From 90889bb3507cee65bca0718a6d09f54f2a469439 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Thu, 19 Mar 2026 22:51:21 -0500 Subject: [PATCH 1/9] feat: switch to airvpn --- .../templates/external-secret.yaml | 21 ++- .../cl01tl/helm/music-grabber/values.yaml | 132 +++++++++--------- .../templates/external-secret.yaml | 21 ++- clusters/cl01tl/helm/qbittorrent/values.yaml | 17 ++- .../helm/slskd/templates/external-secret.yaml | 21 ++- clusters/cl01tl/helm/slskd/values.yaml | 23 +-- .../templates/external-secret.yaml | 21 ++- .../cl01tl/helm/tubearchivist/values.yaml | 10 +- .../helm/yubal/templates/external-secret.yaml | 21 ++- clusters/cl01tl/helm/yubal/values.yaml | 18 +-- 10 files changed, 175 insertions(+), 130 deletions(-) diff --git a/clusters/cl01tl/helm/music-grabber/templates/external-secret.yaml b/clusters/cl01tl/helm/music-grabber/templates/external-secret.yaml index 8f4d10f65..d3b8adc10 100644 --- a/clusters/cl01tl/helm/music-grabber/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/music-grabber/templates/external-secret.yaml @@ -60,20 +60,27 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None property: private-key - - secretKey: proton-email + - secretKey: preshared-key remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None - property: email - - secretKey: proton-password + property: preshared-key + - secretKey: addresses remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None - property: password + property: addresses + - secretKey: input-ports + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /airvpn/conf/cl01tl + metadataPolicy: None + property: input-ports diff --git a/clusters/cl01tl/helm/music-grabber/values.yaml b/clusters/cl01tl/helm/music-grabber/values.yaml index 15bf0c8d3..65e852d01 100644 --- a/clusters/cl01tl/helm/music-grabber/values.yaml +++ b/clusters/cl01tl/helm/music-grabber/values.yaml @@ -50,72 +50,72 @@ music-grabber: requests: cpu: 10m memory: 512Mi - gluetun: - image: - repository: ghcr.io/qdm12/gluetun - tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab - pullPolicy: IfNotPresent - lifecycle: - postStart: - exec: - command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] - env: - - name: VPN_SERVICE_PROVIDER - value: protonvpn - - name: VPN_TYPE - value: wireguard - - name: WIREGUARD_PRIVATE_KEY - valueFrom: - secretKeyRef: - name: music-grabber-wireguard-conf - key: private-key - - name: UPDATER_PROTONVPN_EMAIL - valueFrom: - secretKeyRef: - name: music-grabber-wireguard-conf - key: proton-email - - name: UPDATER_PROTONVPN_PASSWORD - valueFrom: - secretKeyRef: - name: music-grabber-wireguard-conf - key: proton-password - - name: FIREWALL_OUTBOUND_SUBNETS - value: 10.0.0.0/8 - - name: FIREWALL_INPUT_PORTS - value: 8080 - - name: DNS_UPSTREAM_RESOLVER_TYPE - value: dot - - name: HTTPPROXY - value: "off" - - name: SHADOWSOCKS - value: "off" - securityContext: - privileged: True - capabilities: - add: - - NET_ADMIN - - SYS_MODULE - probes: - liveness: - enabled: true - custom: true - spec: - exec: - command: - - /gluetun-entrypoint - - healthcheck - failureThreshold: 5 - initialDelaySeconds: 30 - periodSeconds: 30 - successThreshold: 1 - timeoutSeconds: 15 - resources: - limits: - devic.es/tun: "1" - requests: - devic.es/tun: "1" - cpu: 10m - memory: 128Mi + # gluetun: + # image: + # repository: ghcr.io/qdm12/gluetun + # tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab + # pullPolicy: IfNotPresent + # lifecycle: + # postStart: + # exec: + # command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] + # env: + # - name: VPN_SERVICE_PROVIDER + # value: airvpn + # - name: VPN_TYPE + # value: wireguard + # - name: WIREGUARD_PRIVATE_KEY + # valueFrom: + # secretKeyRef: + # name: music-grabber-wireguard-conf + # key: private-key + # - name: WIREGUARD_PRESHARED_KEY + # valueFrom: + # secretKeyRef: + # name: music-grabber-wireguard-conf + # key: preshared-key + # - name: WIREGUARD_ADDRESSES + # valueFrom: + # secretKeyRef: + # name: music-grabber-wireguard-conf + # key: addresses + # - name: FIREWALL_OUTBOUND_SUBNETS + # value: 10.0.0.0/8 + # - name: FIREWALL_INPUT_PORTS + # value: 8080 + # - name: DNS_UPSTREAM_RESOLVER_TYPE + # value: dot + # - name: HTTPPROXY + # value: "off" + # - name: SHADOWSOCKS + # value: "off" + # securityContext: + # privileged: True + # capabilities: + # add: + # - NET_ADMIN + # - SYS_MODULE + # probes: + # liveness: + # enabled: true + # custom: true + # spec: + # exec: + # command: + # - /gluetun-entrypoint + # - healthcheck + # failureThreshold: 5 + # initialDelaySeconds: 30 + # periodSeconds: 30 + # successThreshold: 1 + # timeoutSeconds: 15 + # resources: + # limits: + # devic.es/tun: "1" + # requests: + # devic.es/tun: "1" + # cpu: 10m + # memory: 128Mi service: main: controller: main diff --git a/clusters/cl01tl/helm/qbittorrent/templates/external-secret.yaml b/clusters/cl01tl/helm/qbittorrent/templates/external-secret.yaml index f369f1685..f869825f1 100644 --- a/clusters/cl01tl/helm/qbittorrent/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/qbittorrent/templates/external-secret.yaml @@ -16,23 +16,30 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None property: private-key - - secretKey: proton-email + - secretKey: preshared-key remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None - property: email - - secretKey: proton-password + property: preshared-key + - secretKey: addresses remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None - property: password + property: addresses + - secretKey: input-ports + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /airvpn/conf/cl01tl + metadataPolicy: None + property: input-ports --- apiVersion: external-secrets.io/v1 diff --git a/clusters/cl01tl/helm/qbittorrent/values.yaml b/clusters/cl01tl/helm/qbittorrent/values.yaml index c131d7e0c..14bd7f083 100644 --- a/clusters/cl01tl/helm/qbittorrent/values.yaml +++ b/clusters/cl01tl/helm/qbittorrent/values.yaml @@ -56,7 +56,7 @@ qbittorrent: command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] env: - name: VPN_SERVICE_PROVIDER - value: protonvpn + value: airvpn - name: VPN_TYPE value: wireguard - name: WIREGUARD_PRIVATE_KEY @@ -64,20 +64,23 @@ qbittorrent: secretKeyRef: name: qbittorrent-wireguard-conf key: private-key - - name: UPDATER_PROTONVPN_EMAIL + - name: WIREGUARD_PRESHARED_KEY valueFrom: secretKeyRef: name: qbittorrent-wireguard-conf - key: proton-email - - name: UPDATER_PROTONVPN_PASSWORD + key: preshared-key + - name: WIREGUARD_ADDRESSES valueFrom: secretKeyRef: name: qbittorrent-wireguard-conf - key: proton-password + key: addresses - name: VPN_PORT_FORWARDING value: "on" - - name: VPN_PORT_FORWARDING_UP_COMMAND - value: '/bin/sh -c "/gluetun/update.sh {{ printf "{{PORTS}}" }}"' + - name: FIREWALL_VPN_INPUT_PORTS + valueFrom: + secretKeyRef: + name: qbittorrent-wireguard-conf + key: input-ports - name: PORT_FORWARD_ONLY value: "on" - name: FIREWALL_OUTBOUND_SUBNETS diff --git a/clusters/cl01tl/helm/slskd/templates/external-secret.yaml b/clusters/cl01tl/helm/slskd/templates/external-secret.yaml index 3ccfdfdbb..79d86adcc 100644 --- a/clusters/cl01tl/helm/slskd/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/slskd/templates/external-secret.yaml @@ -62,20 +62,27 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None property: private-key - - secretKey: proton-email + - secretKey: preshared-key remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None - property: email - - secretKey: proton-password + property: preshared-key + - secretKey: addresses remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None - property: password + property: addresses + - secretKey: input-ports + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /airvpn/conf/cl01tl + metadataPolicy: None + property: input-ports diff --git a/clusters/cl01tl/helm/slskd/values.yaml b/clusters/cl01tl/helm/slskd/values.yaml index 54ab7568b..ad28ea93e 100644 --- a/clusters/cl01tl/helm/slskd/values.yaml +++ b/clusters/cl01tl/helm/slskd/values.yaml @@ -54,30 +54,37 @@ slskd: command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] env: - name: VPN_SERVICE_PROVIDER - value: protonvpn + value: airvpn - name: VPN_TYPE value: wireguard - name: WIREGUARD_PRIVATE_KEY valueFrom: secretKeyRef: - name: slskd-wireguard-conf + name: qbittorrent-wireguard-conf key: private-key - - name: UPDATER_PROTONVPN_EMAIL + - name: WIREGUARD_PRESHARED_KEY valueFrom: secretKeyRef: - name: slskd-wireguard-conf - key: proton-email - - name: UPDATER_PROTONVPN_PASSWORD + name: qbittorrent-wireguard-conf + key: preshared-key + - name: WIREGUARD_ADDRESSES valueFrom: secretKeyRef: - name: slskd-wireguard-conf - key: proton-password + name: qbittorrent-wireguard-conf + key: addresses - name: VPN_PORT_FORWARDING value: "on" + - name: FIREWALL_VPN_INPUT_PORTS + valueFrom: + secretKeyRef: + name: qbittorrent-wireguard-conf + key: input-ports - name: PORT_FORWARD_ONLY value: "on" - name: FIREWALL_OUTBOUND_SUBNETS value: 192.168.1.0/24,10.244.0.0/16 + - name: FIREWALL_OUTBOUND_SUBNETS + value: 192.168.1.0/24,10.244.0.0/16 - name: FIREWALL_INPUT_PORTS value: 5030,50300 - name: DNS_UPSTREAM_RESOLVER_TYPE diff --git a/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml b/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml index a3f40d859..dcb667d4f 100644 --- a/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml @@ -83,20 +83,27 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None property: private-key - - secretKey: proton-email + - secretKey: preshared-key remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None - property: email - - secretKey: proton-password + property: preshared-key + - secretKey: addresses remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None - property: password + property: addresses + - secretKey: input-ports + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /airvpn/conf/cl01tl + metadataPolicy: None + property: input-ports diff --git a/clusters/cl01tl/helm/tubearchivist/values.yaml b/clusters/cl01tl/helm/tubearchivist/values.yaml index e22c62435..137fe7ff7 100644 --- a/clusters/cl01tl/helm/tubearchivist/values.yaml +++ b/clusters/cl01tl/helm/tubearchivist/values.yaml @@ -53,7 +53,7 @@ tubearchivist: command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] env: - name: VPN_SERVICE_PROVIDER - value: protonvpn + value: airvpn - name: VPN_TYPE value: wireguard - name: WIREGUARD_PRIVATE_KEY @@ -61,16 +61,16 @@ tubearchivist: secretKeyRef: name: tubearchivist-wireguard-conf key: private-key - - name: UPDATER_PROTONVPN_EMAIL + - name: WIREGUARD_PRESHARED_KEY valueFrom: secretKeyRef: name: tubearchivist-wireguard-conf - key: proton-email - - name: UPDATER_PROTONVPN_PASSWORD + key: preshared-key + - name: WIREGUARD_ADDRESSES valueFrom: secretKeyRef: name: tubearchivist-wireguard-conf - key: proton-password + key: addresses - name: FIREWALL_OUTBOUND_SUBNETS value: 10.0.0.0/8 - name: FIREWALL_INPUT_PORTS diff --git a/clusters/cl01tl/helm/yubal/templates/external-secret.yaml b/clusters/cl01tl/helm/yubal/templates/external-secret.yaml