Skip to content

Instantly share code, notes, and snippets.

@ondrejmo

ondrejmo/Dockerfile.aria

Last active October 28, 2024 17:30
Show Gist options
  • Save ondrejmo/a6a016effa65a69d65fff210b8107495 to your computer and use it in GitHub Desktop.
Save ondrejmo/a6a016effa65a69d65fff210b8107495 to your computer and use it in GitHub Desktop.
Download ZIP
Aria2 with RPC for downloading Linux ISOs through Wireguard in a k3s cluster with Cilium.
Raw
aria.conf
## downloads
dir=/data
max-concurrent-downloads=8
max-connection-per-server=16
disable-ipv6=true
user-agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
disk-cache=0
file-allocation=none
console-log-level=info
## sessions
force-save=true
input-file=/data/sessions
save-session=/data/sessions
save-session-interval=10
## rpc
enable-rpc=true
rpc-listen-port=6800
rpc-listen-all=true
rpc-allow-origin-all=true
rpc-secret=yebemruskymir
## torrents
max-upload-limit=16k
dht-file-path=/data/dht.dat
enable-dht=true
seed-time=0
# curl https://raw.githubusercontent.com/ngosang/trackerslist/refs/heads/master/trackers_all.txt | sed ':a;N;$!ba;s/\n\n/,/g' > trackers
bt-tracker=changeme
Raw
aria.yml
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: aria
spec:
podSelector:
matchLabels:
app.kubernetes.io/name: aria
policyTypes:
- Egress
- Ingress
egress:
- to:
# mullvad
- ipBlock:
cidr: 123.123.123.123/32
ports:
- protocol: UDP
port: 51820
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
podSelector:
matchLabels:
app.kubernetes.io/name: traefik
ports:
- protocol: TCP
port: 6800
---
apiVersion: v1
kind: Service
metadata:
name: aria
spec:
# DISCLAIMER: while it is a statefulset, it doesn't need headless svc, not a deployment only because pod name predictability
selector:
app.kubernetes.io/name: aria
ports:
- name: rpc
port: 6800
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: aria
spec:
serviceName: aria
revisionHistoryLimit: 3
selector:
matchLabels:
app.kubernetes.io/name: aria
template:
metadata:
labels:
app.kubernetes.io/name: aria
spec:
automountServiceAccountToken: false
containers:
- name: aria
image: gitea.velkamorava.home.arpa/aria:v1
resources:
requests:
cpu: 5m
memory: 32Mi
ports:
- name: rpc
containerPort: 6800
volumeMounts:
- name: config
mountPath: /home/aria/config
- name: nacelnik8-disk08
mountPath: /data
subPath: download
- name: wireguard
image: gitea.velkamorava.home.arpa/wireguard:v1
command: [ /bin/bash, -c ]
args:
- >
wg-quick up /config/wg0.conf;
sleep infinity;
resources:
requests:
cpu: 5m
memory: 32Mi
securityContext:
capabilities:
add:
- NET_ADMIN
volumeMounts:
- name: wg
mountPath: /config
volumes:
- name: config
configMap:
name: aria-config
items:
- key: aria.conf
path: aria.conf
- name: nacelnik8-disk08
nfs:
server: "192.168.8.248"
path: /mnt/disk08/public
- name: wg
configMap:
name: aria-config
items:
- key: wg0.conf
path: wg0.conf
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: aria
spec:
commonName: ariang.velkamorava.home.arpa
dnsNames:
- ariang.velkamorava.home.arpa
secretName: aria-certificate
issuerRef:
name: trusted-ca
kind: ClusterIssuer
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: aria
annotations:
link.argocd.argoproj.io/external-link: https://ariang.velkamorava.home.arpa
external-dns.alpha.kubernetes.io/target: "192.168.8.160"
external-dns.alpha.kubernetes.io/ttl: "300"
spec:
entryPoints:
- websecure
routes:
- match: Host(`ariang.velkamorava.home.arpa`) && (Path(`/jsonrpc`) || Path(`/rpc`))
kind: Rule
services:
- name: aria
port: 6800
tls:
secretName: aria-certificate
Raw
Dockerfile.aria
FROM docker.io/library/debian:bookworm-slim
ARG UID=1000
ARG GID=1066
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
wget \
aria2 && \
rm -rf /var/lib/apt/lists
RUN groupadd -g $GID aria && \
useradd --create-home --home-dir /home/aria --shell /bin/bash -g $GID -u $UID aria && \
touch /home/aria/sessions && \
chmod 0700 /home/aria/sessions && \
chown aria:aria /home/aria/sessions
COPY --chown=aria:aria aria.conf /home/aria/config/aria.conf
USER aria:aria
VOLUME /data
EXPOSE 6800/tcp
ENTRYPOINT [ "/usr/bin/aria2c" ]
CMD [ "--conf-path", "/home/aria/config/aria.conf" ]
Raw
Dockerfile.wg
FROM docker.io/library/debian:bookworm-slim
RUN apt-get update && apt-get install -y --no-install-recommends \
openresolv \
iptables \
iproute2 \
wireguard-tools \
sed && \
rm -rf /var/lib/apt/lists
# https://github.com/jordanpotter/docker-wireguard
# The net.ipv4.conf.all.src_valid_mark sysctl is set when running the Docker container, so don't have WireGuard also set it
RUN sed -i "s:sysctl -q net.ipv4.conf.all.src_valid_mark=1:echo Skipping setting net.ipv4.conf.all.src_valid_mark:" /usr/bin/wg-quick
ENTRYPOINT [ "/usr/bin/wg-quick" ]
CMD [ "up", "wg0" ]
Raw
kustomization.yml
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: scury
resources:
- templates/aria.yml
configMapGenerator:
- name: aria-config
files:
- aria.conf=files/aria.conf
- wg0.conf=files/wg0.conf
generatorOptions:
disableNameSuffixHash: true
Raw
wg0.conf
##############################################
## DO NOT FORGET TO ROTATE TRACKERS AS WELL ##
##############################################
[Interface]
# Device: Fat Bear
PrivateKey = foobar
Address = 10.0.0.123/32
DNS = 10.0.0.111
PostUp = ip rule add table main to 10.42.0.0/16
[Peer]
PublicKey = FOOBAR
AllowedIPs = 0.0.0.0/0
Endpoint = 123.123.123.123:51820
##############################################
## DO NOT FORGET TO ROTATE TRACKERS AS WELL ##
##############################################
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment