Merge pull request 'add qbit config' (#169) from feature/qbit into main

Reviewed-on: #169

flake.lock

@@ -76,11 +76,11 @@
       },
       "locked": {
         "dir": "pkgs/firefox-addons",
-        "lastModified": 1767672212,
+        "lastModified": 1767473845,
-        "narHash": "sha256-CGQgo92QKzCnRUF2wjEPsaIoKajVU5EyK1aDaMwo1xg=",
+        "narHash": "sha256-Pvd0l14qYA4jBS+JSCufoj8qFpeu2dt0Q9zBvpeLKac=",
         "owner": "rycee",
         "repo": "nur-expressions",
-        "rev": "461ec70d76363e9f76588afe59e02fbbc69da80e",
+        "rev": "7f7d9e8b61abade02c6dc0d530ba6b43a50acead",
         "type": "gitlab"
       },
       "original": {
@@ -125,11 +125,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1767609335,
+        "lastModified": 1765835352,
-        "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=",
+        "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "250481aafeb741edfe23d29195671c19b36b6dca",
+        "rev": "a34fae9c08a15ad73f295041fec82323541400a9",
         "type": "github"
       },
       "original": {
@@ -242,11 +242,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1767688629,
+        "lastModified": 1767556355,
-        "narHash": "sha256-kX1BVq5zoowePHssEjmpc6FNT3vVZNZaCXd7mfvCsxg=",
+        "narHash": "sha256-RDTUBDQBi9D4eD9iJQWtUDN/13MDLX+KmE+TwwNUp2s=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "bfaba198af72338b8dbda59887859d7a30c6643c",
+        "rev": "f894bc4ffde179d178d8deb374fcf9855d1a82b7",
         "type": "github"
       },
       "original": {
@@ -596,11 +596,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1767667566,
+        "lastModified": 1767495280,
-        "narHash": "sha256-COy+yxZGuhQRVD1r4bWVgeFt1GB+IB1k5WRpDKbLfI8=",
+        "narHash": "sha256-hEEgtE/RSRigw8xscchGymf/t1nluZwTfru4QF6O1CQ=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "056ce5b125ab32ffe78c7d3e394d9da44733c95e",
+        "rev": "cb24c5cc207ba8e9a4ce245eedd2d37c3a988bc1",
         "type": "github"
       },
       "original": {
@@ -650,11 +650,11 @@
         "tinted-zed": "tinted-zed"
       },
       "locked": {
-        "lastModified": 1767652667,
+        "lastModified": 1767559556,
-        "narHash": "sha256-zsgfockkvK0JrSvzVAb8JeUq3SDdITu6ViUf7yeIpi4=",
+        "narHash": "sha256-Pf1d9Hh9UUQ/oS+evq6dU0MiaDczXXNztTlQekaMbW0=",
         "owner": "danth",
         "repo": "stylix",
-        "rev": "a4406d9799d002c41296c72378a1094a8fc9aa1b",
+        "rev": "b135edbdd403896d1ef507934c045f716deb5609",
         "type": "github"
       },
       "original": {

systems/palatine-hill/docker/torr.nix

@@ -1,130 +1,95 @@
 { config, pkgs, ... }:
 
 let
-  delugeBase = {
+  qbitBase = {
+    image = "ghcr.io/linuxserver/qbittorrent:latest";
     pull = "always";
     environment = {
       PUID = "600";
       PGID = "100";
       TZ = "America/New_York";
-      UMASK = "000";
-      DEBUG = "true";
-      DELUGE_DAEMON_LOG_LEVEL = "debug";
-      DELUGE_WEB_LOG_LEVEL = "debug";
     };
   };
 
   vars = import ../vars.nix;
   #docker_path = vars.primary_docker;
   torr_path = vars.primary_torr;
-  deluge_path = "${torr_path}/deluge";
+  qbit_path = "${torr_path}/qbit";
-  delugevpn_path = "${torr_path}/delugevpn";
+  qbitvpn_path = "${torr_path}/qbitvpn";
-
+  qbitperm_path = "${torr_path}/qbitperm";
-  #genSopsConfWg = file: {
-  #  "${file}" = {
-  #    format = "binary";
-  #    sopsFile = ./wg/${file};
-  #    path = "${delugevpn_path}/config/wireguard/configs/${file}";
-  #    owner = "docker-service";
-  #    group = "users";
-  #    restartUnits = [ "docker-delugeVPN.service" ];
-  #  };
-  #};
-
-  genSopsConfOvpn = file: {
-    "${file}" = {
-      format = "binary";
-      sopsFile = ./openvpn/${file};
-      path = "${delugevpn_path}/config/openvpn/configs/${file}";
-      owner = "docker-service";
-      group = "users";
-      restartUnits = [ "docker-delugeVPN.service" ];
-    };
-
-  };
 in
 {
 
   virtualisation.oci-containers.containers = {
-    deluge = delugeBase // {
+    qbit = qbitBase // {
-      image = "binhex/arch-deluge";
+      environment = qbitBase.environment // {
+        WEBUI_PORT = "8082";
+      };
       volumes = [
-        "${deluge_path}/config:/config"
+        "${qbit_path}/config:/config" # move from docker/qbit to qbit_path
-        "${deluge_path}/data/:/data"
+        "${qbit_path}/data/:/data"
         "/etc/localtime:/etc/localtime:ro"
       ];
       ports = [
-        "8084:8112"
+        "8082:8112"
-        "29433:29433"
+        "29432:29432"
       ];
     };
-    delugeVPN = delugeBase // {
+    qbitVPN = qbitBase // {
-      image = "binhex/arch-delugevpn:latest";
+      # webui port is 8081, torr port is 29432
+      networks = [
+        "container:gluetun-qbit"
+      ];
+      dependsOn = [ "gluetun-qbit" ];
+      volumes = [
+        "${qbitvpn_path}/config:/config"
+        "${qbit_path}/data:/data"
+        "/etc/localtime:/etc/localtime:ro"
+      ];
+    };
+    qbitPerm = qbitBase // {
+      # webui port is 8083, torr port is 29434
+      networks = [
+        "container:gluetun-qbit"
+      ];
+      dependsOn = [ "gluetun-qbit" ];
+      volumes = [
+        "${qbitperm_path}/config:/config"
+        "${qbit_path}/data:/data"
+        "/etc/localtime:/etc/localtime:ro"
+      ];
+    };
+    gluetun-qbit = {
+      image = "qmcgaw/gluetun:v3";
       capabilities = {
-        NET_ADMIN = true;
+        NET_ADD = true;
       };
-      autoRemoveOnStop = false;
+      devices = [
-      environment = delugeBase.environment // {
+        "/dev/net/tun:/dev/net/tun"
-        VPN_ENABLED = "yes";
-        VPN_CLIENT = "openvpn";
-        VPN_PROV = "protonvpn";
-        ENABLE_PRIVOXY = "yes";
-        LAN_NETWORK = "192.168.0.0/16";
-        ENABLE_STARTUP_SCRIPTS = "yes";
-        #NAME_SERVERS = "194.242.2.9";
-        #NAME_SERVERS = "9.9.9.9";
-        # note, delete /config/perms.txt to force a bulk permissions update
-      };
-      environmentFiles = [ config.sops.secrets."docker/delugevpn".path ];
-      volumes = [
-        "${delugevpn_path}/config:/config"
-        "${deluge_path}/data:/data" # use common torrent path yuck
-        "/etc/localtime:/etc/localtime:ro"
       ];
       ports = [
-        "8085:8112"
+        # qbitvpn
-        "8119:8118"
+        "8081:8081"
-        "39275:39275"
+        "29432:29432"
-        "39275:39275/udp"
-        "48346:48346"
-        "48346:48346/udp"
 
+        # qbitperm
+        "8083:8083"
+        "29433:24933"
+      ];
+      environment = {
+        TZ = "America/New_York";
+        # SOPS prep
+      };
+      environmentFiles = [
+        config.sops.secrets."docker/gluetun".path
       ];
     };
   };
 
-  systemd.services.docker-delugeVPN = {
+  sops.secrets = {
-    serviceConfig = {
+    "docker/gluetun" = {
-      ExecStartPre = [
-        (
-          "${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/openvpn/configs "
-          + "-type l -not -name network.ovpn "
-          + "| ${pkgs.coreutils}/bin/shuf -n 1 "
-          + "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/openvpn/network.ovpn &&"
-          + "${pkgs.coreutils}/bin/chown docker-service:users ${delugevpn_path}/config/openvpn/network.ovpn &&"
-          + "${pkgs.coreutils}/bin/chmod 440 ${delugevpn_path}/config/openvpn/network.ovpn\""
-        )
-        (
-          "${pkgs.bash}/bin/bash -c \"${pkgs.findutils}/bin/find ${delugevpn_path}/config/scripts/links "
-          + "-type l "
-          + "| ${pkgs.findutils}/bin/xargs -I {} cp -L {} ${delugevpn_path}/config/scripts/ \""
-        )
-      ];
-      ExecStopPost = [ "${pkgs.coreutils}/bin/rm ${delugevpn_path}/config/scripts/*sh" ];
-    };
-  };
-
-  sops.secrets = (genSopsConfOvpn "se.protonvpn.udp.ovpn") // {
-    "docker/delugevpn" = {
       owner = "docker-service";
-      group = "users";
+      restartUnits = [ "docker-gluetun-qbit.service" ];
-      restartUnits = [ "docker-delugeVPN.service" ];
-    };
-    "docker/protonvpn-start-script" = {
-      path = "${delugevpn_path}/config/scripts/links/protonvpn-start-script.sh";
-      owner = "docker-service";
-      group = "users";
-      restartUnits = [ "docker-delugeVPN.service" ];
     };
   };
 }

systems/palatine-hill/secrets.yaml

@@ -32,6 +32,7 @@ docker:
     sonarr: ENC[AES256_GCM,data:X/hM31ZyHybvy2eQzVnmq8CH1AqBgz1pxq7tKC4lZB3ryAbnEIJksffem8+35tWt/0r5cEH4aaIKD1kS7Q+Ma+8JrRLcWkt6CZq/wspz,iv:44FfdVpQCposXshzNe5DXAxExeQzjVKhkZaVbgKo8KU=,tag:WIWWUt1XBngUTwwqhCrcNw==,type:str]
     lidarr: ENC[AES256_GCM,data:xERBECneutNUMZRrHukp8CaNrpI7SXUB16zUkauNP2+wto3eIc/K+2nMCkbwSC9AKlSjnUGSiORmAWn/jofTAuEzQljkCR1XCSkJRMmL,iv:iKf4fZtCfdjT/KuMFK5VFoLAV+Lll8uJowe9Q4cHyYw=,tag:xzmATTkrYRYm9Mw23zEO5g==,type:str]
     jellyseerr: ENC[AES256_GCM,data:7dDfHFp8+WbJqrf7Ms/gmfroBePwegXh5CXn5FcOz8IEK7rTvr9KZfz9x/1BwdD8,iv:ZPi3OcMfH76A08piKY4P7hFbeMyouwBoeN5oL3ExzKU=,tag:oOZ37dy/y+DFqNRfAHexvQ==,type:str]
+    gluetun: ENC[AES256_GCM,data:3wOijlcj2WePhWVtRS5rUILI969GWLCuOrbiQ2MlVui0wy3Upzw2jdtTaly5UdTvy55a1ryxJ49nmuPxm2hJclGjw1P2o0yAf6CJRiJQwWJaAZbbDtlfTCus1sHTs/e2556DSa74YQg1D0VdQLGidzma8Efn/QaP6v9shEUue8CxU/aRbi48TPrhzl7k9xU9IHqCgZoo3utZ1xtn2AVfkZJDo9rPuZsQrEy95wvoVtyHK8OvLIXXZuUjANdJKmI9Wn73t4a9PR4K7Bydr5DtrYGhtw9b/L7QX6Okjin+kuDfL/iP3vPxMusTAULvpGexgDWVirL/h0o73Us7Noce8jZ6yKAFsH2jJ/IDIUYPdxPH/gts8FX3PFsz/dxQincN5s+itFlCJ72LIXk/hC6kyMzF+WRza0F7FR2CrQGscuCJ2Cd1fqVAi5ZXg/07+H//Dy8SPR62HUuTDlEcNNXZcwRm2+AaZwXF7UhOv+lR4fAqF8w+I0rjioVLJQltx7td+5r/Gq+sQBp+n0WPZUbmy0jHF8YwKMjSCckqtjah+/+l4CBsFI0xVs654snfmg==,iv:fanygdgYvSdJeCHpEXUfS7sPkXIj5pDxVtfYWo/c5Jc=,tag:oWx+UaIsDjDehsPlBM9f6g==,type:str]
 acme:
     bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str]
     dnsimple: ENC[AES256_GCM,data:37FKyBibFtXZgI4EduJQ0z8F+shBc5Q6YlLa3YkVPh9XuJVS20eybi75bfJxiozcZ9d+YRaqcbkBQCSdFOCotDU=,iv:oq3JjqbfAm2C4jcL1lvUb2EOmnwlR07vPoO8H0BmydQ=,tag:E3NO/jMElL6Q817666gIyg==,type:str]
@@ -50,8 +51,8 @@ sops:
             cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At
             LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-12-25T17:45:31Z"
+    lastmodified: "2026-01-08T03:15:14Z"
-    mac: ENC[AES256_GCM,data:lVRqQWnO1RvmoW13/xCpP2SvibccRWwmr1Gyj6EgrE+V+Iu1bfnZRkTkHiFIQqQLQgCy2qBiSHeZF/dNERe83eEwpXgRQAduarpE/qL8K1mxcwf5HMMYACjlNfsL/I1/TCJrJ7DZBxI4neRLetc5OpScVXqHj1neOodD/g8n+ls=,iv:+gZpo0I2NVYz24o42mUW/OkfONqNSjgaJeKeFdKx7dg=,tag:EJnpiotQuBKth21mdhvjZQ==,type:str]
+    mac: ENC[AES256_GCM,data:THKtji76rAaUHSs9l9u/VELujQVlNmuDeS8ICi2bjmYIuxT1BgdkeAKDy10wXEGPf0BIzuVmFyJs8y9+pm8idMcvGRVBvDv+XkBn0uVV01dRHJ/AfQgutMEWiXkNVSF48GfOsT/khXM13IwCjO8bwS77jcbL+NVPs0KVCxHI7us=,iv:xAubTMuGlllwxHgrzzX/2hkYq/j/aC8PoNo6jHZbSDU=,tag:7XJVhsfKUeJrJmK6egN7nw==,type:str]
     pgp:
         - created_at: "2024-11-28T18:56:39Z"
           enc: |-