add vpn

2025-02-27 19:37:42 -06:00
parent 06ece42cef
commit e4e67c226d
2 changed files with 63 additions and 0 deletions
--- a/clusters/cl01tl/applications/tubearchivist/values.yaml
+++ b/clusters/cl01tl/applications/tubearchivist/values.yaml
@@ -49,6 +49,44 @@ tubearchivist:
            requests:
              cpu: 10m
              memory: 1Gi
+        gluetun:
+          image:
+            repository: ghcr.io/qdm12/gluetun
+            tag: v3.40.0@sha256:2b42bfa046757145a5155acece417b65b4443c8033fb88661a8e9dcf7fda5a00
+            pullPolicy: IfNotPresent
+          env:
+            - name: VPN_SERVICE_PROVIDER
+              value: protonvpn
+            - name: VPN_TYPE
+              value: wireguard
+            - name: WIREGUARD_PRIVATE_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: tubearchivist-wireguard-conf
+                  key: private-key
+            - name: VPN_PORT_FORWARDING
+              value: "on"
+            - name: PORT_FORWARD_ONLY
+              value: "on"
+            - name: FIREWALL_OUTBOUND_SUBNETS
+              value: 192.168.1.0/24,10.244.0.0/16
+            - name: FIREWALL_INPUT_PORTS
+              value: 80,8000
+            - name: DOT
+              value: "off"
+          securityContext:
+            privileged: True
+            capabilities:
+              add:
+                - NET_ADMIN
+                - SYS_MODULE
+          resources:
+            requests:
+              squat.ai/tun: "1"
+              cpu: 10m
+              memory: 128Mi
+            limits:
+              squat.ai/tun: "1"
  serviceAccount:
    create: true
  service: