From 9fe9cbed9ed22bfac23685801bd21d4651099461 Mon Sep 17 00:00:00 2001
From: MoritzBoehme <mail@moritzboeh.me>
Date: Sun, 3 Oct 2021 16:30:35 +0200
Subject: [PATCH] switched to docker containers

---
 modules/containers/default.nix |   1 +
 modules/containers/media.nix   |  99 ++++++++++++++++++++-------------
 secrets/nordvpn.age            | Bin 551 -> 647 bytes
 3 files changed, 60 insertions(+), 40 deletions(-)

diff --git a/modules/containers/default.nix b/modules/containers/default.nix
index 57c3a41..b64cb61 100644
--- a/modules/containers/default.nix
+++ b/modules/containers/default.nix
@@ -2,4 +2,5 @@
 
 {
   imports = [ ./media.nix ];
+  virtualisation.docker.enable = true;
 }
diff --git a/modules/containers/media.nix b/modules/containers/media.nix
index 09b1718..4ee3756 100644
--- a/modules/containers/media.nix
+++ b/modules/containers/media.nix
@@ -1,53 +1,72 @@
 { config, lib, pkgs, ... }:
 
 {
-  containers.radarr = {
-    config = { config, pkgs, ... }: { services.radarr.enable = true; };
-    bindMounts = {
-      "/dowloads" = {
-        hostPath = "/var/lib/Transmission/Downloads/completed/";
-        isReadOnly = true;
+  virtualisation.oci-containers.containers = {
+    "transmission" = {
+      image = "haugene/transmission-openvpn";
+      environmentFiles = [ /run/secrets/nordvpn ];
+      environment = {
+        "LOCAL_NETWORK" = "192.168.0.0/24";
+        "OPENVPN_PROVIDER" = "NORDVPN";
+        "TRANSMISSION_ALT_SPEED_DOWN" = "20000";
+        "TRANSMISSION_ALT_SPEED_TIME_ENABLED" = "true";
+        "TRANSMISSION_ALT_SPEED_UP" = "2000";
+        "TRANSMISSION_MAX_PEERS_GLOBAL" = "1000";
+        "TRANSMISSION_PEER_LIMIT_GLOBAL" = "1000";
+        "TRANSMISSION_PEER_LIMIT_PER_TORRENT" = "100";
+        "TRANSMISSION_RATIO_LIMIT" = "10";
+        "TRANSMISSION_RATIO_LIMIT_ENABLED" = "true";
+        "TZ" = "DE";
+        "ENABLE_UFW" = "true";
+        "PUID" = "1000";
+        "PGID" = "100";
       };
+      ports = [ "9091:9091" ];
+      volumes = [ "/home/moritz/Docker/Transmission:/data/" ];
+      extraOptions = [ "--cap-add=NET_ADMIN" ];
     };
-  };
-  containers.sonarr = {
-    config = { config, pkgs, ... }: { services.sonarr.enable = true; };
-    bindMounts = {
-      "/dowloads" = {
-        hostPath = "/var/lib/Transmission/Downloads/completed/";
-        isReadOnly = true;
+
+    "jackett" = {
+      image = "linuxserver/jackett";
+      environment = {
+        "PUID" = "1000";
+        "PGID" = "100";
+        "TZ" = "DE";
       };
+      volumes = [
+        "/home/moritz/Docker/jackett/config:/config"
+        "/home/moritz/Docker/jackett/blackhole:/downloads"
+      ];
+      ports = [ "9117:9117" ];
     };
-  };
-  containers.jackett = {
-    config = { config, pkgs, ... }: { services.jackett.enable = true; };
-  };
-  containers.transmission = {
-    config = { config, pkgs, ... }: {
-      # services.openvpn = { servers = { nordvpn = { }; }; };
-      networking.firewall = {
-        enable = true;
-        # extraStopCommands = ''
-        #   sudo iptables -N ALLOWVPN
-        #   sudo iptables -N BLOCKALL
 
-        #   # allow access for the interfaces loopback, tun, and tap
-        #   sudo iptables -A OUTPUT -o tun+ -j ACCEPT;
-        #   sudo iptables -A OUTPUT -o tap+ -j ACCEPT;
-        #   sudo iptables -A OUTPUT -o lo+ -j ACCEPT;
-
-        #   # route outgoing data via our created chains
-        #   sudo iptables -A OUTPUT -j ALLOWVPN;
-        #   sudo iptables -A OUTPUT -j BLOCKALL;
-
-        #   # block all disallowed connections
-        #   sudo iptables -A BLOCKALL -j DROP
-        # '';
+    "radarr" = {
+      image = "linuxserver/radarr";
+      environment = {
+        "PUID" = "1000";
+        "PGID" = "100";
+        "TZ" = "DE";
       };
+      volumes = [
+        "/auto/media/movies:/movies"
+        "/home/moritz/Docker/transmission/completed/movies:/downloads"
+        "/home/moritz/Docker/radarr"
+      ];
+      ports = [ "7878:7878" ];
     };
-    bindMounts = {
-      "/var/lib/transmission" = { hostPath = "/home/moritz/Transmission/"; };
+    "sonarr" = {
+      image = "linuxserver/sonarr";
+      environment = {
+        "PUID" = "1000";
+        "PGID" = "100";
+        "TZ" = "DE";
+      };
+      volumes = [
+        "/auto/media/tv:/tv"
+        "/home/moritz/Docker/transmission/completed/movies:/downloads"
+        "/home/moritz/Docker/sonarr"
+      ];
+      ports = [ "8989:8989" ];
     };
   };
-
 }
diff --git a/secrets/nordvpn.age b/secrets/nordvpn.age
index c5842c515279ef0e599de40195543414542fbd7c..1c4d5772f2233cb5fec9d590a2967aa5058167cb 100644
GIT binary patch
delta 595
zcmWm9O>5I&003Y&)Ik)6APk(tdQ)O)ljf@+Leuq4zmqg+n^pvq=54aXu36KjO%Mtm
z<~#^`5)>z*uuV|rMZ`nhE)y>bGQ4<kHxD}5X@WAv=N~*Phi@Lab783a<w#vKow_Z|
zXB^myFn(P}69c;AbucZ*2Q@&%2D9^X6&n%inY?N^I>3XZq_|MVfNAMW6t^PzSirTV
znqG)eQK8Bfknp9D>zZMx<0Og2Lw%0Q*Njls06awo1+66{a3P-_00|0l2_&eLr5L2<
zQ1JlE7MitQzlP8vWV=OD@yjfmYbSawhVC;|%K&p3ix%UU8pSBF5pk|*#NEBAp~YuK
z)HQo;fWpAwQBELew{L59s^4v9OBJRV(6$136%!HHZj{ZW=LjasIVoUNNwOmgRXf&p
zdTCHkdDuXwK-{Li#{bDe*yupjg-Fen3@*dV*)(Mnl;U{RTp6~cWRmlS3rUrcXEnKv
z5{6%uY$Z-L2$AckFei1Hn1goWl{BJ@1qt-#ioD2sEf1F(6|KwrsB9#Va5x-dRH50o
z%OxBal1h(dZHVVe5ry|@Ib#vs0JlgH4pOX|w-NjK#-phJ_u#|nTbCcM4e|YK{>OO#
zwQ)AlJ9&TQ>iYEiVz7H`cjwUWd}Fk9W_h%lwxn;TzMR{6OY5(in-3;_GGkA+wTmcw
z^!x^PWwrEaGFtgMyLKG#S@!Y%8+ZeZZEc-+wrxHgy%^qW=cX2xKN2&ywbu8E#p%U&
VpXb+q?OdPS8!hQC55{Ny`~x~<*pmPN

delta 498
zcmV<O0S*3#1*Zg%EPp|9a&BU0S~GeyXiINPS}`(cc4lZ<SX4<eZ)RaaH)v!}MOjH!
zSy^vbMG9IuL1=D8OK@yNVKG)oc~ovyF)=b$MRP+@G<8vPP%A4(PIEDBHFHBWX9_Jo
zAaiqQEoEdfH8n9gAa_SLOj&0ja!O=&N>DIWNJLIld3853S4KH&NoY`0aBx>;M@~Xx
zNI6n+Qfo^^XL?m*3VLm7M`&kPD`-n?ZEZ4ZWMM-#M@mF-YI0?9P-S{>WMfclLRBkr
zPcuwOk?|LQQ!r9-c2!|Tab`|NGfYx7a#}PiOL#PJMlyD6NMm6}Z$~*cMn*4haYaE2
zWpOrQVnZ@*RCOzPWqB`hO*l7kV@p+YZa7awbWKNgPE~U+MQ>|qS8F&5Ej}PlYe{w`
zR9h`)a%Ew2WgvM*HXv1TbSnyNcr;l}PE$--HF9=;GiM4dEiE8xIZ!WZc1ulEPi{vu
zb2oJ}bxTM=WL7sbSz>KtRA+2MZZ$7fML~EqWLXN1)ieGi+MJV$yY&iG8aX;(dRaQt
z^2VPp)ytX2qRMo)!%Ltas?R6=P?AXeF<a)|BF52Quvg~1xOqVPVk+dwdQ8~HX(hLs
o-7!=l_7D^oUcVZ+KEl>hY<=BMixvjm$P;|mbCI=IZlgYz`SlRD!vFvP