nixos/hosts/common/optional/docker-containers/arrstack.nix

{config, ...}: let
  openVpnPwd = config.sops.secrets."software/proton/openvpn_password".path;
  openVpnUser = config.sops.secrets."software/proton/openvpn_user".path;
in {
  sops.secrets = {
    "software/proton/openvpn_password" = {};
    "software/proton/openvpn_user" = {};
  };

  networking = {
    firewall = {
      enable = true;
      allowedTCPPorts = [
        6887
      ];
      allowedUDPPorts = [
        6887
      ];
    };
  };

  virtualisation.arion = {
    backend = "podman-socket";
    projects.arrstack = {
      settings = {
        services.gluetun.service = {
          ports = [
            "8076:8076" # qbittorrent webui port
            "6887:6887" # qbittorrent torrenting port
            "6887:6887/udp" # qbittorrent torrenting port
            "9696:9696" # prowlarr port
            "8191:8191" # prowlarr port
          ];
          image = "qmcgaw/gluetun";
          capabilities = {NET_ADMIN = true;};
          container_name = "glutun";
          restart = "always";
          volumes = [
            "/srv/docker/media-server/arrstack/gluetun:/gluetun"
            "${openVpnPwd}:/run/secrets/openvpn_password"
            "${openVpnUser}:/run/secrets/openvpn_user"
          ];
          environment = {
            VPN_SERVICE_PROVIDER = "protonvpn";
            VPN_TYPE = "openvpn";
            SERVER_COUNTRIES = "Switzerland";
            VPN_PORT_FORWARDING = "on";
          };
          devices = ["/dev/net/tun:/dev/net/tun"];
        };

        services.qbittorrent.service = {
          image = "lscr.io/linuxserver/qbittorrent:latest";
          container_name = "qbittorrent";
          restart = "always";
          volumes = [
            "/srv/docker/media-server/arrstack/qbittorrent:/config"
            "/media/media/downloads:/downloads"
          ];
          environment = {
            TZ = "Europe/London";
            WEBUI_PORT = 8076;
            TORRENTING_PORT = 6887;
            PUID = 1000;
            PGID = 1000;
          };
          network_mode = "service:gluetun";
        };

        services.prowlarr.service = {
          image = "lscr.io/linuxserver/prowlarr:latest";
          container_name = "prowlarr";
          restart = "always";
          volumes = [
            "/srv/docker/media-server/arrstack/prowlarr:/config"
            "/media/media/downloads:/downloads"
          ];
          environment = {
            TZ = "Europe/London";
            PUID = 1000;
            PGID = 1000;
          };
          network_mode = "service:gluetun";
        };

        services.flaresolverr.service = {
          image = "ghcr.io/flaresolverr/flaresolverr:latest";
          container_name = "flaresolverr";
          restart = "always";
          environment = {
            TZ = "Europe/London";
            LOG_LEVEL = "\${LOG_LEVEL:-info}";
            LOG_HTML = "\${LOG_HTML:-false}";
            CAPTCHA_SOLVER = "\${CAPTCHA_SOLVER:-none}";
          };
          network_mode = "service:gluetun";
        };
      };
    };
  };
}
port forwarding in gluetun container 2025-01-22 20:08:13 +00:00			`{config, ...}: let`
Update nix-secrets and arrstack configuration - Update `flake.lock` with new `nix-secrets` revision - Modify `arrstack.nix`: - Change secret paths for OpenVPN credentials - Add new ports and capabilities for gluetun service - Add qbittorrent service with environment variables - Rename project from jellyfin to arrstack - Update `jellyfin.nix` to set container name - Include `jellyfin.nix` and `arrstack.nix` in `default.nix` - Adjust GDK scaling variables in `default.nix` for better display - Improve `justfile`: - Pull latest changes before editing SOPS file - Use timestamped commit messages for auto-commits 2025-01-10 09:07:36 +00:00			`openVpnPwd = config.sops.secrets."software/proton/openvpn_password".path;`
			`openVpnUser = config.sops.secrets."software/proton/openvpn_user".path;`
Update LNBits version and modify desktop entries - Update LNBits version to v0.12.12 in flake.lock and flake.nix - Modify desktop entries for Zathura, Nsxiv-wrapper, Nvim-wrapper, and Mpv-wrapper in default.nix - Add arrstack.nix and Restic backups for Jellyfin configuration 2025-01-07 16:35:16 +00:00			`in {`
Update nix-secrets and arrstack configuration - Update `flake.lock` with new `nix-secrets` revision - Modify `arrstack.nix`: - Change secret paths for OpenVPN credentials - Add new ports and capabilities for gluetun service - Add qbittorrent service with environment variables - Rename project from jellyfin to arrstack - Update `jellyfin.nix` to set container name - Include `jellyfin.nix` and `arrstack.nix` in `default.nix` - Adjust GDK scaling variables in `default.nix` for better display - Improve `justfile`: - Pull latest changes before editing SOPS file - Use timestamped commit messages for auto-commits 2025-01-10 09:07:36 +00:00			`sops.secrets = {`
			`"software/proton/openvpn_password" = {};`
			`"software/proton/openvpn_user" = {};`
			`};`

