ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

switch deluge to openvpn

Browse Source
This commit is contained in:
ahuston-0 2025-06-01 15:04:11 -04:00
parent 91a92f82a5
commit 701778b2ed
5 changed files with 49 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/flake-health-checks.yml vendored
View File

@ -6,8 +6,8 @@ on:
branches: ["main"] branches: ["main"]
merge_group: merge_group:
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true cancel-in-progress: true
jobs: jobs:
health-check: health-check:
name: "Perform Nix flake checks" name: "Perform Nix flake checks"

4
.github/workflows/flake-update.yml vendored
View File

@ -5,8 +5,8 @@ on:
schedule: schedule:
- cron: "00 12 * * *" - cron: "00 12 * * *"
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true cancel-in-progress: true
jobs: jobs:
update_lockfile: update_lockfile:
runs-on: ubuntu-latest runs-on: ubuntu-latest

4
.github/workflows/lock-health-checks.yml vendored
View File

@ -6,8 +6,8 @@ on:
branches: ["main"] branches: ["main"]
merge_group: merge_group:
concurrency: concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true cancel-in-progress: true
jobs: jobs:
health-check: health-check:
name: "Check health of `flake.lock`" name: "Check health of `flake.lock`"

76
systems/palatine-hill/docker/torr.nix
View File

@ -1,4 +1,4 @@
{ pkgs, ... }: { config, pkgs, ... }:
let let
delugeBase = { delugeBase = {
@ -19,15 +19,27 @@ let
deluge_path = "${torr_path}/deluge"; deluge_path = "${torr_path}/deluge";
delugevpn_path = "${torr_path}/delugevpn"; delugevpn_path = "${torr_path}/delugevpn";
genSopsConf = file: { #genSopsConfWg = file: {
# "${file}" = {
# format = "binary";
# sopsFile = ./wg/${file};
# path = "${delugevpn_path}/config/wireguard/configs/${file}";
# owner = "docker-service";
# group = "users";
# restartUnits = [ "docker-delugeVPN.service" ];
# };
#};
genSopsConfOvpn = file: {
"${file}" = { "${file}" = {
format = "binary"; format = "binary";
sopsFile = ./wg/${file}; sopsFile = ./openvpn/${file};
path = "${delugevpn_path}/config/wireguard/configs/${file}"; path = "${delugevpn_path}/config/openvpn/configs/${file}";
owner = "docker-service"; owner = "docker-service";
group = "users"; group = "users";
restartUnits = [ "docker-delugeVPN.service" ]; restartUnits = [ "docker-delugeVPN.service" ];
}; };
}; };
in in
{ {
@ -46,22 +58,20 @@ in
}; };
delugeVPN = delugeBase // { delugeVPN = delugeBase // {
image = "binhex/arch-delugevpn:latest"; image = "binhex/arch-delugevpn:latest";
extraOptions = [ capbilities = {
"--privileged=true" NET_ADMIN = true;
"--sysctl" };
"net.ipv4.conf.all.src_valid_mark=1"
];
environment = delugeBase.environment // { environment = delugeBase.environment // {
VPN_ENABLED = "yes"; VPN_ENABLED = "yes";
VPN_CLIENT = "wireguard"; VPN_CLIENT = "openvpn";
VPN_PROV = "custom"; VPN_PROV = "protonvpn";
ENABLE_PRIVOXY = "yes"; ENABLE_PRIVOXY = "yes";
LAN_NETWORK = "192.168.0.0/16"; LAN_NETWORK = "192.168.0.0/16";
#NAME_SERVERS = "194.242.2.9"; #NAME_SERVERS = "194.242.2.9";
NAME_SERVERS = "9.9.9.9"; NAME_SERVERS = "9.9.9.9";
# note, delete /config/perms.txt to force a bulk permissions update # note, delete /config/perms.txt to force a bulk permissions update
}; };
environmentFiles = [ config.sops.secrets."docker/delugevpn".path ];
volumes = [ volumes = [
"${delugevpn_path}/config:/config" "${delugevpn_path}/config:/config"
"${deluge_path}/data:/data" # use common torrent path yuck "${deluge_path}/data:/data" # use common torrent path yuck
@ -79,29 +89,23 @@ in
}; };
}; };
systemd.services.docker-delugeVPN = { # systemd.services.docker-delugeVPN = {
serviceConfig = { # serviceConfig = {
ExecStartPre = [ # ExecStartPre = [
( # (
"${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/wireguard/configs " # "${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/wireguard/configs "
+ "-type l -not -name wg0.conf " # + "-type l -not -name wg0.conf "
+ "| ${pkgs.coreutils}/bin/shuf -n 1 " # + "| ${pkgs.coreutils}/bin/shuf -n 1 "
+ "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/wireguard/wg0.conf &&" # + "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/wireguard/wg0.conf &&"
+ "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/wireguard/wg0.conf &&" # + "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/wireguard/wg0.conf &&"
+ "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/wireguard/wg0.conf\"" # + "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/wireguard/wg0.conf\""
) # )
]; # ];
ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/wireguard/wg0.conf" ]; # ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/wireguard/wg0.conf" ];
}; # };
}; # };
sops.secrets = sops.secrets = (genSopsConfOvpn "se.protonvpn.udp.ovpn") // {
(genSopsConf "se-mma-wg-001.conf") "docker/delugevpn".owner = "docker-service";
// (genSopsConf "se-mma-wg-002.conf") };
// (genSopsConf "se-mma-wg-003.conf")
// (genSopsConf "se-mma-wg-004.conf")
// (genSopsConf "se-mma-wg-005.conf")
// (genSopsConf "se-mma-wg-101.conf")
// (genSopsConf "se-mma-wg-102.conf")
// (genSopsConf "se-mma-wg-103.conf");
} }

