nuc: rework torrent vpn and add exporter

2025-01-31 18:05:36 +01:00 · 2025-01-22 13:35:53 +01:00 · 2025-01-22 13:35:53 +01:00 · aad5133e9e
commit aad5133e9e
parent 3d572d7a38
11 changed files with 82 additions and 23 deletions
--- a/flake.lock
+++ b/flake.lock
@ -12,11 +12,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1723293904,
+        "lastModified": 1736955230,
-        "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
+        "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
+        "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
        "type": "github"
      },
      "original": {
@ -301,11 +301,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1736508663,
+        "lastModified": 1737461688,
-        "narHash": "sha256-ZOaGwa+WnB7Zn3YXimqjmIugAnHePdXCmNu+AHkq808=",
+        "narHash": "sha256-zQCFe5FcSSGzY3qauAAHZcPt7Ej4WSGo78ShSTCSBvU=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "2532b500c3ed2b8940e831039dcec5a5ea093afc",
+        "rev": "bb14224f51ae4caed12a7b26f245d042c8cf8553",
        "type": "github"
      },
      "original": {
@ -450,11 +450,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1736652904,
+        "lastModified": 1737257306,
-        "narHash": "sha256-8uolHABgroXqzs03QdulHp8H9e5kWQZnnhcda1MKbBM=",
+        "narHash": "sha256-lEGgpA4kGafc76+Amnz+gh1L/cwUS2pePFlf22WEyh8=",
        "owner": "nix-community",
        "repo": "nix-index-database",
-        "rev": "271e5bd7c57e1f001693799518b10a02d1123b12",
+        "rev": "744d330659e207a1883d2da0141d35e520eb87bd",
        "type": "github"
      },
      "original": {
@ -524,11 +524,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1736701207,
+        "lastModified": 1737062831,
-        "narHash": "sha256-jG/+MvjVY7SlTakzZ2fJ5dC3V1PrKKrUEOEE30jrOKA=",
+        "narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "ed4a395ea001367c1f13d34b1e01aa10290f67d6",
+        "rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c",
        "type": "github"
      },
      "original": {
--- a/hosts/fujitsu/default.nix
+++ b/hosts/fujitsu/default.nix
@ -41,6 +41,8 @@
    btdu
    tcpdump
    mtr
    dnsutils
    mediainfo
  ];
  programs.git = {
    enable = true;
--- a/hosts/nuc/default.nix
+++ b/hosts/nuc/default.nix
@ -65,6 +65,7 @@
    btdu
    tcpdump
    mtr
    dnsutils
  ];
  programs.git = {
    enable = true;
--- a/hosts/nuc/modules/logseq/default.nix
+++ b/hosts/nuc/modules/logseq/default.nix
@ -4,7 +4,7 @@ let
 in
 {
  virtualisation.oci-containers = {
-    containers.kanboard = {
+    containers.logseq = {
      image = "ghcr.io/logseq/logseq-webapp:latest";
      ports = [ "127.0.0.1:8045:80" ];
    };
--- a/hosts/nuc/modules/monitoring/default.nix
+++ b/hosts/nuc/modules/monitoring/default.nix
@ -141,6 +141,12 @@ in
          targets = [ "nuc.vpn.rfive.de:9300" ];
        }];
      }
      {
        job_name = "qbittorrent";
        static_configs = [{
          targets = [ "nuc.vpn.rfive.de:8009" ];
        }];
      }
      # {
      #   job_name = "pegel_dresden";
      #   metrics_path = "/probe";
--- a/hosts/nuc/modules/torrent/default.nix
+++ b/hosts/nuc/modules/torrent/default.nix
@ -8,9 +8,14 @@ let
  };
 in
 {
  imports = [
    ./exporter.nix
  ];
  age.secrets.mullvad.file = ../../../../secrets/nuc/mullvad.age;
  age.secrets.airvpn-private.file = ../../../../secrets/nuc/airvpn/private.age;
  age.secrets.airvpn-psk.file = ../../../../secrets/nuc/airvpn/psk.age;
  environment.etc."netns/torrent/resolv.conf".text = ''
-    nameserver 10.64.0.1
+    nameserver 9.9.9.9
  '';
  systemd.services."netns@" = {
@ -43,20 +48,36 @@ in
  # scripted wireguard since systemd-networkd doesn't support netns yet
  networking.wireguard.useNetworkd = false;
