apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: qbittorrent-config
  namespace: media
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: qbittorrent
  namespace: media
  labels:
    app: qbittorrent
  annotations:
    kubectl.kubernetes.io/default-container: qbittorrent
spec:
  replicas: 1
  selector:
    matchLabels:
      app: qbittorrent
  template:
    metadata:
      labels:
        app: qbittorrent
    spec:
      containers:
        - name: gluetun
          image: qmcgaw/gluetun
          securityContext:
            capabilities:
              add:
                - NET_ADMIN
          env:
            - name: VPN_SERVICE_PROVIDER
              value: "custom"
            - name: VPN_TYPE
              value: "wireguard"
            - name: TZ
              value: "America/Vancouver"
            - name: FIREWALL
              value: "on"
            - name: FIREWALL_OUTBOUND_SUBNETS
              value: "10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
            - name: DNS_KEEP_NAMESERVER
              value: "on"
            - name: LOG_LEVEL
              value: "info"
          volumeMounts:
            - name: wireguard-config
              mountPath: /gluetun/wireguard/wg0.conf
              subPath: wg0.conf
              readOnly: true
            - name: tun
              mountPath: /dev/net/tun
          resources:
            requests:
              cpu: 50m
              memory: 128Mi
            limits:
              cpu: 500m
              memory: 512Mi
          livenessProbe:
            httpGet:
              path: /v1/vpn/status
              port: 8000
            initialDelaySeconds: 30
            periodSeconds: 60
            timeoutSeconds: 10
            failureThreshold: 3
          readinessProbe:
            httpGet:
              path: /v1/vpn/status
              port: 8000
            initialDelaySeconds: 10
            periodSeconds: 60
            timeoutSeconds: 5

        - name: qbittorrent
          image: lscr.io/linuxserver/qbittorrent
          ports:
            - containerPort: 8080
              name: http
          env:
            - name: PUID
              value: "1000"
            - name: PGID
              value: "1000"
            - name: TZ
              value: "America/Vancouver"
            - name: WEBUI_PORT
              value: "8080"
          volumeMounts:
            - name: config
              mountPath: /config
            - name: data
              mountPath: /mnt/data
          resources:
            requests:
              cpu: 100m
              memory: 256Mi
            limits:
              cpu: 2
              memory: 2Gi

      volumes:
        - name: config
          persistentVolumeClaim:
            claimName: qbittorrent-config
        - name: data
          nfs:
            server: 192.168.27.2
            path: /data
        - name: wireguard-config
          secret:
            secretName: wireguard-config
        - name: tun
          hostPath:
            path: /dev/net/tun
            type: CharDevice
---
apiVersion: v1
kind: Service
metadata:
  name: qbittorrent
  namespace: media
  labels:
    app: qbittorrent
spec:
  selector:
    app: qbittorrent
  ports:
    - port: 8080
      targetPort: 8080
      protocol: TCP
      name: http