diff --git a/systems/palatine-hill/docker/torr.nix b/systems/palatine-hill/docker/torr.nix index a822297..92a7efb 100644 --- a/systems/palatine-hill/docker/torr.nix +++ b/systems/palatine-hill/docker/torr.nix @@ -1,130 +1,95 @@ { config, pkgs, ... }: let - delugeBase = { + qbitBase = { + image = "ghcr.io/linuxserver/qbittorrent:latest"; pull = "always"; environment = { PUID = "600"; PGID = "100"; TZ = "America/New_York"; - UMASK = "000"; - DEBUG = "true"; - DELUGE_DAEMON_LOG_LEVEL = "debug"; - DELUGE_WEB_LOG_LEVEL = "debug"; }; }; vars = import ../vars.nix; #docker_path = vars.primary_docker; torr_path = vars.primary_torr; - deluge_path = "${torr_path}/deluge"; - delugevpn_path = "${torr_path}/delugevpn"; - - #genSopsConfWg = file: { - # "${file}" = { - # format = "binary"; - # sopsFile = ./wg/${file}; - # path = "${delugevpn_path}/config/wireguard/configs/${file}"; - # owner = "docker-service"; - # group = "users"; - # restartUnits = [ "docker-delugeVPN.service" ]; - # }; - #}; - - genSopsConfOvpn = file: { - "${file}" = { - format = "binary"; - sopsFile = ./openvpn/${file}; - path = "${delugevpn_path}/config/openvpn/configs/${file}"; - owner = "docker-service"; - group = "users"; - restartUnits = [ "docker-delugeVPN.service" ]; - }; - - }; + qbit_path = "${torr_path}/qbit"; + qbitvpn_path = "${torr_path}/qbitvpn"; + qbitperm_path = "${torr_path}/qbitperm"; in { virtualisation.oci-containers.containers = { - deluge = delugeBase // { - image = "binhex/arch-deluge"; + qbit = qbitBase // { + environment = qbitBase.environment // { + WEBUI_PORT = "8082"; + }; volumes = [ - "${deluge_path}/config:/config" - "${deluge_path}/data/:/data" + "${qbit_path}/config:/config" # move from docker/qbit to qbit_path + "${qbit_path}/data/:/data" "/etc/localtime:/etc/localtime:ro" ]; ports = [ - "8084:8112" - "29433:29433" + "8082:8112" + "29432:29432" ]; }; - delugeVPN = delugeBase // { - image = "binhex/arch-delugevpn:latest"; + qbitVPN = qbitBase // { + # webui port is 8081, torr port is 29432 + networks = [ + "container:gluetun-qbit" + ]; + dependsOn = [ "gluetun-qbit" ]; + volumes = [ + "${qbitvpn_path}/config:/config" + "${qbit_path}/data:/data" + "/etc/localtime:/etc/localtime:ro" + ]; + }; + qbitPerm = qbitBase // { + # webui port is 8083, torr port is 29434 + networks = [ + "container:gluetun-qbit" + ]; + dependsOn = [ "gluetun-qbit" ]; + volumes = [ + "${qbitperm_path}/config:/config" + "${qbit_path}/data:/data" + "/etc/localtime:/etc/localtime:ro" + ]; + }; + gluetun-qbit = { + image = "qmcgaw/gluetun:v3"; capabilities = { - NET_ADMIN = true; + NET_ADD = true; }; - autoRemoveOnStop = false; - environment = delugeBase.environment // { - VPN_ENABLED = "yes"; - VPN_CLIENT = "openvpn"; - VPN_PROV = "protonvpn"; - ENABLE_PRIVOXY = "yes"; - LAN_NETWORK = "192.168.0.0/16"; - ENABLE_STARTUP_SCRIPTS = "yes"; - #NAME_SERVERS = "194.242.2.9"; - #NAME_SERVERS = "9.9.9.9"; - # note, delete /config/perms.txt to force a bulk permissions update - }; - environmentFiles = [ config.sops.secrets."docker/delugevpn".path ]; - volumes = [ - "${delugevpn_path}/config:/config" - "${deluge_path}/data:/data" # use common torrent path yuck - "/etc/localtime:/etc/localtime:ro" + devices = [ + "/dev/net/tun:/dev/net/tun" ]; ports = [ - "8085:8112" - "8119:8118" - "39275:39275" - "39275:39275/udp" - "48346:48346" - "48346:48346/udp" + # qbitvpn + "8081:8081" + "29432:29432" + # qbitperm + "8083:8083" + "29433:24933" + ]; + environment = { + TZ = "America/New_York"; + # SOPS prep + }; + environmentFiles = [ + config.sops.secrets."docker/gluetun".path ]; }; }; - systemd.services.docker-delugeVPN = { - serviceConfig = { - ExecStartPre = [ - ( - "${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/openvpn/configs " - + "-type l -not -name network.ovpn " - + "| ${pkgs.coreutils}/bin/shuf -n 1 " - + "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/openvpn/network.ovpn &&" - + "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/openvpn/network.ovpn &&" - + "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/openvpn/network.ovpn\"" - ) - ( - "${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/scripts/links " - + "-type l " - + "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/scripts/ \"" - ) - ]; - ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/scripts/*sh" ]; - }; - }; - - sops.secrets = (genSopsConfOvpn "se.protonvpn.udp.ovpn") // { - "docker/delugevpn" = { + sops.secrets = { + "docker/gluetun" = { owner = "docker-service"; - group = "users"; - restartUnits = [ "docker-delugeVPN.service" ]; - }; - "docker/protonvpn-start-script" = { - path = "${delugevpn_path}/config/scripts/links/protonvpn-start-script.sh"; - owner = "docker-service"; - group = "users"; - restartUnits = [ "docker-delugeVPN.service" ]; + restartUnits = [ "docker-gluetun-qbit.service" ]; }; }; } diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml index 4a9b034..0f39471 100644 --- a/systems/palatine-hill/secrets.yaml +++ b/systems/palatine-hill/secrets.yaml @@ -32,6 +32,7 @@ docker: sonarr: ENC[AES256_GCM,data:X/hM31ZyHybvy2eQzVnmq8CH1AqBgz1pxq7tKC4lZB3ryAbnEIJksffem8+35tWt/0r5cEH4aaIKD1kS7Q+Ma+8JrRLcWkt6CZq/wspz,iv:44FfdVpQCposXshzNe5DXAxExeQzjVKhkZaVbgKo8KU=,tag:WIWWUt1XBngUTwwqhCrcNw==,type:str] lidarr: ENC[AES256_GCM,data:xERBECneutNUMZRrHukp8CaNrpI7SXUB16zUkauNP2+wto3eIc/K+2nMCkbwSC9AKlSjnUGSiORmAWn/jofTAuEzQljkCR1XCSkJRMmL,iv:iKf4fZtCfdjT/KuMFK5VFoLAV+Lll8uJowe9Q4cHyYw=,tag:xzmATTkrYRYm9Mw23zEO5g==,type:str] jellyseerr: ENC[AES256_GCM,data:7dDfHFp8+WbJqrf7Ms/gmfroBePwegXh5CXn5FcOz8IEK7rTvr9KZfz9x/1BwdD8,iv:ZPi3OcMfH76A08piKY4P7hFbeMyouwBoeN5oL3ExzKU=,tag:oOZ37dy/y+DFqNRfAHexvQ==,type:str] + gluetun: ENC[AES256_GCM,data:3wOijlcj2WePhWVtRS5rUILI969GWLCuOrbiQ2MlVui0wy3Upzw2jdtTaly5UdTvy55a1ryxJ49nmuPxm2hJclGjw1P2o0yAf6CJRiJQwWJaAZbbDtlfTCus1sHTs/e2556DSa74YQg1D0VdQLGidzma8Efn/QaP6v9shEUue8CxU/aRbi48TPrhzl7k9xU9IHqCgZoo3utZ1xtn2AVfkZJDo9rPuZsQrEy95wvoVtyHK8OvLIXXZuUjANdJKmI9Wn73t4a9PR4K7Bydr5DtrYGhtw9b/L7QX6Okjin+kuDfL/iP3vPxMusTAULvpGexgDWVirL/h0o73Us7Noce8jZ6yKAFsH2jJ/IDIUYPdxPH/gts8FX3PFsz/dxQincN5s+itFlCJ72LIXk/hC6kyMzF+WRza0F7FR2CrQGscuCJ2Cd1fqVAi5ZXg/07+H//Dy8SPR62HUuTDlEcNNXZcwRm2+AaZwXF7UhOv+lR4fAqF8w+I0rjioVLJQltx7td+5r/Gq+sQBp+n0WPZUbmy0jHF8YwKMjSCckqtjah+/+l4CBsFI0xVs654snfmg==,iv:fanygdgYvSdJeCHpEXUfS7sPkXIj5pDxVtfYWo/c5Jc=,tag:oWx+UaIsDjDehsPlBM9f6g==,type:str] acme: bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str] dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str] @@ -50,8 +51,8 @@ sops: cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-25T17:45:31Z" - mac: ENC[AES256_GCM,data:lVRqQWnO1RvmoW13/xCpP2SvibccRWwmr1Gyj6EgrE+V+Iu1bfnZRkTkHiFIQqQLQgCy2qBiSHeZF/dNERe83eEwpXgRQAduarpE/qL8K1mxcwf5HMMYACjlNfsL/I1/TCJrJ7DZBxI4neRLetc5OpScVXqHj1neOodD/g8n+ls=,iv:+gZpo0I2NVYz24o42mUW/OkfONqNSjgaJeKeFdKx7dg=,tag:EJnpiotQuBKth21mdhvjZQ==,type:str] + lastmodified: "2026-01-08T03:15:14Z" + mac: ENC[AES256_GCM,data:THKtji76rAaUHSs9l9u/VELujQVlNmuDeS8ICi2bjmYIuxT1BgdkeAKDy10wXEGPf0BIzuVmFyJs8y9+pm8idMcvGRVBvDv+XkBn0uVV01dRHJ/AfQgutMEWiXkNVSF48GfOsT/khXM13IwCjO8bwS77jcbL+NVPs0KVCxHI7us=,iv:xAubTMuGlllwxHgrzzX/2hkYq/j/aC8PoNo6jHZbSDU=,tag:7XJVhsfKUeJrJmK6egN7nw==,type:str] pgp: - created_at: "2024-11-28T18:56:39Z" enc: |-