apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: &app qbitty
namespace: arr
spec:
interval: 15m
chart:
spec:
chart: app-template
version: 3.7.1
interval: 30m
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
install:
remediation:
retries: 3
upgrade:
remediation:
retries: 3
values:
global:
fullnameOverride: *app
namespace: arr
controllers:
qbitty:
enabled: true
type: statefulset
annotations:
reloader.stakater.com/auto: "true"
replicas: 1
statefulset:
volumeClaimTemplates:
- name: qbitty-config
accessMode: ReadWriteOnce
size: 500Mi
storageClass: longhorn
globalMounts:
- path: /config
containers:
app:
image:
repository: ghcr.io/hotio/qbittorrent
tag: latest@sha256:d97080a8a978d7705297dc44bcd6c599b3b47631fec8dcfc0cb7039279d05b02
pullPolicy: IfNotPresent
env:
TZ: "${TZ}"
WEBUI_PORT: &port 8080
VPN_ENABLED: "true"
VPN_CONF: "wg0"
VPN_PROVIDER: "proton"
VPN_KEEP_LOCAL_DNS: "false"
VPN_AUTO_PORT_FORWARD: "true"
VPN_LAN_NETWORK:
valueFrom:
secretKeyRef:
name: lan-network
key: lan-network
VPN_LAN_LEAK_ENABLED: "false"
VPN_FIREWALL_TYPE: "auto"
PRIVOXY_ENABLED: "false"
VPN_HEALTHCHECK_ENABLED: "false"
UNBOUND_ENABLED: "false"
probes:
liveness:
enabled: false
securityContext:
capabilities:
add:
- NET_ADMIN
resources:
requests:
cpu: 20m
memory: 200Mi
limits:
memory: 4000Mi
service:
app:
primary: true
controller: qbitty
ports:
http:
port: *port
ingress:
internal:
enabled: true
className: nginx
hosts:
- host: "qbitty.${LOCAL_DOMAIN}"
paths:
- path: /
pathType: Prefix
service:
identifier: app
port: http
tls:
- hosts:
- "qbitty.${LOCAL_DOMAIN}"
secretName: local-mafyuh-dev-production-tls
persistence:
data:
enabled: true
type: nfs
server: "${NAS_IP}"
path: /mnt/thePool/thePoolShare
globalMounts:
- path: /data
incomplete:
enabled: true
type: emptyDir
sizeLimit: 100Gi
globalMounts:
- path: /incomplete
wireguard-config:
enabled: true
type: secret
name: qbitty-wireguard
defaultMode: 0400
globalMounts:
- path: /config/wireguard/wg0.conf
subPath: wg0.conf