From 46cc81b5e99f69faace001b08ef0d981f41b5fbb Mon Sep 17 00:00:00 2001 From: Sam Date: Wed, 22 Jan 2025 20:08:13 +0000 Subject: [PATCH] port forwarding in gluetun container --- .../optional/arion-containers/arrstack.nix | 29 +++++++++++++------ 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/hosts/common/optional/arion-containers/arrstack.nix b/hosts/common/optional/arion-containers/arrstack.nix index 6a57033..0dfa389 100644 --- a/hosts/common/optional/arion-containers/arrstack.nix +++ b/hosts/common/optional/arion-containers/arrstack.nix @@ -1,5 +1,4 @@ -{config, ...}: -let +{config, ...}: let openVpnPwd = config.sops.secrets."software/proton/openvpn_password".path; openVpnUser = config.sops.secrets."software/proton/openvpn_user".path; in { @@ -8,6 +7,18 @@ in { "software/proton/openvpn_user" = {}; }; + networking = { + firewall = { + enable = true; + allowedTCPPorts = [ + 6887 + ]; + allowedUDPPorts = [ + 6887 + ]; + }; + }; + virtualisation.arion = { backend = "podman-socket"; projects.arrstack = { @@ -19,7 +30,7 @@ in { "6887:6887/udp" # qbittorrent torrenting port ]; image = "qmcgaw/gluetun"; - capabilities = { NET_ADMIN = true; }; + capabilities = {NET_ADMIN = true;}; container_name = "glutun"; restart = "always"; volumes = [ @@ -31,6 +42,7 @@ in { VPN_SERVICE_PROVIDER = "protonvpn"; VPN_TYPE = "openvpn"; SERVER_COUNTRIES = "Switzerland"; + VPN_PORT_FORWARDING = "on"; }; devices = ["/dev/net/tun:/dev/net/tun"]; }; @@ -44,15 +56,14 @@ in { "/media/media:/media" ]; environment = { - TZ="Europe/London"; - WEBUI_PORT=8076; - TORRENTING_PORT=6887; - PUID=1000; - PGID=1000; + TZ = "Europe/London"; + WEBUI_PORT = 8076; + TORRENTING_PORT = 6887; + PUID = 1000; + PGID = 1000; }; network_mode = "service:gluetun"; }; - }; }; };