nuc: rework torrent vpn and add exporter

2025-04-28 09:28:30 +02:00 · 2025-01-22 13:35:53 +01:00 · 2025-01-22 13:35:53 +01:00 · aad5133e9e
commit aad5133e9e
parent 3d572d7a38
11 changed files with 82 additions and 23 deletions
--- a/hosts/nuc/modules/torrent/default.nix
+++ b/hosts/nuc/modules/torrent/default.nix
@ -8,9 +8,14 @@ let
  };
 in
 {
+  imports = [
+    ./exporter.nix
+  ];
  age.secrets.mullvad.file = ../../../../secrets/nuc/mullvad.age;
+  age.secrets.airvpn-private.file = ../../../../secrets/nuc/airvpn/private.age;
+  age.secrets.airvpn-psk.file = ../../../../secrets/nuc/airvpn/psk.age;
  environment.etc."netns/torrent/resolv.conf".text = ''
-    nameserver 10.64.0.1
+    nameserver 9.9.9.9
  '';

  systemd.services."netns@" = {
@ -43,20 +48,36 @@ in

  # scripted wireguard since systemd-networkd doesn't support netns yet
  networking.wireguard.useNetworkd = false;
-  networking.wireguard.interfaces."wg0-mullvad" = {
-    # Funny Mole
-    privateKeyFile = config.age.secrets.mullvad.path;
-    ips = [ "10.67.237.93/32" ];
+  # networking.wireguard.interfaces."wg0-mullvad" = {
+  #   # Funny Mole
+  #   privateKeyFile = config.age.secrets.mullvad.path;
+  #   ips = [ "10.67.237.93/32" ];
+  #   peers = [
+  #     {
+  #       publicKey = "QEVIaIycN8p5twXCuZeQTEj9utozakw/MU8H6+/whls=";
+  #       allowedIPs = [ "0.0.0.0/0" ];
+  #       endpoint = "138.199.34.129:51820";
+  #     }
+  #   ];
+  #   interfaceNamespace = "torrent";
+  # };
+  # systemd.services."wireguard-wg0-mullvad" = {
+  #   requires = [ "netns@torrent.service" ];
+  # };
+  networking.wireguard.interfaces."wg1-airvpn" = {
+    privateKeyFile = config.age.secrets.airvpn-private.path;
+    ips = [ " 10.146.65.170/32" "fd7d:76ee:e68f:a993:366:82ed:bc88:b04a/128" ];
    peers = [
      {
-        publicKey = "QEVIaIycN8p5twXCuZeQTEj9utozakw/MU8H6+/whls=";
-        allowedIPs = [ "0.0.0.0/0" ];
-        endpoint = "138.199.34.129:51820";
+        publicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
+        presharedKeyFile = config.age.secrets.airvpn-psk.path;
+        allowedIPs = [ "0.0.0.0/0" "::/0" ];
+        endpoint = "europe3.vpn.airdns.org:1637";
      }
    ];
    interfaceNamespace = "torrent";
  };
-  systemd.services."wireguard-wg0-mullvad" = {
+  systemd.services."wireguard-wg1-airvpn" = {
    requires = [ "netns@torrent.service" ];
  };

--- a/hosts/nuc/modules/torrent/exporter.nix
+++ b/hosts/nuc/modules/torrent/exporter.nix
@ -0,0 +1,13 @@
+{ ... }:
+{
+  virtualisation.oci-containers = {
+    containers.qbittorrent-exporter = {
+      image = "caseyscarborough/qbittorrent-exporter";
+      ports = [ "0.0.0.0:8009:17871" ];
+      environment = {
+        QBITTORRENT_PORT = "8081";
+        QBITTORRENT_HOST = "nuc.vpn.rfive.de";
+      };
+    };
+  };
+}