more archiveteam and qbit changes

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
2024-11-28 13:15:39 -05:00 · 2024-11-28 13:15:39 -05:00 · dde547c4cf
commit dde547c4cf
parent ecbb096d07
4 changed files with 58 additions and 26 deletions
--- a/systems/palatine-hill/docker/archiveteam.nix
+++ b/systems/palatine-hill/docker/archiveteam.nix
@ -85,7 +85,7 @@ let
    };
    archiveteam-youtube = {
      image = "youtube-grab";
-      scale = 1;
+      scale = 0;
    };
    archiveteam-deviantart = {
      image = "deviantart-grab";
@ -141,7 +141,7 @@ in
    services."custom-watchtower@archiveteam" = {
      bindsTo = [ "docker.service" ];
      after = [ "docker.service" ];
-      description = "runs a watchtower-esque script for systemd-based oci-containers";
+      description = "a watchtower-esque script for systemd-based oci-containers";
      serviceConfig = {
        Type = "oneshot";
        User = "root";
--- a/systems/palatine-hill/docker/default.nix
+++ b/systems/palatine-hill/docker/default.nix
@ -17,7 +17,7 @@
    ./nextcloud.nix
    # ./postgres.nix
    # ./restic.nix
-    # ./torr.nix
+    ./torr.nix
    # ./unifi.nix
  ];

--- a/systems/palatine-hill/docker/torr.nix
+++ b/systems/palatine-hill/docker/torr.nix
@ -1,41 +1,52 @@
-{ ... }:
+{ pkgs, ... }:

 let
  delugeBase = {
-    image = "binhex/arch-deluge";
    environment = {
      PUID = "600";
      PGID = "100";
      TZ = "America/New_York";
      UMASK = "000";
-      DEBUG = "false";
+      DEBUG = "true";
      DELUGE_DAEMON_LOG_LEVEL = "debug";
      DELUGE_WEB_LOG_LEVEL = "debug";
-
    };
-    extraOptions = [ "--restart=unless-stopped" ];
  };

  vars = import ../vars.nix;
-  docker_path = vars.primary_docker;
+  #docker_path = vars.primary_docker;
  torr_path = vars.primary_torr;
+  deluge_path = "${torr_path}/deluge";
+  delugevpn_path = "${torr_path}/delugevpn";
+
+  genSopsConf = file: {
+    "${file}" = {
+      format = "binary";
+      sopsFile = ./wg/${file};
+      path = "${delugevpn_path}/config/wireguard/configs/${file}";
+      owner = "docker-service";
+      group = "users";
+      restartUnits = [ "docker-delugeVPN.service" ];
+    };
+  };
 in
 {
  virtualisation.oci-containers.containers = {
    deluge = delugeBase // {
+      image = "binhex/arch-deluge";
      volumes = [
-        "${docker_path}/Qbit:/config"
-        "${torr_path}/Qbit/:/data"
+        "${deluge_path}/config:/config"
+        "${deluge_path}/data/:/data"
        "/etc/localtime:/etc/localtime:ro"
      ];
      ports = [
-        "8082:8112"
-        "29432:29432"
+        "8084:8112"
+        "29433:29433"
      ];
    };
    delugeVPN = delugeBase // {
+      image = "binhex/arch-delugevpn";
      extraOptions = [
-        "--restart=unless-stopped"
        "--privileged=true"
        "--sysctl"
        "net.ipv4.conf.all.src_valid_mark=1"
@ -46,28 +57,47 @@ in
        VPN_PROV = "custom";
        ENABLE_PRIVOXY = "yes";
        LAN_NETWORK = "192.168.0.0/16";
-        NAME_SERVERS = "9.9.9.9,1.1.1.1,8.8.8.8,8.8.4.4";
+        NAME_SERVERS = "194.242.2.9";
        # note, delete /config/perms.txt to force a bulk permissions update

      };
      volumes = [
-        "${docker_path}/QbitVPN:/config"
-        "${torr_path}/QbitVPN/:/data"
+        "${delugevpn_path}/config:/config"
+        "${delugevpn_path}/data:/data"
        "/etc/localtime:/etc/localtime:ro"
      ];
      ports = [
-        "8081:8112"
-        "8118:8118"
-        "39274:39274"
-        "39274:39274/udp"
+        "8085:8112"
+        "8119:8118"
+        "39275:39275"
+        "39275:39275/udp"
      ];
    };
  };

-  sops.secrets = {
-    "docker/deluge" = {
-      owner = "docker-service";
-      path = "${docker_path}/QbitVPN/wireguard/wg0.conf";
+  systemd.services.docker-delugeVPN = {
+    serviceConfig = {
+      ExecStartPre = [
+        (
+          "${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/wireguard/configs "
+          + "-type l -not -name wg0.conf "
+          + "| ${pkgs.coreutils}/bin/shuf -n 1 "
+          + "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/wireguard/wg0.conf &&"
+          + "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/wireguard/wg0.conf &&"
+          + "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/wireguard/wg0.conf\""
+        )
+      ];
+      ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/wireguard/wg0.conf" ];
    };
  };
+
+  sops.secrets =
+    (genSopsConf "se-mma-wg-001.conf")
+    // (genSopsConf "se-mma-wg-002.conf")
+    // (genSopsConf "se-mma-wg-003.conf")
+    // (genSopsConf "se-mma-wg-004.conf")
+    // (genSopsConf "se-mma-wg-005.conf")
+    // (genSopsConf "se-mma-wg-101.conf")
+    // (genSopsConf "se-mma-wg-102.conf")
+    // (genSopsConf "se-mma-wg-103.conf");
 }
--- a/systems/palatine-hill/docker/watchtower.bash
+++ b/systems/palatine-hill/docker/watchtower.bash
@ -1,5 +1,5 @@
 #! /usr/bin/env nix
-#! nix shell nixpkgs#docker nixpkgs#bash --command bash
+#! nix shell nixpkgs#docker nixpkgs#bash nixpkgs#gawk --command bash

 outdated_msg="Project code is out of date and needs to be upgraded. To remedy this problem immediately, you may reboot your warrior."

@ -19,6 +19,8 @@ for container in ${containers[@]}; do

  if [[ $last_msg =~ $outdated_msg ]]; then
    echo "${container} is outdated, restarting"
+    imageTag=$(docker ps --format '{{.Names}}\t{{.Image}}' -f "name=$container" | grep -w "$container" | awk '{print $NF}')
+    docker pull "$imageTag"
    systemctl restart "docker-${container}"
  fi
 done