diff --git a/systems/palatine-hill/docker/default.nix b/systems/palatine-hill/docker/default.nix index dd380ab..22abd45 100644 --- a/systems/palatine-hill/docker/default.nix +++ b/systems/palatine-hill/docker/default.nix @@ -13,15 +13,13 @@ ./nextcloud.nix ./postgres.nix ./restic.nix + ./torr.nix ./unifi.nix ]; virtualisation.oci-containers.backend = "docker"; virtualisation.docker.daemon.settings.data-root = "/var/lib/docker2"; - # "firefly-iii-fidi-1 fireflyiii/data-importer:latest" - # "firefly-iii-app-1 fireflyiii/core:latest" - # "haproxy-haproxy-1 haproxy:latest" # "calibre-web lscr.io/linuxserver/calibre-web:latest" # "glances-glances-1 nicolargo/glances:latest-full" diff --git a/systems/palatine-hill/docker/firefly.nix b/systems/palatine-hill/docker/firefly.nix index 8afa629..4175999 100644 --- a/systems/palatine-hill/docker/firefly.nix +++ b/systems/palatine-hill/docker/firefly.nix @@ -18,7 +18,7 @@ extraOptions = [ "--restart=always" ]; environmentFiles = [ "/ZFS/ZFS-primary/docker/firefly-iii/.fidi.env" ]; ports = [ "4187:8080" ]; - depends_on = [ "firefly" ]; + dependsOn = [ "firefly" ]; }; }; } diff --git a/systems/palatine-hill/docker/torr.nix b/systems/palatine-hill/docker/torr.nix new file mode 100644 index 0000000..a9c0544 --- /dev/null +++ b/systems/palatine-hill/docker/torr.nix @@ -0,0 +1,69 @@ +{ ... }: + +let + delugeBase = { + image = "binhex/arch-deluge"; + environment = { + PUID = "600"; + PGID = "100"; + TZ = "America/New_York"; + UMASK = "000"; + DEBUG = "false"; + DELUGE_DAEMON_LOG_LEVEL = "debug"; + DELUGE_WEB_LOG_LEVEL = "debug"; + + }; + extraOptions = [ "--restart=unless-stopped" ]; + }; +in +{ + virtualisation.oci-containers.containers = { + deluge = delugeBase // { + volumes = [ + "/ZFS/ZFS-primary/docker/Qbit:/config" + "/ZFS/ZFS-primary/torr/Qbit/:/data" + "/etc/localtime:/etc/localtime:ro" + ]; + ports = [ + "8082:8112" + "29432:29432" + ]; + }; + delugeVPN = delugeBase // { + extraOptions = [ + "--restart=unless-stopped" + "--privileged=true" + "--sysctl" + "net.ipv4.conf.all.src_valid_mark=1" + ]; + environment = delugeBase.environment // { + VPN_ENABLED = "yes"; + VPN_CLIENT = "wireguard"; + VPN_PROV = "custom"; + ENABLE_PRIVOXY = "yes"; + LAN_NETWORK = "192.168.0.0/16"; + NAME_SERVERS = "9.9.9.9,1.1.1.1,8.8.8.8,8.8.4.4"; + # note, delete /config/perms.txt to force a bulk permissions update + + }; + volumes = [ + "/ZFS/ZFS-primary/docker/QbitVPN:/config" + "/ZFS/ZFS-primary/torr/QbitVPN/:/data" + "/etc/localtime:/etc/localtime:ro" + ]; + ports = [ + "8081:8112" + "8118:8118" + "39274:39274" + "39274:39274/udp" + ]; + }; + }; + + sops.secrets = { + "docker/deluge" = { + owner = "docker-service"; + path = "/ZFS/ZFS-primary/docker/QbitVPN/wireguard/wg0.conf"; + }; + }; +} diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml index 4d6a4e4..f7d10a5 100644 --- a/systems/palatine-hill/secrets.yaml +++ b/systems/palatine-hill/secrets.yaml @@ -20,6 +20,7 @@ docker: redis: ENC[AES256_GCM,data:y/ZU/9xqokLNQBdqo8QVEgOYsTJOqEfesfG/J/V3D2UFXA==,iv:CUktAC93V7ulDZRhO3X0DZL/FQrACyF2twOemNs4DzY=,tag:HmT/56kOF54PavFypGuaTA==,type:str] unifi: ENC[AES256_GCM,data:9JW2rYk0+YCBvnxz7gzDkrT+zE723ZqqCY4qLRzc3t2sm2I=,iv:QSABLUDqmfBKUShJSJS3dJXNEdRnl60XHlS6JGNAO5c=,tag:8YpAALkldb74tuby2+Aw+g==,type:str] minecraft: ENC[AES256_GCM,data:74bxM/hHEwcMqqHSHR332mhIVV36HTBS7eCpkncclTq/oWf9bZQvmroz5tOpOwaq+Mj+2rNs0tXN/iB47ksji1lgqsiXDaM/R+9kAA==,iv:dUYAT9y8tU3jsqIgod4I1K8rHGOzSUuedkq8uDnNN+A=,tag:DDmhBHm/YO3/lH/qNxB8gw==,type:str] + deluge: ENC[AES256_GCM,data:gGaVth/2HsWo39ph/EeX98aIur0fi+GxYzLlJC5Y7oxT5Fzxd15AMCd6ET6ubjNPaoE24ihDMC6KxbHohnwTCzCkYpQNcSiIIuBpk5GZ5NRiGRlSsSZ9jFmG+86J7Zc7OdL7UG/j3CvARQT8ZJSPnAET4Qy18VXB6CkD3YI8G0Fc2Y9S88MILUTAS8QFguDm5Q69ckbJm3ZABcH9lS2Tq8ORNe1vGZqqNRGOppP/5aXF5jC0GUhke/1IEM61B1HPj/kphyOskTHwnxMsDP6YG9V4EzvCNui4oaNshe4Azxu/w5oTWLXbreFBS3WV3Dr0LSQ2+O+cSK+tTPhP13cVdvdKod1z+qk/I9QLlgHGhGKZrj8RafH0CH5x9A1km0a3bS0K66circm2xAmbUSoKZI7cTgvUzXEDhVkDoVET9JRfi3MxDxBT5Qxmqn8c5UbtNFHjNtq1kQ0WeEkKeFtz7QYPqJIvpF42muDYSvobLuqL3x6NolK0cbJkLg5v1Ef7Q4JjaK3X7wSU66aowLxGi9iAPaljWpOsgBN7IJXrJSd3jAtgtOt3ADPmfG2kyEITra19POQyXl7/4ulFWD+CIMT047erC65fhbgu3c7MHs7orTp6tnwWE55+hRv/RwSuKk7S4u8G/+IRRKomYCemLq9G3yvWtwUou0XXYDbkGoG+9d7aRCnf/E9aew0MniZthLpXsauxUxpAwlfrKf0PfPQ33jrBr50vG9RVn+DD939gkLv4e0uK3WlchCLbz6h6fclnabXlrzB2/vmBT42Q1d3+l3BkDcHNmpGTs5IsAhuUqqeNk/OVhFe81xMc6jfBzfEuulZ6yuTR8WkKgApXx6xZ2uIZSm8l33y3+Cohk28pjwUBrlKWvQecCzi4MEExDO7XAETjA6RpMy/USBQU/mRBf5C9sV/M0N0qYtILlLrYOvcINUsWU/8YHbk38RYTyOZZxcvgXle+bKgElmbKqwYOztYa5Mg=,iv:PrSGlvAPZGbPrw6I72qr3sWzZrX55N9oVzy6GOnHVaM=,tag:2B4mXQd1P3oWE29lXVz/Xw==,type:str] sops: kms: [] gcp_kms: [] @@ -35,8 +36,8 @@ sops: NEtBOUhoL1Jwa0JCT2F6eHU2ZXRPNlkKrmHwy+midzVRSLv835osyupkgtq5hqWC bDjJw9Yo1mXmppDT+0d8tDmsfk51ViRS5X7LIhZdQ+fzNHpWtISdIw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-16T04:49:00Z" - mac: ENC[AES256_GCM,data:Vt9KVS2bzXsWyMCApsohwOocdhxyhPaqhBHSK54RwANEigeaz/U2wjX3VQGfemjLjot//fqb8wJqZ7g9Tj3xUZ7FUbYcmT/zy75ZEG5DVpRgFMW/vH94oxXuIPIVyfAvY8q5tLckApbDzDf/CdaI8ATcI4J/7Vi2oPSbEvXPVec=,iv:ikMVxKgYg1kbfu1fndx/frhGuno0o1YRDgW33mpHm8U=,tag:rz5pBdyM68BFXXfC3Bkuyg==,type:str] + lastmodified: "2024-08-16T16:13:46Z" + mac: ENC[AES256_GCM,data:sGmhrktBTWU9jjb3qU1UiY28WJMJ3xSsfYe9yjxYdv7HSrq3sBcZmXXi8n2oyt5WkIvTQh2Yhtalccu/PTiQGASAIgWg42wRlsnLcJtsD1iZGNgnXgPkjMj1cFC9mviJoRc+njzfzbseth7LYe44nDpFGw9/Olm/aLVV8lNXYuw=,iv:VBQLZaCNKNQeddVscYw1stvjOLVZOgH8wgPMyy+59EQ=,tag:j42keTgrQlP2i0laY4zndQ==,type:str] pgp: - created_at: "2024-08-16T03:39:41Z" enc: |-