pod-gateway:
  routed_namespaces:
    - "vpn"
    - "ombi"

  settings:
    NOT_ROUTED_TO_GATEWAY_CIDRS: "10.42.0.0/16 10.43.0.0/16 192.168.0.0/16"
    VPN_BLOCK_OTHER_TRAFFIC: true
    # https://github.com/k8s-at-home/charts/tree/master/charts/stable/pod-gateway
    VPN_INTERFACE: tun0 # For OpenVPN. For Wireguard, use `wg0`
    VPN_TRAFFIC_PORT: 1194 # UDP port - which is generally preferred over TCP. If you use TCP, 443 is probably correct

  publicPorts:
    - hostname: ombi
      IP: 9
      ports:
        - type: udp
          port: 6789
        - type: tcp
          port: 6789

  addons:
    # https://github.com/k8s-at-home/library-charts/blob/2b4e0aa1ef5f8c6ef4ac14c2335fc9a008394ed6/charts/stable/common/templates/addons/vpn/openvpn/_container.tpl
    # https://github.com/k8s-at-home/library-charts/blob/2b4e0aa1ef5f8c6ef4ac14c2335fc9a008394ed6/charts/stable/common/values.yaml#L477
    vpn:
      enabled: true

      type: openvpn
      openvpn:
        authSecret: openvpn-creds
      configFileSecret: openvpn-config

      livenessProbe:
        exec:
          # Change "CA" to whatever country your VPN connects to
          command:
            - sh
            - -c
            - if [ $(curl -s https://ipinfo.io/country) == 'CA' ]; then exit 0; else exit $?; fi
        initialDelaySeconds: 30
        periodSeconds: 60
        failureThreshold: 1

      networkPolicy:
        enabled: true
        egress:
        - ports:
            - protocol: UDP # Setting settings.VPN_TRAFFIC_PORT is insufficient
              port: 1194
          to:
            - ipBlock:
                cidr: 0.0.0.0/0
        - to:
            - ipBlock:
                cidr: 10.0.0.0/8

        scripts:
          up: true
          down: true