alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 6 Actions Activity

feat: switch to airvpn
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 3m29s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 4m55s
Details
render-manifests / render-manifests (pull_request) Successful in 51s
Details

Browse Source
This commit is contained in:
Alex Lebens
2026-03-19 22:51:21 -05:00
parent d02af40acf
commit 90889bb350
10 changed files with 175 additions and 130 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
clusters/cl01tl/helm/music-grabber/templates/external-secret.yaml
View File

@@ -60,20 +60,27 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: proton-email
- secretKey: preshared-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: email
- secretKey: proton-password
property: preshared-key
- secretKey: addresses
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: password
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports

132
clusters/cl01tl/helm/music-grabber/values.yaml
View File

@@ -50,72 +50,72 @@ music-grabber:
requests:
cpu: 10m
memory: 512Mi
gluetun:
image:
repository: ghcr.io/qdm12/gluetun
tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
pullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: protonvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: music-grabber-wireguard-conf
key: private-key
- name: UPDATER_PROTONVPN_EMAIL
valueFrom:
secretKeyRef:
name: music-grabber-wireguard-conf
key: proton-email
- name: UPDATER_PROTONVPN_PASSWORD
valueFrom:
secretKeyRef:
name: music-grabber-wireguard-conf
key: proton-password
- name: FIREWALL_OUTBOUND_SUBNETS
value: 10.0.0.0/8
- name: FIREWALL_INPUT_PORTS
value: 8080
- name: DNS_UPSTREAM_RESOLVER_TYPE
value: dot
- name: HTTPPROXY
value: "off"
- name: SHADOWSOCKS
value: "off"
securityContext:
privileged: True
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- /gluetun-entrypoint
- healthcheck
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 15
resources:
limits:
devic.es/tun: "1"
requests:
devic.es/tun: "1"
cpu: 10m
memory: 128Mi
# gluetun:
# image:
# repository: ghcr.io/qdm12/gluetun
# tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
# pullPolicy: IfNotPresent
# lifecycle:
# postStart:
# exec:
# command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
# env:
# - name: VPN_SERVICE_PROVIDER
# value: airvpn
# - name: VPN_TYPE
# value: wireguard
# - name: WIREGUARD_PRIVATE_KEY
# valueFrom:
# secretKeyRef:
# name: music-grabber-wireguard-conf
# key: private-key
# - name: WIREGUARD_PRESHARED_KEY
# valueFrom:
# secretKeyRef:
# name: music-grabber-wireguard-conf
# key: preshared-key
# - name: WIREGUARD_ADDRESSES
# valueFrom:
# secretKeyRef:
# name: music-grabber-wireguard-conf
# key: addresses
# - name: FIREWALL_OUTBOUND_SUBNETS
# value: 10.0.0.0/8
# - name: FIREWALL_INPUT_PORTS
# value: 8080
# - name: DNS_UPSTREAM_RESOLVER_TYPE
# value: dot
# - name: HTTPPROXY
# value: "off"
# - name: SHADOWSOCKS
# value: "off"
# securityContext:
# privileged: True
# capabilities:
# add:
# - NET_ADMIN
# - SYS_MODULE
# probes:
# liveness:
# enabled: true
# custom: true
# spec:
# exec:
# command:
# - /gluetun-entrypoint
# - healthcheck
# failureThreshold: 5
# initialDelaySeconds: 30
# periodSeconds: 30
# successThreshold: 1
# timeoutSeconds: 15
# resources:
# limits:
# devic.es/tun: "1"
# requests:
# devic.es/tun: "1"
# cpu: 10m
# memory: 128Mi
service:
main:
controller: main

21
clusters/cl01tl/helm/qbittorrent/templates/external-secret.yaml
View File

@@ -16,23 +16,30 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: proton-email
- secretKey: preshared-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: email
- secretKey: proton-password
property: preshared-key
- secretKey: addresses
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: password
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports
---
apiVersion: external-secrets.io/v1

17
clusters/cl01tl/helm/qbittorrent/values.yaml
View File

@@ -56,7 +56,7 @@ qbittorrent:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: protonvpn
value: airvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
@@ -64,20 +64,23 @@ qbittorrent:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: private-key
- name: UPDATER_PROTONVPN_EMAIL
- name: WIREGUARD_PRESHARED_KEY
valueFrom:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: proton-email
- name: UPDATER_PROTONVPN_PASSWORD
key: preshared-key
- name: WIREGUARD_ADDRESSES
valueFrom:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: proton-password
key: addresses
- name: VPN_PORT_FORWARDING
value: "on"
- name: VPN_PORT_FORWARDING_UP_COMMAND
value: '/bin/sh -c "/gluetun/update.sh {{ printf "{{PORTS}}" }}"'
- name: FIREWALL_VPN_INPUT_PORTS
valueFrom:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: input-ports
- name: PORT_FORWARD_ONLY
value: "on"
- name: FIREWALL_OUTBOUND_SUBNETS

