---
apiVersion: v1
kind: Secret
metadata:
  name: pia-auth
data:
  username: cDk1MDkyMDU=
  password: bWFwa29iLTRjZWhnZS1wZWdLaWs=
---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: transmission
  labels:
    app: transmission
spec:
  replicas: 1
  selector:
    matchLabels:
      app: transmission
  template:
    metadata:
      labels:
        app: transmission
    spec:
      containers:
      - name: transmission
        image: haugene/transmission-openvpn
        securityContext:
          capabilities:
            add:
              - NET_ADMIN
        env:
        - name: TRANSMISSION_RATIO_LIMIT_ENABLED
          value: "True"
        - name: TRANSMISSION_IDLE_SEEDING_LIMIT_ENABLED
          value: "True"
        - name: LOCAL_NETWORK
          value: 10.42.0.0/16
        - name: PUID
          value: "1000"
        - name: PGID
          value: "1000"
        - name: PEER_DNS
          value: "false"
        - name: OVERRIDE_DNS
          value: "8.8.8.8"
        - name: OPENVPN_PROVIDER
          value: PIA
        - name: OPENVPN_CONFIG
          value: "ca_montreal"
        - name: TRANSMISSION_DOWNLOAD_DIR
          value: "/downloads/transmission"
        - name: OPENVPN_USERNAME
          valueFrom:
            secretKeyRef:
              name: pia-auth
              key: username
        - name: OPENVPN_PASSWORD
          valueFrom:
            secretKeyRef:
              name: pia-auth
              key: password
        ports:
        - name: web
          containerPort: 9091
        volumeMounts:
        - name: transmission-config
          mountPath: "/config/transmission-home"
          subPath: "config/transmission-home"
        - name: media-volume
          mountPath: "/downloads/transmission"
          subPath: "downloads/transmission"
      volumes:
      - name: media-volume
        persistentVolumeClaim:
          claimName: media-pvc
      - name: transmission-config
        persistentVolumeClaim:
          claimName: transmission-config-pvc
---
apiVersion: v1
kind: Service
metadata:
  name: transmission
spec:
  type: ClusterIP
  ports:
    - name: web
      port: 9091
      targetPort: 9091

  selector:
    app: transmission
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: transmission-ingress-route
  namespace: default
spec:
  entryPoints:
    - web
  routes:
  - match: Host(`transmission.dezendorf.net`)
    kind: Rule
    middlewares:
    - name: redirecthttps
    services:
    - name: transmission
      port: 9091
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: transmission-websecure-route
  namespace: default
spec:
  entryPoints:
    - websecure
  routes:
  - match: Host(`transmission.dezendorf.net`)
    kind: Rule
    services:
    - name: transmission
      port: 9091
  tls:
    certResolver: myresolver