-  networking.wireguard.interfaces."wg0-mullvad" = {
+  # networking.wireguard.interfaces."wg0-mullvad" = {
-    # Funny Mole
+  #   # Funny Mole
-    privateKeyFile = config.age.secrets.mullvad.path;
+  #   privateKeyFile = config.age.secrets.mullvad.path;
-    ips = [ "10.67.237.93/32" ];
+  #   ips = [ "10.67.237.93/32" ];
  #   peers = [
  #     {
  #       publicKey = "QEVIaIycN8p5twXCuZeQTEj9utozakw/MU8H6+/whls=";
  #       allowedIPs = [ "0.0.0.0/0" ];
  #       endpoint = "138.199.34.129:51820";
  #     }
  #   ];
  #   interfaceNamespace = "torrent";
  # };
  # systemd.services."wireguard-wg0-mullvad" = {
  #   requires = [ "netns@torrent.service" ];
  # };
  networking.wireguard.interfaces."wg1-airvpn" = {
    privateKeyFile = config.age.secrets.airvpn-private.path;
    ips = [ " 10.146.65.170/32" "fd7d:76ee:e68f:a993:366:82ed:bc88:b04a/128" ];
    peers = [
      {
-        publicKey = "QEVIaIycN8p5twXCuZeQTEj9utozakw/MU8H6+/whls=";
+        publicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
-        allowedIPs = [ "0.0.0.0/0" ];
+        presharedKeyFile = config.age.secrets.airvpn-psk.path;
-        endpoint = "138.199.34.129:51820";
+        allowedIPs = [ "0.0.0.0/0" "::/0" ];
        endpoint = "europe3.vpn.airdns.org:1637";
      }
    ];
    interfaceNamespace = "torrent";
  };
-  systemd.services."wireguard-wg0-mullvad" = {
+  systemd.services."wireguard-wg1-airvpn" = {
    requires = [ "netns@torrent.service" ];
  };
--- a/hosts/nuc/modules/torrent/exporter.nix
+++ b/hosts/nuc/modules/torrent/exporter.nix
@ -0,0 +1,13 @@
 { ... }:
 {
  virtualisation.oci-containers = {
    containers.qbittorrent-exporter = {
      image = "caseyscarborough/qbittorrent-exporter";
      ports = [ "0.0.0.0:8009:17871" ];
      environment = {
        QBITTORRENT_PORT = "8081";
        QBITTORRENT_HOST = "nuc.vpn.rfive.de";
      };
    };
  };
 }
--- a/overlays/default.nix
+++ b/overlays/default.nix
@ -34,7 +34,7 @@ in
  jmri = callPackage ../pkgs/jmri { };
  adguardian-term = callPackage ../pkgs/adguardian-term { };
  python312 = prev.python312.override {
-    packageOverrides = final: prev: {
+    packageOverrides = _final: prev: {
      pysaml2 = prev.pysaml2.overridePythonAttrs (orig: {
        disabledTests =
          orig.disabledTests
--- a/secrets.nix
+++ b/secrets.nix
@ -21,6 +21,8 @@ in
  "secrets/nuc/mautrix-telegram/env.age".publicKeys = [ rouven nuc ];
  "secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ];
  "secrets/nuc/mullvad.age".publicKeys = [ rouven nuc ];
  "secrets/nuc/airvpn/private.age".publicKeys = [ rouven nuc ];
  "secrets/nuc/airvpn/psk.age".publicKeys = [ rouven nuc ];
  "secrets/nuc/keycloak/db.age".publicKeys = [ rouven nuc ];
  "secrets/nuc/authentik/core.age".publicKeys = [ rouven nuc ];
  "secrets/nuc/authentik/ldap.age".publicKeys = [ rouven nuc ];
--- a/secrets/nuc/airvpn/private.age
+++ b/secrets/nuc/airvpn/private.age
@ -0,0 +1,7 @@
 age-encryption.org/v1
 -> ssh-ed25519 uWbAHQ eRn24OdOUxmaXy98cE749nX5YSNFEd/UWZNKgn2XdTM
 rQajaxGqfAO/C0jUuamcQQddKvqM0+TA8eW4yyp7JkE
 -> ssh-ed25519 2TRdXg zRn6vmnqyB4YPSlRH8Oe65VkQoMfWA9zdEYObQEFviE
 sNrVqHwegkwMEBodil9mNAtLweftKU6CWgG9oUnCf64
 --- W++fFNnOMSC6/PWBTBVpi5che6eyqZVLXkdPlpAXAKI
 á‰Èa€^õÝÈ ¨:…;(X†%†¯<E280A0>©DÏÃD©Þõv`<60>)PÇŒ“'ÙàeÜ««r/3ªè.NU×/¯%œ¤gRè£¡/8
--- a/secrets/nuc/airvpn/psk.age
+++ b/secrets/nuc/airvpn/psk.age
@ -0,0 +1,7 @@
 age-encryption.org/v1
 -> ssh-ed25519 uWbAHQ K/v5vDqaxdVlk6EORXlGPMepr2XcqsN9CKw4Z+6KJAI
 a1GVmh+wxVbBhywgI4mkWFPJZnEAHBM31hQFa4NIays
 -> ssh-ed25519 2TRdXg Fl1LKF42rS6mW4qcuV7yRwz2I3O3ueT0ieMaz79SRnA
 sCevZCW6bYxbsOJgS9jn5uOeCyI39swYX/oWbNXk05w
 --- uOZ3aavCOsb0rjofhb2gbNbiLAA3cWWoSX6lqqOJpjk
 SÛòA—çwB<77>Yƒ‰Äå¨*_*~#œ²V1ù¡ „ŠmûV+Q¾?/Ï}õ¼–ö÷’¨GÝîJ”i#`ŠïD´;ÓLe7