wheatley/kubernetes
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

feat: Add qBittorrent

Browse source
This commit is contained in:
Peter 2026-01-29 13:57:32 +01:00
parent c5e4a03a08
commit 86d4dc8758
Signed by: Peter
SSH key fingerprint: SHA256:B5tYaxBExaDm74r1px9iVeZ6F/ZDiyiy9SbBqfZYrvg
9 changed files with 270 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

19
k8s-peterg/argocd/applications-wheatley.yaml
View file

@ -155,3 +155,22 @@ spec:
automated: automated:
prune: true prune: true
selfHeal: true selfHeal: true
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: qbittorrent
namespace: argocd
spec:
project: default
source:
repoURL: https://code.peterg.nl/wheatley/kubernetes.git
path: k8s-wheatley/qbittorrent
targetRevision: HEAD
destination:
server: https://10.13.37.10:6443
namespace: qbittorrent
syncPolicy:
automated:
prune: true
selfHeal: true

36
k8s-wheatley/qbittorrent/configmap.yaml Normal file
View file

@ -0,0 +1,36 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: gluetun-envs
data:
TZ: Europe/Amsterdam
VPN_SERVICE_PROVIDER: "custom"
VPN_TYPE: "wireguard"
VPN_PORT_FORWARDING: on
VPN_PORT_FORWARDING_PROVIDER: protonvpn
VPN_PORT_FORWARDING_UP_COMMAND: |
/bin/sh -c '
wget -O- --retry-connrefused \
--post-data "json={\"listen_port\":{{PORT}},\"current_network_interface\":\"{{VPN_INTERFACE}}\",\"random_port\":false,\"upnp\":false}" \
http://127.0.0.1:8112/api/v2/app/setPreferences 2>&1
'
VPN_PORT_FORWARDING_DOWN_COMMAND: |
/bin/sh -c '
wget -O- --retry-connrefused \
--post-data "json={\"listen_port\":0,\"current_network_interface\":\"lo\"}" \
http://127.0.0.1:8112/api/v2/app/setPreferences 2>&1
'
FIREWALL_OUTBOUND_SUBNETS: 10.244.0.0/16,10.96.0.0/12
FIREWALL_INPUT_PORTS: "8112"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: qbittorrent-envs
data:
TZ: Europe/Amsterdam
PUID: "1000"
PGID: "1000"
QBT_LEGAL_NOTICE: confirm
QBT_WEBUI_PORT: "8112"

103
k8s-wheatley/qbittorrent/deployments.yaml Normal file
View file

@ -0,0 +1,103 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: qbittorrent
namespace: qbittorrent
labels:
app: qbittorrent
spec:
replicas: 1
selector:
matchLabels:
app: qbittorrent
template:
metadata:
labels:
app: qbittorrent
spec:
initContainers:
- name: gluetun
image: ghcr.io/qdm12/gluetun:v3.40.0
ports:
- name: http
containerPort: 8112
protocol: TCP
envFrom:
- configMapRef:
name: gluetun-envs
volumeMounts:
- mountPath: /dev/net/tun
name: dev-tun
- mountPath: "/gluetun/wireguard"
name: gluetun-wgconfig
readOnly: true
restartPolicy: Always
readinessProbe:
exec:
command:
- sh
- -c
- "ping -c 1 9.9.9.9"
initialDelaySeconds: 5
periodSeconds: 3
timeoutSeconds: 2
failureThreshold: 3
livenessProbe:
exec:
command:
- sh
- -c
- "ping -c 1 9.9.9.9"
initialDelaySeconds: 10
periodSeconds: 15
timeoutSeconds: 2
failureThreshold: 3
securityContext:
seccompProfile:
type: RuntimeDefault
runAsUser: 0
runAsGroup: 0
allowPrivilegeEscalation: true
capabilities:
drop:
- "ALL"
add:
- "NET_ADMIN"
containers:
- name: qbittorrent-nox
image: docker.io/qbittorrentofficial/qbittorrent-nox:5.1.2-2
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8112
envFrom:
- configMapRef:
name: qbittorrent-envs
volumeMounts:
- mountPath: /config
name: qbittorrent-config
- mountPath: /shared/media
name: nfs-media
securityContext:
seccompProfile:
type: RuntimeDefault
runAsUser: 1000
runAsGroup: 1000
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
volumes:
- name: dev-tun
hostPath:
path: /dev/net/tun
type: CharDevice
- name: qbittorrent-config
persistentVolumeClaim:
claimName: qbittorrent-storage
- name: gluetun-wgconfig
secret:
secretName: gluetun-wgconfig
- name: nfs-media
persistentVolumeClaim:
claimName: nfs-media

16
k8s-wheatley/qbittorrent/ingress.yaml Normal file
View file

@ -0,0 +1,16 @@
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: qbittorrent-route
spec:
parentRefs:
- name: internal
namespace: kube-system
sectionName: https
hostnames:
- "download.wheatley.in"
rules:
- backendRefs:
- name: qbittorrent
port: 80

13
k8s-wheatley/qbittorrent/kustomization.yaml Normal file
View file

@ -0,0 +1,13 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: qbittorrent
resources:
- configmap.yaml
- deployments.yaml
- ingress.yaml
- pvc.yaml
- secrets.yaml
- services.yaml
- namespace.yaml

7
k8s-wheatley/qbittorrent/namespace.yaml Normal file
View file

@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: qbittorrent
labels:
pod-security.kubernetes.io/enforce: privileged

45
k8s-wheatley/qbittorrent/pvc.yaml Normal file
View file

@ -0,0 +1,45 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: qbittorrent-storage
spec:
storageClassName: piraeus-lvmthin
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-media
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 40Ti
volumeName: nfs-media-qbittorrent
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-media-qbittorrent
spec:
capacity:
storage: 40Ti
accessModes:
- ReadWriteMany
nfs:
server: 10.0.69.10
path: /tank/media
mountOptions:
- vers=4.1
- rsize=1048576
- wsize=1048576
- hard
- timeo=600
- noatime
persistentVolumeReclaimPolicy: Retain

19
k8s-wheatley/qbittorrent/secrets.yaml Normal file
View file

@ -0,0 +1,19 @@
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gluetun-wgconfig
spec:
secretStoreRef:
name: vault-wheatley
kind: ClusterSecretStore
target:
name: gluetun-wgconfig
template:
data:
wg0.conf: "{{ .config }}"
data:
- secretKey: config
remoteRef:
key: secrets/managed/qbittorrent/protonvpn-wgconfig
property: config

12
k8s-wheatley/qbittorrent/services.yaml Normal file
View file

@ -0,0 +1,12 @@
---
apiVersion: v1
kind: Service
metadata:
name: qbittorrent
spec:
selector:
app: qbittorrent
ports:
- port: 80
protocol: TCP
targetPort: 8112