From a3d532de93c358f86d1be699a85bbdd29edc584f Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Sat, 9 May 2026 20:10:51 +0200 Subject: [PATCH 1/9] feat: Add slskd --- k8s-wheatley/qbittorrent/configmap.yaml | 11 +++++ k8s-wheatley/qbittorrent/deployments.yaml | 50 ++++++++++++++++++++- k8s-wheatley/qbittorrent/kustomization.yaml | 2 + k8s-wheatley/qbittorrent/pvc.yaml | 12 +++++ k8s-wheatley/qbittorrent/services.yaml | 12 +++++ 5 files changed, 85 insertions(+), 2 deletions(-) diff --git a/k8s-wheatley/qbittorrent/configmap.yaml b/k8s-wheatley/qbittorrent/configmap.yaml index 61c614d..847eb11 100644 --- a/k8s-wheatley/qbittorrent/configmap.yaml +++ b/k8s-wheatley/qbittorrent/configmap.yaml @@ -43,6 +43,17 @@ data: --- apiVersion: v1 kind: ConfigMap +metadata: + name: slskd-envs +data: + TZ: Europe/Amsterdam + PUID: "1000" + PGID: "1000" + SLSKD_HEADLESS: "true" + SLSKD_REMOTE_CONFIGURATION: "true" +--- +apiVersion: v1 +kind: ConfigMap metadata: name: unpackerr-envs data: diff --git a/k8s-wheatley/qbittorrent/deployments.yaml b/k8s-wheatley/qbittorrent/deployments.yaml index 5dba05a..1494284 100644 --- a/k8s-wheatley/qbittorrent/deployments.yaml +++ b/k8s-wheatley/qbittorrent/deployments.yaml @@ -21,16 +21,19 @@ spec: - name: gluetun image: ghcr.io/qdm12/gluetun ports: - - name: http + - name: qbittorrent-http containerPort: 8112 protocol: TCP + - name: slskd-http + containerPort: 5030 + protocol: TCP envFrom: - configMapRef: name: gluetun-envs volumeMounts: - mountPath: /dev/net/tun name: dev-tun - - mountPath: "/gluetun/wireguard" + - mountPath: /gluetun/wireguard name: gluetun-wgconfig readOnly: true - name: gluetun-scripts @@ -119,6 +122,46 @@ spec: capabilities: drop: - "ALL" + - name: slskd + image: docker.io/slskd/slskd + imagePullPolicy: IfNotPresent + envFrom: + - configMapRef: + name: slskd-envs + volumeMounts: + - mountPath: /config + name: slskd-config + - mountPath: /shared/media/downloads + name: nfs-media + securityContext: + seccompProfile: + type: RuntimeDefault + runAsUser: 1000 + runAsGroup: 1000 + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + - name: unpackerr + image: golift/unpackerr + imagePullPolicy: IfNotPresent + envFrom: + - configMapRef: + name: unpackerr-envs + - secretRef: + name: unpackerr-env-secrets + volumeMounts: + - mountPath: /shared/media/downloads + name: nfs-media + securityContext: + seccompProfile: + type: RuntimeDefault + runAsUser: 1000 + runAsGroup: 1000 + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" volumes: - name: dev-tun hostPath: @@ -127,6 +170,9 @@ spec: - name: qbittorrent-config persistentVolumeClaim: claimName: qbittorrent-storage + - name: slskd-config + persistentVolumeClaim: + claimName: slskd-storage - name: gluetun-wgconfig secret: secretName: gluetun-wgconfig diff --git a/k8s-wheatley/qbittorrent/kustomization.yaml b/k8s-wheatley/qbittorrent/kustomization.yaml index 68bd0ef..1191c7f 100644 --- a/k8s-wheatley/qbittorrent/kustomization.yaml +++ b/k8s-wheatley/qbittorrent/kustomization.yaml @@ -37,3 +37,5 @@ images: newTag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab - name: docker.io/qbittorrentofficial/qbittorrent-nox newTag: 5.1.4-2@sha256:85fe2690f418dabffc4907276b3cdffcb7880c7114157b32f932d3b97bac45af + - name: docker.io/slskd/slskd + newTag: 0.25.1 diff --git a/k8s-wheatley/qbittorrent/pvc.yaml b/k8s-wheatley/qbittorrent/pvc.yaml index c352b02..4500768 100644 --- a/k8s-wheatley/qbittorrent/pvc.yaml +++ b/k8s-wheatley/qbittorrent/pvc.yaml @@ -10,3 +10,15 @@ spec: resources: requests: storage: 5Gi +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: slskd-storage +spec: + storageClassName: piraeus-lvmthin + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi diff --git a/k8s-wheatley/qbittorrent/services.yaml b/k8s-wheatley/qbittorrent/services.yaml index 323409e..79ffba4 100644 --- a/k8s-wheatley/qbittorrent/services.yaml +++ b/k8s-wheatley/qbittorrent/services.yaml @@ -10,3 +10,15 @@ spec: - port: 80 protocol: TCP targetPort: 8112 +--- +apiVersion: v1 +kind: Service +metadata: + name: slskd +spec: + selector: + app: slskd + ports: + - port: 80 + protocol: TCP + targetPort: 8112 From 96f08c8dfdbf6a3d99ccb24a2c763a15790d2fd1 Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Sat, 9 May 2026 20:14:02 +0200 Subject: [PATCH 2/9] fix: Shorten portname --- k8s-wheatley/qbittorrent/deployments.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s-wheatley/qbittorrent/deployments.yaml b/k8s-wheatley/qbittorrent/deployments.yaml index 1494284..132fd69 100644 --- a/k8s-wheatley/qbittorrent/deployments.yaml +++ b/k8s-wheatley/qbittorrent/deployments.yaml @@ -21,7 +21,7 @@ spec: - name: gluetun image: ghcr.io/qdm12/gluetun ports: - - name: qbittorrent-http + - name: qbit-http containerPort: 8112 protocol: TCP - name: slskd-http From 85af131c883620e6cd1942e125fe11b81db9b7f7 Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Sat, 9 May 2026 20:16:36 +0200 Subject: [PATCH 3/9] fix: Set less strict securityContext for slskd --- k8s-wheatley/qbittorrent/deployments.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/k8s-wheatley/qbittorrent/deployments.yaml b/k8s-wheatley/qbittorrent/deployments.yaml index 132fd69..01f61ff 100644 --- a/k8s-wheatley/qbittorrent/deployments.yaml +++ b/k8s-wheatley/qbittorrent/deployments.yaml @@ -136,12 +136,14 @@ spec: securityContext: seccompProfile: type: RuntimeDefault - runAsUser: 1000 - runAsGroup: 1000 allowPrivilegeEscalation: false capabilities: drop: - "ALL" + add: + - "CHOWN" + - "SETUID" + - "SETGID" - name: unpackerr image: golift/unpackerr imagePullPolicy: IfNotPresent From e3e9e3b6e79385376f8cdb417aa0a492ebf3ac05 Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Sat, 9 May 2026 20:21:01 +0200 Subject: [PATCH 4/9] fix: Set correct app port --- k8s-wheatley/qbittorrent/services.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s-wheatley/qbittorrent/services.yaml b/k8s-wheatley/qbittorrent/services.yaml index 79ffba4..757bb5e 100644 --- a/k8s-wheatley/qbittorrent/services.yaml +++ b/k8s-wheatley/qbittorrent/services.yaml @@ -17,8 +17,8 @@ metadata: name: slskd spec: selector: - app: slskd + app: qbittorrent ports: - port: 80 protocol: TCP - targetPort: 8112 + targetPort: 5030 From d37318dbd5dc44c3ed04145cbb6df5a2265aecc0 Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Sat, 9 May 2026 20:26:40 +0200 Subject: [PATCH 5/9] feat: Add ingress --- k8s-wheatley/qbittorrent/ingress.yaml | 43 +++++++++++++++++++++ k8s-wheatley/qbittorrent/kustomization.yaml | 1 - k8s-wheatley/qbittorrent/services.yaml | 24 ------------ 3 files changed, 43 insertions(+), 25 deletions(-) delete mode 100644 k8s-wheatley/qbittorrent/services.yaml diff --git a/k8s-wheatley/qbittorrent/ingress.yaml b/k8s-wheatley/qbittorrent/ingress.yaml index 4b77fad..3721371 100644 --- a/k8s-wheatley/qbittorrent/ingress.yaml +++ b/k8s-wheatley/qbittorrent/ingress.yaml @@ -14,3 +14,46 @@ spec: - backendRefs: - name: qbittorrent