add qbit config

2026-01-07 22:16:01 -05:00
parent 4c6789d7bd
commit 6befd45a07
2 changed files with 61 additions and 95 deletions
--- a/systems/palatine-hill/docker/torr.nix
+++ b/systems/palatine-hill/docker/torr.nix
@@ -1,130 +1,95 @@
 { config, pkgs, ... }:

 let
-  delugeBase = {
+  qbitBase = {
+    image = "ghcr.io/linuxserver/qbittorrent:latest";
    pull = "always";
    environment = {
      PUID = "600";
      PGID = "100";
      TZ = "America/New_York";
-      UMASK = "000";
-      DEBUG = "true";
-      DELUGE_DAEMON_LOG_LEVEL = "debug";
-      DELUGE_WEB_LOG_LEVEL = "debug";
    };
  };

  vars = import ../vars.nix;
  #docker_path = vars.primary_docker;
  torr_path = vars.primary_torr;
-  deluge_path = "${torr_path}/deluge";
-  delugevpn_path = "${torr_path}/delugevpn";
-
-  #genSopsConfWg = file: {
-  #  "${file}" = {
-  #    format = "binary";
-  #    sopsFile = ./wg/${file};
-  #    path = "${delugevpn_path}/config/wireguard/configs/${file}";
-  #    owner = "docker-service";
-  #    group = "users";
-  #    restartUnits = [ "docker-delugeVPN.service" ];
-  #  };
-  #};
-
-  genSopsConfOvpn = file: {
-    "${file}" = {
-      format = "binary";
-      sopsFile = ./openvpn/${file};
-      path = "${delugevpn_path}/config/openvpn/configs/${file}";
-      owner = "docker-service";
-      group = "users";
-      restartUnits = [ "docker-delugeVPN.service" ];
-    };
-
-  };
+  qbit_path = "${torr_path}/qbit";
+  qbitvpn_path = "${torr_path}/qbitvpn";
+  qbitperm_path = "${torr_path}/qbitperm";
 in
 {

  virtualisation.oci-containers.containers = {
-    deluge = delugeBase // {
-      image = "binhex/arch-deluge";
+    qbit = qbitBase // {
+      environment = qbitBase.environment // {
+        WEBUI_PORT = "8082";
+      };
      volumes = [
-        "${deluge_path}/config:/config"
-        "${deluge_path}/data/:/data"
+        "${qbit_path}/config:/config" # move from docker/qbit to qbit_path
+        "${qbit_path}/data/:/data"
        "/etc/localtime:/etc/localtime:ro"
      ];
      ports = [
-        "8084:8112"
-        "29433:29433"
+        "8082:8112"
+        "29432:29432"
      ];
    };
-    delugeVPN = delugeBase // {
-      image = "binhex/arch-delugevpn:latest";
+    qbitVPN = qbitBase // {
+      # webui port is 8081, torr port is 29432
+      networks = [
+        "container:gluetun-qbit"
+      ];
+      dependsOn = [ "gluetun-qbit" ];
+      volumes = [
+        "${qbitvpn_path}/config:/config"
+        "${qbit_path}/data:/data"
+        "/etc/localtime:/etc/localtime:ro"
+      ];
+    };
+    qbitPerm = qbitBase // {
+      # webui port is 8083, torr port is 29434
+      networks = [
+        "container:gluetun-qbit"
+      ];
+      dependsOn = [ "gluetun-qbit" ];
+      volumes = [
+        "${qbitperm_path}/config:/config"
+        "${qbit_path}/data:/data"
+        "/etc/localtime:/etc/localtime:ro"
+      ];
+    };
+    gluetun-qbit = {
+      image = "qmcgaw/gluetun:v3";
      capabilities = {
-        NET_ADMIN = true;
+        NET_ADD = true;
      };
-      autoRemoveOnStop = false;
-      environment = delugeBase.environment // {
-        VPN_ENABLED = "yes";
-        VPN_CLIENT = "openvpn";
-        VPN_PROV = "protonvpn";
-        ENABLE_PRIVOXY = "yes";
-        LAN_NETWORK = "192.168.0.0/16";
-        ENABLE_STARTUP_SCRIPTS = "yes";
-        #NAME_SERVERS = "194.242.2.9";
-        #NAME_SERVERS = "9.9.9.9";
-        # note, delete /config/perms.txt to force a bulk permissions update
-      };
-      environmentFiles = [ config.sops.secrets."docker/delugevpn".path ];
-      volumes = [
-        "${delugevpn_path}/config:/config"
-        "${deluge_path}/data:/data" # use common torrent path yuck
-        "/etc/localtime:/etc/localtime:ro"
+      devices = [
+        "/dev/net/tun:/dev/net/tun"
      ];
      ports = [
-        "8085:8112"
-        "8119:8118"
-        "39275:39275"
-        "39275:39275/udp"
-        "48346:48346"
-        "48346:48346/udp"
+        # qbitvpn
+        "8081:8081"
+        "29432:29432"

+        # qbitperm
+        "8083:8083"
+        "29433:24933"
+      ];
+      environment = {
+        TZ = "America/New_York";
+        # SOPS prep
+      };
+      environmentFiles = [
+        config.sops.secrets."docker/gluetun".path
      ];
    };
  };

-  systemd.services.docker-delugeVPN = {
-    serviceConfig = {
-      ExecStartPre = [
-        (
-          "${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/openvpn/configs "
-          + "-type l -not -name network.ovpn "
-          + "| ${pkgs.coreutils}/bin/shuf -n 1 "
-          + "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/openvpn/network.ovpn &&"
-          + "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/openvpn/network.ovpn &&"
-          + "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/openvpn/network.ovpn\""
-        )
-        (
-          "${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/scripts/links "
-          + "-type l "
-          + "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/scripts/ \""
-        )
-      ];
-      ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/scripts/*sh" ];
-    };
-  };
-
-  sops.secrets = (genSopsConfOvpn "se.protonvpn.udp.ovpn") // {
-    "docker/delugevpn" = {
+  sops.secrets = {
+    "docker/gluetun" = {
      owner = "docker-service";
-      group = "users";
-      restartUnits = [ "docker-delugeVPN.service" ];
-    };
-    "docker/protonvpn-start-script" = {
-      path = "${delugevpn_path}/config/scripts/links/protonvpn-start-script.sh";
-      owner = "docker-service";
-      group = "users";
-      restartUnits = [ "docker-delugeVPN.service" ];
+      restartUnits = [ "docker-gluetun-qbit.service" ];
    };
  };
 }