Enable vpn for aria2

nixos/hosts/queen/secrets/sops.yaml

@@ -6,6 +6,7 @@ releaseCookie: ENC[AES256_GCM,data:oG8DcUP+gIm5xPzIJdmjrtX/TdrcS8IgeGJeu0oOmZb0/
 mssqlpass: ENC[AES256_GCM,data:XEu4bQC5qM5Cm8UDVX3qAzTuL/t3xbx+qcEbZM4h3Hg=,iv:jgpZ93THYBlUvJDC5+YZiIxu/14e7nFSy76J0vc8Hek=,tag:iKsEDp/KZ5juqzmUgtP8iA==,type:str]
 mailpassunhash: ENC[AES256_GCM,data:q/P3nrNLy3hCISDmalw94nzWIFhoCdCTyflj27D2Ltr8,iv:oAFna87l3sL/42ljUF1QsRL0xBrP82uYdKLxK/8HcQE=,tag:liFFGHbNPOpOHyMsjnvMOQ==,type:str]
 rpcSecret: ENC[AES256_GCM,data:gOuQSY2RI6rnSnG1,iv:xz1ueq4/UOKYBs5r9Tk4jL0+GyX8uo8I8ZymVgIMKLI=,tag:Fr8rWIttLz7X8Pri6FBJBQ==,type:str]
+wg-private: ENC[AES256_GCM,data:6BEuNqqG//p5UhRmQ4RPEze6jZdvzK4PEXxlbX2ANYIhFpacj0aZnCr9o/A=,iv:tPlwYdV4I5oA8qG+bfVi1Dpbf7xedByantqsmylZXKQ=,tag:k1BqKqlayOWz5QW1XiAjqQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -21,8 +22,8 @@ sops:
             KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
             NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-01-04T12:15:46Z"
+    lastmodified: "2024-01-04T21:18:00Z"
-    mac: ENC[AES256_GCM,data:a9SPOcOGrhB3u2d1Ju9rEFrkS/PjkK3aTmHJSODRtameV6f2h3iuLzpgHVtZZ08MPoajriasAxAYIsZNwfGbRvAffqf+H85TnKy8e115x9MqZB0EFAwHWuxysjRsRwaJLpjFos3HdsYciro4EDrBKfbvLrLLjxNRWf3FwALA6WQ=,iv:VXUTnQN7B+u+g4OCut3YUxqqGb6mTN7yTubZLZpR19w=,tag:NfBfVQkFlcwq+w5/ckQqGA==,type:str]
+    mac: ENC[AES256_GCM,data:ZHXg541BI94kwvLJ/CFHS7UauQN6LimqNK9rU60dil1RIArDy5xHtRki/p5uajKeGhM+Bv1t9SWAehk1n3U0PiynLGLm3npraIxItBPiRf7hyqDXmc8kG4U7BBcbIf3qvkvxVVd5auWfnPobKsRhKA+gC1Z11ylPqK37yIgK5Sw=,iv:EKacOHhgwjFDw2ioraxlyfXt89VpT+B4D/a/rC+ulNM=,tag:YvgctOLxmojg2uOAlKihkQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1

nixos/server/package-configs/aria2/configuration.nix

@@ -3,6 +3,32 @@
   pkgs,
   ...
 }: {
+  sops.secrets."nextcloudadmin".mode = "0440";
+  sops.secrets."nextcloudadmin".owner = config.users.users.aria2.name;
+  containers.aria2 = {
+    forwardPorts = {
+      hostPort = 6969;
+      protocol = "tcp";
+    };
+    bindmounts = {
+      "/var/lib/media" = {
+        hostPath = "/var/lib/media";
+        isReadOnly = false;
+      };
+      "/var/lib/wg/private-key" = {
+        hostPath = sops.secrets."nextcloudadmin".path;
+        isReadOnly = true;
+      };
+    };
+    autoStart = true;
+    privateNetwork = true;
+    hostAddress = "192.168.100.10";
+    localAddress = "192.168.100.11";
+    config = {
+      config,
+      pkgs,
+      ...
+    }: {
       users.users = {
         aria2.extraGroups = ["jellyfin" "nextcloud"];
       };
@@ -11,16 +37,22 @@
         downloadDir = "/var/lib/media";
         rpcListenPort = 6969;
       };
+      networking.wg-quick.interfaces = {
+        wg0 = {
+          address = ["10.2.0.2/32"];
+          dns = ["10.2.0.1"];
+          privateKeyFile = "/var/lib/wg/private-key";
 
-  # services.nginx = {
+          peers = [
-  #   virtualHosts = {
+            {
-  #     "aria2.gladtherescake.eu" = {
+              publicKey = "7A19/lMrfmpFZARivC7FS8DcGxMn5uUq9LcOqFjzlDo=";
-  #       forceSSL = true;
+              allowedIPs = ["0.0.0.0/0"];
-  #       enableACME = true;
+              endpoint = "185.159.158.182:51820";
-  #       locations."/" = {
+              persistentKeepalive = 25;
-  #         proxyPass = "http://localhost:6800";
+            }
-  #       };
+          ];
-  #     };
+        };
-  #   };
+      };
-  # };
+    };
+  };
 }