ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

switch deluge to openvpn

Browse Source
This commit is contained in:
ahuston-0
2025-06-01 15:04:11 -04:00
parent 91a92f82a5
commit 701778b2ed
5 changed files with 49 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
systems/palatine-hill/docker/torr.nix
View File

@ -1,4 +1,4 @@
{ pkgs, ... }:
{ config, pkgs, ... }:
let
delugeBase = {
@ -19,15 +19,27 @@ let
deluge_path = "${torr_path}/deluge";
delugevpn_path = "${torr_path}/delugevpn";
genSopsConf = file: {
#genSopsConfWg = file: {
# "${file}" = {
# format = "binary";
# sopsFile = ./wg/${file};
# path = "${delugevpn_path}/config/wireguard/configs/${file}";
# owner = "docker-service";
# group = "users";
# restartUnits = [ "docker-delugeVPN.service" ];
# };
#};
genSopsConfOvpn = file: {
"${file}" = {
format = "binary";
sopsFile = ./wg/${file};
path = "${delugevpn_path}/config/wireguard/configs/${file}";
sopsFile = ./openvpn/${file};
path = "${delugevpn_path}/config/openvpn/configs/${file}";
owner = "docker-service";
group = "users";
restartUnits = [ "docker-delugeVPN.service" ];
};
};
in
{
@ -46,22 +58,20 @@ in
};
delugeVPN = delugeBase // {
image = "binhex/arch-delugevpn:latest";
extraOptions = [
"--privileged=true"
"--sysctl"
"net.ipv4.conf.all.src_valid_mark=1"
];
capbilities = {
NET_ADMIN = true;
};
environment = delugeBase.environment // {
VPN_ENABLED = "yes";
VPN_CLIENT = "wireguard";
VPN_PROV = "custom";
VPN_CLIENT = "openvpn";
VPN_PROV = "protonvpn";
ENABLE_PRIVOXY = "yes";
LAN_NETWORK = "192.168.0.0/16";
#NAME_SERVERS = "194.242.2.9";
NAME_SERVERS = "9.9.9.9";
# note, delete /config/perms.txt to force a bulk permissions update
};
environmentFiles = [ config.sops.secrets."docker/delugevpn".path ];
volumes = [
"${delugevpn_path}/config:/config"
"${deluge_path}/data:/data" # use common torrent path yuck
@ -79,29 +89,23 @@ in
};
};
systemd.services.docker-delugeVPN = {
serviceConfig = {
ExecStartPre = [
(
"${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/wireguard/configs "
+ "-type l -not -name wg0.conf "
+ "| ${pkgs.coreutils}/bin/shuf -n 1 "
+ "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/wireguard/wg0.conf &&"
+ "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/wireguard/wg0.conf &&"
+ "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/wireguard/wg0.conf\""
)
];
ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/wireguard/wg0.conf" ];
};
};
# systemd.services.docker-delugeVPN = {
# serviceConfig = {
# ExecStartPre = [
# (
# "${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/wireguard/configs "
# + "-type l -not -name wg0.conf "
# + "| ${pkgs.coreutils}/bin/shuf -n 1 "
# + "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/wireguard/wg0.conf &&"
# + "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/wireguard/wg0.conf &&"
# + "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/wireguard/wg0.conf\""
# )
# ];
# ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/wireguard/wg0.conf" ];
# };
# };
sops.secrets =
(genSopsConf "se-mma-wg-001.conf")
// (genSopsConf "se-mma-wg-002.conf")
// (genSopsConf "se-mma-wg-003.conf")
// (genSopsConf "se-mma-wg-004.conf")
// (genSopsConf "se-mma-wg-005.conf")
// (genSopsConf "se-mma-wg-101.conf")
// (genSopsConf "se-mma-wg-102.conf")
// (genSopsConf "se-mma-wg-103.conf");
sops.secrets = (genSopsConfOvpn "se.protonvpn.udp.ovpn") // {
"docker/delugevpn".owner = "docker-service";
};
}