5
systems/palatine-hill/secrets.yaml
View File

@ -23,6 +23,7 @@ docker:
redis: ENC[AES256_GCM,data:c+55cN6IpUNeKd+wC2zv3eunYjBsmZtXTczokqaxB2Q=,iv:M3pwNUlT9kUMv4JDE6bp/gub9CdBGxdApIvpOt3JpgE=,tag:3rPlV3U0AP9zAeF7xDouKw==,type:str] redis: ENC[AES256_GCM,data:c+55cN6IpUNeKd+wC2zv3eunYjBsmZtXTczokqaxB2Q=,iv:M3pwNUlT9kUMv4JDE6bp/gub9CdBGxdApIvpOt3JpgE=,tag:3rPlV3U0AP9zAeF7xDouKw==,type:str]
act-runner: ENC[AES256_GCM,data:gdrqXBBzdMW26MgNfP6P1c/m7pLANCXjcZLvVsxlWcgpAZd8IaO2FUqomL3xFI3UDPveQh0UvC3044ueoWhYJOq7ZmKJGvdf0ZrpP1MkXZKvjFjbTsuf/6/SYKhPqnP28HqznUWIVJYcRmP+A2oVeJY=,iv:/yOqJYDpxbqCm1whqcypp7Ba1Xlaebrv+h6lHr57Qa8=,tag:PzVqxP+QwQq69jqhmagj3w==,type:str] act-runner: ENC[AES256_GCM,data:gdrqXBBzdMW26MgNfP6P1c/m7pLANCXjcZLvVsxlWcgpAZd8IaO2FUqomL3xFI3UDPveQh0UvC3044ueoWhYJOq7ZmKJGvdf0ZrpP1MkXZKvjFjbTsuf/6/SYKhPqnP28HqznUWIVJYcRmP+A2oVeJY=,iv:/yOqJYDpxbqCm1whqcypp7Ba1Xlaebrv+h6lHr57Qa8=,tag:PzVqxP+QwQq69jqhmagj3w==,type:str]
collabora: ENC[AES256_GCM,data:LPRkzPEv5qfzeWSDbf+L+0asfmiK5Mhj8jCdfVyvVQAaD75Cbo4qLD0Nc80z,iv:/l2vAyYYJChhv6T+JkHT4I74ZpdhvbVqxlDWIM4Y4bw=,tag:/+uzn1vtd1RnO9/lGiQAKA==,type:str] collabora: ENC[AES256_GCM,data:LPRkzPEv5qfzeWSDbf+L+0asfmiK5Mhj8jCdfVyvVQAaD75Cbo4qLD0Nc80z,iv:/l2vAyYYJChhv6T+JkHT4I74ZpdhvbVqxlDWIM4Y4bw=,tag:/+uzn1vtd1RnO9/lGiQAKA==,type:str]
delugevpn: ENC[AES256_GCM,data:6tf6sp2M1PkVpxgjCiHKxKHh1+3dYgO0dcp7OS4QYyCumqY4b8Q1pMnKf9/+Ua4/o3DCcZSQuSAThTt6Vq+cFKe7Zcc=,iv:1VtUl7wzrqzaRTWxf8Op8j28tHPRLB5/N8UHfIQkyuw=,tag:qBVoQxv4zphaKHH8kkpKMg==,type:str]
acme: acme:
bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str] bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str]
dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str] dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str]
@ -41,8 +42,8 @@ sops:
cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At
LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw== LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-05-30T04:36:41Z" lastmodified: "2025-06-01T19:02:15Z"
mac: ENC[AES256_GCM,data:fEsUt5g0/7j8IVgtXQ0thV93dxe6SGCglqeHdnaXFOjKcCUEFWUmi98M8X92hR9AJzscRK6wqzijd/AQBzl+GL2QtDYsn8qx9Nr0DBd6Gh1vi25eh5LtADm09COSae1THWuFLP7L1Qamyt+XzlBa7Xnrzfuzzp0s2/cZoxZiueU=,iv:VYzh833cMQwGmkB6QunRys0Eluz+0KGj8Y43B9icE9w=,tag:EWJSizBMTFZ0TZhncYe2Sw==,type:str] mac: ENC[AES256_GCM,data:SzHrUfE7nzfrR3622yvzgaRj7kIKBveceSYiUGdHOqSZf6/2v/36xqgi0FbWKv9+2q2VOz11qDSIHLqZxYJlg7BqqPeApCQBnhu2mDQ4ICryMuG0gt0h4v3DY7kfU+0L76svk4qs02t3uTwBskMM9juxlw94zX/AUSCdg//uWjc=,iv:UYwu1Qg9i15X7H8D0emxvmFwJnOolm4gQe1jIbdGAK8=,tag:c43yM+RXteuUxgSLHFsnlg==,type:str]
pgp: pgp:
- created_at: "2024-11-28T18:56:39Z" - created_at: "2024-11-28T18:56:39Z"
enc: |- enc: |-