From dde547c4cf06012e72c507ceb4baaa6f61d973af Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Thu, 28 Nov 2024 13:15:39 -0500 Subject: [PATCH] more archiveteam and qbit changes Signed-off-by: ahuston-0 --- systems/palatine-hill/docker/archiveteam.nix | 4 +- systems/palatine-hill/docker/default.nix | 2 +- systems/palatine-hill/docker/torr.nix | 74 ++++++++++++++------ systems/palatine-hill/docker/watchtower.bash | 4 +- 4 files changed, 58 insertions(+), 26 deletions(-) diff --git a/systems/palatine-hill/docker/archiveteam.nix b/systems/palatine-hill/docker/archiveteam.nix index a1423ea..43ae592 100644 --- a/systems/palatine-hill/docker/archiveteam.nix +++ b/systems/palatine-hill/docker/archiveteam.nix @@ -85,7 +85,7 @@ let }; archiveteam-youtube = { image = "youtube-grab"; - scale = 1; + scale = 0; }; archiveteam-deviantart = { image = "deviantart-grab"; @@ -141,7 +141,7 @@ in services."custom-watchtower@archiveteam" = { bindsTo = [ "docker.service" ]; after = [ "docker.service" ]; - description = "runs a watchtower-esque script for systemd-based oci-containers"; + description = "a watchtower-esque script for systemd-based oci-containers"; serviceConfig = { Type = "oneshot"; User = "root"; diff --git a/systems/palatine-hill/docker/default.nix b/systems/palatine-hill/docker/default.nix index 3608662..915aad8 100644 --- a/systems/palatine-hill/docker/default.nix +++ b/systems/palatine-hill/docker/default.nix @@ -17,7 +17,7 @@ ./nextcloud.nix # ./postgres.nix # ./restic.nix - # ./torr.nix + ./torr.nix # ./unifi.nix ]; diff --git a/systems/palatine-hill/docker/torr.nix b/systems/palatine-hill/docker/torr.nix index d09caf9..6fe0352 100644 --- a/systems/palatine-hill/docker/torr.nix +++ b/systems/palatine-hill/docker/torr.nix @@ -1,41 +1,52 @@ -{ ... }: +{ pkgs, ... }: let delugeBase = { - image = "binhex/arch-deluge"; environment = { PUID = "600"; PGID = "100"; TZ = "America/New_York"; UMASK = "000"; - DEBUG = "false"; + DEBUG = "true"; DELUGE_DAEMON_LOG_LEVEL = "debug"; DELUGE_WEB_LOG_LEVEL = "debug"; - }; - extraOptions = [ "--restart=unless-stopped" ]; }; vars = import ../vars.nix; - docker_path = vars.primary_docker; + #docker_path = vars.primary_docker; torr_path = vars.primary_torr; + deluge_path = "${torr_path}/deluge"; + delugevpn_path = "${torr_path}/delugevpn"; + + genSopsConf = file: { + "${file}" = { + format = "binary"; + sopsFile = ./wg/${file}; + path = "${delugevpn_path}/config/wireguard/configs/${file}"; + owner = "docker-service"; + group = "users"; + restartUnits = [ "docker-delugeVPN.service" ]; + }; + }; in { virtualisation.oci-containers.containers = { deluge = delugeBase // { + image = "binhex/arch-deluge"; volumes = [ - "${docker_path}/Qbit:/config" - "${torr_path}/Qbit/:/data" + "${deluge_path}/config:/config" + "${deluge_path}/data/:/data" "/etc/localtime:/etc/localtime:ro" ]; ports = [ - "8082:8112" - "29432:29432" + "8084:8112" + "29433:29433" ]; }; delugeVPN = delugeBase // { + image = "binhex/arch-delugevpn"; extraOptions = [ - "--restart=unless-stopped" "--privileged=true" "--sysctl" "net.ipv4.conf.all.src_valid_mark=1" @@ -46,28 +57,47 @@ in VPN_PROV = "custom"; ENABLE_PRIVOXY = "yes"; LAN_NETWORK = "192.168.0.0/16"; - NAME_SERVERS = "9.9.9.9,1.1.1.1,8.8.8.8,8.8.4.4"; + NAME_SERVERS = "194.242.2.9"; # note, delete /config/perms.txt to force a bulk permissions update }; volumes = [ - "${docker_path}/QbitVPN:/config" - "${torr_path}/QbitVPN/:/data" + "${delugevpn_path}/config:/config" + "${delugevpn_path}/data:/data" "/etc/localtime:/etc/localtime:ro" ]; ports = [ - "8081:8112" - "8118:8118" - "39274:39274" - "39274:39274/udp" + "8085:8112" + "8119:8118" + "39275:39275" + "39275:39275/udp" ]; }; }; - sops.secrets = { - "docker/deluge" = { - owner = "docker-service"; - path = "${docker_path}/QbitVPN/wireguard/wg0.conf"; + systemd.services.docker-delugeVPN = { + serviceConfig = { + ExecStartPre = [ + ( + "${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/wireguard/configs " + + "-type l -not -name wg0.conf " + + "| ${pkgs.coreutils}/bin/shuf -n 1 " + + "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/wireguard/wg0.conf &&" + + "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/wireguard/wg0.conf &&" + + "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/wireguard/wg0.conf\"" + ) + ]; + ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/wireguard/wg0.conf" ]; }; }; + + sops.secrets = + (genSopsConf "se-mma-wg-001.conf") + // (genSopsConf "se-mma-wg-002.conf") + // (genSopsConf "se-mma-wg-003.conf") + // (genSopsConf "se-mma-wg-004.conf") + // (genSopsConf "se-mma-wg-005.conf") + // (genSopsConf "se-mma-wg-101.conf") + // (genSopsConf "se-mma-wg-102.conf") + // (genSopsConf "se-mma-wg-103.conf"); } diff --git a/systems/palatine-hill/docker/watchtower.bash b/systems/palatine-hill/docker/watchtower.bash index 819140a..902b5d1 100644 --- a/systems/palatine-hill/docker/watchtower.bash +++ b/systems/palatine-hill/docker/watchtower.bash @@ -1,5 +1,5 @@ #! /usr/bin/env nix -#! nix shell nixpkgs#docker nixpkgs#bash --command bash +#! nix shell nixpkgs#docker nixpkgs#bash nixpkgs#gawk --command bash outdated_msg="Project code is out of date and needs to be upgraded. To remedy this problem immediately, you may reboot your warrior." @@ -19,6 +19,8 @@ for container in ${containers[@]}; do if [[ $last_msg =~ $outdated_msg ]]; then echo "${container} is outdated, restarting" + imageTag=$(docker ps --format '{{.Names}}\t{{.Image}}' -f "name=$container" | grep -w "$container" | awk '{print $NF}') + docker pull "$imageTag" systemctl restart "docker-${container}" fi done