From a616cf7d7727607e42eb6675e7e909923d39804a Mon Sep 17 00:00:00 2001
From: gitea-bot <gitea-bot@alexlebens.net>
Date: Sun, 7 Dec 2025 02:57:05 +0000
Subject: [PATCH] Automated Manifest Update (#2287)

This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow.

Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/2287
Co-authored-by: gitea-bot <gitea-bot@alexlebens.net>
Co-committed-by: gitea-bot <gitea-bot@alexlebens.net>
---
 .../searxng/Deployment-searxng-api.yaml       |  1 -
 .../searxng/Deployment-searxng-browser.yaml   | 39 ++++++++++++++++++-
 ...ernalSecret-searxng-api-config-secret.yaml |  1 -
 ...et-searxng-browser-data-backup-secret.yaml |  1 -
 ...ExternalSecret-searxng-wireguard-conf.yaml | 22 +++++++++++
 .../searxng/HTTPRoute-http-route-searxng.yaml |  1 -
 ...ersistentVolumeClaim-searxng-api-data.yaml |  3 --
 ...stentVolumeClaim-searxng-browser-data.yaml |  1 -
 ...Replication-redis-replication-searxng.yaml |  1 -
 ...ce-searxng-browser-data-backup-source.yaml |  1 -
 .../searxng/Service-searxng-api.yaml          |  1 -
 .../searxng/Service-searxng-browser.yaml      |  1 -
 ...viceMonitor-redis-replication-searxng.yaml |  1 -
 13 files changed, 60 insertions(+), 14 deletions(-)
 create mode 100644 clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-wireguard-conf.yaml

