nix-dotfiles/systems/palatine-hill/docker/torr.nix

{ config, pkgs, ... }:

let
  qbitBase = {
    image = "ghcr.io/linuxserver/qbittorrent:latest";
    pull = "always";
    environment = {
      PUID = "600";
      PGID = "100";
      TZ = "America/New_York";
    };
  };

  vars = import ../vars.nix;
  #docker_path = vars.primary_docker;
  torr_path = vars.primary_torr;
  qbit_path = "${torr_path}/qbit";
  qbitvpn_path = "${torr_path}/qbitvpn";
  qbitperm_path = "${torr_path}/qbitperm";
in
{

  virtualisation.oci-containers.containers = {
    qbit = qbitBase // {
      environment = qbitBase.environment // {
        WEBUI_PORT = "8082";
      };
      volumes = [
        "${qbit_path}/config:/config" # move from docker/qbit to qbit_path
        "${qbit_path}/data/:/data"
        "/etc/localtime:/etc/localtime:ro"
      ];
      ports = [
        "8082:8112"
        "29432:29432"
      ];
    };
    qbitVPN = qbitBase // {
      # webui port is 8081, torr port is 29432
      networks = [
        "container:gluetun-qbit"
      ];
      dependsOn = [ "gluetun-qbit" ];
      volumes = [
        "${qbitvpn_path}/config:/config"
        "${qbit_path}/data:/data"
        "/etc/localtime:/etc/localtime:ro"
      ];
    };
    qbitPerm = qbitBase // {
      # webui port is 8083, torr port is 29434
      networks = [
        "container:gluetun-qbit"
      ];
      dependsOn = [ "gluetun-qbit" ];
      volumes = [
        "${qbitperm_path}/config:/config"
        "${qbit_path}/data:/data"
        "/etc/localtime:/etc/localtime:ro"
      ];
    };
    gluetun-qbit = {
      image = "qmcgaw/gluetun:v3";
      capabilities = {
        NET_ADD = true;
      };
      devices = [
        "/dev/net/tun:/dev/net/tun"
      ];
      ports = [
        # qbitvpn
        "8081:8081"
        "29432:29432"

        # qbitperm
        "8083:8083"
        "29433:24933"
      ];
      environment = {
        TZ = "America/New_York";
        # SOPS prep
      };
      environmentFiles = [
        config.sops.secrets."docker/gluetun".path
      ];
    };
  };

  sops.secrets = {
    "docker/gluetun" = {
      owner = "docker-service";
      restartUnits = [ "docker-gluetun-qbit.service" ];
    };
  };
}