From 1397f3bce8b12a50378f77356ac32bbf8527bfc2 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sat, 10 Jan 2026 01:07:18 -0500 Subject: [PATCH] split gluetun instances --- systems/palatine-hill/docker/torr.nix | 53 ++++++++++++++++++++++----- systems/palatine-hill/secrets.yaml | 8 ++-- 2 files changed, 48 insertions(+), 13 deletions(-) diff --git a/systems/palatine-hill/docker/torr.nix b/systems/palatine-hill/docker/torr.nix index b6373d2..75c8e46 100644 --- a/systems/palatine-hill/docker/torr.nix +++ b/systems/palatine-hill/docker/torr.nix @@ -42,6 +42,8 @@ in "--dns=9.9.9.9" ]; }; + + # temp instance qbitVPN = qbitBase // { # webui port is 8081, torr port is 39274 networks = [ @@ -57,6 +59,29 @@ in "/etc/localtime:/etc/localtime:ro" ]; }; + gluetun-qbit = { + image = "qmcgaw/gluetun:v3"; + capabilities = { + NET_ADMIN = true; + }; + devices = [ + "/dev/net/tun:/dev/net/tun" + ]; + ports = [ + "8081:8081" + "8083:8083" + ]; + environment = { + TZ = "America/New_York"; + # SOPS prep + }; + environmentFiles = [ + config.sops.secrets."docker/gluetun".path + config.sops.secrets."docker/gluetun-qbitvpn".path + ]; + }; + + # permanent instance qbitPerm = qbitBase // { # webui port is 8083, torr port is 29434 networks = [ @@ -72,7 +97,7 @@ in "/etc/localtime:/etc/localtime:ro" ]; }; - gluetun-qbit = { + gluetun-qbitperm = { image = "qmcgaw/gluetun:v3"; capabilities = { NET_ADMIN = true; @@ -81,15 +106,7 @@ in "/dev/net/tun:/dev/net/tun" ]; ports = [ - # qbitvpn - "8081:8081" - "39274:39274" - "39274:39274/udp" - - # qbitperm "8083:8083" - "29433:24933" - "29433:24933/udp" ]; environment = { TZ = "America/New_York"; @@ -97,6 +114,7 @@ in }; environmentFiles = [ config.sops.secrets."docker/gluetun".path + config.sops.secrets."docker/gluetun-qbitperm".path ]; }; }; @@ -104,7 +122,22 @@ in sops.secrets = { "docker/gluetun" = { owner = "docker-service"; - restartUnits = [ "docker-gluetun-qbit.service" ]; + restartUnits = [ + "docker-gluetun-qbit.service" + "docker-gluetun-qbitperm.service" + ]; + }; + "docker/gluetun-qbitvpn" = { + owner = "docker-service"; + restartUnits = [ + "docker-gluetun-qbit.service" + ]; + }; + "docker/gluetun-qbitperm" = { + owner = "docker-service"; + restartUnits = [ + "docker-gluetun-qbitperm.service" + ]; }; }; } diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml index bf58425..c613fbe 100644 --- a/systems/palatine-hill/secrets.yaml +++ b/systems/palatine-hill/secrets.yaml @@ -32,7 +32,9 @@ docker: sonarr: