Migrate torrents

2025-12-25 13:46:59 +01:00 · 2021-12-10 03:02:34 +01:00 · 2021-12-10 03:02:34 +01:00 · 59d9750653
commit 59d9750653
parent 424e8355f9
5 changed files with 214 additions and 2 deletions
--- a/modules/torrents.nix
+++ b/modules/torrents.nix
@ -0,0 +1,154 @@
+{ config, lib, pkgs, ... }:
+let
+  vpnServer = "89.249.65.115";
+  vpnConfig = builtins.fetchurl {
+    url = "https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/de948.nordvpn.com.udp.ovpn";
+    sha256 = "07z4xxs4nxg44c3d19rnqg6iq2f7i8yjy28rwbz312z4axqgkcxn";
+  };
+in
+{
+
+  sops.secrets = {
+    vpnCredentials = {
+      key = "openvpn/credentials";
+    };
+    transmissionRpcCredentials = {
+      key = "transmission/rpc_config.json";
+    };
+  };
+
+  containers.torrents = {
+    ephemeral = true;
+    autoStart = true;
+    enableTun = true;
+
+    privateNetwork = true;
+    hostAddress = "192.168.1.1";
+    localAddress = "192.168.1.2";
+
+    bindMounts = {
+      "${config.sops.secrets.vpnCredentials.path}" = {
+        hostPath = config.sops.secrets.vpnCredentials.path;
+      };
+      "${config.sops.secrets.transmissionRpcCredentials.path}" = {
+        hostPath = config.sops.secrets.transmissionRpcCredentials.path;
+      };
+      "/nix/var/data/media" = {
+        hostPath = "/nix/var/data/media";
+        isReadOnly = false;
+      };
+      "/nix/var/data/jackett" = {
+        hostPath = "/nix/var/data/jackett";
+        isReadOnly = false;
+      };
+      "/nix/var/data/sonarr" = {
+        hostPath = "/nix/var/data/sonarr";
+        isReadOnly = false;
+      };
+      "/nix/var/data/radarr" = {
+        hostPath = "/nix/var/data/radarr";
+        isReadOnly = false;
+      };
+      "/nix/var/data/transmission" = {
+        hostPath = "/nix/var/data/transmission";
+        isReadOnly = false;
+      };
+    };
+
+    config = {
+      time.timeZone = "Europe/Amsterdam";
+      users.users.www-data = {
+        uid = 993;
+        isSystemUser = true;
+        group = config.users.groups.www-data.name;
+      };
+      users.groups.www-data = { gid = 991; };
+      services.openvpn.servers.client = {
+        updateResolvConf = true;
+        config = ''
+          config ${vpnConfig}
+          auth-user-pass ${config.sops.secrets.vpnCredentials.path}
+        '';
+      };
+      services.transmission = {
+        enable = true;
+        openRPCPort = true;
+        user = config.users.users.www-data.name;
+        group = config.users.groups.www-data.name;
+        credentialsFile = config.sops.secrets.transmissionRpcCredentials.path;
+        home = "/nix/var/data/transmission";
+        settings = {
+          rpc-bind-address = "0.0.0.0";
+          rpc-whitelist = "127.0.0.1,192.168.1.1";
+          rpc-authentication-required = true;
+          rpc-host-whitelist-enabled = false;
+          incomplete-dir = "/nix/var/data/transmission/.incomplete";
+          watch-dir = "/nix/var/data/transmission/watchdir";
+          download-dir = "/nix/var/data/transmission/downloads";
+        };
+      };
+      services.jackett = {
+        enable = true;
+        openFirewall = true;
+        user = config.users.users.www-data.name;
+        group = config.users.groups.www-data.name;
+        dataDir = "/nix/var/data/jackett";
+      };
+      services.sonarr = {
+        enable = true;
+        openFirewall = true;
+        user = config.users.users.www-data.name;
+        group = config.users.groups.www-data.name;
+        dataDir = "/nix/var/data/sonarr";
+      };
+      services.radarr = {
+        enable = true;
+        openFirewall = true;
+        user = config.users.users.www-data.name;
+        group = config.users.groups.www-data.name;
+        dataDir = "/nix/var/data/radarr";
+      };
+
+      system.stateVersion = "21.11";
+    };
+  };
+
+  virtualisation.oci-containers.containers.flaresolverr = {
+    image = "ghcr.io/flaresolverr/flaresolverr:v2.0.2";
+    environment = {
+      "LOG_LEVEL" = "debug";
+      "CAPTCHA_SOLVER" = "hcaptcha-solver";
+    };
+    ports = [ "192.168.1.1:8191:8191" ];
+    autoStart = true;
+  };
+
+  services.nginx.virtualHosts."transmission.${config.networking.domain}" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://192.168.1.2:9091";
+    };
+  };
+  services.nginx.virtualHosts."jackett.${config.networking.domain}" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://192.168.1.2:9117";
+    };
+  };
+  services.nginx.virtualHosts."sonarr.${config.networking.domain}" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://192.168.1.2:8989";
+    };
+  };
+  services.nginx.virtualHosts."radarr.${config.networking.domain}" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://192.168.1.2:7878";
+    };
+  };
+}