From 53fe037aaf6d9724e7afab366b329a2d96825ba8 Mon Sep 17 00:00:00 2001 From: Sam Date: Fri, 10 Jan 2025 09:07:36 +0000 Subject: [PATCH] Update nix-secrets and arrstack configuration - Update `flake.lock` with new `nix-secrets` revision - Modify `arrstack.nix`: - Change secret paths for OpenVPN credentials - Add new ports and capabilities for gluetun service - Add qbittorrent service with environment variables - Rename project from jellyfin to arrstack - Update `jellyfin.nix` to set container name - Include `jellyfin.nix` and `arrstack.nix` in `default.nix` - Adjust GDK scaling variables in `default.nix` for better display - Improve `justfile`: - Pull latest changes before editing SOPS file - Use timestamped commit messages for auto-commits --- flake.lock | 8 ++-- hosts/common/optional/docker/arrstack.nix | 47 ++++++++++++++++++----- hosts/common/optional/docker/jellyfin.nix | 1 + hosts/semita/default.nix | 6 ++- justfile | 3 +- 5 files changed, 48 insertions(+), 17 deletions(-) diff --git a/flake.lock b/flake.lock index 41986d2..71f0a58 100644 --- a/flake.lock +++ b/flake.lock @@ -538,11 +538,11 @@ }, "nix-secrets": { "locked": { - "lastModified": 1736339437, - "narHash": "sha256-Em8E6Ml2whMU1IoEB3OI3eKhjSu2J/xbXdlIt+8x61U=", + "lastModified": 1736453439, + "narHash": "sha256-lDnZPKCNGjLzYwuYgW+bj6xaTFEiEvfKLAOSI6BQR6c=", "ref": "refs/heads/master", - "rev": "7c6042a975808186934e012ad32ae0e03ab60bff", - "revCount": 194, + "rev": "d7aadcc3de64b66359386399d80ccc446181a758", + "revCount": 196, "type": "git", "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" }, diff --git a/hosts/common/optional/docker/arrstack.nix b/hosts/common/optional/docker/arrstack.nix index ccebeab..90e9954 100644 --- a/hosts/common/optional/docker/arrstack.nix +++ b/hosts/common/optional/docker/arrstack.nix @@ -1,6 +1,7 @@ -{config, pkgs, ...}: let - # openVpnPwd = config.sops.secrets."software/proton/openvpn/password".path; - # openVpnUser = config.sops.secrets."software/proton/openvpn/username".path; +{config, ...}: +let + openVpnPwd = config.sops.secrets."software/proton/openvpn_password".path; + openVpnUser = config.sops.secrets."software/proton/openvpn_user".path; in { services.restic.backups = { daily = { @@ -12,30 +13,56 @@ in { }; }; + sops.secrets = { + "software/proton/openvpn_password" = {}; + "software/proton/openvpn_user" = {}; + }; + virtualisation.arion = { backend = "podman-socket"; - projects.jellyfin = { + projects.arrstack = { settings = { services.gluetun.service = { ports = [ - "8076:8076" + "8076:8076" # qbittorrent webui port + "6887:6887" # qbittorrent torrenting port + "6887:6887/udp" # qbittorrent torrenting port ]; image = "qmcgaw/gluetun"; + capabilities = { NET_ADMIN = true; }; + container_name = "glutun"; restart = "always"; volumes = [ "/srv/media-server/arrstack/gluetun:/gluetun" + "${openVpnPwd}:/run/secrets/openvpn_password" + "${openVpnUser}:/run/secrets/openvpn_user" ]; environment = { - VPN_SERVICE_PROVIDE = "protonvpn"; + VPN_SERVICE_PROVIDER = "protonvpn"; VPN_TYPE = "openvpn"; - SERVER_COUNTRIES = "Switzerland"; }; devices = ["/dev/net/tun:/dev/net/tun"]; - command = [ - "${pkgs.writeScript "entrypoint" "export TEST=test"}" - ]; }; + + services.qbittorrent.service = { + image = "lscr.io/linuxserver/qbittorrent:latest"; + container_name = "qbittorrent"; + restart = "always"; + volumes = [ + "/srv/media-server/arrstack/qbittorrent:/config" + "/media/media:/media" + ]; + environment = { + TZ="Europe/London"; + WEBUI_PORT=8076; + TORRENTING_PORT=6887; + PUID=1000; + PGID=1000; + }; + network_mode = "service:gluetun"; + }; + }; }; }; diff --git a/hosts/common/optional/docker/jellyfin.nix b/hosts/common/optional/docker/jellyfin.nix index 993263b..cba2df1 100644 --- a/hosts/common/optional/docker/jellyfin.nix +++ b/hosts/common/optional/docker/jellyfin.nix @@ -17,6 +17,7 @@ ports = [ "8096:8096" ]; + container_name = "jellyfin"; image = "lscr.io/linuxserver/jellyfin:latest"; restart = "always"; volumes = [ diff --git a/hosts/semita/default.nix b/hosts/semita/default.nix index fad8997..bd8d7e5 100644 --- a/hosts/semita/default.nix +++ b/hosts/semita/default.nix @@ -59,6 +59,8 @@ in { ../common/optional/restic-backup.nix ../common/optional/nixos-containers/backup-server.nix + ../common/optional/docker/jellyfin.nix + ../common/optional/docker/arrstack.nix # # Build nix derivations on remote machine # ../common/optional/distributed_builds/local-machine.nix @@ -87,8 +89,8 @@ in { }; environment.variables = { - GDK_SCALE = "2"; - GDK_DPI_SCALE = "0.6"; + GDK_SCALE = "1"; + GDK_DPI_SCALE = "1"; _JAVA_OPTIONS = "-Dsun.java2d.uiScale=1.8"; QT_AUTO_SCREEN_SCALE_FACTOR = "1"; XCURSOR_SIZE = "32"; diff --git a/justfile b/justfile index 151dc88..85e173f 100644 --- a/justfile +++ b/justfile @@ -27,8 +27,9 @@ update-flake: # edit sops file edit-sops: echo "Editing {{SOPS_FILE}}" + cd $(dirname {{SOPS_FILE}}) && git pull nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops {{SOPS_FILE}}" - cd $(dirname {{SOPS_FILE}}) && git add . && git commit -m "autocommit" && git push + cd $(dirname {{SOPS_FILE}}) && git add . && git commit -m "autocommit-$(date +'%d-%m-%y@%H:%m:%S')" && git push # update keys in secrets.yaml and push to remote update-sops-secrets: