Maybe gluetun will wokr
This commit is contained in:
parent
a7be0718ed
commit
10afd9e175
SSH key fingerprint:
SHA256:UUF9JT2s8Xfyv76b8ZuVL7XrmimH4o49p4b+iexbVH4
|
|
@ -13,3 +13,7 @@ microbin_env: |
|
|||
MICROBIN_UPLOAD_PASSWORD=...
|
||||
forgejo_mail_password: ...
|
||||
javi_password: ...
|
||||
vpn_env: |
|
||||
WIREGUARD_PRIVATE_KEY=...
|
||||
WIREGUARD_ADDRESSES=...
|
||||
SERVER_CITIES=...
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ cloudflare_tunnel_credentials: ENC[AES256_GCM,data:XuXXzhGdxYsF1ik2g7yS2wbaI08/A
|
|||
microbin_env: ENC[AES256_GCM,data:nxiE9GIvEb0xgqomDdMyy2UtG25pt7h+6JUZkAgIejZbJfsKfpIJcG02WJoj07I2VeTtN10Wd8IbrW9QEt64mLzlG7hqJN0Uwq8bjL1j5IaK,iv:pCWmF52MhMfZtdtMsL7wwt+KB33E/UPNtXzkiJ7NOWE=,tag:79e0u2yyRYckivY85hLqpg==,type:str]
|
||||
forgejo_mail_password: ENC[AES256_GCM,data:linrpmA8b+8e1+tWNl0=,iv:Mk7suPq0Jt960Zl9s2jj3SSAKt4t8Lv4eKdIo0o8JbE=,tag:TZ0qGJIVSFSUt/0cqamvdw==,type:str]
|
||||
javi_password: ENC[AES256_GCM,data:5Ifh/DclUz0/AL69Th/GckolrjerLOnDW77SOf+/L3v39T+EOYgK2GDNKtWGGWYX5sdxZ9JwLS3ZVsIOnN4zjFhgV+GChJWkkzjdpJEtpHlmmBKlyS31Fw7SixVkL3y3VJhw72aVv3bMKQ==,iv:FzAmvIlrhna5InsQCRrWVdrKZGmHMb0njWdvgBurdYs=,tag:/Iguu2FbdV/4RSGTnFdyYA==,type:str]
|
||||
vpn_env: ENC[AES256_GCM,data:Nj19qT0rVCL2WUXyhtjpme+d1szmziJjxxyvyrBffjI5lnWGfnG5x1BRuIzx1nFy3mZmdARSJ8ERxyYIgukfZARXQvchE4OkQuQKPGIwpFOcZUnTXleItyLN4Ga/MuH7DhA9r9WRCUWB5nky/JuKlleYMJO10aWV3v6xfzbG5lb8rQxkE+l382qy3554tWonejtuf5dOmw15nsqCSw==,iv:uo4VBEcckw47F9kK2oKSqzOLJhXLRprGTDfRv7Km3i0=,tag:S3R+29uD8FDiaPp6SjS5IA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
|
@ -31,8 +32,8 @@ sops:
|
|||
RHZ6alYrUU5BZ2xlMkdGR1dWRG5aeGMKJdsdtVZ6Mk9Vo3a+tS+rzAgaF2wpH+8U
|
||||
lWhA+c0Kbe8EJT8hm7Vr8PqBmElz4V9AnXSCTp7D+Cu4pfWsHopLUQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-05-21T00:38:43Z"
|
||||
mac: ENC[AES256_GCM,data:/Aq7fQaIQmaG67xqW1P1GMgh8FYSoerR+eLZFRWTjcOaa71ZBt7+a4RAGDqQuoXUYoTxn4bBUKQBBbseMA2Wep9Z5JhGDNtzxVJbLHqVxC8NjLKQUV/M8ycBgTGvxFqHhcTeBbYfoNBgvMsOZpUCe8Utf+Z6BdEAzaDfKkRfT7M=,iv:ndCIVUOLoolhe77wxdUFMXBTKyf21i4dRrKoxtLf92k=,tag:GRXhswxIktIj35p7cJWjKA==,type:str]
|
||||
lastmodified: "2024-05-31T01:44:40Z"
|
||||
mac: ENC[AES256_GCM,data:49iLRBMZ7Udg3oi5JuvqAyxrEl2Ek/hUB3vtNcbi1GdHMJ2SexmuyUS+a9SWPvklvUQcCnKeF4HLdH/w+lJQLrgdFj5rOrLSJPFSJB0LhffF0EzJKoo9ukm4VEtt/R9p6ZdwqgbujhxBiewNY/nHXhcIrxxvXioT693vvUKFQjc=,iv:R2N7YKmI2Jit77m2riYmpmPi4d3jXLEKGI2NuAin2P4=,tag:tbgHr43Yz3sFkuRUeLk3ZQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
|||
|
|
@ -1,3 +1,6 @@
|
|||
# Sources:
|
||||
# https://github.com/nickkjolsing/dockerMullvadVPN
|
||||
# https://www.reddit.com/r/HomeServer/comments/xapl93/a_minimal_configuration_stepbystep_guide_to_media/
|
||||
{ config, pkgs, ... }:
|
||||
let
|
||||
port = 8417;
|
||||
|
|
@ -7,38 +10,45 @@ in
|
|||
{
|
||||
imports = [ ../../common/optional/services/nginx.nix ];
|
||||
|
||||
sops.secrets.vpn_env.sopsFile = ../secrets.yaml;
|
||||
|
||||
services.nginx.virtualHosts."qbit.moonythm.dev" =
|
||||
config.satellite.proxy port { proxyWebsockets = true; };
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${dataDir} 755 ${config.users.users.pilot.name} users"
|
||||
"d ${configDir} 755 ${config.users.users.pilot.name} users"
|
||||
"d ${dataDir} 777 ${config.users.users.pilot.name} users"
|
||||
"d ${configDir}"
|
||||
];
|
||||
|
||||
# {{{ qbit
|
||||
virtualisation.oci-containers.containers.qbittorrent = {
|
||||
image = "trigus42/qbittorrentvpn";
|
||||
extraOptions = [
|
||||
"--cap-add=net_admin"
|
||||
"--sysctl=net.ipv4.conf.all.src_valid_mark=1"
|
||||
# "--sysctl=net.ipv6.conf.all.disable_ipv6=0"
|
||||
"--device=/dev/net/tun"
|
||||
];
|
||||
|
||||
volumes = [
|
||||
"${dataDir}:/downloads"
|
||||
"${configDir}:/config/qBittorrent"
|
||||
"/persist/state/var/lib/mullvad/openvpn:/etc/openvpn"
|
||||
"/persist/state/var/lib/mullvad/openvpn:/config/openvpn"
|
||||
"/persist/state/var/lib/mullvad/wireguard:/config/wireguard"
|
||||
];
|
||||
|
||||
ports = [ "${toString port}:8080" ];
|
||||
image = "linuxserver/qbittorrent:latest";
|
||||
extraOptions = [ "--network=container:gluetun" ];
|
||||
dependsOn = [ "openvpn-client" ];
|
||||
volumes = [ "${dataDir}:/downloads" "${configDir}:/config" ];
|
||||
ports = [ "${toString port}:${toString port}" ];
|
||||
|
||||
environment = {
|
||||
VPN_TYPE = "openvpn";
|
||||
TZ = "Europe/Amsterdam";
|
||||
WEBUI_PORT = toString port;
|
||||
PGID = "100";
|
||||
PUID = "1000";
|
||||
};
|
||||
};
|
||||
# }}}
|
||||
# {{{ vpn
|
||||
virtualisation.oci-containers.containers.gluetun = {
|
||||
image = "qmcgaw/gluetun";
|
||||
extraOptions = [
|
||||
"--cap-add=net_admin"
|
||||
"--device=/dev/net/tun"
|
||||
];
|
||||
|
||||
environmentFile = config.sops.secrets.vpn_env.path;
|
||||
environment = {
|
||||
VPN_TYPE = "wireguard";
|
||||
VPN_SERVICE_PROVIDER = "mullvad";
|
||||
KILL_SWITCH = "on"; # Turns off internet access if the VPN connection drops
|
||||
};
|
||||
};
|
||||
# }}}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue