chore(arr): stand up temporary torrent deployment

apps/temp-arr/base/deployment.gluetun.yaml

@@ -0,0 +1,89 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gluetun-deployment
+  labels:
+    app: gluetun
+  annotations:
+    checksum/secret-generator.yaml: ee04727f42edb84f45970dc517940686f4dadc241155b8df7cd253cec5d8309e
+    checksum/secret.mullvad.enc.yaml: 97c4a8210c9face06d08f8f73b8a71385a5dd072bb447cb05843907bef80dcae
+
+spec:
+  replicas: 1
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+       maxSurge: 1
+  selector:
+    matchLabels:
+      app: gluetun
+  template:
+    metadata:
+      labels:
+        app: gluetun
+    spec:
+      initContainers:
+        - name: gluetun
+          image: ghcr.io/qdm12/gluetun:v3.39.1
+          imagePullPolicy: Always
+          restartPolicy: Always
+          securityContext:
+            capabilities:
+              add:
+                - NET_ADMIN
+          envFrom:
+            - configMapRef:
+                name: gluetun-env
+            - secretRef:
+                name: mullvad-secret
+          volumeMounts:
+            - name: gluetun-config
+              mountPath: /gluetun
+        - name: test-connectivity
+          image: busybox
+          command:
+            - sh
+            - '-c'
+            - |
+              sleep 60
+              while ! ping -c 1 8.8.8.8; do
+                echo "Ping failed, retrying in 15"
+                sleep 15
+              done
+              echo "ping succesfull, exiting"
+
+      containers:
+        - name: qbittorrent
+          image: lscr.io/linuxserver/qbittorrent:latest
+          resources:
+            requests:
+              memory: 128Mi
+              cpu: 250m
+            limits:
+              memory: 2Gi
+              cpu: 2000m
+          ports:
+            - name: qtorrent-http
+              containerPort: 8080
+              # containerPort: 9091
+          env:
+            - name: PUID
+              value: "1000"
+            - name: PGID
+              value: "1000"
+            # - name: WEBUI_PORT
+            #   value: "9091"
+          volumeMounts:
+            - name: downloads
+              mountPath: /downloads
+
+
+
+      volumes:
+        - name: gluetun-config
+          emptyDir: {}
+        - name: downloads
+          emptyDir: {}
+        # - name: transmission-config
+        #   emptyDir: {}
+

apps/temp-arr/base/kustomization.yaml

@@ -0,0 +1,23 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: arr
+
+resources:
+  - ./ns.yaml
+  - ./deployment.gluetun.yaml
+  - ./service.gluetun.yaml
+
+configMapGenerator:
+  - name: gluetun-env
+    literals:
+      - TZ=America/New_York
+      - VPN_SERVICE_PROVIDER=mullvad
+      # - #VPN_TYPE=wireguard
+      - VPN_TYPE=openvpn
+      - SERVER_COUNTRIES=Switzerland
+      # - HTTPPROXY=on
+      # - SHADOWSOCKS=on
+      # - SHADOWSOCKS_PASSWORD=IOnx6nu5Bm7ZFVhN2
+
+generators:
+  - secret-generator.yaml

apps/temp-arr/base/ns.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: arr

apps/temp-arr/base/secret-generator.yaml

@@ -0,0 +1,15 @@
+apiVersion: viaduct.ai/v1
+kind: ksops
+metadata:
+  # Specify a name
+  name: arr-secrets
+  annotations:
+    config.kubernetes.io/function: |
+        exec:
+          # if the binary is in your PATH, you can do
+          path: ksops
+          # otherwise, path should be relative to manifest files, like
+          # path: ../../../ksops
+files:
+  - ./secret.mullvad.enc.yaml
+

apps/temp-arr/base/secret.mullvad.enc.yaml

@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: mullvad-secret
+type: Opaque
+data:
+    OPENVPN_USER: ENC[AES256_GCM,data:yROISWuVZgA2EseHClb687L7RV0SA0Ot,iv:pr78VyGXp12SSRhkvpWBshnbSU/CPqUYnVokcWIyuII=,tag:dK08MXL5udYtszVARmlybg==,type:str]
+    #ENC[AES256_GCM,data:OuDD4Ol2aFOCA3HIdhYufCH7ZoLQwl8sI6aoWbR9J94xqGl7mU0Yf5z5MgRsl9+jte/dZngNDEtpmtPSWlNCB4AwBunZqxCdoRhxakH4Xfg50+41,iv:g/RaILqnflJ7GJ3IK+XJ5Jj0kHc9FGamqjtkBBJ79Ao=,tag:6kVYwbEHJ1A2zMcS6hMdUQ==,type:comment]
+    #ENC[AES256_GCM,data:1jOTNv8/kxtSFpMF6AJMQggGJsIJ9GTR2hfvzaSRGwCmVHYEuXK30z5d,iv:HfrfMWPaU8FnXTLUejXi2ATCeyOsCS0A/Ymj+w3+SXE=,tag:21mfcuPDM7L4fkpuORdAaA==,type:comment]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1y26vr5qt6th3wu92rnsgkqcpxxah3pqkqa4khcjjycm3kg40aqyqjgfzx9
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPZjNlZFVoTGZlZVhmWUNr
+            UkUrak90UGV1UmF4Y0dNN1Axa0lMVWREWnhBCmxrK3NONEtkQXVlU1h4U2ZLNlhZ
+            UUlpV2VadkhoNEF4akRLbjU2K0lRWVUKLS0tIFpUK05zaEhSbEJZNDg1TDlGa2VF
+            Mjd3MXhrcWJab2V2VUl6UEJoT094OWcKh9eGQSYj+52pF8lsDtv3VRVNuG9QoMtj
+            4Ei64FjpDHnVEmIDbpSiqdLf0Qg1IQwNJX+jL4lCC46W/cCIxMtaAg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-03-02T03:22:56Z"
+    mac: ENC[AES256_GCM,data:rGM1uxBXLE/QhYavTU9ZRtjB928Chh3nLL1xAEJrm2FDz4qkf8DYARnx9jl8Du3gpc/MXe9BpWhigYImSv2OSjt+8XHUuR6Wfs/cNxelv5f7AmUThYlpsJ5rmYTLMb8CNYsL9hsqgYLjUXKxxSv3KT0GSCaa4IPghOjBZgLYRKk=,iv:GitsY70ExsEWGIKTw6rBBRZ48xu1tqxh08eHehc4ONY=,tag:tjqsoS1qXwHSGqqlzCUxVA==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.9.2

apps/temp-arr/base/service.gluetun.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: qbittorrent
+spec:
+  ports:
+    - name: http
+      port: 80
+      targetPort: qtorrent-http
+  selector:
+    app: gluetun

apps/temp-arr/overlays/media/config.json

@@ -0,0 +1,11 @@
+{
+  "appName": "temp-arr",
+  "userGivenName": "temp-arr",
+  "destNamespace": "arr",
+  "destServer": "https://kubernetes.default.svc",
+  "srcPath": "apps/temp-arr/overlays/media",
+  "srcRepoURL": "ssh://git@gitea-ssh.gitops.svc.cluster.local:2222/davad/argo.git",
+  "srcTargetRevision": "",
+  "labels": null,
+  "annotations": null
+}

apps/temp-arr/overlays/media/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../base