port forwarding in gluetun container 2025-01-22 20:08:13 +00:00			`networking = {`
			`firewall = {`
			`enable = true;`
			`allowedTCPPorts = [`
			`6887`
			`];`
			`allowedUDPPorts = [`
			`6887`
			`];`
			`};`
			`};`

Update LNBits version and modify desktop entries - Update LNBits version to v0.12.12 in flake.lock and flake.nix - Modify desktop entries for Zathura, Nsxiv-wrapper, Nvim-wrapper, and Mpv-wrapper in default.nix - Add arrstack.nix and Restic backups for Jellyfin configuration 2025-01-07 16:35:16 +00:00			`virtualisation.arion = {`
			`backend = "podman-socket";`
Update nix-secrets and arrstack configuration - Update `flake.lock` with new `nix-secrets` revision - Modify `arrstack.nix`: - Change secret paths for OpenVPN credentials - Add new ports and capabilities for gluetun service - Add qbittorrent service with environment variables - Rename project from jellyfin to arrstack - Update `jellyfin.nix` to set container name - Include `jellyfin.nix` and `arrstack.nix` in `default.nix` - Adjust GDK scaling variables in `default.nix` for better display - Improve `justfile`: - Pull latest changes before editing SOPS file - Use timestamped commit messages for auto-commits 2025-01-10 09:07:36 +00:00			`projects.arrstack = {`
Update LNBits version and modify desktop entries - Update LNBits version to v0.12.12 in flake.lock and flake.nix - Modify desktop entries for Zathura, Nsxiv-wrapper, Nvim-wrapper, and Mpv-wrapper in default.nix - Add arrstack.nix and Restic backups for Jellyfin configuration 2025-01-07 16:35:16 +00:00			`settings = {`
			`services.gluetun.service = {`
			`ports = [`
Update nix-secrets and arrstack configuration - Update `flake.lock` with new `nix-secrets` revision - Modify `arrstack.nix`: - Change secret paths for OpenVPN credentials - Add new ports and capabilities for gluetun service - Add qbittorrent service with environment variables - Rename project from jellyfin to arrstack - Update `jellyfin.nix` to set container name - Include `jellyfin.nix` and `arrstack.nix` in `default.nix` - Adjust GDK scaling variables in `default.nix` for better display - Improve `justfile`: - Pull latest changes before editing SOPS file - Use timestamped commit messages for auto-commits 2025-01-10 09:07:36 +00:00			`"8076:8076" # qbittorrent webui port`
			`"6887:6887" # qbittorrent torrenting port`
			`"6887:6887/udp" # qbittorrent torrenting port`
add prowlarr to arrstack 2025-02-28 11:30:33 +00:00			`"9696:9696" # prowlarr port`
			`"8191:8191" # prowlarr port`
Update LNBits version and modify desktop entries - Update LNBits version to v0.12.12 in flake.lock and flake.nix - Modify desktop entries for Zathura, Nsxiv-wrapper, Nvim-wrapper, and Mpv-wrapper in default.nix - Add arrstack.nix and Restic backups for Jellyfin configuration 2025-01-07 16:35:16 +00:00			`];`
			`image = "qmcgaw/gluetun";`
port forwarding in gluetun container 2025-01-22 20:08:13 +00:00			`capabilities = {NET_ADMIN = true;};`
Update nix-secrets and arrstack configuration - Update `flake.lock` with new `nix-secrets` revision - Modify `arrstack.nix`: - Change secret paths for OpenVPN credentials - Add new ports and capabilities for gluetun service - Add qbittorrent service with environment variables - Rename project from jellyfin to arrstack - Update `jellyfin.nix` to set container name - Include `jellyfin.nix` and `arrstack.nix` in `default.nix` - Adjust GDK scaling variables in `default.nix` for better display - Improve `justfile`: - Pull latest changes before editing SOPS file - Use timestamped commit messages for auto-commits 2025-01-10 09:07:36 +00:00			`container_name = "glutun";`
Update LNBits version and modify desktop entries - Update LNBits version to v0.12.12 in flake.lock and flake.nix - Modify desktop entries for Zathura, Nsxiv-wrapper, Nvim-wrapper, and Mpv-wrapper in default.nix - Add arrstack.nix and Restic backups for Jellyfin configuration 2025-01-07 16:35:16 +00:00			`restart = "always";`
			`volumes = [`
add docker nixos-container 2025-01-12 16:10:35 +00:00			`"/srv/docker/media-server/arrstack/gluetun:/gluetun"`
Update nix-secrets and arrstack configuration - Update `flake.lock` with new `nix-secrets` revision - Modify `arrstack.nix`: - Change secret paths for OpenVPN credentials - Add new ports and capabilities for gluetun service - Add qbittorrent service with environment variables - Rename project from jellyfin to arrstack - Update `jellyfin.nix` to set container name - Include `jellyfin.nix` and `arrstack.nix` in `default.nix` - Adjust GDK scaling variables in `default.nix` for better display - Improve `justfile`: - Pull latest changes before editing SOPS file - Use timestamped commit messages for auto-commits 2025-01-10 09:07:36 +00:00			`"${openVpnPwd}:/run/secrets/openvpn_password"`
			`"${openVpnUser}:/run/secrets/openvpn_user"`
Update LNBits version and modify desktop entries - Update LNBits version to v0.12.12 in flake.lock and flake.nix - Modify desktop entries for Zathura, Nsxiv-wrapper, Nvim-wrapper, and Mpv-wrapper in default.nix - Add arrstack.nix and Restic backups for Jellyfin configuration 2025-01-07 16:35:16 +00:00			`];`
			`environment = {`
Update nix-secrets and arrstack configuration - Update `flake.lock` with new `nix-secrets` revision - Modify `arrstack.nix`: - Change secret paths for OpenVPN credentials - Add new ports and capabilities for gluetun service - Add qbittorrent service with environment variables - Rename project from jellyfin to arrstack - Update `jellyfin.nix` to set container name - Include `jellyfin.nix` and `arrstack.nix` in `default.nix` - Adjust GDK scaling variables in `default.nix` for better display - Improve `justfile`: - Pull latest changes before editing SOPS file - Use timestamped commit messages for auto-commits 2025-01-10 09:07:36 +00:00			`VPN_SERVICE_PROVIDER = "protonvpn";`
Update LNBits version and modify desktop entries - Update LNBits version to v0.12.12 in flake.lock and flake.nix - Modify desktop entries for Zathura, Nsxiv-wrapper, Nvim-wrapper, and Mpv-wrapper in default.nix - Add arrstack.nix and Restic backups for Jellyfin configuration 2025-01-07 16:35:16 +00:00			`VPN_TYPE = "openvpn";`
			`SERVER_COUNTRIES = "Switzerland";`
port forwarding in gluetun container 2025-01-22 20:08:13 +00:00			`VPN_PORT_FORWARDING = "on";`
Update LNBits version and modify desktop entries - Update LNBits version to v0.12.12 in flake.lock and flake.nix - Modify desktop entries for Zathura, Nsxiv-wrapper, Nvim-wrapper, and Mpv-wrapper in default.nix - Add arrstack.nix and Restic backups for Jellyfin configuration 2025-01-07 16:35:16 +00:00			`};`
			`devices = ["/dev/net/tun:/dev/net/tun"];`
Update nix-secrets and arrstack configuration - Update `flake.lock` with new `nix-secrets` revision - Modify `arrstack.nix`: - Change secret paths for OpenVPN credentials - Add new ports and capabilities for gluetun service - Add qbittorrent service with environment variables - Rename project from jellyfin to arrstack - Update `jellyfin.nix` to set container name - Include `jellyfin.nix` and `arrstack.nix` in `default.nix` - Adjust GDK scaling variables in `default.nix` for better display - Improve `justfile`: - Pull latest changes before editing SOPS file - Use timestamped commit messages for auto-commits 2025-01-10 09:07:36 +00:00			`};`

			`services.qbittorrent.service = {`
			`image = "lscr.io/linuxserver/qbittorrent:latest";`
			`container_name = "qbittorrent";`
			`restart = "always";`
			`volumes = [`
add docker nixos-container 2025-01-12 16:10:35 +00:00			`"/srv/docker/media-server/arrstack/qbittorrent:/config"`
change qbittorrent data mount dir 2025-01-22 20:46:37 +00:00			`"/media/media/downloads:/downloads"`
Update LNBits version and modify desktop entries - Update LNBits version to v0.12.12 in flake.lock and flake.nix - Modify desktop entries for Zathura, Nsxiv-wrapper, Nvim-wrapper, and Mpv-wrapper in default.nix - Add arrstack.nix and Restic backups for Jellyfin configuration 2025-01-07 16:35:16 +00:00			`];`
Update nix-secrets and arrstack configuration - Update `flake.lock` with new `nix-secrets` revision - Modify `arrstack.nix`: - Change secret paths for OpenVPN credentials - Add new ports and capabilities for gluetun service - Add qbittorrent service with environment variables - Rename project from jellyfin to arrstack - Update `jellyfin.nix` to set container name - Include `jellyfin.nix` and `arrstack.nix` in `default.nix` - Adjust GDK scaling variables in `default.nix` for better display - Improve `justfile`: - Pull latest changes before editing SOPS file - Use timestamped commit messages for auto-commits 2025-01-10 09:07:36 +00:00			`environment = {`
port forwarding in gluetun container 2025-01-22 20:08:13 +00:00			`TZ = "Europe/London";`
			`WEBUI_PORT = 8076;`
			`TORRENTING_PORT = 6887;`
			`PUID = 1000;`
			`PGID = 1000;`
Update nix-secrets and arrstack configuration - Update `flake.lock` with new `nix-secrets` revision - Modify `arrstack.nix`: - Change secret paths for OpenVPN credentials - Add new ports and capabilities for gluetun service - Add qbittorrent service with environment variables - Rename project from jellyfin to arrstack - Update `jellyfin.nix` to set container name - Include `jellyfin.nix` and `arrstack.nix` in `default.nix` - Adjust GDK scaling variables in `default.nix` for better display - Improve `justfile`: - Pull latest changes before editing SOPS file - Use timestamped commit messages for auto-commits 2025-01-10 09:07:36 +00:00			`};`
			`network_mode = "service:gluetun";`
Update LNBits version and modify desktop entries - Update LNBits version to v0.12.12 in flake.lock and flake.nix - Modify desktop entries for Zathura, Nsxiv-wrapper, Nvim-wrapper, and Mpv-wrapper in default.nix - Add arrstack.nix and Restic backups for Jellyfin configuration 2025-01-07 16:35:16 +00:00			`};`
add prowlarr to arrstack 2025-02-28 11:30:33 +00:00
			`services.prowlarr.service = {`
			`image = "lscr.io/linuxserver/prowlarr:latest";`
			`container_name = "prowlarr";`
			`restart = "always";`
			`volumes = [`
			`"/srv/docker/media-server/arrstack/prowlarr:/config"`
			`"/media/media/downloads:/downloads"`
			`];`
			`environment = {`
			`TZ = "Europe/London";`
			`PUID = 1000;`
			`PGID = 1000;`
			`};`
			`network_mode = "service:gluetun";`
			`};`

			`services.flaresolverr.service = {`
			`image = "ghcr.io/flaresolverr/flaresolverr:latest";`
			`container_name = "flaresolverr";`
			`restart = "always";`
			`environment = {`
			`TZ = "Europe/London";`
			`LOG_LEVEL = "\${LOG_LEVEL:-info}";`
			`LOG_HTML = "\${LOG_HTML:-false}";`
			`CAPTCHA_SOLVER = "\${CAPTCHA_SOLVER:-none}";`
			`};`
			`network_mode = "service:gluetun";`
			`};`
Update LNBits version and modify desktop entries - Update LNBits version to v0.12.12 in flake.lock and flake.nix - Modify desktop entries for Zathura, Nsxiv-wrapper, Nvim-wrapper, and Mpv-wrapper in default.nix - Add arrstack.nix and Restic backups for Jellyfin configuration 2025-01-07 16:35:16 +00:00			`};`
			`};`
			`};`
			`}`