---
apiVersion: v1
kind: Namespace
metadata:
  name: prowlarr
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: prowlarr
  namespace: prowlarr
spec:
  ingressClassName: istio
  rules:
  - host: prowlarr.strudelline.net
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: prowlarr
            port:
              number: 9696
---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: prowlarr
  name: prowlarr
spec:
  replicas: 1
  selector:
    matchLabels:
      app: prowlarr
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: prowlarr
    spec:
      terminationGracePeriodSeconds: 0
      restartPolicy: Always
      initContainers:
      - name: killswitch
        image: xjasonlyu/tun2socks:latest
        command: ["sh","-c"]
        args:
        - |
            iptables -t mangle -A POSTROUTING -o eth0 -d 172.16.0.0/12 -j ACCEPT
            iptables -t mangle -A POSTROUTING -o eth0 -d 10.0.0.0/8 -j ACCEPT
            iptables -t mangle -A POSTROUTING -o eth0 -d 192.168.0.0/16 -j ACCEPT
            iptables -t mangle -A POSTROUTING -o eth0 -j DROP
        securityContext:
          capabilities:
            add: ["NET_ADMIN","SYS_TIME"]
      volumes:
      - name: config
        nfs:
          server: 172.16.18.1
          path: /volume1/k8s-volumes/prowlarr-config
      - name: dropbox
        nfs:
          server: 172.16.18.1
          path: /volume1/dropbox
      - name: tv-shows
        nfs:
          server: 172.16.18.1
          path: /volume1/tv shows
      - name: movies
        nfs:
          server: 172.16.18.1
          path: /volume1/movies
      containers:
      - name: prowlarr
        image: lscr.io/linuxserver/prowlarr:latest
        env:
        - name: TZ
          value: America/Chicago
        - name: PUID
          value: "1029"
        - name: PGID
          value: "101"
        volumeMounts:
        - mountPath: /volume1/tv shows
          name: tv-shows
        - mountPath: /volume1/movies
          name: movies
        - mountPath: /volume1/dropbox
          name: dropbox
        - mountPath: /config
          name: config
      - name: vpn
        image: xjasonlyu/tun2socks:latest
        command: ["sh","-c"]
        args:
        - |
            mkdir -p /dev/net
            mknod /dev/net/tun c 10 200
            exec /entrypoint.sh
        env:
        - name: TUN
          value: tun0
        - name: PROXY
          value: socks5://172.16.17.180:1080
        - name: TUN_EXCLUDED_ROUTES
          value: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
        securityContext:
          capabilities:
            add: ["NET_ADMIN","SYS_TIME"]
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: prowlarr
  name: prowlarr
  namespace: prowlarr
spec:
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - name: prowlarr
    port: 9696
    protocol: TCP
    targetPort: 9696
  selector:
    app: prowlarr
  sessionAffinity: None
  type: ClusterIP
#apiVersion: v1
#kind: Service
#metadata:
#  annotations:
#    metallb.universe.tf/allow-shared-ip: 172.16.17.180
#    metallb.universe.tf/loadBalancerIPs: 172.16.17.180
#  labels:
#    app: nordproxy
#  name: nordproxy
#  namespace: nordproxy
#spec:
#  ipFamilies:
#  - IPv4
#  ipFamilyPolicy: SingleStack
#  ports:
#  - name: dns
#    port: 53
#    protocol: UDP
#    targetPort: 5353
#  - name: socks
#    port: 1080
#    protocol: TCP
#    targetPort: 1080
#  - name: gost-auto
#    port: 4080
#    protocol: TCP
#    targetPort: 4080
#  - name: http
#    port: 8080
#    protocol: TCP
#    targetPort: 8080
#  selector:
#    app: nordproxy
#  sessionAffinity: None
#  type: LoadBalancer