diff --git a/clusters/cl01tl/manifests/searxng/Deployment-searxng-api.yaml b/clusters/cl01tl/manifests/searxng/Deployment-searxng-api.yaml
index 84ad57915..211d288bd 100644
--- a/clusters/cl01tl/manifests/searxng/Deployment-searxng-api.yaml
+++ b/clusters/cl01tl/manifests/searxng/Deployment-searxng-api.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: searxng/charts/searxng/templates/common.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
diff --git a/clusters/cl01tl/manifests/searxng/Deployment-searxng-browser.yaml b/clusters/cl01tl/manifests/searxng/Deployment-searxng-browser.yaml
index 2439c5e94..8fcb381ac 100644
--- a/clusters/cl01tl/manifests/searxng/Deployment-searxng-browser.yaml
+++ b/clusters/cl01tl/manifests/searxng/Deployment-searxng-browser.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: searxng/charts/searxng/templates/common.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -36,6 +35,44 @@ spec:
       hostPID: false
       dnsPolicy: ClusterFirst
       containers:
+        - env:
+            - name: VPN_SERVICE_PROVIDER
+              value: protonvpn
+            - name: VPN_TYPE
+              value: wireguard
+            - name: WIREGUARD_PRIVATE_KEY
+              valueFrom:
+                secretKeyRef:
+                  key: private-key
+                  name: searxng-wireguard-conf
+            - name: VPN_PORT_FORWARDING
+              value: "on"
+            - name: VPN_PORT_FORWARDING_UP_COMMAND
+              value: /bin/sh -c "/gluetun/update.sh {{PORTS}}"
+            - name: PORT_FORWARD_ONLY
+              value: "on"
+            - name: FIREWALL_OUTBOUND_SUBNETS
+              value: 192.168.1.0/24,10.244.0.0/16
+            - name: FIREWALL_INPUT_PORTS
+              value: "8080"
+            - name: DOT
+              value: "off"
+          image: ghcr.io/qdm12/gluetun:v3.40.3@sha256:ef4a44819a60469682c7b5e69183e6401171891feaa60186652d292c59e41b30
+          imagePullPolicy: IfNotPresent
+          name: gluetun
+          resources:
+            limits:
+              devic.es/tun: "1"
+            requests:
+              cpu: 10m
+              devic.es/tun: "1"
+              memory: 64Mi
+          securityContext:
+            capabilities:
+              add:
+                - NET_ADMIN
+                - SYS_MODULE
+            privileged: true
         - env:
             - name: SEARXNG_BASE_URL
               value: https://searxng.alexlebens.net/
diff --git a/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-api-config-secret.yaml b/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-api-config-secret.yaml
index 01b709b2d..3e2cd15c7 100644
--- a/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-api-config-secret.yaml
+++ b/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-api-config-secret.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: searxng/templates/external-secret.yaml
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
diff --git a/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret.yaml b/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret.yaml
index 2e8e4acc8..151c129f7 100644
--- a/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret.yaml
+++ b/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-browser-data-backup-secret.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: searxng/templates/external-secret.yaml
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
diff --git a/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-wireguard-conf.yaml b/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-wireguard-conf.yaml
new file mode 100644
index 000000000..f48682c53
--- /dev/null
+++ b/clusters/cl01tl/manifests/searxng/ExternalSecret-searxng-wireguard-conf.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: searxng-wireguard-conf
+  namespace: searxng
+  labels:
+    app.kubernetes.io/name: searxng-wireguard-conf
+    app.kubernetes.io/instance: searxng
+    app.kubernetes.io/part-of: searxng
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: private-key
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /protonvpn/conf/cl01tl
+        metadataPolicy: None
+        property: private-key
diff --git a/clusters/cl01tl/manifests/searxng/HTTPRoute-http-route-searxng.yaml b/clusters/cl01tl/manifests/searxng/HTTPRoute-http-route-searxng.yaml
index f6102b44e..a90300741 100644
--- a/clusters/cl01tl/manifests/searxng/HTTPRoute-http-route-searxng.yaml
+++ b/clusters/cl01tl/manifests/searxng/HTTPRoute-http-route-searxng.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: searxng/templates/http-route.yaml
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
diff --git a/clusters/cl01tl/manifests/searxng/PersistentVolumeClaim-searxng-api-data.yaml b/clusters/cl01tl/manifests/searxng/PersistentVolumeClaim-searxng-api-data.yaml
index 45d569bdd..ef6d9bcf5 100644
--- a/clusters/cl01tl/manifests/searxng/PersistentVolumeClaim-searxng-api-data.yaml
+++ b/clusters/cl01tl/manifests/searxng/PersistentVolumeClaim-searxng-api-data.yaml
@@ -1,6 +1,3 @@
----
-# Source: searxng/charts/searxng/templates/common.yaml
----
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
diff --git a/clusters/cl01tl/manifests/searxng/PersistentVolumeClaim-searxng-browser-data.yaml b/clusters/cl01tl/manifests/searxng/PersistentVolumeClaim-searxng-browser-data.yaml
index a6e4e4ce0..4f1d42611 100644
--- a/clusters/cl01tl/manifests/searxng/PersistentVolumeClaim-searxng-browser-data.yaml
+++ b/clusters/cl01tl/manifests/searxng/PersistentVolumeClaim-searxng-browser-data.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: searxng/charts/searxng/templates/common.yaml
 kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
diff --git a/clusters/cl01tl/manifests/searxng/RedisReplication-redis-replication-searxng.yaml b/clusters/cl01tl/manifests/searxng/RedisReplication-redis-replication-searxng.yaml
index 4cff10f3e..3beb7ea82 100644
--- a/clusters/cl01tl/manifests/searxng/RedisReplication-redis-replication-searxng.yaml
+++ b/clusters/cl01tl/manifests/searxng/RedisReplication-redis-replication-searxng.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: searxng/templates/redis-replication.yaml
 apiVersion: redis.redis.opstreelabs.in/v1beta2
 kind: RedisReplication
 metadata:
diff --git a/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source.yaml b/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source.yaml
index 5e468f2fd..d90873a53 100644
--- a/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source.yaml
+++ b/clusters/cl01tl/manifests/searxng/ReplicationSource-searxng-browser-data-backup-source.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: searxng/templates/replication-source.yaml
 apiVersion: volsync.backube/v1alpha1
 kind: ReplicationSource
 metadata:
diff --git a/clusters/cl01tl/manifests/searxng/Service-searxng-api.yaml b/clusters/cl01tl/manifests/searxng/Service-searxng-api.yaml
index 0b72829d7..b6982b531 100644
--- a/clusters/cl01tl/manifests/searxng/Service-searxng-api.yaml
+++ b/clusters/cl01tl/manifests/searxng/Service-searxng-api.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: searxng/charts/searxng/templates/common.yaml
 apiVersion: v1
 kind: Service
 metadata:
diff --git a/clusters/cl01tl/manifests/searxng/Service-searxng-browser.yaml b/clusters/cl01tl/manifests/searxng/Service-searxng-browser.yaml
index 460898df0..6234d0577 100644
--- a/clusters/cl01tl/manifests/searxng/Service-searxng-browser.yaml
+++ b/clusters/cl01tl/manifests/searxng/Service-searxng-browser.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: searxng/charts/searxng/templates/common.yaml
 apiVersion: v1
 kind: Service
 metadata:
diff --git a/clusters/cl01tl/manifests/searxng/ServiceMonitor-redis-replication-searxng.yaml b/clusters/cl01tl/manifests/searxng/ServiceMonitor-redis-replication-searxng.yaml
index 2648107dd..a23ac6d3b 100644
--- a/clusters/cl01tl/manifests/searxng/ServiceMonitor-redis-replication-searxng.yaml
+++ b/clusters/cl01tl/manifests/searxng/ServiceMonitor-redis-replication-searxng.yaml
@@ -1,5 +1,4 @@
 ---
-# Source: searxng/templates/service-monitor.yaml
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata: