diff --git a/clusters/cl01tl/manifests/music-grabber/Deployment-music-grabber.yaml b/clusters/cl01tl/manifests/music-grabber/Deployment-music-grabber.yaml index e1b23441f..f01231c54 100644 --- a/clusters/cl01tl/manifests/music-grabber/Deployment-music-grabber.yaml +++ b/clusters/cl01tl/manifests/music-grabber/Deployment-music-grabber.yaml @@ -34,69 +34,6 @@ spec: hostPID: false dnsPolicy: ClusterFirst containers: - - env: - - name: VPN_SERVICE_PROVIDER - value: protonvpn - - name: VPN_TYPE - value: wireguard - - name: WIREGUARD_PRIVATE_KEY - valueFrom: - secretKeyRef: - key: private-key - name: music-grabber-wireguard-conf - - name: UPDATER_PROTONVPN_EMAIL - valueFrom: - secretKeyRef: - key: proton-email - name: music-grabber-wireguard-conf - - name: UPDATER_PROTONVPN_PASSWORD - valueFrom: - secretKeyRef: - key: proton-password - name: music-grabber-wireguard-conf - - name: FIREWALL_OUTBOUND_SUBNETS - value: 10.0.0.0/8 - - name: FIREWALL_INPUT_PORTS - value: "8080" - - name: DNS_UPSTREAM_RESOLVER_TYPE - value: dot - - name: HTTPPROXY - value: "off" - - name: SHADOWSOCKS - value: "off" - image: ghcr.io/qdm12/gluetun:v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab - imagePullPolicy: IfNotPresent - lifecycle: - postStart: - exec: - command: - - /bin/sh - - -c - - (ip rule del table 51820; ip -6 rule del table 51820) || true - livenessProbe: - exec: - command: - - /gluetun-entrypoint - - healthcheck - failureThreshold: 5 - initialDelaySeconds: 30 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 15 - name: gluetun - resources: - limits: - devic.es/tun: "1" - requests: - cpu: 10m - devic.es/tun: "1" - memory: 128Mi - securityContext: - capabilities: - add: - - NET_ADMIN - - SYS_MODULE - privileged: true - env: - name: MUSIC_DIR value: /mnt/store/Music Grabber/ diff --git a/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-wireguard-conf.yaml b/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-wireguard-conf.yaml index edc5fa2b3..dea36b241 100644 --- a/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-wireguard-conf.yaml +++ b/clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-wireguard-conf.yaml @@ -16,20 +16,27 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None property: private-key - - secretKey: proton-email + - secretKey: preshared-key remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None - property: email - - secretKey: proton-password + property: preshared-key + - secretKey: addresses remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None - property: password + property: addresses + - secretKey: input-ports + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /airvpn/conf/cl01tl + metadataPolicy: None + property: input-ports diff --git a/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-main.yaml b/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-main.yaml index 20665aae7..6a6ffa5c0 100644 --- a/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-main.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/Deployment-qbittorrent-main.yaml @@ -69,7 +69,7 @@ spec: memory: 64Mi - env: - name: VPN_SERVICE_PROVIDER - value: protonvpn + value: airvpn - name: VPN_TYPE value: wireguard - name: WIREGUARD_PRIVATE_KEY @@ -77,20 +77,23 @@ spec: secretKeyRef: key: private-key name: qbittorrent-wireguard-conf - - name: UPDATER_PROTONVPN_EMAIL + - name: WIREGUARD_PRESHARED_KEY valueFrom: secretKeyRef: - key: proton-email + key: preshared-key name: qbittorrent-wireguard-conf - - name: UPDATER_PROTONVPN_PASSWORD + - name: WIREGUARD_ADDRESSES valueFrom: secretKeyRef: - key: proton-password + key: addresses name: qbittorrent-wireguard-conf - name: VPN_PORT_FORWARDING value: "on" - - name: VPN_PORT_FORWARDING_UP_COMMAND - value: /bin/sh -c "/gluetun/update.sh {{PORTS}}" + - name: FIREWALL_VPN_INPUT_PORTS + valueFrom: + secretKeyRef: + key: input-ports + name: qbittorrent-wireguard-conf - name: PORT_FORWARD_ONLY value: "on" - name: FIREWALL_OUTBOUND_SUBNETS diff --git a/clusters/cl01tl/manifests/qbittorrent/ExternalSecret-qbittorrent-wireguard-conf.yaml b/clusters/cl01tl/manifests/qbittorrent/ExternalSecret-qbittorrent-wireguard-conf.yaml index 54b64766e..abdd30499 100644 --- a/clusters/cl01tl/manifests/qbittorrent/ExternalSecret-qbittorrent-wireguard-conf.yaml +++ b/clusters/cl01tl/manifests/qbittorrent/ExternalSecret-qbittorrent-wireguard-conf.yaml @@ -16,20 +16,27 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None property: private-key - - secretKey: proton-email + - secretKey: preshared-key remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None - property: email - - secretKey: proton-password + property: preshared-key + - secretKey: addresses remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None - property: password + property: addresses + - secretKey: input-ports + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /airvpn/conf/cl01tl + metadataPolicy: None + property: input-ports diff --git a/clusters/cl01tl/manifests/slskd/Deployment-slskd-main.yaml b/clusters/cl01tl/manifests/slskd/Deployment-slskd-main.yaml