From c125db3a7f0f69bd8ed0094c6a50e56034fa01a8 Mon Sep 17 00:00:00 2001
From: Alex Lebens <alexanderlebens@gmail.com>
Date: Sun, 4 Jan 2026 14:53:12 -0600
Subject: [PATCH] update gluetun

---
 .../searxng/templates/external-secret.yaml    | 14 +++++++++++++
 clusters/cl01tl/helm/searxng/values.yaml      | 14 ++++++++++++-
 .../helm/slskd/templates/external-secret.yaml | 14 +++++++++++++
 clusters/cl01tl/helm/slskd/values.yaml        | 16 ++++++++++++---
 .../templates/external-secret.yaml            | 14 +++++++++++++
 .../cl01tl/helm/tubearchivist/values.yaml     | 20 ++++++++++++-------
 6 files changed, 81 insertions(+), 11 deletions(-)

diff --git a/clusters/cl01tl/helm/searxng/templates/external-secret.yaml b/clusters/cl01tl/helm/searxng/templates/external-secret.yaml
index 4d34f6d4a..ea1f99690 100644
--- a/clusters/cl01tl/helm/searxng/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/searxng/templates/external-secret.yaml
@@ -19,6 +19,20 @@ spec:
         key: /protonvpn/conf/cl01tl
         metadataPolicy: None
         property: private-key
+    - secretKey: proton-email
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /protonvpn/conf/cl01tl
+        metadataPolicy: None
+        property: email
+    - secretKey: proton-password
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /protonvpn/conf/cl01tl
+        metadataPolicy: None
+        property: password
 
 ---
 apiVersion: external-secrets.io/v1
diff --git a/clusters/cl01tl/helm/searxng/values.yaml b/clusters/cl01tl/helm/searxng/values.yaml
index d1ad958fd..e5d018610 100644
--- a/clusters/cl01tl/helm/searxng/values.yaml
+++ b/clusters/cl01tl/helm/searxng/values.yaml
@@ -70,7 +70,7 @@ searxng:
         gluetun:
           image:
             repository: ghcr.io/qdm12/gluetun
-            tag: v3.40.4@sha256:e10584de1f82d8999e5e6c3111901d9d56a2eed21151fb96af060f390bbdfba8
+            tag: v3.41.0@sha256:6b54856716d0de56e5bb00a77029b0adea57284cf5a466f23aad5979257d3045
             pullPolicy: IfNotPresent
           lifecycle:
             postStart:
@@ -86,10 +86,22 @@ searxng:
                 secretKeyRef:
                   name: searxng-wireguard-conf
                   key: private-key
+            - name: UPDATER_PROTONVPN_EMAIL
+              valueFrom:
+                secretKeyRef:
+                  name: qbittorrent-wireguard-conf
+                  key: proton-email
+            - name: UPDATER_PROTONVPN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: qbittorrent-wireguard-conf
+                  key: proton-password
             - name: FIREWALL_OUTBOUND_SUBNETS
               value: 192.168.1.0/24,10.244.0.0/16
             - name: FIREWALL_INPUT_PORTS
               value: 8080
+            - name: DNS_UPSTREAM_RESOLVER_TYPE
+              value: dot
           securityContext:
             privileged: True
             capabilities:
diff --git a/clusters/cl01tl/helm/slskd/templates/external-secret.yaml b/clusters/cl01tl/helm/slskd/templates/external-secret.yaml
index 0e35e7987..3ccfdfdbb 100644
--- a/clusters/cl01tl/helm/slskd/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/slskd/templates/external-secret.yaml
@@ -65,3 +65,17 @@ spec:
         key: /protonvpn/conf/cl01tl
         metadataPolicy: None
         property: private-key
+    - secretKey: proton-email
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /protonvpn/conf/cl01tl
+        metadataPolicy: None
+        property: email
+    - secretKey: proton-password
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /protonvpn/conf/cl01tl
+        metadataPolicy: None
+        property: password
diff --git a/clusters/cl01tl/helm/slskd/values.yaml b/clusters/cl01tl/helm/slskd/values.yaml
index 51303e16b..ead2db020 100644
--- a/clusters/cl01tl/helm/slskd/values.yaml
+++ b/clusters/cl01tl/helm/slskd/values.yaml
@@ -46,7 +46,7 @@ slskd:
         gluetun:
           image:
             repository: ghcr.io/qdm12/gluetun
-            tag: v3.40.4@sha256:e10584de1f82d8999e5e6c3111901d9d56a2eed21151fb96af060f390bbdfba8
+            tag: v3.41.0@sha256:6b54856716d0de56e5bb00a77029b0adea57284cf5a466f23aad5979257d3045
             pullPolicy: IfNotPresent
           lifecycle:
             postStart:
@@ -62,6 +62,16 @@ slskd:
                 secretKeyRef:
                   name: slskd-wireguard-conf
                   key: private-key
+            - name: UPDATER_PROTONVPN_EMAIL
+              valueFrom:
+                secretKeyRef:
+                  name: slskd-wireguard-conf
+                  key: proton-email
+            - name: UPDATER_PROTONVPN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: slskd-wireguard-conf
+                  key: proton-password
             - name: VPN_PORT_FORWARDING
               value: "on"
             - name: PORT_FORWARD_ONLY
@@ -70,8 +80,8 @@ slskd:
               value: 192.168.1.0/24,10.244.0.0/16
             - name: FIREWALL_INPUT_PORTS
               value: 5030,50300
-            - name: DOT
-              value: "off"
+            - name: DNS_UPSTREAM_RESOLVER_TYPE
+              value: dot
           securityContext:
             privileged: true
             capabilities:
diff --git a/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml b/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml
index bdd4d9d91..a3f40d859 100644
--- a/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml
@@ -86,3 +86,17 @@ spec:
         key: /protonvpn/conf/cl01tl
         metadataPolicy: None
         property: private-key
+    - secretKey: proton-email
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /protonvpn/conf/cl01tl
+        metadataPolicy: None
+        property: email
+    - secretKey: proton-password
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /protonvpn/conf/cl01tl
+        metadataPolicy: None
+        property: password
diff --git a/clusters/cl01tl/helm/tubearchivist/values.yaml b/clusters/cl01tl/helm/tubearchivist/values.yaml
index a7cde6ab3..bfeabda34 100644
--- a/clusters/cl01tl/helm/tubearchivist/values.yaml
+++ b/clusters/cl01tl/helm/tubearchivist/values.yaml
@@ -40,7 +40,7 @@ tubearchivist:
         gluetun:
           image:
             repository: ghcr.io/qdm12/gluetun
-            tag: v3.40.4@sha256:e10584de1f82d8999e5e6c3111901d9d56a2eed21151fb96af060f390bbdfba8
+            tag: v3.41.0@sha256:e10584de1f82d8999e5e6c3111901d9d56a2eed21151fb96af060f390bbdfba8
             pullPolicy: IfNotPresent
           lifecycle:
             postStart:
@@ -56,6 +56,16 @@ tubearchivist:
                 secretKeyRef:
                   name: tubearchivist-wireguard-conf
                   key: private-key
+            - name: UPDATER_PROTONVPN_EMAIL
+              valueFrom:
+                secretKeyRef:
+                  name: tubearchivist-wireguard-conf
+                  key: proton-email
+            - name: UPDATER_PROTONVPN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: tubearchivist-wireguard-conf
+                  key: proton-password
             - name: VPN_PORT_FORWARDING
               value: "on"
             - name: PORT_FORWARD_ONLY
@@ -64,12 +74,8 @@ tubearchivist:
               value: 10.0.0.0/8
             - name: FIREWALL_INPUT_PORTS
               value: 80,8000,24000
-            - name: DOT
-              value: off
-            - name: DNS_KEEP_NAMESERVER
-              value: on
-            - name: DNS_PLAINTEXT_ADDRESS
-              value: 10.96.0.10
+            - name: DNS_UPSTREAM_RESOLVER_TYPE
+              value: dot
           securityContext:
             privileged: True
             capabilities: