self-hosting/modules/torrents.nix

{ config, lib, pkgs, ... }:
let
  vpnServer = "89.249.65.115";
  vpnConfig = builtins.fetchurl {
    url = "https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/de948.nordvpn.com.udp.ovpn";
    sha256 = "07z4xxs4nxg44c3d19rnqg6iq2f7i8yjy28rwbz312z4axqgkcxn";
  };
in
{

  sops.secrets = {
    vpnCredentials = {
      key = "openvpn/credentials";
    };
    transmissionRpcCredentials = {
      key = "transmission/rpc_config.json";
    };
  };

  containers.torrents = {
    ephemeral = true;
    autoStart = true;
    enableTun = true;

    privateNetwork = true;
    hostAddress = "192.168.1.1";
    localAddress = "192.168.1.2";

    bindMounts = {
      "${config.sops.secrets.vpnCredentials.path}" = {
        hostPath = config.sops.secrets.vpnCredentials.path;
      };
      "${config.sops.secrets.transmissionRpcCredentials.path}" = {
        hostPath = config.sops.secrets.transmissionRpcCredentials.path;
      };
      "/nix/var/data/media" = {
        hostPath = "/nix/var/data/media";
        isReadOnly = false;
      };
      "/nix/var/data/jackett" = {
        hostPath = "/nix/var/data/jackett";
        isReadOnly = false;
      };
      "/nix/var/data/sonarr" = {
        hostPath = "/nix/var/data/sonarr";
        isReadOnly = false;
      };
      "/nix/var/data/radarr" = {
        hostPath = "/nix/var/data/radarr";
        isReadOnly = false;
      };
      "/nix/var/data/transmission" = {
        hostPath = "/nix/var/data/transmission";
        isReadOnly = false;
      };
    };

    config = {
      time.timeZone = "Europe/Amsterdam";
      users.users.www-data = {
        uid = 993;
        isSystemUser = true;
        group = config.users.groups.www-data.name;
      };
      users.groups.www-data = { gid = 991; };
      services.openvpn.servers.client = {
        updateResolvConf = true;
        config = ''
          config ${vpnConfig}
          auth-user-pass ${config.sops.secrets.vpnCredentials.path}
        '';
      };
      services.transmission = {
        enable = true;
        openRPCPort = true;
        user = config.users.users.www-data.name;
        group = config.users.groups.www-data.name;
        credentialsFile = config.sops.secrets.transmissionRpcCredentials.path;
        home = "/nix/var/data/transmission";
        settings = {
          rpc-bind-address = "0.0.0.0";
          rpc-whitelist = "127.0.0.1,192.168.1.1";
          rpc-authentication-required = true;
          rpc-host-whitelist-enabled = false;
          incomplete-dir = "/nix/var/data/transmission/.incomplete";
          watch-dir = "/nix/var/data/transmission/watchdir";
          download-dir = "/nix/var/data/transmission/downloads";
        };
      };
      services.jackett = {
        enable = true;
        openFirewall = true;
        user = config.users.users.www-data.name;
        group = config.users.groups.www-data.name;
        dataDir = "/nix/var/data/jackett";
      };
      services.sonarr = {
        enable = true;
        openFirewall = true;
        user = config.users.users.www-data.name;
        group = config.users.groups.www-data.name;
        dataDir = "/nix/var/data/sonarr";
      };
      services.radarr = {
        enable = true;
        openFirewall = true;
        user = config.users.users.www-data.name;
        group = config.users.groups.www-data.name;
        dataDir = "/nix/var/data/radarr";
      };

      system.stateVersion = "21.11";
    };
  };

  virtualisation.oci-containers.containers.flaresolverr = {
    image = "ghcr.io/flaresolverr/flaresolverr:v2.0.2";
    environment = {
      "LOG_LEVEL" = "debug";
      "CAPTCHA_SOLVER" = "hcaptcha-solver";
    };
    ports = [ "192.168.1.1:8191:8191" ];
    autoStart = true;
  };

  services.nginx.virtualHosts."transmission.${config.networking.domain}" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://192.168.1.2:9091";
    };
  };
  services.nginx.virtualHosts."jackett.${config.networking.domain}" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://192.168.1.2:9117";
    };
  };
  services.nginx.virtualHosts."sonarr.${config.networking.domain}" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://192.168.1.2:8989";
    };
  };
  services.nginx.virtualHosts."radarr.${config.networking.domain}" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://192.168.1.2:7878";
    };
  };
}
Migrate torrents 2021-12-10 03:02:34 +01:00			`{ config, lib, pkgs, ... }:`
			`let`
			`vpnServer = "89.249.65.115";`
			`vpnConfig = builtins.fetchurl {`
			`url = "https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/de948.nordvpn.com.udp.ovpn";`
			`sha256 = "07z4xxs4nxg44c3d19rnqg6iq2f7i8yjy28rwbz312z4axqgkcxn";`
			`};`
			`in`
			`{`

