add qui

clusters/cl01tl/applications/homepage/values.yaml

@@ -627,6 +627,12 @@ homepage:
                   siteMonitor: http://slskd.slskd:5030
                   statusStyle: dot
           - Services (Servarr):
+              - qUI:
+                  icon: https://raw.githubusercontent.com/autobrr/qui/8487c818886df9abb2b1456f43b54e0ba180a2bd/web/public/icons.svg
+                  description: Qbitorrent UI
+                  href: https://qui.alexlebens.net
+                  siteMonitor: http://qui.qbittorrent:80
+                  statusStyle: dot
               - qBittorrent:
                   icon: sh-qbittorrent.webp
                   description: P2P Downloads

clusters/cl01tl/platform/qbittorrent/Chart.yaml

@@ -27,4 +27,4 @@ dependencies:
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.3.0
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/qbittorrent.png
-appVersion: 5.1.0
+appVersion: 5.1.2

clusters/cl01tl/platform/qbittorrent/templates/external-secret.yaml

@@ -42,3 +42,33 @@ spec:
         key: /cl01tl/qbittorrent/qbit-manage
         metadataPolicy: None
         property: ntfy-url
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: qui-oidc-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: qui-oidc-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: secret
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /authentik/oidc/qui
+        metadataPolicy: None
+        property: secret
+    - secretKey: key
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /authentik/oidc/qui
+        metadataPolicy: None
+        property: client

clusters/cl01tl/platform/qbittorrent/templates/http-route.yaml

@@ -26,3 +26,33 @@ spec:
           name: qbittorrent
           port: 8080
           weight: 100
+
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: http-route-qui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: http-route-qui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  parentRefs:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      name: traefik-gateway
+      namespace: traefik
+  hostnames:
+    - qui.alexlebens.net
+  rules:
+    - matches:
+      - path:
+          type: PathPrefix
+          value: /
+      backendRefs:
+        - group: ''
+          kind: Service
+          name: qui
+          port: 80
+          weight: 100

clusters/cl01tl/platform/qbittorrent/templates/service-monitor.yaml

@@ -40,3 +40,25 @@ spec:
       app.kubernetes.io/service: qbittorrent-qbit-manage
       app.kubernetes.io/name: {{ .Release.Name }}
       app.kubernetes.io/instance: {{ .Release.Name }}
+
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: qbittorrent-qui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: qbittorrent-qui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  endpoints:
+    - port: metrics
+      interval: 30s
+      scrapeTimeout: 15s
+      path: /metrics
+  selector:
+    matchLabels:
+      app.kubernetes.io/service: qbittorrent-qui
+      app.kubernetes.io/name: {{ .Release.Name }}
+      app.kubernetes.io/instance: {{ .Release.Name }}

clusters/cl01tl/platform/qbittorrent/values.yaml

@@ -177,6 +177,40 @@ qbittorrent:
             requests:
               cpu: 10m
               memory: 128Mi
+    qui:
+      type: deployment
+      replicas: 1
+      strategy: Recreate
+      revisionHistoryLimit: 3
+      containers:
+        qui:
+          image:
+            repository: ghcr.io/autobrr/qui
+            tag: v1.4.0
+            pullPolicy: IfNotPresent
+          env:
+            - name: QUI__METRICS_ENABLED
+              value: true
+            - name: QUI__OIDC_ENABLED
+              value: true
+            - name: QUI__OIDC_ISSUER
+              value: https://auth.alexlebens.dev/application/o/qui/
+            - name: QUI__OIDC_CLIENT_ID
+              valueFrom:
+                secretKeyRef:
+                  name: qui-oidc-secret
+                  key: client
+            - name: QUI__OIDC_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: qui-oidc-secret
+                  key: secret
+            - name: QUI__OIDC_DISABLE_BUILT_IN_LOGIN
+              value: false
+          resources:
+            requests:
+              cpu: 10m
+              memory: 128Mi
   service:
     main:
       controller: main
@@ -201,6 +235,17 @@ qbittorrent:
           port: 8000
           targetPort: 8000
           protocol: HTTP
+    qui:
+      controller: qui
+      ports:
+        http:
+          port: 80
+          targetPort: 7476
+          protocol: HTTP
+        metrics:
+          port: 9074
+          targetPort: 9074
+          protocol: HTTP
   persistence:
     config:
       type: persistentVolumeClaim
@@ -270,6 +315,16 @@ qbittorrent:
           qbit-manage:
             - path: /app/var
               readOnly: false
+    qui-config-data:
+      storageClass: ceph-block
+      accessMode: ReadWriteOnce
+      size: 1Gi
+      retain: true
+      advancedMounts:
+        qui:
+          iqui:
+            - path: /config
+              readOnly: false
     storage:
       type: persistentVolumeClaim
       existingClaim: qbittorrent-nfs-storage

clusters/cl01tl/services/blocky/values.yaml

@@ -147,6 +147,7 @@ blocky:
               prometheus                      IN      CNAME   traefik-cl01tl
               prowlarr                        IN      CNAME   traefik-cl01tl
               qbittorrent                     IN      CNAME   traefik-cl01tl
+              qui                             IN      CNAME   traefik-cl01tl
               radarr                          IN      CNAME   traefik-cl01tl
               radarr-4k                       IN      CNAME   traefik-cl01tl
               radarr-anime                    IN      CNAME   traefik-cl01tl

hosts/ps08rp/blocky/config.yml

@@ -123,6 +123,7 @@ customDNS:
     prometheus                      IN      CNAME   traefik-cl01tl
     prowlarr                        IN      CNAME   traefik-cl01tl
     qbittorrent                     IN      CNAME   traefik-cl01tl
+    qui                             IN      CNAME   traefik-cl01tl
     radarr                          IN      CNAME   traefik-cl01tl
     radarr-4k                       IN      CNAME   traefik-cl01tl
     radarr-anime                    IN      CNAME   traefik-cl01tl

hosts/ps09rp/blocky/config.yml

@@ -123,6 +123,7 @@ customDNS:
     prometheus                      IN      CNAME   traefik-cl01tl
     prowlarr                        IN      CNAME   traefik-cl01tl
     qbittorrent                     IN      CNAME   traefik-cl01tl
+    qui                             IN      CNAME   traefik-cl01tl
     radarr                          IN      CNAME   traefik-cl01tl
     radarr-4k                       IN      CNAME   traefik-cl01tl
     radarr-anime                    IN      CNAME   traefik-cl01tl