index 70e539fdc..5dbc54124 100644 --- a/clusters/cl01tl/helm/yubal/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/yubal/templates/external-secret.yaml @@ -16,20 +16,27 @@ spec: remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None property: private-key - - secretKey: proton-email + - secretKey: preshared-key remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None - property: email - - secretKey: proton-password + property: preshared-key + - secretKey: addresses remoteRef: conversionStrategy: Default decodingStrategy: None - key: /protonvpn/conf/cl01tl + key: /airvpn/conf/cl01tl metadataPolicy: None - property: password + property: addresses + - secretKey: input-ports + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /airvpn/conf/cl01tl + metadataPolicy: None + property: input-ports diff --git a/clusters/cl01tl/helm/yubal/values.yaml b/clusters/cl01tl/helm/yubal/values.yaml index aaa407b3e..818caa98f 100644 --- a/clusters/cl01tl/helm/yubal/values.yaml +++ b/clusters/cl01tl/helm/yubal/values.yaml @@ -40,11 +40,7 @@ yubal: # command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] # env: # - name: VPN_SERVICE_PROVIDER - # value: protonvpn - # - name: PUID - # value: "1000" - # - name: PGID - # value: "1000" + # value: airvpn # - name: VPN_TYPE # value: wireguard # - name: WIREGUARD_PRIVATE_KEY @@ -52,22 +48,26 @@ yubal: # secretKeyRef: # name: yubal-wireguard-conf # key: private-key - # - name: UPDATER_PROTONVPN_EMAIL + # - name: WIREGUARD_PRESHARED_KEY # valueFrom: # secretKeyRef: # name: yubal-wireguard-conf - # key: proton-email - # - name: UPDATER_PROTONVPN_PASSWORD + # key: preshared-key + # - name: WIREGUARD_ADDRESSES # valueFrom: # secretKeyRef: # name: yubal-wireguard-conf - # key: proton-password + # key: addresses # - name: FIREWALL_OUTBOUND_SUBNETS # value: 10.0.0.0/8 # - name: FIREWALL_INPUT_PORTS # value: 8000 # - name: DNS_UPSTREAM_RESOLVER_TYPE # value: dot + # - name: HTTPPROXY + # value: "off" + # - name: SHADOWSOCKS + # value: "off" # securityContext: # privileged: True # capabilities: -- 2.49.1 From 6733bc8c92553e6b4880fdd5e0f1ba865bb5e7b3 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Thu, 19 Mar 2026 23:18:04 -0500 Subject: [PATCH 2/9] fix: remove filter, fix env --- clusters/cl01tl/helm/qbittorrent/values.yaml | 2 -- clusters/cl01tl/helm/slskd/values.yaml | 12 ++++-------- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/clusters/cl01tl/helm/qbittorrent/values.yaml b/clusters/cl01tl/helm/qbittorrent/values.yaml index edb5d2153..eb5c833be 100644 --- a/clusters/cl01tl/helm/qbittorrent/values.yaml +++ b/clusters/cl01tl/helm/qbittorrent/values.yaml @@ -81,8 +81,6 @@ qbittorrent: secretKeyRef: name: qbittorrent-wireguard-conf key: input-ports - - name: PORT_FORWARD_ONLY - value: "on" - name: FIREWALL_OUTBOUND_SUBNETS value: 192.168.1.0/24,10.244.0.0/16 - name: FIREWALL_INPUT_PORTS diff --git a/clusters/cl01tl/helm/slskd/values.yaml b/clusters/cl01tl/helm/slskd/values.yaml index ad28ea93e..686b61168 100644 --- a/clusters/cl01tl/helm/slskd/values.yaml +++ b/clusters/cl01tl/helm/slskd/values.yaml @@ -60,29 +60,25 @@ slskd: - name: WIREGUARD_PRIVATE_KEY valueFrom: secretKeyRef: - name: qbittorrent-wireguard-conf + name: slskd-wireguard-conf key: private-key - name: WIREGUARD_PRESHARED_KEY valueFrom: secretKeyRef: - name: qbittorrent-wireguard-conf + name: slskd-wireguard-conf key: preshared-key - name: WIREGUARD_ADDRESSES valueFrom: secretKeyRef: - name: qbittorrent-wireguard-conf + name: slskd-wireguard-conf key: addresses - name: VPN_PORT_FORWARDING value: "on" - name: FIREWALL_VPN_INPUT_PORTS valueFrom: secretKeyRef: - name: qbittorrent-wireguard-conf + name: slskd-wireguard-conf key: input-ports - - name: PORT_FORWARD_ONLY - value: "on" - - name: FIREWALL_OUTBOUND_SUBNETS - value: 192.168.1.0/24,10.244.0.0/16 - name: FIREWALL_OUTBOUND_SUBNETS value: 192.168.1.0/24,10.244.0.0/16 - name: FIREWALL_INPUT_PORTS -- 2.49.1 From 8e91d5e41b348d7d907ef6d2ea34911105e918ff Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Thu, 19 Mar 2026 23:21:47 -0500 Subject: [PATCH 3/9] fix: remove key --- clusters/cl01tl/helm/slskd/values.