Add jupiter transmission container
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
@@ -135,10 +135,11 @@ in
|
||||
email = "nick@karaolidis.com";
|
||||
groups = [
|
||||
"admins"
|
||||
"gitea"
|
||||
"outline"
|
||||
"vaultwarden"
|
||||
"nextcloud"
|
||||
"media"
|
||||
"gitea"
|
||||
"outline"
|
||||
"shlink"
|
||||
];
|
||||
};
|
||||
|
||||
@@ -18,6 +18,7 @@ in
|
||||
(import ./shlink { inherit user home; })
|
||||
(import ./sish { inherit user home; })
|
||||
(import ./traefik { inherit user home; })
|
||||
(import ./transmission { inherit user home; })
|
||||
(import ./vaultwarden { inherit user home; })
|
||||
(import ./whoami { inherit user home; })
|
||||
];
|
||||
|
||||
@@ -35,7 +35,10 @@ in
|
||||
};
|
||||
|
||||
virtualisation.quadlet = {
|
||||
networks.traefik = { };
|
||||
networks = {
|
||||
traefik-ext = { };
|
||||
traefik.networkConfig.internal = true;
|
||||
};
|
||||
|
||||
volumes.traefik = { };
|
||||
|
||||
@@ -44,6 +47,7 @@ in
|
||||
containerConfig = {
|
||||
image = "docker-archive:${selfPkgs.docker-traefik}";
|
||||
networks = [
|
||||
networks.traefik-ext.ref
|
||||
networks.traefik.ref
|
||||
networks.prometheus.ref
|
||||
];
|
||||
|
||||
@@ -0,0 +1,83 @@
|
||||
{
|
||||
user ? throw "user argument is required",
|
||||
home ? throw "home argument is required",
|
||||
}:
|
||||
{
|
||||
config,
|
||||
inputs,
|
||||
pkgs,
|
||||
system,
|
||||
...
|
||||
}:
|
||||
let
|
||||
selfPkgs = inputs.self.packages.${system};
|
||||
hmConfig = config.home-manager.users.${user};
|
||||
inherit (hmConfig.virtualisation.quadlet) volumes networks;
|
||||
in
|
||||
{
|
||||
home-manager.users.${user} = {
|
||||
sops.secrets."transmission/protonvpn".sopsFile = ../../../../../../secrets/secrets.yaml;
|
||||
|
||||
systemd.user.tmpfiles.rules = [
|
||||
"d /mnt/storage/private/storm/containers/storage/volumes/transmission-data/_data 700 storm storm"
|
||||
];
|
||||
|
||||
virtualisation.quadlet = {
|
||||
# Not internal, we need network access for obvious reasons
|
||||
networks.transmission = { };
|
||||
|
||||
volumes.transmission-config = { };
|
||||
|
||||
containers = {
|
||||
transmission = {
|
||||
containerConfig = {
|
||||
image = "docker-archive:${selfPkgs.docker-transmission-protonvpn}";
|
||||
networks = [
|
||||
networks.transmission.ref
|
||||
networks.traefik.ref
|
||||
];
|
||||
addCapabilities = [ "NET_ADMIN" ];
|
||||
volumes =
|
||||
let
|
||||
config = (pkgs.formats.json { }).generate "settings.override.json" {
|
||||
ratio-limit-enabled = true;
|
||||
ratio-limit = 5;
|
||||
};
|
||||
in
|
||||
[
|
||||
"${hmConfig.sops.secrets."transmission/protonvpn".path}:/etc/wireguard/privatekey:ro"
|
||||
"${config}:/etc/transmission/settings.override.json:ro"
|
||||
"${volumes.transmission-config.ref}:/etc/transmission"
|
||||
"/mnt/storage/private/storm/containers/storage/volumes/transmission-data/_data:/var/lib/transmission"
|
||||
];
|
||||
environments = {
|
||||
WIREGUARD_PUBLIC_KEY = "zctOjv4DH2gzXtLQy86Tp0vnT+PNpMsxecd2vUX/i0U=";
|
||||
WIREGUARD_ENDPOINT = "146.70.179.50:51820";
|
||||
};
|
||||
labels = [
|
||||
"traefik.enable=true"
|
||||
"traefik.http.routers.transmission.rule=Host(`torrent.karaolidis.com`)"
|
||||
"traefik.http.routers.transmission.middlewares=authelia@docker"
|
||||
];
|
||||
};
|
||||
|
||||
unitConfig.After = [ "sops-nix.service" ];
|
||||
};
|
||||
|
||||
authelia-init.containerConfig.volumes =
|
||||
let
|
||||
config = (pkgs.formats.yaml { }).generate "transmission.yaml" {
|
||||
access_control.rules = [
|
||||
{
|
||||
domain = "torrent.karaolidis.com";
|
||||
policy = "one_factor";
|
||||
subject = [ "group:media" ];
|
||||
}
|
||||
];
|
||||
};
|
||||
in
|
||||
[ "${config}:/etc/authelia/conf.d/transmission.yaml:ro" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
Reference in New Issue
Block a user