Enable vpn for aria2

nixos/server/package-configs/aria2/configuration.nix

@@ -3,24 +3,56 @@
   pkgs,
   ...
 }: {
-  users.users = {
-    aria2.extraGroups = ["jellyfin" "nextcloud"];
-  };
-  services.aria2 = {
-    enable = true;
-    downloadDir = "/var/lib/media";
-    rpcListenPort = 6969;
-  };
+  sops.secrets."nextcloudadmin".mode = "0440";
+  sops.secrets."nextcloudadmin".owner = config.users.users.aria2.name;
+  containers.aria2 = {
+    forwardPorts = {
+      hostPort = 6969;
+      protocol = "tcp";
+    };
+    bindmounts = {
+      "/var/lib/media" = {
+        hostPath = "/var/lib/media";
+        isReadOnly = false;
+      };
+      "/var/lib/wg/private-key" = {
+        hostPath = sops.secrets."nextcloudadmin".path;
+        isReadOnly = true;
+      };
+    };
+    autoStart = true;
+    privateNetwork = true;
+    hostAddress = "192.168.100.10";
+    localAddress = "192.168.100.11";
+    config = {
+      config,
+      pkgs,
+      ...
+    }: {
+      users.users = {
+        aria2.extraGroups = ["jellyfin" "nextcloud"];
+      };
+      services.aria2 = {
+        enable = true;
+        downloadDir = "/var/lib/media";
+        rpcListenPort = 6969;
+      };
+      networking.wg-quick.interfaces = {
+        wg0 = {
+          address = ["10.2.0.2/32"];
+          dns = ["10.2.0.1"];
+          privateKeyFile = "/var/lib/wg/private-key";
 
-  # services.nginx = {
-  #   virtualHosts = {
-  #     "aria2.gladtherescake.eu" = {
-  #       forceSSL = true;
-  #       enableACME = true;
-  #       locations."/" = {
-  #         proxyPass = "http://localhost:6800";
-  #       };
-  #     };
-  #   };
-  # };
+          peers = [
+            {
+              publicKey = "7A19/lMrfmpFZARivC7FS8DcGxMn5uUq9LcOqFjzlDo=";
+              allowedIPs = ["0.0.0.0/0"];
+              endpoint = "185.159.158.182:51820";
+              persistentKeepalive = 25;
+            }
+          ];
+        };
+      };
+    };
+  };
 }