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/clusters/cl01tl/helm/slskd/values.yaml b/clusters/cl01tl/helm/slskd/values.yaml index dac3b0012..047ebd16b 100644 --- a/clusters/cl01tl/helm/slskd/values.yaml +++ b/clusters/cl01tl/helm/slskd/values.yaml @@ -81,8 +81,6 @@ slskd: key: input-ports - name: FIREWALL_OUTBOUND_SUBNETS value: 192.168.1.0/24,10.244.0.0/16 - - name: FIREWALL_OUTBOUND_SUBNETS - value: 192.168.1.0/24,10.244.0.0/16 - name: FIREWALL_INPUT_PORTS value: 5030,50300 - name: DNS_UPSTREAM_RESOLVER_TYPE -- 2.49.1 From bf485178bf282adb72e7b4077531b7f49d209e25 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Thu, 19 Mar 2026 23:24:33 -0500 Subject: [PATCH 4/9] feat: remove port foward --- clusters/cl01tl/helm/qbittorrent/values.yaml | 7 ------- clusters/cl01tl/helm/slskd/values.yaml | 7 ------- 2 files changed, 14 deletions(-) diff --git a/clusters/cl01tl/helm/qbittorrent/values.yaml b/clusters/cl01tl/helm/qbittorrent/values.yaml index eb5c833be..d8a160202 100644 --- a/clusters/cl01tl/helm/qbittorrent/values.yaml +++ b/clusters/cl01tl/helm/qbittorrent/values.yaml @@ -74,13 +74,6 @@ qbittorrent: secretKeyRef: name: qbittorrent-wireguard-conf key: addresses - - name: VPN_PORT_FORWARDING - value: "on" - - name: FIREWALL_VPN_INPUT_PORTS - valueFrom: - secretKeyRef: - name: qbittorrent-wireguard-conf - key: input-ports - name: FIREWALL_OUTBOUND_SUBNETS value: 192.168.1.0/24,10.244.0.0/16 - name: FIREWALL_INPUT_PORTS diff --git a/clusters/cl01tl/helm/slskd/values.yaml b/clusters/cl01tl/helm/slskd/values.yaml index 047ebd16b..16f2fee89 100644 --- a/clusters/cl01tl/helm/slskd/values.yaml +++ b/clusters/cl01tl/helm/slskd/values.yaml @@ -72,13 +72,6 @@ slskd: secretKeyRef: name: slskd-wireguard-conf key: addresses - - name: VPN_PORT_FORWARDING - value: "on" - - name: FIREWALL_VPN_INPUT_PORTS - valueFrom: - secretKeyRef: - name: slskd-wireguard-conf - key: input-ports - name: FIREWALL_OUTBOUND_SUBNETS value: 192.168.1.0/24,10.244.0.0/16 - name: FIREWALL_INPUT_PORTS -- 2.49.1 From 74038255339c89be4f29bd7027a12b4feaf5494b Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Thu, 19 Mar 2026 23:29:26 -0500 Subject: [PATCH 5/9] fix: wrong key --- clusters/cl01tl/helm/slskd/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/cl01tl/helm/slskd/values.yaml b/clusters/cl01tl/helm/slskd/values.yaml index 16f2fee89..8a3def953 100644 --- a/clusters/cl01tl/helm/slskd/values.yaml +++ b/clusters/cl01tl/helm/slskd/values.yaml @@ -60,7 +60,7 @@ slskd: - name: WIREGUARD_PRIVATE_KEY valueFrom: secretKeyRef: - name: qbittorrent-wireguard-conf + name: slskd-wireguard-conf key: private-key - name: WIREGUARD_PRESHARED_KEY valueFrom: -- 2.49.1 From a23123482fb6b1576c6b6b9ccfb940472d1a96b9 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Thu, 19 Mar 2026 23:31:22 -0500 Subject: [PATCH 6/9] feat: update bookmarks --- clusters/cl01tl/helm/homepage/values.yaml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/clusters/cl01tl/helm/homepage/values.yaml b/clusters/cl01tl/helm/homepage/values.yaml index 65fc123fd..901f67a6d 100644 --- a/clusters/cl01tl/helm/homepage/values.yaml +++ b/clusters/cl01tl/helm/homepage/values.yaml @@ -780,9 +780,6 @@ homepage: - Digital Ocean: - abbr: DO href: https://www.digitalocean.com/ - - AWS: - - abbr: AW - href: https://aws.amazon.com/console/ - Cloudflare: - abbr: CF href: https://dash.cloudflare.com/b76e303258b84076ee01fd0f515c0768 @@ -792,12 +789,12 @@ homepage: - ProtonVPN: - abbr: PV href: https://account.protonvpn.com/ + - ProtonVPN: + - abbr: AV + href: https://airvpn.org/ - Unifi: - abbr: UF href: https://unifi.ui.com/ - - Pushover: - - abbr: PO - href: https://pushover.net - ReCaptcha: - abbr: RC href: https://www.google.com/recaptcha/admin/site/698983587 -- 2.49.1 From 4ff7b6b28d40fa9cb37bdda232e1a2178e1adf3f Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Thu, 19 Mar 2026 23:40:20 -0500 Subject: [PATCH 7/9] feat: add input ports --- clusters/cl01tl/helm/qbittorrent/values.yaml | 5 +++++ clusters/cl01tl/helm/slskd/values.yaml | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/clusters/cl01tl/helm/qbittorrent/values.yaml b/clusters/cl01tl/helm/qbittorrent/values.yaml index d8a160202..6633c9010 100644 --- a/clusters/cl01tl/helm/qbittorrent/values.yaml +++ b/clusters/cl01tl/helm/qbittorrent/values.yaml @@ -74,6 +74,11 @@ qbittorrent: secretKeyRef: name: qbittorrent-wireguard-conf key: addresses + - name: FIREWALL_VPN_INPUT_PORTS + valueFrom: + secretKeyRef: + name: qbittorrent-wireguard-conf + key: input-ports - name: FIREWALL_OUTBOUND_SUBNETS value: 192.168.1.0/24,10.244.0.0/16 - name: FIREWALL_INPUT_PORTS diff --git a/clusters/cl01tl/helm/slskd/values.yaml b/clusters/cl01tl/helm/slskd/values.yaml index 8a3def953..31ebdd0a3 100644 --- a/clusters/cl01tl/helm/slskd/values.yaml +++ b/clusters/cl01tl/helm/slskd/values.yaml @@ -72,6 +72,11 @@ slskd: secretKeyRef: name: slskd-wireguard-conf key: addresses + - name: FIREWALL_VPN_INPUT_PORTS + valueFrom: + secretKeyRef: + name: slskd-wireguard-conf + key: input-ports - name: FIREWALL_OUTBOUND_SUBNETS value: 192.168.1.0/24,10.244.0.0/16 - name: FIREWALL_INPUT_PORTS -- 2.49.1 From f351157d46f3129a52807db90d9f7614a2e6d074 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Thu, 19 Mar 2026 23:40:45 -0500 Subject: [PATCH 8/9] fix: wrong name --- clusters/cl01tl/helm/homepage/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/cl01tl/helm/homepage/values.yaml b/clusters/cl01tl/helm/homepage/values.yaml index 901f67a6d..201be8014 100644 --- a/clusters/cl01tl/helm/homepage/values.yaml +++ b/clusters/cl01tl/helm/homepage/values.yaml @@ -789,7 +789,7 @@ homepage: - ProtonVPN: - abbr: PV href: https://account.protonvpn.com/ - - ProtonVPN: + - AirVPN: - abbr: AV href: https://airvpn.org/ - Unifi: -- 2.49.1 From be7b58424105e98bcd3664287f868f8de2bd64b1 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Thu, 19 Mar 2026 23:43:07 -0500 Subject: [PATCH 9/9] fix: cannot pull list --- clusters/cl01tl/helm/qbittorrent/values.yaml | 2 ++ clusters/cl01tl/helm/slskd/values.yaml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/clusters/cl01tl/helm/qbittorrent/values.yaml b/clusters/cl01tl/helm/qbittorrent/values.yaml index 6633c9010..16b0adc43 100644 --- a/clusters/cl01tl/helm/qbittorrent/values.yaml +++ b/clusters/cl01tl/helm/qbittorrent/values.yaml @@ -85,6 +85,8 @@ qbittorrent: value: 8080,9022 - name: DNS_UPSTREAM_RESOLVER_TYPE value: dot + - name: BLOCK_MALICIOUS + value: "off" - name: HTTPPROXY value: "off" - name: SHADOWSOCKS diff --git a/clusters/cl01tl/helm/slskd/values.yaml b/clusters/cl01tl/helm/slskd/values.yaml index 31ebdd0a3..a66782919 100644 --- a/clusters/cl01tl/helm/slskd/values.yaml +++ b/clusters/cl01tl/helm/slskd/values.yaml @@ -83,6 +83,8 @@ slskd: value: 5030,50300 - name: DNS_UPSTREAM_RESOLVER_TYPE value: dot + - name: BLOCK_MALICIOUS + value: "off" - name: HTTPPROXY value: "off" - name: SHADOWSOCKS -- 2.49.1