diff --git a/charts/aquisition/templates/deployment.yaml b/charts/aquisition/templates/deployment.yaml index 45900f0..d7ef0cd 100644 --- a/charts/aquisition/templates/deployment.yaml +++ b/charts/aquisition/templates/deployment.yaml @@ -41,6 +41,9 @@ spec: - name: firewall-rules mountPath: /iptables/post-rules.txt subPath: post-rules.txt + - name: gluetun-config + mountPath: /etc/gluetun.toml + subPath: config.toml {{- if .Values.vpn.socks.enabled }} ports: - name: socks @@ -57,6 +60,9 @@ spec: - secretRef: name: {{ .Values.vpn.credentialsSecretRef | quote }} optional: false + env: + - name: HTTP_CONTROL_SERVER_AUTH_CONFIG_FILEPATH + value: "/etc/gluetun.toml" containers: # PostgresQL can be configured via environment: Sonarr:Postgres - name: sonarr @@ -198,6 +204,10 @@ spec: items: - key: qBittorrent.conf path: qBittorrent.conf + - name: gluetun-config + secret: + secretName: gluetun-config + optional: false {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/aquisition/values.yaml b/charts/aquisition/values.yaml index 2bed8a7..4b1f858 100644 --- a/charts/aquisition/values.yaml +++ b/charts/aquisition/values.yaml @@ -64,6 +64,13 @@ vpn: type: ClusterIP port: 8388 + # Additional environment variables to add + extra: + PORT_FORWARD_ONLY: "on" + VPN_PORT_FORWARDING: "on" + # Only needed for Wireguard + # VPN_PORT_FORWARDING_PROVIDER: "protonvpn" + # Extra firewall rules. Each line is an invocation of `iptables` firewall: # This accepts local traffic destined for the ShadowSOCKS proxy. @@ -80,7 +87,7 @@ vpn: # VPN mode: openvpn or wireguard mode: "openvpn" # VPN provider (must be supported by gluetun) - provider: "nordvpn" + provider: "protonvpn" # The name of a secret containing the VPN credentials. # If the VPN mode is `openvpn`, the secret must contain two keys: diff --git a/infra/examples/secrets/gluetun-config.yaml b/infra/examples/secrets/gluetun-config.yaml new file mode 100644 index 0000000..c0b5757 --- /dev/null +++ b/infra/examples/secrets/gluetun-config.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + name: gluetun-config + namespace: media +type: Opaque +stringData: + config.toml: | + [[roles]] + name = "qbittorrent" + routes = ["GET /v1/openvpn/portforwarded"] + auth = "basic" + username = "qbt" + password = "REDACTED" \ No newline at end of file diff --git a/infra/examples/secrets/gluetun-vpn-credentials.yaml b/infra/examples/secrets/gluetun-vpn-credentials.yaml index 48216cd..152cdc0 100755 --- a/infra/examples/secrets/gluetun-vpn-credentials.yaml +++ b/infra/examples/secrets/gluetun-vpn-credentials.yaml @@ -2,10 +2,10 @@ apiVersion: v1 kind: Secret metadata: name: gluetun-vpn-credentials - namespace: aquisition + namespace: media type: Opaque stringData: - OPENVPN_USER: REDACTED + OPENVPN_USER: REDACTED+pmp OPENVPN_PASSWORD: REDACTED SHADOWSOCKS_PASSWORD: REDACTED diff --git a/infra/k8s/catalog/templates/aquisition.yaml b/infra/k8s/catalog/templates/aquisition.yaml index 4d3f15f..3bb83cb 100644 --- a/infra/k8s/catalog/templates/aquisition.yaml +++ b/infra/k8s/catalog/templates/aquisition.yaml @@ -22,10 +22,11 @@ spec: size: 1Ti vpn: mode: "openvpn" - provider: "nordvpn" - countries: "Switzerland, Spain" + provider: "protonvpn" + countries: "Switzerland" extra: - SERVER_CATEGORIES: "P2P" + PORT_FORWARD_ONLY: "on" + VPN_PORT_FORWARDING: "on" path: charts/aquisition repoURL: {{ .Values.spec.source.repoURL }} targetRevision: {{ .Values.spec.source.targetRevision }}