21
clusters/cl01tl/helm/slskd/templates/external-secret.yaml
View File

@@ -62,20 +62,27 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: proton-email
- secretKey: preshared-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: email
- secretKey: proton-password
property: preshared-key
- secretKey: addresses
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: password
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports

23
clusters/cl01tl/helm/slskd/values.yaml
View File

@@ -54,30 +54,37 @@ slskd:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: protonvpn
value: airvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: slskd-wireguard-conf
name: qbittorrent-wireguard-conf
key: private-key
- name: UPDATER_PROTONVPN_EMAIL
- name: WIREGUARD_PRESHARED_KEY
valueFrom:
secretKeyRef:
name: slskd-wireguard-conf
key: proton-email
- name: UPDATER_PROTONVPN_PASSWORD
name: qbittorrent-wireguard-conf
key: preshared-key
- name: WIREGUARD_ADDRESSES
valueFrom:
secretKeyRef:
name: slskd-wireguard-conf
key: proton-password
name: qbittorrent-wireguard-conf
key: addresses
- name: VPN_PORT_FORWARDING
value: "on"
- name: FIREWALL_VPN_INPUT_PORTS
valueFrom:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: input-ports
- name: PORT_FORWARD_ONLY
value: "on"
- name: FIREWALL_OUTBOUND_SUBNETS
value: 192.168.1.0/24,10.244.0.0/16
- name: FIREWALL_OUTBOUND_SUBNETS
value: 192.168.1.0/24,10.244.0.0/16
- name: FIREWALL_INPUT_PORTS
value: 5030,50300
- name: DNS_UPSTREAM_RESOLVER_TYPE

21
clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml
View File

@@ -83,20 +83,27 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: proton-email
- secretKey: preshared-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: email
- secretKey: proton-password
property: preshared-key
- secretKey: addresses
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: password
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports

10
clusters/cl01tl/helm/tubearchivist/values.yaml
View File

@@ -53,7 +53,7 @@ tubearchivist:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: protonvpn
value: airvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
@@ -61,16 +61,16 @@ tubearchivist:
secretKeyRef:
name: tubearchivist-wireguard-conf
key: private-key
- name: UPDATER_PROTONVPN_EMAIL
- name: WIREGUARD_PRESHARED_KEY
valueFrom:
secretKeyRef:
name: tubearchivist-wireguard-conf
key: proton-email
- name: UPDATER_PROTONVPN_PASSWORD
key: preshared-key
- name: WIREGUARD_ADDRESSES
valueFrom:
secretKeyRef:
name: tubearchivist-wireguard-conf
key: proton-password
key: addresses
- name: FIREWALL_OUTBOUND_SUBNETS
value: 10.0.0.0/8
- name: FIREWALL_INPUT_PORTS

21
clusters/cl01tl/helm/yubal/templates/external-secret.yaml
View File

@@ -16,20 +16,27 @@ spec:
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: proton-email
- secretKey: preshared-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: email
- secretKey: proton-password
property: preshared-key
- secretKey: addresses
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /protonvpn/conf/cl01tl
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: password
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports

18
clusters/cl01tl/helm/yubal/values.yaml
View File

@@ -40,11 +40,7 @@ yubal:
# command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
# env:
# - name: VPN_SERVICE_PROVIDER
# value: protonvpn
# - name: PUID
# value: "1000"
# - name: PGID
# value: "1000"
# value: airvpn
# - name: VPN_TYPE
# value: wireguard
# - name: WIREGUARD_PRIVATE_KEY
@@ -52,22 +48,26 @@ yubal:
# secretKeyRef:
# name: yubal-wireguard-conf
# key: private-key
# - name: UPDATER_PROTONVPN_EMAIL
# - name: WIREGUARD_PRESHARED_KEY
# valueFrom:
# secretKeyRef:
# name: yubal-wireguard-conf
# key: proton-email
# - name: UPDATER_PROTONVPN_PASSWORD
# key: preshared-key
# - name: WIREGUARD_ADDRESSES
# valueFrom:
# secretKeyRef:
# name: yubal-wireguard-conf
# key: proton-password
# key: addresses
# - name: FIREWALL_OUTBOUND_SUBNETS
# value: 10.0.0.0/8
# - name: FIREWALL_INPUT_PORTS
# value: 8000
# - name: DNS_UPSTREAM_RESOLVER_TYPE
# value: dot
# - name: HTTPPROXY
# value: "off"
# - name: SHADOWSOCKS
# value: "off"
# securityContext:
# privileged: True
# capabilities: