automated: Update flake.lock

Auto-generated by [update.yml][1] with the help of [create-pull-request][2]. [1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml [2]: https://forgejo.stefka.eu/jiriks74/create-pull-request
2026-01-04 12:10:17 +00:00
6 changed files with 104 additions and 92 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -242,11 +242,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1767556355,
-        "narHash": "sha256-RDTUBDQBi9D4eD9iJQWtUDN/13MDLX+KmE+TwwNUp2s=",
+        "lastModified": 1767525999,
+        "narHash": "sha256-1E9xlYlyl3EnUrwxoaJMTK7dFrC2llL/TJ+T4xIcXDY=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "f894bc4ffde179d178d8deb374fcf9855d1a82b7",
+        "rev": "7d5927b63cea63deb655b3e8421ae17ebb9feac2",
        "type": "github"
      },
      "original": {
@@ -650,11 +650,11 @@
        "tinted-zed": "tinted-zed"
      },
      "locked": {
-        "lastModified": 1767559556,
-        "narHash": "sha256-Pf1d9Hh9UUQ/oS+evq6dU0MiaDczXXNztTlQekaMbW0=",
+        "lastModified": 1767397606,
+        "narHash": "sha256-QA1d/6XzxK3lsMiJ+xiJf340cpNeJs/xIM6D0/yLqs4=",
        "owner": "danth",
        "repo": "stylix",
-        "rev": "b135edbdd403896d1ef507934c045f716deb5609",
+        "rev": "6850ad2e9f3f7ff6116e9e6fb73a9cca2d9b1a35",
        "type": "github"
      },
      "original": {
--- a/systems/artemision/secrets.yaml
+++ b/systems/artemision/secrets.yaml
@@ -10,7 +10,7 @@ example_booleans:
    - ENC[AES256_GCM,data:6SJ0JKI=,iv:J0qSvWoOcDwSXCKyau+a0YcCGuH5WABHVh6Kdigac20=,tag:WQdNfjcubbzoHnQW4gua8g==,type:bool]
 apps:
    spotify: ENC[AES256_GCM,data:tIABPphA7Vr6VNvJpWTS9kDmidU=,iv:ciQzr8jyIcHYi797NKypPs7FhDgK5ToVZ0eZHHF8UtE=,tag:wUTL/x1p24cXyPUAL1dPfg==,type:str]
-wifi-env: ENC[AES256_GCM,data:mxPCyunx8yOahcuVhZCzuqAt/G89lMBnZme+qwcxO4LsCftx7h2FotA+wnlj1++vmPW5zL72q2kzxh0KcVlYqK9fpOrMY/FJeJXWYNMZIHesmWKlaaeA1wM/q1dSllwuVuULp9WQzipiQHwcCCLseo3bmCsYpbs8PUibrDgbDqXreTSjJBNTVzwOGpz1bZCSpEynS+dQQViRSNcVeYTOLxrOTxx5lyEOIhgIc3167ObhK+7bJVG2ZcP209Gllip4XkCj/FKnEwg2vVF5Dpofz7T2Op5ef/oNzahhKmCa+k7OPqITWwPYZg7pqAf6jdMy4eBP/A==,iv:Q6IMqePFwd1b1pSuh+TIwcag2bbJXyIYUmJWY6UaaqI=,tag:UZ5ak6nmHkNG0uBMTl1CwQ==,type:str]
+wifi-env: ENC[AES256_GCM,data:2BM4wQq+RfASkg9lcH+fW7eD0VaPJMXABp3z0sYXqZbVzv9R9eAxSokxzcifT/1JK8PBwvZkWtEFrKAT3phXIZzoEySnGKGYazz8fqWWWhMJotLNNo5VkX70hLppgE9vYxf9vQSq0PLWYCN0jUO0H9mHjOT6mDzKUHegcC53jzkNY3WTfLkyzDWJVMP9IbVQ22N5QlJbzZNqrNTaOtcRm06PBz7pNuEKOy4jj5ipZOh6ceR81Xy6BXM7MzFN27lYbzfVvcDmlwqPORAmr7/00QBy2cp38rTswJEzYf1x2Q==,iv:DSTVPw9qtmo02/usZZDpHsYlX3sSW+2XrnawtBkRNmQ=,tag:3p3eW+3BEQrOmHlBNUEOaA==,type:str]
 #ENC[AES256_GCM,data:G9ggYJ3YA+E=,iv:nZ5NgeyNKFXFIpquoY68Z2Jz9QROqvf5tv7/s1wSgKk=,tag:QAX555IsAMaWAlz9ywSzjQ==,type:comment]
 sops:
    age:
@@ -23,8 +23,8 @@ sops:
            d09aSXN0ZUh3VC9XeTZ4UWoxVDNVN0UKF1eU/IQJgJ8Fg+MrfqQuEZZ775hvtUJR
            D/ZS4vj+sDLWq6gy2lIBhRSIAHWrz5gHxvOOGmRnpvkqh9TS6XjLIA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-01-03T19:32:16Z"
-    mac: ENC[AES256_GCM,data:q5NppTtZZA9Oo15zI0pAZ/YN2qu0TneDPMJY9rXtWlYfG7Pq5taRyc9MpV7CyEt+qWMkN//O3/sA4jmQTtpT8JuYIEa+/x5cfSZ5w0ErjKdV4/IyDs1LPDKNLXIWlmPMo61VvsKW9DZRBRml9qtR1ypeHBuz0pjECBwAQPEcw9k=,iv:X7wUOxn4BsvqCPmNZvH75hyAzUeD7Qtp+4e4SLpPWlI=,tag:Dp6Bu3zEkRaRPdOwWil13g==,type:str]
+    lastmodified: "2025-05-15T15:37:51Z"
+    mac: ENC[AES256_GCM,data:qJ8NdnzVrgQb0rGwjZFHrS+eJrUjQEk4M4uo5bnk4eY7aKaHejARcYOIhp0H/DMdlix+Dm3DAAeeRWn8AKCatXaSzYD/VHHbjfp0lKBCsC8CZFeCELQ5GGEHnVot3WGb4J+QdfupwdduExSSMd6XeZGFVbSGhLzRbiiWA+i8I3o=,iv:oxWiDCH60apKT0/fJbWp1cIZ9cvd6mJKlP3xAjMBXIo=,tag:0We6eCJnsncujCt+CwK9UQ==,type:str]
    pgp:
        - created_at: "2024-11-28T18:57:09Z"
          enc: |-
@@ -39,4 +39,4 @@ sops:
            -----END PGP MESSAGE-----
          fp: 5EFFB75F7C9B74EAA5C4637547940175096C1330
    unencrypted_suffix: _unencrypted
-    version: 3.11.0
+    version: 3.10.2
--- a/systems/artemision/wifi.nix
+++ b/systems/artemision/wifi.nix
@@ -29,7 +29,6 @@ in
      "Verizon_ZLHQ3H".pskRaw = "ext:PASS_angie";
      "Fios-Qn3RB".pskRaw = "ext:PASS_parkridge";
      "Mojo Dojo Casa House".pskRaw = "ext:PASS_Carly";
-      "bwe_guest".pskRaw = "ext:PASS_BWE_NE";

      # Public wifi connections
      # set public_wifi on line 5 to true if connecting to one of these
--- a/systems/palatine-hill/docker/torr.nix
+++ b/systems/palatine-hill/docker/torr.nix
@@ -1,108 +1,130 @@
 { config, pkgs, ... }:

 let
-  qbitBase = {
-    image = "ghcr.io/linuxserver/qbittorrent:latest";
+  delugeBase = {
    pull = "always";
    environment = {
      PUID = "600";
      PGID = "100";
      TZ = "America/New_York";
+      UMASK = "000";
+      DEBUG = "true";
+      DELUGE_DAEMON_LOG_LEVEL = "debug";
+      DELUGE_WEB_LOG_LEVEL = "debug";
    };
  };

  vars = import ../vars.nix;
  #docker_path = vars.primary_docker;
  torr_path = vars.primary_torr;
-  qbit_path = "${torr_path}/qbit";
-  qbitvpn_path = "${torr_path}/qbitvpn";
-  qbitperm_path = "${torr_path}/qbitperm";
+  deluge_path = "${torr_path}/deluge";
+  delugevpn_path = "${torr_path}/delugevpn";
+
+  #genSopsConfWg = file: {
+  #  "${file}" = {
+  #    format = "binary";
+  #    sopsFile = ./wg/${file};
+  #    path = "${delugevpn_path}/config/wireguard/configs/${file}";
+  #    owner = "docker-service";
+  #    group = "users";
+  #    restartUnits = [ "docker-delugeVPN.service" ];
+  #  };
+  #};
+
+  genSopsConfOvpn = file: {
+    "${file}" = {
+      format = "binary";
+      sopsFile = ./openvpn/${file};
+      path = "${delugevpn_path}/config/openvpn/configs/${file}";
+      owner = "docker-service";
+      group = "users";
+      restartUnits = [ "docker-delugeVPN.service" ];
+    };
+
+  };
 in
 {

  virtualisation.oci-containers.containers = {
-    qbit = qbitBase // {
-      # webui port is 8082, torr port is 29432
-      environment = qbitBase.environment // {
-        WEBUI_PORT = "8082";
-        TORRENTING_PORT = "29432";
-      };
+    deluge = delugeBase // {
+      image = "binhex/arch-deluge";
      volumes = [
-        "${qbit_path}/config:/config" # move from docker/qbit to qbit_path
-        "${torr_path}/data/:/data"
+        "${deluge_path}/config:/config"
+        "${deluge_path}/data/:/data"
        "/etc/localtime:/etc/localtime:ro"
      ];
-      networks = [ "host" ];
      ports = [
-        "8082:8082"
-        "29432:29432"
-        "29432:29432/udp"
-      ];
-      extraOptions = [
-        "--dns=9.9.9.9"
+        "8084:8112"
+        "29433:29433"
      ];
    };
-    qbitVPN = qbitBase // {
-      # webui port is 8081, torr port is 39274
-      networks = [
-        "container:gluetun-qbit"
-      ];
-      environment = qbitBase.environment // {
-        WEBUI_PORT = "8081";
-      };
-      dependsOn = [ "gluetun-qbit" ];
-      volumes = [
-        "${qbitvpn_path}/config:/config"
-        "${torr_path}/data:/data"
-        "/etc/localtime:/etc/localtime:ro"
-      ];
-    };
-    qbitPerm = qbitBase // {
-      # webui port is 8083, torr port is 29434
-      networks = [
-        "container:gluetun-qbit"
-      ];
-      environment = qbitBase.environment // {
-        WEBUI_PORT = "8083";
-      };
-      dependsOn = [ "gluetun-qbit" ];
-      volumes = [
-        "${qbitperm_path}/config:/config"
-        "${torr_path}/data:/data"
-        "/etc/localtime:/etc/localtime:ro"
-      ];
-    };
-    gluetun-qbit = {
-      image = "qmcgaw/gluetun:v3";
+    delugeVPN = delugeBase // {
+      image = "binhex/arch-delugevpn:latest";
      capabilities = {
        NET_ADMIN = true;
      };
-      devices = [
-        "/dev/net/tun:/dev/net/tun"
+      autoRemoveOnStop = false;
+      environment = delugeBase.environment // {
+        VPN_ENABLED = "yes";
+        VPN_CLIENT = "openvpn";
+        VPN_PROV = "protonvpn";
+        ENABLE_PRIVOXY = "yes";
+        LAN_NETWORK = "192.168.0.0/16";
+        ENABLE_STARTUP_SCRIPTS = "yes";
+        #NAME_SERVERS = "194.242.2.9";
+        #NAME_SERVERS = "9.9.9.9";
+        # note, delete /config/perms.txt to force a bulk permissions update
+      };
+      environmentFiles = [ config.sops.secrets."docker/delugevpn".path ];
+      volumes = [
+        "${delugevpn_path}/config:/config"
+        "${deluge_path}/data:/data" # use common torrent path yuck
+        "/etc/localtime:/etc/localtime:ro"
      ];
      ports = [
-        # qbitvpn
-        "8081:8081"
-        "39274:39274"
+        "8085:8112"
+        "8119:8118"
+        "39275:39275"
+        "39275:39275/udp"
+        "48346:48346"
+        "48346:48346/udp"

-        # qbitperm
-        "8083:8083"
-        "29433:24933"
-      ];
-      environment = {
-        TZ = "America/New_York";
-        # SOPS prep
-      };
-      environmentFiles = [
-        config.sops.secrets."docker/gluetun".path
      ];
    };
  };

-  sops.secrets = {
-    "docker/gluetun" = {
+  systemd.services.docker-delugeVPN = {
+    serviceConfig = {
+      ExecStartPre = [
+        (
+          "${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/openvpn/configs "
+          + "-type l -not -name network.ovpn "
+          + "| ${pkgs.coreutils}/bin/shuf -n 1 "
+          + "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/openvpn/network.ovpn &&"
+          + "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/openvpn/network.ovpn &&"
+          + "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/openvpn/network.ovpn\""
+        )
+        (
+          "${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/scripts/links "
+          + "-type l "
+          + "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/scripts/ \""
+        )
+      ];
+      ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/scripts/*sh" ];
+    };
+  };
+
+  sops.secrets = (genSopsConfOvpn "se.protonvpn.udp.ovpn") // {
+    "docker/delugevpn" = {
      owner = "docker-service";
-      restartUnits = [ "docker-gluetun-qbit.service" ];
+      group = "users";
+      restartUnits = [ "docker-delugeVPN.service" ];
+    };
+    "docker/protonvpn-start-script" = {
+      path = "${delugevpn_path}/config/scripts/links/protonvpn-start-script.sh";
+      owner = "docker-service";
+      group = "users";
+      restartUnits = [ "docker-delugeVPN.service" ];
    };
  };
 }
--- a/systems/palatine-hill/firewall.nix
+++ b/systems/palatine-hill/firewall.nix
@@ -45,14 +45,6 @@
      8686
      8787
      5055
-
-      # torr
-      29432
-    ];
-
-    allowedUDPPorts = [
-      # torr
-      29432
    ];

  };
--- a/systems/palatine-hill/secrets.yaml
+++ b/systems/palatine-hill/secrets.yaml
@@ -32,7 +32,6 @@ docker:
    sonarr: ENC[AES256_GCM,data:X/hM31ZyHybvy2eQzVnmq8CH1AqBgz1pxq7tKC4lZB3ryAbnEIJksffem8+35tWt/0r5cEH4aaIKD1kS7Q+Ma+8JrRLcWkt6CZq/wspz,iv:44FfdVpQCposXshzNe5DXAxExeQzjVKhkZaVbgKo8KU=,tag:WIWWUt1XBngUTwwqhCrcNw==,type:str]
    lidarr: ENC[AES256_GCM,data:xERBECneutNUMZRrHukp8CaNrpI7SXUB16zUkauNP2+wto3eIc/K+2nMCkbwSC9AKlSjnUGSiORmAWn/jofTAuEzQljkCR1XCSkJRMmL,iv:iKf4fZtCfdjT/KuMFK5VFoLAV+Lll8uJowe9Q4cHyYw=,tag:xzmATTkrYRYm9Mw23zEO5g==,type:str]
    jellyseerr: ENC[AES256_GCM,data:7dDfHFp8+WbJqrf7Ms/gmfroBePwegXh5CXn5FcOz8IEK7rTvr9KZfz9x/1BwdD8,iv:ZPi3OcMfH76A08piKY4P7hFbeMyouwBoeN5oL3ExzKU=,tag:oOZ37dy/y+DFqNRfAHexvQ==,type:str]
-    gluetun: ENC[AES256_GCM,data:LSIHzw4HXoegkPwpEzLGFZfrAJG37Qcb+1aPVkbqElMyezxgEXUMzA3IOjkI/2aREmfjnm2gQxuidtvL+50jT7bBP6I/8+BTifVfdgk1nqtLasyGRcjDi2BGvITFGoXoHMY+3cNp1bhrDp0VjOtkwR4S2EsTajvUjvuj+TKcPkBlBIjNhO0UXbBZhfh0cERCEa5BxKz/wOKgyu8Gqgts+QPFhVpV/xT8LzI1Wx3+fG6UxUFqeY3XKsPf8Ku9Ghw+D9ZEbMOxbXsRg0ljtwHJ+o8SJ1mQCSkkbCHKskFwM7mH3xqBQT7HlnI3xKHpimCTB1FUQLxJoJ9eUWEfJKnFv363OgnUdB682vofFe1H/hzKP9/EbdGxe1JYqf+9VlYcoYXnFxJhBwvd3zjRJpDZRoiIndSTopi46A+nsw18jRtj6VQaNvbqe76bZWN7+cCzfNHy57qZSF0bUKqLj1HoBSDbPrxFAkuOdelHmMBx6Aer8MEepR1YDOS1rW9Uw60vYgyQDGdHz1pU4JUkD4Ny5gc2nOnAoHjzqCHX0rLqCiF/qOEfDI3cb0g48ccH5n8TyjO4mtoj0Q==,iv:0IQfKX0KcdCloo8KEyQOpoZ4NdwX6am46b0QPHOXguA=,tag:9hCV1TDycq0XUcc2Xd1//Q==,type:str]
 acme:
    bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str]
    dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str]
@@ -51,8 +50,8 @@ sops:
            cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At
            LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-01-08T04:11:30Z"
-    mac: ENC[AES256_GCM,data:dSrAVkL44NOXqgFog7XjD+zSane7YeqKM/SnAPaDNEYJVUcS3V1RYdL8Br1Vjrgac9ZVMU2W04jXCuZPg13uFsyYgczC0l1s39FodKnRc7Xt8eoHSejsETBeaaC8aLH7xVhWGk+fR4w7o4Vw+gtOzKPyvobuevBZfg7ugfObn10=,iv:vfHm3jjKXdi8V+2x8br5DqVgDgchJ9yewgP0vfeOP9M=,tag:z4bkPbK6weHaPyYbGJxaOw==,type:str]
+    lastmodified: "2025-12-25T17:45:31Z"
+    mac: ENC[AES256_GCM,data:lVRqQWnO1RvmoW13/xCpP2SvibccRWwmr1Gyj6EgrE+V+Iu1bfnZRkTkHiFIQqQLQgCy2qBiSHeZF/dNERe83eEwpXgRQAduarpE/qL8K1mxcwf5HMMYACjlNfsL/I1/TCJrJ7DZBxI4neRLetc5OpScVXqHj1neOodD/g8n+ls=,iv:+gZpo0I2NVYz24o42mUW/OkfONqNSjgaJeKeFdKx7dg=,tag:EJnpiotQuBKth21mdhvjZQ==,type:str]
    pgp:
        - created_at: "2024-11-28T18:56:39Z"
          enc: |-