diff --git a/systems/jeeves/docker/internal.nix b/systems/jeeves/docker/internal.nix index 3b94516..cc8fda3 100644 --- a/systems/jeeves/docker/internal.nix +++ b/systems/jeeves/docker/internal.nix @@ -1,7 +1,9 @@ +{ config, ... }: { virtualisation.oci-containers.containers = { qbit = { image = "ghcr.io/linuxserver/qbittorrent"; + user = "600:600"; ports = [ "6881:6881" "6881:6881/udp" @@ -13,7 +15,7 @@ "/zfs/torrenting/qbit/:/data" ]; environment = { - PUID = "998"; + PUID = "600"; PGID = "100"; TZ = "America/New_York"; WEBUI_PORT = "8082"; @@ -22,6 +24,7 @@ }; qbitvpn = { image = "binhex/arch-qbittorrentvpn"; + user = "600:600"; ports = [ "6882:6881" "6882:6881/udp" @@ -35,7 +38,7 @@ ]; environment = { WEBUI_PORT = "8081"; - PUID = "998"; + PUID = "600"; PGID = "100"; VPN_ENABLED = "yes"; VPN_CLIENT = "openvpn"; @@ -48,13 +51,14 @@ DELUGE_DAEMON_LOG_LEVEL = "debug"; DELUGE_WEB_LOG_LEVEL = "debug"; }; - environmentFiles = [ "/zfs/media/docker/qbitvpn.env" ]; + environmentFiles = [ config.sops.secrets."docker/haproxy_cert".path ]; autoStart = true; }; prowlarr = { image = "ghcr.io/linuxserver/prowlarr"; + user = "600:600"; environment = { - PUID = "998"; + PUID = "600"; PGID = "100"; TZ = "America/New_York"; }; @@ -63,8 +67,9 @@ }; radarr = { image = "ghcr.io/linuxserver/radarr"; + user = "600:600"; environment = { - PUID = "998"; + PUID = "600"; PGID = "100"; TZ = "America/New_York"; }; @@ -77,8 +82,9 @@ }; sonarr = { image = "ghcr.io/linuxserver/sonarr"; + user = "600:600"; environment = { - PUID = "998"; + PUID = "600"; PGID = "100"; TZ = "America/New_York"; }; @@ -90,4 +96,8 @@ autoStart = true; }; }; + sops = { + defaultSopsFile = ../secrets.yaml; + secrets."docker/qbit_vpn".owner = "docker-service"; + }; } diff --git a/systems/jeeves/secrets.yaml b/systems/jeeves/secrets.yaml index b7effd2..7e9b099 100644 --- a/systems/jeeves/secrets.yaml +++ b/systems/jeeves/secrets.yaml @@ -1,6 +1,7 @@ docker: postgres: ENC[AES256_GCM,data:IpXIrRDzyGFjDz908w1NNb0GBna/ce9lCtOkXrpUfyllsTWca6AeqaRo23bL4jfFGfHn0Zf9okLO,iv:IwO7vJJHFfm0SGcJETpWtdhr41jPddN9nuVAH/Ooa7Y=,tag:xstwPvpvkNOZucxvzq2+ag==,type:str] cloud_flare_tunnel: ENC[AES256_GCM,data:tnMbRlOQ4owYT7ql7Yaf6N9zFRZj3/W3NnOBV087SxEeEYp16ML8wQBFkugGFUYWHhOuXb/G2m/7A+vO6DNVPAWNwQ5JLNxXxg4hrGGr2nJCk5Nn/UDqpK8wi+h+W7VSBgPHhAoi9pXniP+0VAojOGoZ+CIPHc5R7uW87Q+63HVVzR9XTq8H0wCyOYfin+NI0MofexH2ERsWZfXTiHoief6xkWZ65pZ58NdT8cSWikjigrVywbmi+0TlSY32erR4imomRFtzsw==,iv:PZQHGdwlZDSRIozAO5sLKx/CDP8ken+Um0QxcDDfJrY=,tag:yFYq3TI36YLKI3l4RkTwfA==,type:str] + qbit_vpn: ENC[AES256_GCM,data:SRkcWb2wTTfWlgkbDSN6j5+dXnG670qFGtG2x4fajkE8eK4U30DTxrlbzta5ZMtm0Y9bquy3DcaSMF/u9CBrLbBS8mhcJw==,iv:LpkS7O+eutPUDpY5NlYjgafK6UuFsS+18yNpB+JmzcM=,tag:0Y+vj80MAbh2U+UsyH3MEA==,type:str] haproxy_cert: ENC[AES256_GCM,data:6yRv0cz/vBVguAPOsENhmH2uwwgL5AkOkkDQQ+PVPEEiOTIn1WPONhnG0UqR3FsWJal8qECH/zTF1XMmdK4VHQXwMA8gGScpIrgeWuhdCbXsJ7RxZBzVESOCo8ZOcR43w3Qih+0iz3SsNmX262/D7DIzKYlLovyoJDGZa5jo0n2zCZiRfbdal8m02dplaFHMsGy6+Gn3Uijo9MnnuWvgihBh1ekRnpSzVM4/IyyvUunK0vEapVsgOq+brdW2x0BQFgL3PLGaJbAbzFhXYI1MmD+D7RzOGSzNmrj1ezea+b2Lb/p8CATh05i+lz6530U6iwun0lcREDxPrJgU0TsI/JZGSq3blHn9lZuHmnwBp05LsliBO+yoxgqnC45/xTZwiSdlyqqnXHlXPuBS7UoJFlll93aIpULfNZMyqx/FO5ckmV0nuNVMCrF7JfsE+t/XNs077kB4FKYNk4TDodKyn2scfypQFK7qprW9JKJwx0Se8FWU2fMKsuMszElMLudRHagyDVO+LJ+/ta6Qj68CRU1g8cQANh4Q6PwI0HABX3J5n3ERQUxZvVeCq9FRMJ7JE0was3QfBGGPROHksK+rP9y8g8CFRgGjwzDoxslaYO+tIiIsaDcqbTiOQDTiDh4/ioqX9EENrA8qIEtKSn6m35+4pwY0xvKToAnI7vhwQ93A1mZrwKXgoNSShA4Q+MfSEIuJd6LJihLh5IFvl595iOpGDWCJsXZnDL3K8B6oofPTtLnOOQC4sy9wGiNshdgfv6aVwpdPKvOtFwHmu1n8eZInfSZgUdwUaHHMXjrXHboBQ6ZPsrdZBt9ADSUpz+uN6+TgXq6HLWHSqtmrWS6jABQfbpHH7pLZAXuii4MsnTEr1rOEbtgZTH6Sedd57Pp5MpNXDg950vd9plCkGPiRfDUWXHnRw8frWfoTS+eOqkVwJ0+v48IskuYLZSCAF0/kumtbySDQStNowF+cAp7lk24Cp8W8PXw/LqI8U8FijVxMPtgzLwRKKd10zRI+Jrsi9E8YXSKCaFMIBLottRHwdvWA7aIYnuVTxzCmHt1jhJN349bjC/yTIuIS4gW+XlriFqip17Eq/878+Uduwf1+Fxqdpv8kDleyqix0SO/JmhQijgIUhc3Im3whXicEu6vlivzJGyjA/ljFyJvV/irRK/VrIWEoA5nLX74fmF9Ku/O94pDIPaKCsCP+N/fOPLG5ucw6lPxllZS9qg2cNsl9ajXGPu8GBB4FaZUt/Ufid6xjC5YloictI3Bp5x2glhpxzQ8zAbv5vpBA0h6xhkt4NSmxWurvBmRoRnBdYIvEaeoehj10yLpiY4DsZYLTU5IrLV/aYlb2q4K2OKRvYOBQgeDtEkIMqHYWsddfKHi+1KjQ/176DDIbUoYb4XtPJmNOcIeRM2oiaCcTzerU5TXL5qBl213buTcIPaV0sVVxoH+2RYBM28mjQoj8sHwQLLuFve0MeUZzfJ8MqMM+Guhn25aw4R0tGkiRBUL5d8l86awOpqXtFiK2QTh3S7QeZoCA80YVH5r6FdqMz34UgwEFo0nfBcH2nSnDwpcBrbwzV6/Xahck4nVaIn6znJPqlIKntfeXJuXl/9ulpwx7D4mL7hLcal9WY62KZ1PQ+NHz5WjaPbgLMdeNFFr6CKGGqSPkTOhjgQ1y4ChuYfbVn+yZRqUwhFWtKuuouAZXH55KkVlsB39H+oNYp0hqAUiVkeawHqbTgOHb+llz0uF7r0TGD23aMXeV58n0i3xsDET9mhxSyj5vUo5iqY8eEqgn4mOvsdp6rkpC4c91drgV/gFJu2jgCvVVdG/mHFVnZEv5+/rA2reqdqMTBOpLQNEbL5Ih1LKG,iv:PUp78PWvy+lmcLiR295BGiVTLnAPX+du4lcw/Pvq/KE=,tag:k/3H2+jF9no751mvO5S5WQ==,type:str] zfs: backup_key: ENC[AES256_GCM,data:sJzR/DfM6+tmmcewZT+NAJk0gj8wmU43QfFCRCj9+2GITOS8suRL7E5rHTherCZgRe79T90ikM97bYf9RbZdtQ==,iv:j8F3BG/hh7UK3kC+pB6WO0OHlSSHn0jo90AgaTdpyNY=,tag:5hraDn8YqS/q57y26AXwjw==,type:str] @@ -28,8 +29,8 @@ sops: bVhXamJyMWMvODUvajk2aDZnQ1k1blEKoNIYxUA+k+DA+1WYq5BSa0iXuQ2Lctuy 9W7OO2m+QGzjdLLM0uS7WWGXWP2cDDgUGcqozTqM0Oqi2/OY0Bo3Jg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-22T01:50:03Z" - mac: ENC[AES256_GCM,data:ReTmthgLX7eFH5sWy4sLG35EAdGqp4S9HQhvErq+iMf1r50cxUXJFyZDa2a8m7GRKGcGFboaX1ZzMGCJptTK0cKK1qDVgfRx3LY7uYMg012tsMZtjUPIdDSfSDbkwD6hIHNPwZ0SlpGtO7UNzgH+kgm8PMhJyS9PwWjTgT2+L4E=,iv:oyJA3nHS5NyTwJH2pGJWsjJ+/I9EvtcZ4pS2XMeIuK0=,tag:W/lM/QpjudM8HLDeNMCLXQ==,type:str] + lastmodified: "2024-06-22T02:08:05Z" + mac: ENC[AES256_GCM,data:avI6QmlJaTHbLFyKMgYopBhCQU6hTYvFKRyk0QveYJN8Abo/JQWSj+p+Ddm1QmWvYpy2Tnl5vVrAnn2/b8HqmI3YELaK2BJfc/xmPajH7RB1r7mc1195Cl1S8DEfHoVpgyTxaaMkK3KrJp0H0/3pdwTivL7ZiTJ4uho+SdhUqlQ=,iv:EOrKSNc8XEfA3OE1ldYTqH5l0v7Djj9eWNj2gKAtBiY=,tag:oYhcCaNZyvke7d389TYfDg==,type:str] pgp: - created_at: "2024-03-02T20:52:17Z" enc: |-