index 3da85c7a5..fd5f1b94b 100644 --- a/clusters/cl01tl/manifests/slskd/Deployment-slskd-main.yaml +++ b/clusters/cl01tl/manifests/slskd/Deployment-slskd-main.yaml @@ -53,30 +53,37 @@ spec: containers: - env: - name: VPN_SERVICE_PROVIDER - value: protonvpn + value: airvpn - name: VPN_TYPE value: wireguard - name: WIREGUARD_PRIVATE_KEY valueFrom: secretKeyRef: key: private-key - name: slskd-wireguard-conf - - name: UPDATER_PROTONVPN_EMAIL + name: qbittorrent-wireguard-conf + - name: WIREGUARD_PRESHARED_KEY valueFrom: secretKeyRef: - key: proton-email - name: slskd-wireguard-conf - - name: UPDATER_PROTONVPN_PASSWORD + key: preshared-key + name: qbittorrent-wireguard-conf + - name: WIREGUARD_ADDRESSES valueFrom: secretKeyRef: - key: proton-password - name: slskd-wireguard-conf + key: addresses + name: qbittorrent-wireguard-conf - name: VPN_PORT_FORWARDING value: "on" + - name: FIREWALL_VPN_INPUT_PORTS + valueFrom: + secretKeyRef: + key: input-ports + name: qbittorrent-wireguard-conf - name: PORT_FORWARD_ONLY value: "on" - name: FIREWALL_OUTBOUND_SUBNETS value: 192.168.1.0/24,10.244.0.0/16 + - name: FIREWALL_OUTBOUND_SUBNETS + value: 192.168.1.0/24,10.244.0.0/16 - name: FIREWALL_INPUT_PORTS value: 5030,50300 - name: DNS_UPSTREAM_RESOLVER_TYPE diff --git a/clusters/cl01tl/manifests/slskd/ExternalSecret-slskd-wireguard-conf.yaml b/clusters/cl01tl/manifests/slskd/ExternalSecret-slskd-wireguard-conf.yaml index 8dff0d0ae..928964781 100644 --- a/clusters/cl01tl/manifests/slskd/ExternalSecret-slskd-wireguard-conf.yaml +++ b/clusters/cl01tl/manifests/slskd/ExternalSecret-slskd-wireguard-conf.yaml @@ -16,20 +16,27 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None property: private-key - - secretKey: proton-email + - secretKey: preshared-key remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None - property: email - - secretKey: proton-password + property: preshared-key + - secretKey: addresses remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None - property: password + property: addresses + - secretKey: input-ports + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /airvpn/conf/cl01tl + metadataPolicy: None + property: input-ports diff --git a/clusters/cl01tl/manifests/tubearchivist/Deployment-tubearchivist.yaml b/clusters/cl01tl/manifests/tubearchivist/Deployment-tubearchivist.yaml index 9559e2f7d..eb9e293b4 100644 --- a/clusters/cl01tl/manifests/tubearchivist/Deployment-tubearchivist.yaml +++ b/clusters/cl01tl/manifests/tubearchivist/Deployment-tubearchivist.yaml @@ -39,7 +39,7 @@ spec: name: bgutil - env: - name: VPN_SERVICE_PROVIDER - value: protonvpn + value: airvpn - name: VPN_TYPE value: wireguard - name: WIREGUARD_PRIVATE_KEY @@ -47,15 +47,15 @@ spec: secretKeyRef: key: private-key name: tubearchivist-wireguard-conf - - name: UPDATER_PROTONVPN_EMAIL + - name: WIREGUARD_PRESHARED_KEY valueFrom: secretKeyRef: - key: proton-email + key: preshared-key name: tubearchivist-wireguard-conf - - name: UPDATER_PROTONVPN_PASSWORD + - name: WIREGUARD_ADDRESSES valueFrom: secretKeyRef: - key: proton-password + key: addresses name: tubearchivist-wireguard-conf - name: FIREWALL_OUTBOUND_SUBNETS value: 10.0.0.0/8 diff --git a/clusters/cl01tl/manifests/tubearchivist/ExternalSecret-tubearchivist-wireguard-conf.yaml b/clusters/cl01tl/manifests/tubearchivist/ExternalSecret-tubearchivist-wireguard-conf.yaml index 5d98c595c..25a39e5fb 100644 --- a/clusters/cl01tl/manifests/tubearchivist/ExternalSecret-tubearchivist-wireguard-conf.yaml +++ b/clusters/cl01tl/manifests/tubearchivist/ExternalSecret-tubearchivist-wireguard-conf.yaml @@ -16,20 +16,27 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None property: private-key - - secretKey: proton-email + - secretKey: preshared-key remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None - property: email - - secretKey: proton-password + property: preshared-key + - secretKey: addresses remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None - property: password + property: addresses + - secretKey: input-ports + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /airvpn/conf/cl01tl + metadataPolicy: None + property: input-ports diff --git a/clusters/cl01tl/manifests/yubal/ExternalSecret-yubal-wireguard-conf.yaml b/clusters/cl01tl/manifests/yubal/ExternalSecret-yubal-wireguard-conf.yaml index f4fc3d1bd..ff099a205 100644 --- a/clusters/cl01tl/manifests/yubal/ExternalSecret-yubal-wireguard-conf.yaml +++ b/clusters/cl01tl/manifests/yubal/ExternalSecret-yubal-wireguard-conf.yaml @@ -16,20 +16,27 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None property: private-key - - secretKey: proton-email + - secretKey: preshared-key remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None - property: email - - secretKey: proton-password + property: preshared-key + - secretKey: addresses remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None - property: password + property: addresses + - secretKey: input-ports + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /airvpn/conf/cl01tl + metadataPolicy: None + property: input-ports