feat(media): migrate to ProtonVPN

alxbl · Nov 7, 2024 · 79c3f27 · 79c3f27
1 parent 0b3fb7e
commit 79c3f27
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 6 deletions.
diff --git a/charts/aquisition/templates/deployment.yaml b/charts/aquisition/templates/deployment.yaml
@@ -41,6 +41,9 @@ spec:
             - name: firewall-rules
               mountPath: /iptables/post-rules.txt
               subPath: post-rules.txt
+            - name: gluetun-config
+              mountPath: /etc/gluetun.toml
+              subPath: config.toml
           {{- if .Values.vpn.socks.enabled }}
           ports:
           - name: socks
@@ -57,6 +60,9 @@ spec:
             - secretRef:
                 name: {{ .Values.vpn.credentialsSecretRef | quote }}
                 optional: false
+          env:
+            - name: HTTP_CONTROL_SERVER_AUTH_CONFIG_FILEPATH
+              value: "/etc/gluetun.toml"
       containers:
         # PostgresQL can be configured via environment: Sonarr:Postgres
         - name: sonarr
@@ -198,6 +204,10 @@ spec:
             items:
               - key: qBittorrent.conf
                 path: qBittorrent.conf
+        - name: gluetun-config
+          secret:
+            secretName: gluetun-config
+            optional: false
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

diff --git a/charts/aquisition/values.yaml b/charts/aquisition/values.yaml
@@ -64,6 +64,13 @@ vpn:
     type: ClusterIP
     port: 8388
 
+  # Additional environment variables to add
+  extra:
+    PORT_FORWARD_ONLY: "on"
+    VPN_PORT_FORWARDING: "on"
+    # Only needed for Wireguard
+    # VPN_PORT_FORWARDING_PROVIDER: "protonvpn"
+
   # Extra firewall rules. Each line is an invocation of `iptables`
   firewall:
   # This accepts local traffic destined for the ShadowSOCKS proxy.
@@ -80,7 +87,7 @@ vpn:
   # VPN mode: openvpn or wireguard
   mode: "openvpn"
   # VPN provider (must be supported by gluetun)
-  provider: "nordvpn"
+  provider: "protonvpn"
 
   # The name of a secret containing the VPN credentials.
   # If the VPN mode is `openvpn`, the secret must contain two keys:

diff --git a/infra/examples/secrets/gluetun-config.yaml b/infra/examples/secrets/gluetun-config.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: gluetun-config
+  namespace: media
+type: Opaque
+stringData:
+  config.toml: |
+    [[roles]]
+    name = "qbittorrent"
+    routes = ["GET /v1/openvpn/portforwarded"]
+    auth = "basic"
+    username = "qbt"
+    password = "REDACTED"
diff --git a/infra/examples/secrets/gluetun-vpn-credentials.yaml b/infra/examples/secrets/gluetun-vpn-credentials.yaml
@@ -2,10 +2,10 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: gluetun-vpn-credentials
-  namespace: aquisition
+  namespace: media
 type: Opaque
 stringData:
-  OPENVPN_USER: REDACTED
+  OPENVPN_USER: REDACTED+pmp
   OPENVPN_PASSWORD: REDACTED
   SHADOWSOCKS_PASSWORD: REDACTED
 
diff --git a/infra/k8s/catalog/templates/aquisition.yaml b/infra/k8s/catalog/templates/aquisition.yaml
@@ -22,10 +22,11 @@ spec:
           size: 1Ti
         vpn:
           mode: "openvpn"
-          provider: "nordvpn"
-          countries: "Switzerland, Spain"
+          provider: "protonvpn"
+          countries: "Switzerland"
           extra:
-            SERVER_CATEGORIES: "P2P"
+            PORT_FORWARD_ONLY: "on"
+            VPN_PORT_FORWARDING: "on"
     path: charts/aquisition
     repoURL: {{ .Values.spec.source.repoURL }}
     targetRevision: {{ .Values.spec.source.targetRevision }}