diff --git a/nixos/hosts/queen/secrets/sops.yaml b/nixos/hosts/queen/secrets/sops.yaml index 8c97dd6..1eba722 100644 --- a/nixos/hosts/queen/secrets/sops.yaml +++ b/nixos/hosts/queen/secrets/sops.yaml @@ -6,6 +6,7 @@ releaseCookie: ENC[AES256_GCM,data:oG8DcUP+gIm5xPzIJdmjrtX/TdrcS8IgeGJeu0oOmZb0/ mssqlpass: ENC[AES256_GCM,data:XEu4bQC5qM5Cm8UDVX3qAzTuL/t3xbx+qcEbZM4h3Hg=,iv:jgpZ93THYBlUvJDC5+YZiIxu/14e7nFSy76J0vc8Hek=,tag:iKsEDp/KZ5juqzmUgtP8iA==,type:str] mailpassunhash: ENC[AES256_GCM,data:q/P3nrNLy3hCISDmalw94nzWIFhoCdCTyflj27D2Ltr8,iv:oAFna87l3sL/42ljUF1QsRL0xBrP82uYdKLxK/8HcQE=,tag:liFFGHbNPOpOHyMsjnvMOQ==,type:str] rpcSecret: ENC[AES256_GCM,data:gOuQSY2RI6rnSnG1,iv:xz1ueq4/UOKYBs5r9Tk4jL0+GyX8uo8I8ZymVgIMKLI=,tag:Fr8rWIttLz7X8Pri6FBJBQ==,type:str] +wg-private: ENC[AES256_GCM,data:6BEuNqqG//p5UhRmQ4RPEze6jZdvzK4PEXxlbX2ANYIhFpacj0aZnCr9o/A=,iv:tPlwYdV4I5oA8qG+bfVi1Dpbf7xedByantqsmylZXKQ=,tag:k1BqKqlayOWz5QW1XiAjqQ==,type:str] sops: kms: [] gcp_kms: [] @@ -21,8 +22,8 @@ sops: KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-04T12:15:46Z" - mac: ENC[AES256_GCM,data:a9SPOcOGrhB3u2d1Ju9rEFrkS/PjkK3aTmHJSODRtameV6f2h3iuLzpgHVtZZ08MPoajriasAxAYIsZNwfGbRvAffqf+H85TnKy8e115x9MqZB0EFAwHWuxysjRsRwaJLpjFos3HdsYciro4EDrBKfbvLrLLjxNRWf3FwALA6WQ=,iv:VXUTnQN7B+u+g4OCut3YUxqqGb6mTN7yTubZLZpR19w=,tag:NfBfVQkFlcwq+w5/ckQqGA==,type:str] + lastmodified: "2024-01-04T21:18:00Z" + mac: ENC[AES256_GCM,data:ZHXg541BI94kwvLJ/CFHS7UauQN6LimqNK9rU60dil1RIArDy5xHtRki/p5uajKeGhM+Bv1t9SWAehk1n3U0PiynLGLm3npraIxItBPiRf7hyqDXmc8kG4U7BBcbIf3qvkvxVVd5auWfnPobKsRhKA+gC1Z11ylPqK37yIgK5Sw=,iv:EKacOHhgwjFDw2ioraxlyfXt89VpT+B4D/a/rC+ulNM=,tag:YvgctOLxmojg2uOAlKihkQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/nixos/server/package-configs/aria2/configuration.nix b/nixos/server/package-configs/aria2/configuration.nix index 4ffdac2..dd7fb5d 100644 --- a/nixos/server/package-configs/aria2/configuration.nix +++ b/nixos/server/package-configs/aria2/configuration.nix @@ -3,24 +3,56 @@ pkgs, ... }: { - users.users = { - aria2.extraGroups = ["jellyfin" "nextcloud"]; - }; - services.aria2 = { - enable = true; - downloadDir = "/var/lib/media"; - rpcListenPort = 6969; - }; + sops.secrets."nextcloudadmin".mode = "0440"; + sops.secrets."nextcloudadmin".owner = config.users.users.aria2.name; + containers.aria2 = { + forwardPorts = { + hostPort = 6969; + protocol = "tcp"; + }; + bindmounts = { + "/var/lib/media" = { + hostPath = "/var/lib/media"; + isReadOnly = false; + }; + "/var/lib/wg/private-key" = { + hostPath = sops.secrets."nextcloudadmin".path; + isReadOnly = true; + }; + }; + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.11"; + config = { + config, + pkgs, + ... + }: { + users.users = { + aria2.extraGroups = ["jellyfin" "nextcloud"]; + }; + services.aria2 = { + enable = true; + downloadDir = "/var/lib/media"; + rpcListenPort = 6969; + }; + networking.wg-quick.interfaces = { + wg0 = { + address = ["10.2.0.2/32"]; + dns = ["10.2.0.1"]; + privateKeyFile = "/var/lib/wg/private-key"; - # services.nginx = { - # virtualHosts = { - # "aria2.gladtherescake.eu" = { - # forceSSL = true; - # enableACME = true; - # locations."/" = { - # proxyPass = "http://localhost:6800"; - # }; - # }; - # }; - # }; + peers = [ + { + publicKey = "7A19/lMrfmpFZARivC7FS8DcGxMn5uUq9LcOqFjzlDo="; + allowedIPs = ["0.0.0.0/0"]; + endpoint = "185.159.158.182:51820"; + persistentKeepalive = 25; + } + ]; + }; + }; + }; + }; }