alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions 1 Activity
Files
e0eb9375a25fd11a2e08378f7219b7b3cc9da99a
infrastructure/clusters/cl01tl/helm/qbittorrent/values.yaml
Renovate Bot 6e30728857
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 19s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 19s
Details
render-manifests / render-manifests (pull_request) Successful in 1m2s
Details
chore(deps): update ghcr.io/autobrr/qui docker tag to v1.16.0
2026-04-07 17:15:23 +00:00

472 lines
13 KiB
YAML
Raw Blame History

qbittorrent:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- slskd
topologyKey: kubernetes.io/hostname
initContainers:
init-sysctl:
image:
repository: busybox
tag: 1.37.0@sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e
securityContext:
privileged: True
command:
- /bin/sh
args:
- -ec
- |
sysctl -w net.ipv4.ip_forward=1;
sysctl -w net.ipv6.conf.all.disable_ipv6=1
containers:
qbittorrent:
image:
repository: ghcr.io/linuxserver/qbittorrent
tag: 5.1.4-r2-ls448@sha256:a89108b1bf43de072a35a59a3ee41b97b564538faae5cbb3f6c803aa7f5fd9f7
env:
- name: TZ
value: America/Chicago
- name: PUID
value: 1000
- name: PGID
value: 1000
- name: UMASK_SET
value: "002"
- name: WEBUI_PORT
value: 8080
resources:
requests:
cpu: 500m
memory: 1Gi
gluetun:
image:
repository: ghcr.io/qdm12/gluetun
tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab
lifecycle:
postStart:
exec:
command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"]
env:
- name: VPN_SERVICE_PROVIDER
value: airvpn
- name: VPN_TYPE
value: wireguard
- name: WIREGUARD_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: private-key
- name: WIREGUARD_PRESHARED_KEY
valueFrom:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: preshared-key
- name: WIREGUARD_ADDRESSES
valueFrom:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: addresses
- name: FIREWALL_VPN_INPUT_PORTS
valueFrom:
secretKeyRef:
name: qbittorrent-wireguard-conf
key: input-ports
- name: FIREWALL_OUTBOUND_SUBNETS
value: 192.168.1.0/24,10.244.0.0/16
- name: FIREWALL_INPUT_PORTS
value: 8080,9022
- name: DNS_UPSTREAM_RESOLVER_TYPE
value: dot
- name: BLOCK_MALICIOUS
value: "off"
- name: HTTPPROXY
value: "off"
- name: SHADOWSOCKS
value: "off"
securityContext:
privileged: True
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
probes:
liveness:
enabled: true
custom: true
spec:
exec:
command:
- /gluetun-entrypoint
- healthcheck
failureThreshold: 5
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 15
resources:
limits:
devic.es/tun: "1"
requests:
devic.es/tun: "1"
exporter:
image:
repository: esanchezm/prometheus-qbittorrent-exporter
tag: v1.6.0@sha256:482df65e7f39f2c0a65f32693e6d5f930edf7b244589a60e446ccc5ee6d17211
env:
- name: QBITTORRENT_HOST
value: localhost
- name: QBITTORRENT_PORT
value: "8080"
- name: EXPORTER_PORT
value: "9022"
- name: EXPORTER_LOG_LEVEL
value: INFO
qbit-manage:
type: deployment
annotations:
reloader.stakater.com/auto: "true"
replicas: 1
strategy: Recreate
initContainers:
init-copy-config:
image:
repository: busybox
tag: 1.37.0@sha256:1487d0af5f52b4ba31c7e465126ee2123fe3f2305d638e7827681e7cf6c83d5e
command:
- /bin/sh
- -ec
- |
cp /config/config.yml /app/config/config.yml
containers:
qbit-manage:
image:
repository: ghcr.io/stuffanthings/qbit_manage
tag: v4.7.0@sha256:8786f2efc6fb8e26281f09bf6c5d0004e2d2420fd4781af0aed123ae01558e21
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
- name: QBT_SCHEDULE
value: 0 * * * *
- name: QBT_STARTUP_DELAY
value: 360
- name: QBT_CONFIG_DIR
value: /app/config/
- name: QBT_LOGFILE
value: /app/var/activity.log
- name: QBT_LOG_LEVEL
value: INFO
resources:
requests:
cpu: 10m
memory: 280Mi
apprise-api:
image:
repository: ghcr.io/caronc/apprise
tag: v1.3.3@sha256:4bfeac268ba87b8e08e308c9aa0182fe99e9501ec464027afc333d1634e65977
env:
- name: TZ
value: America/Chicago
- name: PGID
value: 1000
- name: PUID
value: 1000
- name: APPRISE_STORAGE_MODE
value: memory
- name: APPRISE_STATEFUL_MODE
value: disabled
- name: APPRISE_WORKER_COUNT
value: 1
- name: APPRISE_STATELESS_URLS
valueFrom:
secretKeyRef:
name: qbittorrent-qbit-manage-config
key: ntfy-url
qui:
type: deployment
replicas: 1
strategy: Recreate
pod:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
containers:
qui:
image:
repository: ghcr.io/autobrr/qui
tag: v1.16.0@sha256:fcdced7cb8395ce039f2c5f920d890d4ad8bd849faec4c4df31701a8f13423cb
env:
- name: QUI__METRICS_ENABLED
value: true
- name: QUI__METRICS_HOST
value: 0.0.0.0
- name: QUI__METRICS_PORT
value: 9074
- name: QUI__OIDC_ENABLED
value: true
- name: QUI__OIDC_ISSUER
value: https://auth.alexlebens.dev/application/o/qui/
- name: QUI__OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: qui-oidc-secret
key: client
- name: QUI__OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: qui-oidc-secret
key: secret
- name: QUI__OIDC_REDIRECT_URL
value: https://qui.alexlebens.net/api/auth/oidc/callback
- name: QUI__OIDC_DISABLE_BUILT_IN_LOGIN
value: false
resources:
requests:
cpu: 10m
memory: 70Mi
service:
main:
controller: main
forceRename: qbittorrent
ports:
http:
port: 8080
targetPort: 8080
health:
port: 9999
targetPort: 9999
metrics:
port: 9022
targetPort: 9022
qbit-manage:
controller: qbit-manage
ports:
apprise:
port: 80
targetPort: 8181
qui:
controller: qui
ports:
http:
port: 80
targetPort: 7476
metrics:
port: 9074
targetPort: 9074
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: qbittorrent
app.kubernetes.io/instance: qbittorrent
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: metrics
interval: 30s
scrapeTimeout: 15s
path: /metrics
apprise:
selector:
matchLabels:
app.kubernetes.io/name: qbittorrent-apprise
app.kubernetes.io/instance: qbittorrent-apprise
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: apprise
interval: 30s
scrapeTimeout: 15s
path: /metrics
qui:
selector:
matchLabels:
app.kubernetes.io/name: qbittorrent-qui
app.kubernetes.io/instance: qbittorrent-qui
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: metrics
interval: 30s
scrapeTimeout: 15s
path: /metrics
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- qbittorrent.alexlebens.net
rules:
- backendRefs:
- name: qbittorrent
port: 8080
matches:
- path:
type: PathPrefix
value: /
qui:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- qui.alexlebens.net
rules:
- backendRefs:
- name: qbittorrent-qui
port: 80
matches:
- path:
type: PathPrefix
value: /
persistence:
update-script:
enabled: true
type: configMap
name: glutun-update-script
defaultMode: 0755
advancedMounts:
main:
gluetun:
- path: /gluetun/update.sh
subPath: update.sh
qbit-manage-config:
enabled: true
type: secret
name: qbittorrent-qbit-manage-config
advancedMounts:
qbit-manage:
init-copy-config:
- path: /config/config.yml
readOnly: true
mountPropagation: None
subPath: config.yml
qbit-manage:
- path: /config/config.yml
readOnly: true
mountPropagation: None
subPath: config.yml
config-data:
forceRename: qbittorrent-config-data
storageClass: ceph-filesystem
accessMode: ReadWriteMany
size: 1Gi
advancedMounts:
main:
qbittorrent:
- path: /config/qBittorrent
readOnly: false
qbit-manage:
qbit-manage:
- path: /qbittorrent/qBittorrent
readOnly: false
qbit-manage-config-data:
forceRename: qbittorrent-qbit-manage-config-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
advancedMounts:
qbit-manage:
init-copy-config:
- path: /app/config
readOnly: false
qbit-manage:
- path: /app/config
readOnly: false
qui-config-data:
forceRename: qbittorrent-qui-config-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
advancedMounts:
qui:
qui:
- path: /config
readOnly: false
qbit-manage-config-var:
type: emptyDir
advancedMounts:
qbit-manage:
qbit-manage:
- path: /app/var
readOnly: false
storage:
type: persistentVolumeClaim
existingClaim: qbittorrent-nfs-storage
advancedMounts:
main:
qbittorrent:
- path: /mnt/store
readOnly: false
qbit-manage:
qbit-manage:
- path: /mnt/store
readOnly: false
volsync-target-config:
pvcTarget: qbittorrent-config-data
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
schedule: 58 8 * * *
restic:
copyMethod: Snapshot
storageClassName: ceph-filesystem
volumeSnapshotClassName: ceph-filesystem-snapshot
remote:
enabled: true
schedule: 58 9 * * *
restic:
copyMethod: Snapshot
storageClassName: ceph-filesystem
volumeSnapshotClassName: ceph-filesystem-snapshot
external:
enabled: true
schedule: 58 10 * * *
restic:
copyMethod: Snapshot
storageClassName: ceph-filesystem
volumeSnapshotClassName: ceph-filesystem-snapshot
volsync-target-qbit-manage-config:
pvcTarget: qbittorrent-qbit-manage-config-data
local:
enabled: true
schedule: 0 11 * * *
remote:
enabled: true
schedule: 0 12 * * *
external:
enabled: true
schedule: 0 13 * * *
volsync-target-qui-config:
pvcTarget: qbittorrent-qui-config-data
local:
enabled: true
schedule: 2 11 * * *
remote:
enabled: true
schedule: 2 12 * * *
external:
enabled: true
schedule: 2 13 * * *
Reference in New Issue View Git Blame Copy Permalink