Migrate torrents

2025-12-25 05:36:59 +01:00 · 2021-12-10 03:02:34 +01:00 · 2021-12-10 03:02:34 +01:00 · 59d9750653
commit 59d9750653
parent 424e8355f9
5 changed files with 214 additions and 2 deletions
--- a/dns.tf
+++ b/dns.tf
@ -39,6 +39,46 @@ resource "hetznerdns_record" "jellyfin_a" {
  ttl     = 600
 }
 resource "hetznerdns_record" "transmission_a" {
  zone_id = data.hetznerdns_zone.banditlair_zone.id
  name    = "transmission"
  value   = local.storage1_ip
  type    = "A"
  ttl     = 600
 }
 resource "hetznerdns_record" "jackett_a" {
  zone_id = data.hetznerdns_zone.banditlair_zone.id
  name    = "jackett"
  value   = local.storage1_ip
  type    = "A"
  ttl     = 600
 }
 resource "hetznerdns_record" "sonarr_a" {
  zone_id = data.hetznerdns_zone.banditlair_zone.id
  name    = "sonarr"
  value   = local.storage1_ip
  type    = "A"
  ttl     = 600
 }
 resource "hetznerdns_record" "radarr_a" {
  zone_id = data.hetznerdns_zone.banditlair_zone.id
  name    = "radarr"
  value   = local.storage1_ip
  type    = "A"
  ttl     = 600
 }
 resource "hetznerdns_record" "headphones_a" {
  zone_id = data.hetznerdns_zone.banditlair_zone.id
  name    = "headphones"
  value   = local.storage1_ip
  type    = "A"
  ttl     = 600
 }
 resource "hetznerdns_record" "monero_a" {
  zone_id = data.hetznerdns_zone.banditlair_zone.id
  name    = "monero"
--- a/modules/stb.nix
+++ b/modules/stb.nix
@ -41,6 +41,7 @@ in
      };
      volumes = [ "/var/lib/mariadb/stb:/var/lib/mysql" ];
      extraOptions = [ "--network=stb-br" ];
      autoStart = true;
    };
    "stb-wordpress" = {
@ -51,6 +52,7 @@ in
      ];
      ports = [ "8080:80" ];
      extraOptions = [ "--network=stb-br" ];
      autoStart = true;
    };
  };
--- a/modules/torrents.nix
+++ b/modules/torrents.nix
@ -0,0 +1,154 @@
 { config, lib, pkgs, ... }:
 let
  vpnServer = "89.249.65.115";
  vpnConfig = builtins.fetchurl {
    url = "https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/de948.nordvpn.com.udp.ovpn";
    sha256 = "07z4xxs4nxg44c3d19rnqg6iq2f7i8yjy28rwbz312z4axqgkcxn";
  };
 in
 {
  sops.secrets = {
    vpnCredentials = {
      key = "openvpn/credentials";
    };
    transmissionRpcCredentials = {
      key = "transmission/rpc_config.json";
    };
  };
  containers.torrents = {
    ephemeral = true;
    autoStart = true;
    enableTun = true;
    privateNetwork = true;
    hostAddress = "192.168.1.1";
    localAddress = "192.168.1.2";
    bindMounts = {
      "${config.sops.secrets.vpnCredentials.path}" = {
        hostPath = config.sops.secrets.vpnCredentials.path;
      };
      "${config.sops.secrets.transmissionRpcCredentials.path}" = {
        hostPath = config.sops.secrets.transmissionRpcCredentials.path;
      };
      "/nix/var/data/media" = {
        hostPath = "/nix/var/data/media";
        isReadOnly = false;
      };
      "/nix/var/data/jackett" = {
        hostPath = "/nix/var/data/jackett";
        isReadOnly = false;
      };
      "/nix/var/data/sonarr" = {
        hostPath = "/nix/var/data/sonarr";
        isReadOnly = false;
      };
      "/nix/var/data/radarr" = {
        hostPath = "/nix/var/data/radarr";
        isReadOnly = false;
      };
      "/nix/var/data/transmission" = {
        hostPath = "/nix/var/data/transmission";
