: + type: RuntimeDefault + runAsUser: 1000 + runAsGroup: 1000 + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + volumes: + - name: dev-tun + hostPath: + path: /dev/net/tun + type: CharDevice + - name: qbittorrent-config + persistentVolumeClaim: + claimName: qbittorrent-storage + - name: gluetun-wgconfig + secret: + secretName: gluetun-wgconfig + - name: nfs-media + persistentVolumeClaim: + claimName: nfs-media diff --git a/k8s-wheatley/qbittorrent/ingress.yaml b/k8s-wheatley/qbittorrent/ingress.yaml new file mode 100644 index 0000000..4b77fad --- /dev/null +++ b/k8s-wheatley/qbittorrent/ingress.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: qbittorrent-route +spec: + parentRefs: + - name: internal + namespace: kube-system + sectionName: https + hostnames: + - "download.wheatley.in" + rules: + - backendRefs: + - name: qbittorrent + port: 80 diff --git a/k8s-wheatley/qbittorrent/kustomization.yaml b/k8s-wheatley/qbittorrent/kustomization.yaml new file mode 100644 index 0000000..5344b44 --- /dev/null +++ b/k8s-wheatley/qbittorrent/kustomization.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: qbittorrent + +resources: + - configmap.yaml + - deployments.yaml + - ingress.yaml + - pvc.yaml + - secrets.yaml + - services.yaml + - namespace.yaml diff --git a/k8s-wheatley/qbittorrent/namespace.yaml b/k8s-wheatley/qbittorrent/namespace.yaml new file mode 100644 index 0000000..5195fc1 --- /dev/null +++ b/k8s-wheatley/qbittorrent/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: qbittorrent + labels: + pod-security.kubernetes.io/enforce: privileged diff --git a/k8s-wheatley/qbittorrent/pvc.yaml b/k8s-wheatley/qbittorrent/pvc.yaml new file mode 100644 index 0000000..84c2c2f --- /dev/null +++ b/k8s-wheatley/qbittorrent/pvc.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: qbittorrent-storage +spec: + storageClassName: piraeus-lvmthin + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nfs-media +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 40Ti + volumeName: nfs-media-qbittorrent +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: nfs-media-qbittorrent +spec: + capacity: + storage: 40Ti + accessModes: + - ReadWriteMany + nfs: + server: 10.0.69.10 + path: /tank/media + mountOptions: + - vers=4.1 + - rsize=1048576 + - wsize=1048576 + - hard + - timeo=600 + - noatime + persistentVolumeReclaimPolicy: Retain diff --git a/k8s-wheatley/qbittorrent/secrets.yaml b/k8s-wheatley/qbittorrent/secrets.yaml new file mode 100644 index 0000000..145effa --- /dev/null +++ b/k8s-wheatley/qbittorrent/secrets.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: gluetun-wgconfig +spec: + secretStoreRef: + name: vault-wheatley + kind: ClusterSecretStore + target: + name: gluetun-wgconfig + template: + data: + wg0.conf: "{{ .config }}" + data: + - secretKey: config + remoteRef: + key: secrets/managed/qbittorrent/protonvpn-wgconfig + property: config diff --git a/k8s-wheatley/qbittorrent/services.yaml b/k8s-wheatley/qbittorrent/services.yaml new file mode 100644 index 0000000..323409e --- /dev/null +++ b/k8s-wheatley/qbittorrent/services.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: qbittorrent +spec: + selector: + app: qbittorrent + ports: + - port: 80 + protocol: TCP + targetPort: 8112