			`sops.secrets = {`
			`vpnCredentials = {`
			`key = "openvpn/credentials";`
			`};`
			`transmissionRpcCredentials = {`
			`key = "transmission/rpc_config.json";`
			`};`
			`};`

			`containers.torrents = {`
			`ephemeral = true;`
			`autoStart = true;`
			`enableTun = true;`

			`privateNetwork = true;`
			`hostAddress = "192.168.1.1";`
			`localAddress = "192.168.1.2";`

			`bindMounts = {`
			`"${config.sops.secrets.vpnCredentials.path}" = {`
			`hostPath = config.sops.secrets.vpnCredentials.path;`
			`};`
			`"${config.sops.secrets.transmissionRpcCredentials.path}" = {`
			`hostPath = config.sops.secrets.transmissionRpcCredentials.path;`
			`};`
			`"/nix/var/data/media" = {`
			`hostPath = "/nix/var/data/media";`
			`isReadOnly = false;`
			`};`
			`"/nix/var/data/jackett" = {`
			`hostPath = "/nix/var/data/jackett";`
			`isReadOnly = false;`
			`};`
			`"/nix/var/data/sonarr" = {`
			`hostPath = "/nix/var/data/sonarr";`
			`isReadOnly = false;`
			`};`
			`"/nix/var/data/radarr" = {`
			`hostPath = "/nix/var/data/radarr";`
			`isReadOnly = false;`
			`};`
			`"/nix/var/data/transmission" = {`
			`hostPath = "/nix/var/data/transmission";`
			`isReadOnly = false;`
			`};`
			`};`

			`config = {`
			`time.timeZone = "Europe/Amsterdam";`
			`users.users.www-data = {`
			`uid = 993;`
			`isSystemUser = true;`
			`group = config.users.groups.www-data.name;`
			`};`
			`users.groups.www-data = { gid = 991; };`
			`services.openvpn.servers.client = {`
			`updateResolvConf = true;`
			`config = ''`
			`config ${vpnConfig}`
			`auth-user-pass ${config.sops.secrets.vpnCredentials.path}`
			`'';`
			`};`
			`services.transmission = {`
			`enable = true;`
			`openRPCPort = true;`
			`user = config.users.users.www-data.name;`
			`group = config.users.groups.www-data.name;`
			`credentialsFile = config.sops.secrets.transmissionRpcCredentials.path;`
			`home = "/nix/var/data/transmission";`
			`settings = {`
			`rpc-bind-address = "0.0.0.0";`
			`rpc-whitelist = "127.0.0.1,192.168.1.1";`
			`rpc-authentication-required = true;`
			`rpc-host-whitelist-enabled = false;`
			`incomplete-dir = "/nix/var/data/transmission/.incomplete";`
			`watch-dir = "/nix/var/data/transmission/watchdir";`
			`download-dir = "/nix/var/data/transmission/downloads";`
			`};`
			`};`
			`services.jackett = {`
			`enable = true;`
			`openFirewall = true;`
			`user = config.users.users.www-data.name;`
			`group = config.users.groups.www-data.name;`
			`dataDir = "/nix/var/data/jackett";`
			`};`
			`services.sonarr = {`
			`enable = true;`
			`openFirewall = true;`
			`user = config.users.users.www-data.name;`
			`group = config.users.groups.www-data.name;`
			`dataDir = "/nix/var/data/sonarr";`
			`};`
			`services.radarr = {`
			`enable = true;`
			`openFirewall = true;`
			`user = config.users.users.www-data.name;`
			`group = config.users.groups.www-data.name;`
			`dataDir = "/nix/var/data/radarr";`
			`};`

			`system.stateVersion = "21.11";`
			`};`
			`};`

			`virtualisation.oci-containers.containers.flaresolverr = {`
			`image = "ghcr.io/flaresolverr/flaresolverr:v2.0.2";`
			`environment = {`
			`"LOG_LEVEL" = "debug";`
			`"CAPTCHA_SOLVER" = "hcaptcha-solver";`
			`};`
			`ports = [ "192.168.1.1:8191:8191" ];`
			`autoStart = true;`
			`};`

			`services.nginx.virtualHosts."transmission.${config.networking.domain}" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations."/" = {`
			`proxyPass = "http://192.168.1.2:9091";`
			`};`
			`};`
			`services.nginx.virtualHosts."jackett.${config.networking.domain}" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations."/" = {`
			`proxyPass = "http://192.168.1.2:9117";`
			`};`
			`};`
			`services.nginx.virtualHosts."sonarr.${config.networking.domain}" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations."/" = {`
			`proxyPass = "http://192.168.1.2:8989";`
			`};`
			`};`
			`services.nginx.virtualHosts."radarr.${config.networking.domain}" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations."/" = {`
			`proxyPass = "http://192.168.1.2:7878";`
			`};`
			`};`
			`}`