        isReadOnly = false;
      };
    };
    config = {
      time.timeZone = "Europe/Amsterdam";
      users.users.www-data = {
        uid = 993;
        isSystemUser = true;
        group = config.users.groups.www-data.name;
      };
      users.groups.www-data = { gid = 991; };
      services.openvpn.servers.client = {
        updateResolvConf = true;
        config = ''
          config ${vpnConfig}
          auth-user-pass ${config.sops.secrets.vpnCredentials.path}
        '';
      };
      services.transmission = {
        enable = true;
        openRPCPort = true;
        user = config.users.users.www-data.name;
        group = config.users.groups.www-data.name;
        credentialsFile = config.sops.secrets.transmissionRpcCredentials.path;
        home = "/nix/var/data/transmission";
        settings = {
          rpc-bind-address = "0.0.0.0";
          rpc-whitelist = "127.0.0.1,192.168.1.1";
          rpc-authentication-required = true;
          rpc-host-whitelist-enabled = false;
          incomplete-dir = "/nix/var/data/transmission/.incomplete";
          watch-dir = "/nix/var/data/transmission/watchdir";
          download-dir = "/nix/var/data/transmission/downloads";
        };
      };
      services.jackett = {
        enable = true;
        openFirewall = true;
        user = config.users.users.www-data.name;
        group = config.users.groups.www-data.name;
        dataDir = "/nix/var/data/jackett";
      };
      services.sonarr = {
        enable = true;
        openFirewall = true;
        user = config.users.users.www-data.name;
        group = config.users.groups.www-data.name;
        dataDir = "/nix/var/data/sonarr";
      };
      services.radarr = {
        enable = true;
        openFirewall = true;
        user = config.users.users.www-data.name;
        group = config.users.groups.www-data.name;
        dataDir = "/nix/var/data/radarr";
      };
      system.stateVersion = "21.11";
    };
  };
  virtualisation.oci-containers.containers.flaresolverr = {
    image = "ghcr.io/flaresolverr/flaresolverr:v2.0.2";
    environment = {
      "LOG_LEVEL" = "debug";
      "CAPTCHA_SOLVER" = "hcaptcha-solver";
    };
    ports = [ "192.168.1.1:8191:8191" ];
    autoStart = true;
  };
  services.nginx.virtualHosts."transmission.${config.networking.domain}" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://192.168.1.2:9091";
    };
  };
  services.nginx.virtualHosts."jackett.${config.networking.domain}" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://192.168.1.2:9117";
    };
  };
  services.nginx.virtualHosts."sonarr.${config.networking.domain}" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://192.168.1.2:8989";
    };
  };
  services.nginx.virtualHosts."radarr.${config.networking.domain}" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://192.168.1.2:7878";
    };
  };
 }
--- a/profiles/storage.nix
+++ b/profiles/storage.nix
@ -9,7 +9,19 @@
    ../modules/jellyfin.nix
    ../modules/stb.nix
    ../modules/monero.nix
    ../modules/torrents.nix
  ];
  networking.firewall.allowedTCPPorts = [ 80 443 18080 ];
  networking.nat.enable = true;
  networking.nat.internalInterfaces = [ "ve-+" ];
  networking.nat.externalInterface = "enp2s0";
  users.users.www-data = {
    uid = 993;
    isSystemUser = true;
    group = config.users.groups.www-data.name;
  };
  users.groups.www-data = { gid = 991; };
 }
--- a/secrets.enc.yml
+++ b/secrets.enc.yml
@ -5,6 +5,8 @@ nextcloud:
    db_password: ENC[AES256_GCM,data:guuBM5ag+Q014Y+rt0+E9hJcYfLcXV8HfJdbWRuI7BC+Gsjr82OkowFYquFLvcnMAgYWXroy73jW4I4v,iv:KDm/er5h/rK6jqRQdS36LPAw3oOk/yZya0OMPoJlyBg=,tag:4AXG7/BRHOoYJwvVwJxhPw==,type:str]
    admin_password: ENC[AES256_GCM,data:zTOHKYJmBbA6Tca2l+vO748dGzP2XkAvZHmJtrbftDI5Q/1mS3ZLw16g1DT+pKXF7VIUm2plR7ZRtxwq,iv:87lrQzhdyz1YiIO25fXwn0TvEASm/H8N5cZUckIm780=,tag:VXyNu8CnoY/ShK7dHnPTWA==,type:str]
 murmur.env: ENC[AES256_GCM,data:bErJrzpPRrBhUeW113qt9xbJWsrxiI8YIibZ3l0=,iv:2dIlmdLKB+nktQ4/O1W3xtfcCRowW9MkxncDiDpZyck=,tag:3UkSGVKV00385iZ66rHOpw==,type:str]
 transmission:
    rpc_config.json: ENC[AES256_GCM,data:2dXn4De3RilQpOOtqjZQILJ7+/t8ipQHLiNuYdbQQRZC4fya0l9MLyGRuqfqeBu1B07VYSDMImV/5BZ+5ygCLk2JjhLn8NzbM3IRWg==,iv:SWqUCobb1+MzISjOTF9BySeAGXHMEbX/27MxIl5tPIE=,tag:4tat0yvkE/4njWYyr/IRfA==,type:str]
 email:
    accounts_passwords:
        paultrial: ENC[AES256_GCM,data:fDGYNdu9DQcfheOkc5aixUGmHPrVh4/6JGAECwhl64zpxXqPQ/jqYoaOMz3o3wozF1g+ZOKdBd2daBm0,iv:nyz37z1gmKbdpBDRvEe/4l36+evh89kpgowNxd+KdE0=,tag:j6JWAXglSPtKqN0v7akrSg==,type:str]
@ -13,6 +15,8 @@ wiki:
        users_file: ENC[AES256_GCM,data:Zx5QTmtqqrRwbHUMiVFfvMnvzaLSlKiouOg57H+4RYS/5Zavl4y3Awswuiz9y7iRDGZhsxba6Ki3jEg/sSwlmB/hICQikQlRfsnx1ibAKeTv9A==,iv:R7vQBU/4thmBVcydHPNiwUOavkhl6OGEVL9WdexJzAw=,tag:FQ/9LjQ6c+ErAhH3erzOBQ==,type:str]
    arkadia:
        users_file: ENC[AES256_GCM,data:glllwv0+KnPOeJ4eFNXECZPZvL6k5RODxIJNfWjQgo8EUKF7UsVyRvHcL2g9TAEpXKT8RGLekZim+Q467eKKGPpdj2LlrI/XYPyMvk2ShaTBO2ivx+6e9zowpdJNclBMmtKGgggK+r7LeXGunCl06oq86LpKq9ddiX2zZnOfxU1b0ZAG+tmqSVfkgi7cOs5DGagSaco+2+SkCOGThahGquWMrPmVULO0Dz2w98+7uSbmFmXlJOOZjKCk/q0ou4Bi0gK6lQ8/fKleNJLJ0x8Vx0WPYZgz6109RkTYznMl2HSIZEcNp81PxQvr66Vumc8ZO+OXWbNyY064/LXFJB7sEA57r4ccHHkH5+FCKFQJzCA=,iv:Ki0MCTJ8jwogDNL71kiMY4EGrfBorxB2rpBJAid6QOQ=,tag:q/mfK3Dm0KFnK4AHjzsP7g==,type:str]
 openvpn:
    credentials: ENC[AES256_GCM,data:nAA+4lB8fh64AQaG1CJyNIUSvn9mIGfIKHSFbImPzAdFRQPDnKOEQFe+/qXNswXYWHU0DdvnPA==,iv:sLZRPrDtSnx0AvKcC/DTces/Il+l0Nl1kRrnXj8X4WQ=,tag:RHenD6WATKuibxMj2LFPWw==,type:str]
 borg:
    passphrase: ENC[AES256_GCM,data:RNUTb29sOdsg4KnB/0nIFGJFV/2nlMH4pxGFlgXdtTgDe2opT/moUg==,iv:6kdBeq+qFWnPB+N+zpKNdFkmkskOVMabdj8Uxk9QeQI=,tag:MxNqn5p9P0JpsjkNm9iYEQ==,type:str]
    client_keys:
@ -31,8 +35,8 @@ sops:
    azure_kv: []
    hc_vault: []
    age: []
-    lastmodified: "2021-12-09T16:20:53Z"
+    lastmodified: "2021-12-09T21:02:06Z"
-    mac: ENC[AES256_GCM,data:B52chrVaJle4mxgZEhH0ZFBXr305F8k07qRoyh6W9dPpJOzPaJ3jfhSyYCojV+AUYywgHPUTiXeG+RW6P0v/FLeeP0OldhHdepRzmACHglLflYQwmUZSXf9wlmQPsN4/Uy7Z0h6zTComJXUCwKe4W0FMn+szgkxa+qvQgnZhneI=,iv:ZNzXQncWR0Hnd8+kAABTVl2/jIH4nOUPXhfCFgXhjho=,tag:KDZShClqYbDpGB5hKYUsqQ==,type:str]
+    mac: ENC[AES256_GCM,data:UTQgCoVA38k/D2kt1EVEq5mNhQAyuPcyNJnCpSZ9drRa9Nslr4GYSKTetz3HMdqkEy7H4EBYF5PrBttwJ8HSa7VcJZ3ct3WfW7qeCAd1O3ZDlmeLhII4o4+XG49HoQ5jpVJs5Dve8eJn7DOtVrluXblbahFZlQmN1m7mSlGdt20=,iv:34Br9UV6YOI6/4OBYeJDorlkj2lPSblHy429dWd2UIY=,tag:HfH06ZqikXZDGaeGxoeGvg==,type:str]
    pgp:
        - created_at: "2021-11-29T00:57:34Z"
          enc: |