From 16c0472bb091411baa3c59043eb53c5968014711 Mon Sep 17 00:00:00 2001 From: Simon Bruder Date: Wed, 4 Oct 2023 17:02:16 +0200 Subject: [PATCH] nazuna: Enable torrent --- machines/nazuna/configuration.nix | 24 +++++++++++++++++- machines/nazuna/secrets.yaml | 5 ++-- .../nazuna/secrets/wireguard-qbittorrent.nix | Bin 0 -> 415 bytes machines/renge/services/prometheus.nix | 1 + modules/media-proxy.nix | 1 + 5 files changed, 28 insertions(+), 3 deletions(-) create mode 100644 machines/nazuna/secrets/wireguard-qbittorrent.nix diff --git a/machines/nazuna/configuration.nix b/machines/nazuna/configuration.nix index 2d37171..4248acd 100644 --- a/machines/nazuna/configuration.nix +++ b/machines/nazuna/configuration.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ lib, pkgs, ... }: { imports = [ @@ -7,10 +7,32 @@ ]; sbruder = { + nginx.hardening.enable = true; wireguard.home.enable = true; }; networking.hostName = "nazuna"; system.stateVersion = "23.05"; + + services.nginx = { + enable = true; + + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + systemd.services.nginx.serviceConfig.SupplementaryGroups = lib.singleton "keys"; + + sbruder.qbittorrent = { + enable = true; + fqdn = "sturzbach.sbruder.de"; + }; + + services.nginx.virtualHosts."sturzbach.sbruder.de" = { + enableACME = true; + forceSSL = true; + }; } diff --git a/machines/nazuna/secrets.yaml b/machines/nazuna/secrets.yaml index f2a3f8d..7ddf187 100644 --- a/machines/nazuna/secrets.yaml +++ b/machines/nazuna/secrets.yaml @@ -1,12 +1,13 @@ wg-home-private-key: ENC[AES256_GCM,data:fqdPyTa/0Ixr0sO8m06Q1xoAFYBA3q2P4Ho7k6AZBakcKvaXyqFiaISsIuk=,iv:tFANTuH8NHs7cHGduzn66njpCfK1tyydRlBCwv/ffyQ=,tag:Q+dBhMjjHG0cZlfindxBhQ==,type:str] +wg-qbittorrent-private-key: ENC[AES256_GCM,data:ui0klTtpg1DYl2A1R1PbGngnv0WFY7/qjcTdUpmpTiZVmxJxCdMId/ussvo=,iv:2vpZN1rjipjdBQKRAKv9Qf5EP1PSUBGKWg9j78WoXLs=,tag:WxNLrGNCa9ozYJjN9xRK6w==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: [] - lastmodified: "2023-10-04T14:03:02Z" - mac: ENC[AES256_GCM,data:hq5V3kGoTgox9/tJRvLk6hhfG4b9V31ACMOhWVI4kEdWUKJ+o5NvRfh7ITgkNpwR1LYMGQBl/b2bhQEGt6QLYG7zd0QL/htOY8rT7u9QAp6EnZxpIYMzEkDjLzT6xLdSiUVl1XgmObkoHagkZARkBk2IWrzsrdxFklS5vjaWzEA=,iv:pM2qoSHOojQ8PaYKoWOagsZol+bNEUDJeuPh+T6v5HM=,tag:rOMaP5hSEzCNm98Vei1jdQ==,type:str] + lastmodified: "2023-10-04T14:34:22Z" + mac: ENC[AES256_GCM,data:LjETyB9nqN6y/mevYOGXSkWNCNtu/fTXazy3VmZANNQCTuP5J5j6QmS3o9u+VCmrLpntpeNa+BT5VSbHgdlN70zdvgSZFhKSw/cn66L+dfO9bqUwDVDN2S8RSE6RGbFz4oYxS950JHEOKPyD8svtlT8xLq9seeMcvwp+KcSZqMY=,iv:70PeKVRqKj/6/o46TAzICQZDi83m4qPTTR1K3S6JiOo=,tag:9rQR9e9ZGYMgbklV9lWdLA==,type:str] pgp: - created_at: "2023-10-04T14:02:47Z" enc: |- diff --git a/machines/nazuna/secrets/wireguard-qbittorrent.nix b/machines/nazuna/secrets/wireguard-qbittorrent.nix new file mode 100644 index 0000000000000000000000000000000000000000..cb8f3e23d9c544d226139c1a1ead7d9dc79a7763 GIT binary patch literal 415 zcmV;Q0bu?BM@dveQdv+`0L;XVij1;A%B?$6j^R>HvR}5J+_4qp#U>aUgCFh_*UU1` zKB!x343D!^>BTx%n3{5|t`TFyY0nh-_hmRjw~c@%i0K#;KWb>dKKS5|f_rlba1Euu zX;l%)1k850f_>BGi?;V5r-Sw^~J-ykoFN9q2T8sdF&JYF6K?bRYz^>d>??Ds!b4-xu8e z(J?4j&4gfBU}|rQxt7C33klU$6ExNsjSoCOFa|#FsCbrcukL|=PaGZ-=4C!Z6e$?w z*-WHo^&AslQhciU(~KWHrnzNby3d#OgkQcV?J|l+CoQ8-=Go-DTYsA5Xz{LOLm2{3 zJT>S;DW_1?(TYRfAo=8%mlB~vk`(}t1?wPT3XHEfb=aY8?#88V>dE06DU|PRI^@YH zQw>)ka+jso(VyYXIa!IKgK#oFP1Ih)kHL^88C~k3H6D#nSkVC-oS8t Jdo~Yg<`{~m$TI){ literal 0 HcmV?d00001 diff --git a/machines/renge/services/prometheus.nix b/machines/renge/services/prometheus.nix index 8d6d3c0..9c62570 100644 --- a/machines/renge/services/prometheus.nix +++ b/machines/renge/services/prometheus.nix @@ -76,6 +76,7 @@ in job_name = "qbittorrent"; static_configs = mkStaticTargets [ "fuuko.vpn.sbruder.de:9561" + "nazuna.vpn.sbruder.de:9561" ]; relabel_configs = lib.singleton { target_label = "instance"; diff --git a/modules/media-proxy.nix b/modules/media-proxy.nix index 9e4fc79..bc653f8 100644 --- a/modules/media-proxy.nix +++ b/modules/media-proxy.nix @@ -5,6 +5,7 @@ let "media" = config.sops.secrets.media-proxy-auth.path; "media-sb" = config.sops.secrets.media-proxy-auth.path; "torrent" = config.sops.secrets.torrent-proxy-auth.path; + "sturzbach" = config.sops.secrets.torrent-proxy-auth.path; }; in {