port: 80 + +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: qbittorrent-route +spec: + parentRefs: + - name: internal + namespace: kube-system + sectionName: https + hostnames: + - "slskd.wheatley.in" + rules: + - backendRefs: + - name: slskd + port: 80 + +--- +apiVersion: v1 +kind: Service +metadata: + name: qbittorrent +spec: + selector: + app: qbittorrent + ports: + - port: 80 + protocol: TCP + targetPort: 8112 + +--- +apiVersion: v1 +kind: Service +metadata: + name: slskd +spec: + selector: + app: qbittorrent + ports: + - port: 80 + protocol: TCP + targetPort: 5030 diff --git a/k8s-wheatley/qbittorrent/kustomization.yaml b/k8s-wheatley/qbittorrent/kustomization.yaml index 1191c7f..dfe93b6 100644 --- a/k8s-wheatley/qbittorrent/kustomization.yaml +++ b/k8s-wheatley/qbittorrent/kustomization.yaml @@ -10,7 +10,6 @@ resources: - ingress.yaml - pvc.yaml - secrets.yaml - - services.yaml - namespace.yaml patches: diff --git a/k8s-wheatley/qbittorrent/services.yaml b/k8s-wheatley/qbittorrent/services.yaml deleted file mode 100644 index 757bb5e..0000000 --- a/k8s-wheatley/qbittorrent/services.yaml +++ /dev/null @@ -1,24 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: qbittorrent -spec: - selector: - app: qbittorrent - ports: - - port: 80 - protocol: TCP - targetPort: 8112 ---- -apiVersion: v1 -kind: Service -metadata: - name: slskd -spec: - selector: - app: qbittorrent - ports: - - port: 80 - protocol: TCP - targetPort: 5030 From 1271ce3e91360598b10c79b3d755ab37ff7c9b8d Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Sat, 9 May 2026 20:27:44 +0200 Subject: [PATCH 6/9] fix: Use unique httproute name --- k8s-wheatley/qbittorrent/ingress.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s-wheatley/qbittorrent/ingress.yaml b/k8s-wheatley/qbittorrent/ingress.yaml index 3721371..e599673 100644 --- a/k8s-wheatley/qbittorrent/ingress.yaml +++ b/k8s-wheatley/qbittorrent/ingress.yaml @@ -19,7 +19,7 @@ spec: apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: - name: qbittorrent-route + name: slskd-route spec: parentRefs: - name: internal From ea84f908d2b14bc14b72f137091b9d7e8466541f Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Sat, 9 May 2026 21:00:11 +0200 Subject: [PATCH 7/9] feat: Enable Gluetun API --- k8s-wheatley/qbittorrent/configmap.yaml | 3 ++ k8s-wheatley/qbittorrent/deployments.yaml | 22 ++------------ k8s-wheatley/qbittorrent/secrets.yaml | 35 +++++++++++++++++++++++ 3 files changed, 40 insertions(+), 20 deletions(-) diff --git a/k8s-wheatley/qbittorrent/configmap.yaml b/k8s-wheatley/qbittorrent/configmap.yaml index 847eb11..68e2270 100644 --- a/k8s-wheatley/qbittorrent/configmap.yaml +++ b/k8s-wheatley/qbittorrent/configmap.yaml @@ -51,6 +51,9 @@ data: PGID: "1000" SLSKD_HEADLESS: "true" SLSKD_REMOTE_CONFIGURATION: "true" + SLSKD_VPN: "true" + SLSKD_VPN_PORT_FORWARDING: "true" + SLSKD_VPN_GLUETUN_URL: http://localhost:8000 --- apiVersion: v1 kind: ConfigMap diff --git a/k8s-wheatley/qbittorrent/deployments.yaml b/k8s-wheatley/qbittorrent/deployments.yaml index 01f61ff..df3b2e7 100644 --- a/k8s-wheatley/qbittorrent/deployments.yaml +++ b/k8s-wheatley/qbittorrent/deployments.yaml @@ -30,6 +30,8 @@ spec: envFrom: - configMapRef: name: gluetun-envs + - secretRef: + name: gluetun-env-secrets volumeMounts: - mountPath: /dev/net/tun name: dev-tun @@ -144,26 +146,6 @@ spec: - "CHOWN" - "SETUID" - "SETGID" - - name: unpackerr - image: golift/unpackerr - imagePullPolicy: IfNotPresent - envFrom: - - configMapRef: - name: unpackerr-envs - - secretRef: - name: unpackerr-env-secrets - volumeMounts: - - mountPath: /shared/media/downloads - name: nfs-media - securityContext: - seccompProfile: - type: RuntimeDefault - runAsUser: 1000 - runAsGroup: 1000 - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" volumes: - name: dev-tun hostPath: diff --git a/k8s-wheatley/qbittorrent/secrets.yaml b/k8s-wheatley/qbittorrent/secrets.yaml index 5e7e3bc..4a5078a 100644 --- a/k8s-wheatley/qbittorrent/secrets.yaml +++ b/k8s-wheatley/qbittorrent/secrets.yaml @@ -17,6 +17,41 @@ spec: remoteRef: key: secrets/managed/qbittorrent/protonvpn-wgconfig property: config + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: gluetun-env-secrets +spec: + secretStoreRef: + name: vault-wheatley + kind: ClusterSecretStore + target: + name: slskd-env-secrets + data: + - secretKey: SLSKD_VPN_GLUETUN_API_KEY + remoteRef: + key: secrets/managed/qbittorrent/slskd-env-secrets + property: GLUETUN_API_KEY + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: gluetun-env-secrets +spec: + secretStoreRef: + name: vault-wheatley + kind: ClusterSecretStore + target: + name: gluetun-env-secrets + data: + - secretKey: HTTP_CONTROL_SERVER_AUTH_DEFAULT_ROLE + remoteRef: + key: secrets/managed/qbittorrent/gluetun-env-secrets + property: HTTP_CONTROL_SERVER_AUTH_DEFAULT_ROLE + --- apiVersion: external-secrets.io/v1 kind: ExternalSecret From b3565458c9f800639424cbe25f32bd1e9313a96b Mon Sep 17 00:00:00 2001 From: pgijsbertsen <117165507+pgijsbertsen@users.noreply.github.com> Date: Sat, 9 May 2026 21:01:18 +0200 Subject: [PATCH 8/9] fix: Use unique name --- k8s-wheatley/qbittorrent/secrets.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/k8s-wheatley/qbittorrent/secrets.yaml b/k8s-wheatley/qbittorrent/secrets.yaml index 4a5078a..96318e9 100644 --- a/k8s-wheatley/qbittorrent/secrets.yaml +++ b/k8s-wheatley/qbittorrent/secrets.yaml @@ -22,7 +22,7 @@ spec: apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: gluetun-env-secrets + name: slskd-env-secrets spec: secretStoreRef: name: vault-wheatley From 73e2d721148b3774b36c23efcebfe95c52cc5a4b Mon Sep 17 00:00:00 2001 From: Renovate Date: Sat, 9 May 2026 19:02:58 +0000 Subject: [PATCH 9/9] chore(deps): pin dependencies --- k8s-peterg/argo-workflows/values.yaml | 2 +- k8s-wheatley/qbittorrent/kustomization.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/k8s-peterg/argo-workflows/values.yaml b/k8s-peterg/argo-workflows/values.yaml index 26b8dcf..c0b32b5 100644 --- a/k8s-peterg/argo-workflows/values.yaml +++ b/k8s-peterg/argo-workflows/values.yaml @@ -155,7 +155,7 @@ server: # -- Repository to use for the server repository: argoproj/argocli # -- Image tag for the Argo Workflows server. Defaults to `.Values.images.tag`. - tag: "" + tag: "@sha256:4bd385f07e5245fb7028923cc03fc47515623f553a7e4ffcdd66fb3009133f15" rbac: # -- Adds Role and RoleBinding for the server. create: true diff --git a/k8s-wheatley/qbittorrent/kustomization.yaml b/k8s-wheatley/qbittorrent/kustomization.yaml index dfe93b6..f9a91b3 100644 --- a/k8s-wheatley/qbittorrent/kustomization.yaml +++ b/k8s-wheatley/qbittorrent/kustomization.yaml @@ -37,4 +37,4 @@ images: - name: docker.io/qbittorrentofficial/qbittorrent-nox newTag: 5.1.4-2@sha256:85fe2690f418dabffc4907276b3cdffcb7880c7114157b32f932d3b97bac45af - name: docker.io/slskd/slskd - newTag: 0.25.1 + newTag: 0.25.1@sha256:ab9ed50e028b524cefdb7c1dd8ebca368a076e18441ee8ac2326473eb850b4c3