ENC[AES256_GCM,data:X/hM31ZyHybvy2eQzVnmq8CH1AqBgz1pxq7tKC4lZB3ryAbnEIJksffem8+35tWt/0r5cEH4aaIKD1kS7Q+Ma+8JrRLcWkt6CZq/wspz,iv:44FfdVpQCposXshzNe5DXAxExeQzjVKhkZaVbgKo8KU=,tag:WIWWUt1XBngUTwwqhCrcNw==,type:str] lidarr: ENC[AES256_GCM,data:xERBECneutNUMZRrHukp8CaNrpI7SXUB16zUkauNP2+wto3eIc/K+2nMCkbwSC9AKlSjnUGSiORmAWn/jofTAuEzQljkCR1XCSkJRMmL,iv:iKf4fZtCfdjT/KuMFK5VFoLAV+Lll8uJowe9Q4cHyYw=,tag:xzmATTkrYRYm9Mw23zEO5g==,type:str] jellyseerr: ENC[AES256_GCM,data:7dDfHFp8+WbJqrf7Ms/gmfroBePwegXh5CXn5FcOz8IEK7rTvr9KZfz9x/1BwdD8,iv:ZPi3OcMfH76A08piKY4P7hFbeMyouwBoeN5oL3ExzKU=,tag:oOZ37dy/y+DFqNRfAHexvQ==,type:str] - gluetun: ENC[AES256_GCM,data:RgUa86akzrpK25RSdl1qDCUskWR6VKA1g4Vkqegx/bov6rGS3xFsmhitxBhNX+SZh+OJueAljJ2cvHg9wgSvkn4PhYRJZfynZgBZ2TN0+af/Eh5VfkSoO609g1uyyJf2BFv15NwUTDAGQ+C4vhAaterWMH+x6PU0x+oZXHoFcZuA308bqC/vPnbWs4tBWqtv3gsLkRGoWaVJwG0NNwk1fM8nkA+AHLxgyXjcEvrFSjeyJ2aXQxSFoK8FMDyjkueZTqzB8FM6GhH2Ij4et1lbJyUTiAD0GPA3WeoNX8FCVQag8LU0a2/N2UAEbgAMqSCSBZVLaxo3PKys7bwpwvBbz1zFdN+cZFBssjZIubyqXzskxmgq6dZS53bYMm2V+GC1l2kAdRHgN3oycBZPm599EAzZYkZGYnm8vmVU2YLHyQKj2OOGJFGcFAirRPMil7XVBMtkIs5MPFzS0BYk4RVBsoUN2xLRIANLhB9qJRot5bfhekYSZW11YhjfRCCqLAoE3DooRQtzuBVw9i+lNGBpXM1lsfnqhJgyFkMDiQgB3ZEf+gLkFpJ26o1vErTYai/2exwW8ErZCMrL/wmUGypRvf107j3lEekSwuj43u0A8CwvSKT8hHquGsX0iR7bRPQcz8rJH819BBVmIBI4Qab+4fD6mcBWTGr4CILyYE3b2bMw/94ttH5w/wPvmw9aSwGGC//Pa7ZiTl3UH6Lx17b+N9+mNohlNgoOiAESK7UAxwi0C+zRusOz4tqBt+jcvP6BGJfeXzkxnEkLonfwjImvGLd0KYJLnyhAMMSZuycKP9KkyyIAj8TgBdBNu6dbL2TaSByiG5YU097ygG5Qk5Mg2rrHTq9vT/Z8SMqNp+wSC/kJae7shMyQjENovhltfaQBKVqksAiyg9rSOL8MY0IkG4SfV5FfLLFeA0HpbHc7f4xlak6FIwdtphULP4fzuiYZCxHAq2FBklSfnFTUzeqtvhQefGZX1tvALVnHYvDxaqBJ/F7wf4ZTMN7KW/eR8QxNfwxPiDC5LnxDz4yI4SXF0gIE4a0Si6uoS2yXzjPzIuP0vYW1iRMem1OKkdCdl0elKuWXe1J+8F6Y0zx3PNth82+hPTbxPvnQgbNdRPn+j0aNWddV6fGI1lTXEPujyNWBVBaVcT8OJONRZm5ILedykuEXaVeJLiVzYG1BwdY9jJZthUHrMpYUurdOQ4/wvvY5k1Dl8HA5a0UHXUXg6Zk6V5MRX9ico+cWyb6YWytKJQjD+j18kg==,iv:da4nJpgFYSm0oisDpgc9fj5b2YFiIp8O6K/Prh79R4I=,tag:6occREIxacZbigBIPdlQ5w==,type:str] + gluetun: ENC[AES256_GCM,data:ryhYVOYEZl5zDs+xMgbWI6q/Ei2AiNZJMxT/TcaHzTEocINgbczWk9GKeeZKno71vFXiF9/tPpYavLqvjWNL77doWDB+wiYrtBJ97PkQ70dqWntua9E8eCalYlIZpRbLsl5OA9ZHorIMPjjSB2CRYLCqq30PPi5I2TtRvs/g6LRUN4sZ/E2TTUjz7AEY7228ZEuHt1UkU+dY/jEbx6fwrm/ocP8xKvYUuAR1/Cx/z4N0mqmVl+FX/5dRSkmhpfAxO9ss898XKiJW4rewQIbG5ccYal+reZZr70TaEJQqg5KIfAnbp6dEjAsSXnRiEF801JXM0h+d14ECT4tQmdyvYBdCVnJ/Ibqw9D15cViHmeDbR68spqOCj67FSMKxgCVx4KFrxPOualsULX7RL/UbHq2cwyziSFkH4n2ljFlKohyj39F7EparJbiCOumNfhRWknDDwvXY+BjJhbAe19ccKP6QWrS68uBp0cTXqb0rVN/qlfz6Sj5EYj5M/u0rl6d5xctnKmOzfLjI2m5+E9WfDJaAUcP/Ihs+p2eD7aSQTIj+O7I66ju+UAz66D9ZoU1U3uVQ9gaPI5dOMmYdLKS3b19EVytwW2W13d0WXKIw5Vfb7MvFh9I0iPWq+ntL4jQzMYSwV5Y=,iv:Cy3h5I3vbqKORdqw91SHL4tRMeGHMLsXgQ0USJ2jtzk=,tag:0J/p1sUQfXR4ujjY7VzZuQ==,type:str] + gluetun-qbitvpn: ENC[AES256_GCM,data:3IdmuLvWs5YRQZuG9y1GRTMKMbR7OynUUVluezviDOV22EkABvo3Ic/+xZrWi/lzAhQRwRsCGjinlUJf7lBvPLg53HaIplbzSIyd3IPLbKzEVAK32WYB/M5cGNQW+XV8TiKK72HO8+WG588A0bsuvp/wQ86ohpRHVrnlboANLS3diCNXI3VdFIHPGpvM77TqB3/vo2AFLKjxi2es4l6KRam8cEUFAz0eH03tTUYaxy+ewA5IZCQSbMURLFKKdh0EATTG5jIz3jFp372fnk8UBgFPeH8+N9VHNM6rnV6zAsC2Vlj2E1YQRTRqOwSK0NRAAV5NBbr7zumS3VS0rVUpIbZVrW/C2BSAVbzowkHuo5o1B7UFsryb3s2FJJGF2biaDoL+ijM5a0Qi4LfNeaSLNKrzaTin0wYq8rPrQKOUBZL4t6FsRbG7KHmfwM4uYdWqV5h1syjI9WWReuePVb416YvqSH9p8HhNsDTka8IGgYkHcYAXYuuxUc6sgQONBwrsdeN5Dhq1IedhuOW+3qAV+hHl8qmVgiWZ8Ss+nmo016nsikifEp08N7J8t3f86/SFZO+YMBxQ/K9PJLsJzR2jsBcf2aTlq0cuzXDvb4cMtro=,iv:N9zdyKJDsj049j5hZOSnAkS/VTWlC3crTODJKIpYYko=,tag:uYHq3CZj0P/BAv+0Ak5ZEw==,type:str] + gluetun-qbitperm: ENC[AES256_GCM,data:kzSrILs78UkzNeAvxoDU3QsLKdapQNyQW9nq0it+7HhhwDQ0MJB1s2Ek8zKErTatpwzG8xiUK0HwX5hFLgNZYc+OE0CH4PUrgX1t6dykuPLD2rKQL7veElNgqhX0/39xNyopyJk2UMVFNSqoV1DCC/ja9MqX9+jBYk++7DeX7v1Gl1ntjzJ+zIscg0nOTN1eQAHtiOWtFU0COC/aA8KS+HLIsMkjrIk9UD4C/DE8AOS07s+gDxPRtl6L7324FRqjEHNyxAobWOOLeG711RZcskF7dlminVJu4aVGbBwIy/zDdHFxRwO6yaLr/AqrTlRVOa2O8Qu2Ydpv8ZNj2F6fHrVNNmVwvMEKYibV6oMVo72uT+DTz/mFaYuTUeuJfkdCy7tnQYhBnpbd5J4mKfVb8uOF9Tx02kL2fTFKyvtET3nrtakQUjv8mEqHn4F8136O2JvUBN5RmC3B3vRdFjYgdfwy8hUT9b0Cmi8w0Zzs+XGMRdvWv2g6b5fmlAn0K+a0KB1fdDLhvbIXhY+sYzR3yOH01K0lW3xVdnl1eMIFjZkUGRTi32HyCYb0SUA1EcXmtA4XmyZ6HHFEXFA5y2guVqU4xLyXXldM+lGB7yGLMcM=,iv:kuueHxYafrEdyBxGUBoU2ks7kdr/rWMnXZmE3Kx/iK4=,tag:bNIfP3H5/Kh3ofuCGGx5Hg==,type:str] acme: bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str] dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str] @@ -51,8 +53,8 @@ sops: cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-01-10T04:27:00Z" - mac: ENC[AES256_GCM,data:10ARAN9OFiLvkKh/q0b3GaEZoji8esNPnxf3C5XFRaCHSGQkXpdYACyKutpJ1ib72N23DT854ujQ0VowSVU7LnCf7lZZ8cxImvKrtjs/oFzRpi5ZavI6MtSEuohuSyOYd5lcpVl3+v4vJVd4SW8NkpkcdKmfgT5XIaUgzZYkxXc=,iv:lOlc8qMeo9G+pGglaIJ08oF5x2+rhtUdpuvWiPEUtXQ=,tag:SHQPdy9wrnwUS/KT1/KY5Q==,type:str] + lastmodified: "2026-01-10T05:52:21Z" + mac: ENC[AES256_GCM,data:DyLjQrIXJD7udT32xJ20WgCYr+4zXr7s0uuVMxOYSiC1VphhV+BQ2BgGF0bxAfx1n+JiO2BnyX8uD+z/iWh/k/9+UBGnL3MPJ5L5ffvno8hktVU9NHO72xkugYIkbSievTYrJGcSwWAsfJGTm4+1rG9GgcSoxIvRUoR6QJss22s=,iv:pHkPR0Va4bKjZVzNtvsDJ211ORNvNyZfWRf70OWI01w=,tag:/gEp09I+1nD6Cn6dPGZglA==,type:str] pgp: - created_at: "2024-11-28T18:56:39Z" enc: |-