{config, ...}: let openVpnPwd = config.sops.secrets."software/proton/openvpn_password".path; openVpnUser = config.sops.secrets."software/proton/openvpn_user".path; in { sops.secrets = { "software/proton/openvpn_password" = {}; "software/proton/openvpn_user" = {}; }; virtualisation.arion = { backend = "podman-socket"; projects.arrstack = { settings = { services.gluetun.service = { ports = [ "8076:8076" # qbittorrent webui port "6887:6887" # qbittorrent torrenting port "6887:6887/udp" # qbittorrent torrenting port ]; image = "qmcgaw/gluetun"; capabilities = { NET_ADMIN = true; }; container_name = "glutun"; restart = "always"; volumes = [ "/srv/docker/media-server/arrstack/gluetun:/gluetun" "${openVpnPwd}:/run/secrets/openvpn_password" "${openVpnUser}:/run/secrets/openvpn_user" ]; environment = { VPN_SERVICE_PROVIDER = "protonvpn"; VPN_TYPE = "openvpn"; SERVER_COUNTRIES = "Switzerland"; }; devices = ["/dev/net/tun:/dev/net/tun"]; }; services.qbittorrent.service = { image = "lscr.io/linuxserver/qbittorrent:latest"; container_name = "qbittorrent"; restart = "always"; volumes = [ "/srv/docker/media-server/arrstack/qbittorrent:/config" "/media/media:/media" ]; environment = { TZ="Europe/London"; WEBUI_PORT=8076; TORRENTING_PORT=6887; PUID=1000; PGID=1000; }; network_mode = "service:gluetun"; }; }; }; }; }