diff --git a/.env.example b/.env.example index 200619a..4ba9cc3 100644 --- a/.env.example +++ b/.env.example @@ -34,4 +34,7 @@ DISCORD_TOKEN=your_discord_token_here GUILD_ID=your_discord_guild_id_here # Immich database credentials -IMMICH_POSTGRES_PASSWORD=your_password_here \ No newline at end of file +IMMICH_POSTGRES_PASSWORD=your_password_here + +PIA_USER=your_pia_username_here +PIA_PASSWORD=your_pia_password_here \ No newline at end of file diff --git a/manifests/media/jdownloader.yaml b/manifests/media/jdownloader.yaml index 7c8f06a..110a6e8 100644 --- a/manifests/media/jdownloader.yaml +++ b/manifests/media/jdownloader.yaml @@ -19,6 +19,34 @@ spec: nodeSelector: node-role: storage containers: + - name: gluetun + image: qmcgaw/gluetun:latest + securityContext: + capabilities: + add: + - NET_ADMIN + env: + - name: VPN_SERVICE_PROVIDER + value: private internet access + - name: VPN_TYPE + value: wireguard + - name: SERVER_REGIONS + value: Japan + - name: OPENVPN_USER + valueFrom: + secretKeyRef: + name: pia-credentials + key: OPENVPN_USER + - name: OPENVPN_PASSWORD + valueFrom: + secretKeyRef: + name: pia-credentials + key: OPENVPN_PASSWORD + - name: FIREWALL_OUTBOUND_SUBNETS + value: "10.42.0.0/16,10.43.0.0/16,192.168.7.0/24" + volumeMounts: + - name: tun + mountPath: /dev/net/tun - name: jdownloader image: jlesage/jdownloader-2:latest ports: @@ -70,6 +98,10 @@ spec: http.server.HTTPServer(('0.0.0.0', 9666), Handler).serve_forever() volumes: + - name: tun + hostPath: + path: /dev/net/tun + type: CharDevice - name: config hostPath: path: /data/jdownloader diff --git a/manifests/media/pia-credentials-sealed.yaml b/manifests/media/pia-credentials-sealed.yaml new file mode 100644 index 0000000..24e9cdb --- /dev/null +++ b/manifests/media/pia-credentials-sealed.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: pia-credentials + namespace: downloads +spec: + encryptedData: + OPENVPN_PASSWORD: AgBiXTfKX8k2vSuQELreOXqDvenViIm732zW0BjOzMg5GZE0gnjwkJ6tCX784w1eVql8MVoeH0OuTD9exLW5LgKpff0RYzKBZdJmfoCjxWUcOcVqgWVxm1KoK/HconRDLsWwIWSb6RlE8i7hD0xXvLWbD1swCrSWZOgT1Cf56iG4w0LsWL2WuoRQIFeBHNeOIQsJta4YIYw/Lm37mWAN29SA+tRNoIV+ZQ6sVMc0yS3QCI83xzQicfnTDGmXlakFqMkyknhS5kgWM3EnI5mdl4J0xbZThsLH4Q98wfQmXIHgQp6yT42Mgj/i2ro+iAsFbgLXU+TLvqSRVtXqyXoc3UnyToUUZPWmuja6IVwZKyaWepu6tDZ4/74t86llQsasq//4Z04pqXsLC4lKgk8zOF0r2o658x3or6iveyq9I8e8+4Es/qaF0LBCvGjqnStqC4/MZvtmJ0sYb7/tEWt4O5fvVGNER+KnC1nA3HAzrZA7TLJ19qERtS3ac94oHPYm+yei09UzJBcq/iZoSADdA8dQyKHDUHWXol6Yk83u4VdvksifD7N1eQmztvIgVYjuKU45OsRkvysmZYxotC/UJ9L0ue+2eaeeyb1fWPpytJ49MQkesxznhOJb/+HepImDav0aONN+3u933EAiglEv6zM2Cly6NC6qXz5yuz38nHxJoSvGKqjmbs7oUKUJGlDi7zdrEuJpXtpxpQ== + OPENVPN_USER: AgAlh0nBCMCRoLD8Xl1ChGoavrUSBgm9xSNcqXbLxztmJ5RgicX/Xc8L44XAYQb1ahx+x9hBar4wjaC8YCQikK3QeQlbwayf0AiG/T8C3HmWItqcxwg2+PTsdGEF4iiJPOlCMLxlfmGElZKJQSj0dljlmoxrF1VDyP1qF2qvT/RhgLnGlIh2cah4CeAErxLiwQCMsub7kS4ntDXbPAH+Xl3YYv25EZ3vKP6xyNIfzIQqRgmWob392cEoNe1ESFtCJ/Oyqyx4j5ja0Nd4qnH10gKx+cbUXLf6jJu4zBgFdzu3ylVTGRldJYuaIYvpG4TlSF921oHJCYHkoCHMGniP0+v+RcLHRtbmKld5MMmCdjsjVOWqlsZ7l6zyBxjQRsYZoZbfYr5tsxeVcsGR3oQogeAsjDKyw7CzwxEhtSG4JP0aN1R2f7TaR5Q09k3CI8s2L/iFG9BtbqZ9YZDy17svAnAjn8DQz9f02RVerhyKaeRmukjSIkNTpKWORoMNDGl0tzhfrfhBGD/sVkiku/aQTrmxkt3ke7jm2CK7ZuT8Gy1IL9wKOHpAF9QQwR2TQ5ULIHVL8aqiizlEwbqmDYFwE5amPNcq9jpBuWsVwIt0tZ2H37PyKmvp510s4atJHhqOcoLefRCwRYmZwtTXgOe4gfzI9mBOwf+bceGJSFNvPxCi6NERgS1H9t0S9eoqX8dzEnQT2Dmkpkjjng== + template: + metadata: + name: pia-credentials + namespace: downloads diff --git a/manifests/media/pia-secret.sh b/manifests/media/pia-secret.sh new file mode 100755 index 0000000..77f32dd --- /dev/null +++ b/manifests/media/pia-secret.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env bash +set -euo pipefail +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +source "$SCRIPT_DIR/../../.env" + +kubectl create secret generic pia-credentials \ + --namespace=downloads \ + --from-literal=OPENVPN_USER="${PIA_USER}" \ + --from-literal=OPENVPN_PASSWORD="${PIA_PASSWORD}" \ + --dry-run=client -o yaml \ + | kubeseal \ + --controller-namespace=kube-system \ + --controller-name=sealed-secrets-controller \ + --format=yaml \ + > "$SCRIPT_DIR/pia-credentials-sealed.yaml" + +echo "WWrote $SCRIPT_DIR/pia-credentials-sealed.yaml" \ No newline at end of file diff --git a/manifests/media/qbittorrent.yaml b/manifests/media/qbittorrent.yaml index 0967d42..fdc9174 100644 --- a/manifests/media/qbittorrent.yaml +++ b/manifests/media/qbittorrent.yaml @@ -39,6 +39,34 @@ spec: nodeSelector: node-role: storage containers: + - name: gluetun + image: qmcgaw/gluetun:latest + securityContext: + capabilities: + add: + - NET_ADMIN + env: + - name: VPN_SERVICE_PROVIDER + value: private internet access + - name: VPN_TYPE + value: wireguard + - name: SERVER_REGIONS + value: Japan + - name: OPENVPN_USER + valueFrom: + secretKeyRef: + name: pia-credentials + key: OPENVPN_USER + - name: OPENVPN_PASSWORD + valueFrom: + secretKeyRef: + name: pia-credentials + key: OPENVPN_PASSWORD + - name: FIREWALL_OUTBOUND_SUBNETS + value: "10.42.0.0/16,10.43.0.0/16,192.168.7.0/24" + volumeMounts: + - name: tun + mountPath: /dev/net/tun - name: qbittorrent image: lscr.io/linuxserver/qbittorrent:5.2.0 ports: @@ -58,6 +86,10 @@ spec: - name: torrents mountPath: /mnt/storage/torrents volumes: + - name: tun + hostPath: + path: /dev/net/tun + type: CharDevice - name: config persistentVolumeClaim: claimName: qbittorrent-config