nixos/hosts/common/optional/docker/arrstack.nix

{config, ...}: 
let
  openVpnPwd = config.sops.secrets."software/proton/openvpn_password".path;
  openVpnUser = config.sops.secrets."software/proton/openvpn_user".path;
in {
  services.restic.backups = {
    daily = {
      paths = [
        "/srv/media-server/arrstack"
      ];
      exclude = [
      ];
    };
  };

  sops.secrets = {
    "software/proton/openvpn_password" = {};
    "software/proton/openvpn_user" = {};
  };

  virtualisation.arion = {
    backend = "podman-socket";
    projects.arrstack = {
      settings = {
        services.gluetun.service = {
          ports = [
            "8076:8076" # qbittorrent webui port
            "6887:6887" # qbittorrent torrenting port
            "6887:6887/udp" # qbittorrent torrenting port
          ];
          image = "qmcgaw/gluetun";
          capabilities = { NET_ADMIN = true; };
          container_name = "glutun";
          restart = "always";
          volumes = [
            "/srv/media-server/arrstack/gluetun:/gluetun"
            "${openVpnPwd}:/run/secrets/openvpn_password"
            "${openVpnUser}:/run/secrets/openvpn_user"
          ];
          environment = {
            VPN_SERVICE_PROVIDER = "protonvpn";
            VPN_TYPE = "openvpn";
            SERVER_COUNTRIES = "Switzerland";
          };
          devices = ["/dev/net/tun:/dev/net/tun"];
        };

        services.qbittorrent.service = {
          image = "lscr.io/linuxserver/qbittorrent:latest";
          container_name = "qbittorrent";
          restart = "always";
          volumes = [
            "/srv/media-server/arrstack/qbittorrent:/config"
            "/media/media:/media"
          ];
          environment = {
            TZ="Europe/London";
            WEBUI_PORT=8076;
            TORRENTING_PORT=6887;
            PUID=1000;
            PGID=1000;
          };
          network_mode = "service:gluetun";
        };

      };
    };
  };
}