From 4ca971d8696200261cbe5dcf46898759361e8f81 Mon Sep 17 00:00:00 2001 From: Swarsel Date: Sat, 5 Oct 2024 23:18:24 +0200 Subject: [PATCH] chore: replace transmission config with docker --- SwarselSystems.org | 357 ------------------------ profiles/server/common/transmission.nix | 357 ------------------------ 2 files changed, 714 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index 9570cc6..4d51ba9 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -7582,266 +7582,6 @@ Also, the system state version is set here. No need to touch it. environment.systemPackages = with pkgs; [ docker ]; - # boot = { - # kernelModules = [ "tun" ]; - # kernel.sysctl = { - # "net.ipv4.conf.all.rp_filter" = 2; - # "net.ipv4.conf.default.rp_filter" = 2; - # "net.ipv4.conf.enp3s0.rp_filter" = 2; - # }; - # }; - # environment.systemPackages = with pkgs; [ - # jq - # traceroute - # curl - # ]; - # environment.etc = { - # "openvpn/iptables.sh" = - # { - # source = ../../../scripts/server1/iptables.sh; - # mode = "0755"; - # }; - # "openvpn/update-resolv-conf" = - # { - # source = ../../../scripts/server1/update-resolv-conf; - # mode = "0755"; - # }; - # "openvpn/routing.sh" = - # { - # source = ../../../scripts/server1/routing.sh; - # mode = "0755"; - # }; - # "openvpn/ca.rsa.2048.crt" = - # { - # source = ../../../secrets/certs/ca.rsa.2048.crt; - # mode = "0644"; - # }; - # "openvpn/crl.rsa.2048.pem" = - # { - # source = ../../../secrets/certs/crl.rsa.2048.pem; - # mode = "0644"; - # }; - # }; - - # networking = { - # firewall.extraCommands = '' - # sudo iptables -A OUTPUT ! -o lo -m owner --uid-owner vpn -j DROP - # ''; - # iproute2 = { - # enable = true; - # rttablesExtraConfig = '' - # 200 vpn - # ''; - # }; - # }; - - # users = { - # groups = { - # vpn = { }; - # }; - # users = { - # vpn = { - # isNormalUser = true; - # group = "vpn"; - # home = "/home/vpn"; - # }; - # }; - # }; - - # sops = { - # secrets = { - # vpnuser = { }; - # rpcuser = { owner = "vpn"; }; - # vpnpass = { }; - # rpcpass = { owner = "vpn"; }; - # vpnprot = { }; - # vpnloc = { }; - # }; - # templates = { - # "transmission-rpc" = { - # owner = "vpn"; - # content = builtins.toJSON { - # rpc-username = config.sops.placeholder.rpcuser; - # rpc-password = config.sops.placeholder.rpcpass; - # }; - # }; - - # pia.content = '' - # ${config.sops.placeholder.vpnuser} - # ${config.sops.placeholder.vpnpass} - # ''; - - # vpn = { - # path = "/etc/openvpn/openvpn.conf"; - # mode = "0644"; - # content = '' - # client - # dev tun - # proto ${config.sops.placeholder.vpnprot} - # remote ${config.sops.placeholder.vpnloc} - # resolv-retry infinite - # nobind - # persist-key - # persist-tun - # cipher aes-128-cbc - # auth sha1 - # tls-client - # remote-cert-tls server - - # auth-user-pass ${config.sops.templates.pia.path} - # auth-nocache - # comp-lzo - # compress - # verb 1 - # reneg-sec 0 - - # crl-verify /etc/openvpn/crl.rsa.2048.pem - # ca /etc/openvpn/ca.rsa.2048.crt - - # disable-occ - # script-security 2 - # route-noexec - - # up /etc/openvpn/iptables.sh - # down /etc/openvpn/update-resolv-conf - # ''; - # }; - # }; - # }; - - # systemd = { - # timers."restart-pia-monthly" = { - # wantedBy = [ "timers.target" ]; - # timerConfig = { - # OnBootSec = "1M"; - # OnUnitActiveSec = "1M"; - # Unit = "restart-pia-monthly.service"; - # }; - # }; - - # services."restart-pia-monthly" = { - # script = '' - # systemctl restart pia-pf.service - # ''; - # serviceConfig = { - # Type = "oneshot"; - # User = "root"; - # }; - # }; - - # timers."reboot-portforward-2h" = { - # wantedBy = [ "timers.target" ]; - # timerConfig = { - # OnBootSec = "2h"; - # OnUnitActiveSec = "2h"; - # Unit = "reboot-portforward-2h.service"; - # }; - # }; - - # services."reboot-portforward-2h" = { - # script = '' - # /etc/openvpn/portforward.sh | while IFS= read -r line; do echo "$(date) $line"; done >> /var/log/pia_portforward.log 2>&1 - # ''; - # serviceConfig = { - # Type = "oneshot"; - # User = "root"; - # }; - # }; - - # timers."hourly-services" = { - # wantedBy = [ "timers.target" ]; - # timerConfig = { - # OnBootSec = "1h"; - # OnUnitActiveSec = "1h"; - # Unit = "hourly-services.service"; - # }; - # }; - - # services."hourly-services" = { - # script = '' - # ${pkgs.sudo}/bin/sudo /etc/openvpn/iptables.sh - # ${pkgs.sudo}/bin/sudo -u vpn -i -- ${pkgs.curl}/bin/curl -c /opt/persists/mam.cookies -b /opt/persists/mam.cookies https://t.myanonamouse.net/json/dynamicSeedbox.php - # ''; - # serviceConfig = { - # Type = "oneshot"; - # User = "root"; - # }; - # }; - - # timers."reboot-portforward" = { - # wantedBy = [ "timers.target" ]; - # timerConfig = { - # OnBootSec = "1m"; - # Unit = "reboot-portforward.service"; - # }; - # }; - - # services."reboot-portforward" = { - # script = '' - # sleep 60 - # /etc/openvpn/portforward.sh | while IFS= read -r line; do echo "$(date) $line"; done >> /var/log/pia_portforward.log 2>&1 - # ''; - # serviceConfig = { - # Type = "oneshot"; - # User = "root"; - # }; - # }; - - # tmpfiles.rules = [ - # "d /run/openvpn 644 root root 10d" - # "f /run/openvpn/openvpn.pid 0644 root root" - # "f /run/openvpn/openvpn.status 0644 root root" - # ]; - - # services."pia-pf" = { - - # path = with pkgs; [ - # toybox - # jq - # curl - # traceroute - # bash - # gawk - # ]; - # description = "PIA Port Forwarding Daemon"; - # after = [ "network.target" "openvpn@openvpn.service" ]; - # wantedBy = [ "multi-user.target" ]; - # serviceConfig = { - # SyslogIdentifier = "pia-pf"; - # Type = "simple"; - # ExecStartPre = "${pkgs.toybox}/bin/sleep 10"; - # ExecStart = "/etc/openvpn/pia-portforward.sh -f tun0 -p /etc/openvpn/port.dat -s /etc/openvpn/portforward.sh"; - # WorkingDirectory = "/etc/openvpn"; - # Restart = "always"; - # RestartSec = 5; - # TimeoutStopSec = 30; - # }; - # }; - # services."openvpn@openvpn" = { - - # description = "Open VPN connection to %i"; - # after = [ "network.target" ]; - # wantedBy = [ "multi-user.target" ]; - # serviceConfig = { - # RuntimeDirectory = "openvpn"; - # PrivateTmp = true; - # KillMode = "mixed"; - # Type = "forking"; - # ExecStart = "${pkgs.openvpn}/bin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid"; - # PIDFile = "/run/openvpn/%i.pid"; - # ExecReload = "/bin/kill -HUP $MAINPID"; - # WorkingDirectory = "/etc/openvpn"; - # Restart = "on-failure"; - # RestartSec = 3; - # ProtectSystem = "yes"; - # LimitNPROC = 10; - # DeviceAllow = [ - # "/dev/null rw" - # "/dev/net/tun rw" - # ]; - # }; - # }; - # }; services = { radarr = { @@ -7859,103 +7599,6 @@ Also, the system state version is set here. No need to touch it. prowlarr = { enable = true; }; - # openvpn.servers = { - # pia = { - # autoStart = false; - # updateResolvConf = false; - # config = "config ${config.sops.templates.vpn.path}"; - # }; - # }; - # transmission = { - # enable = true; - # package = - # let - # pkgs2_94 = import - # (builtins.fetchGit { - # name = "transmission-2.94"; - # url = "https://github.com/NixOS/nixpkgs/"; - # ref = "refs/heads/nixpkgs-unstable"; - # rev = "4426104c8c900fbe048c33a0e6f68a006235ac50"; - # }) - # { }; - - # transmission2_94 = pkgs2_94.transmission; - # in - # transmission2_94; - # user = "vpn"; - # credentialsFile = config.sops.templates."transmission-rpc".path; - # openPeerPorts = true; - # settings = { - # alt-speed-down = 6000; - # alt-speed-enabled = false; - # alt-speed-time-begin = 0; - # alt-speed-time-day = 127; - # alt-speed-time-enabled = true; - # alt-speed-time-end = 360; - # alt-speed-up = 1000; - # bind-address-ipv4 = "0.0.0.0"; - # bind-address-ipv6 = "fe80::"; - # blocklist-enabled = false; - # blocklist-url = "http://www.example.com/blocklist"; - # cache-size-mb = 256; - # dht-enabled = false; - # download-dir = "/Vault/Eternor/New"; - # download-limit = 100; - # download-limit-enabled = 0; - # download-queue-enabled = true; - # download-queue-size = 5; - # encryption = 2; - # idle-seeding-limit = 30; - # idle-seeding-limit-enabled = false; - # incomplete-dir = "/var/lib/transmission-daemon/Downloads"; - # incomplete-dir-enabled = false; - # lpd-enabled = false; - # max-peers-global = 200; - # message-level = 1; - # peer-congestion-algorithm = ""; - # peer-id-ttl-hours = 6; - # peer-limit-global = 100; - # peer-limit-per-torrent = 40; - # peer-port = 22371; - # peer-port-random-high = 65535; - # peer-port-random-low = 49152; - # peer-port-random-on-start = false; - # peer-socket-tos = "default"; - # pex-enabled = false; - # port-forwarding-enabled = false; - # preallocation = 1; - # prefetch-enabled = true; - # queue-stalled-enabled = true; - # queue-stalled-minutes = 30; - # ratio-limit = 2; - # ratio-limit-enabled = false; - # rename-partial-files = true; - # rpc-authentication-required = true; - # rpc-bind-address = "0.0.0.0"; - # rpc-enabled = true; - # rpc-host-whitelist = ""; - # rpc-host-whitelist-enabled = true; - # rpc-port = 9091; - # rpc-url = "/transmission/"; - # rpc-whitelist = "127.0.0.1,192.168.3.2,192.168.3.3"; - # rpc-whitelist-enabled = true; - # scrape-paused-torrents-enabled = true; - # script-torrent-done-enabled = false; - # seed-queue-enabled = false; - # seed-queue-size = 10; - # speed-limit-down = 6000; - # speed-limit-down-enabled = true; - # speed-limit-up = 500; - # speed-limit-up-enabled = true; - # start-added-torrents = true; - # trash-original-torrent-files = false; - # umask = 2; - # upload-limit = 100; - # upload-limit-enabled = 0; - # upload-slots-per-torrent = 14; - # utp-enabled = false; - # }; - # }; nginx = { virtualHosts = { diff --git a/profiles/server/common/transmission.nix b/profiles/server/common/transmission.nix index c90c9ec..f3ce8ed 100644 --- a/profiles/server/common/transmission.nix +++ b/profiles/server/common/transmission.nix @@ -6,266 +6,6 @@ environment.systemPackages = with pkgs; [ docker ]; - # boot = { - # kernelModules = [ "tun" ]; - # kernel.sysctl = { - # "net.ipv4.conf.all.rp_filter" = 2; - # "net.ipv4.conf.default.rp_filter" = 2; - # "net.ipv4.conf.enp3s0.rp_filter" = 2; - # }; - # }; - # environment.systemPackages = with pkgs; [ - # jq - # traceroute - # curl - # ]; - # environment.etc = { - # "openvpn/iptables.sh" = - # { - # source = ../../../scripts/server1/iptables.sh; - # mode = "0755"; - # }; - # "openvpn/update-resolv-conf" = - # { - # source = ../../../scripts/server1/update-resolv-conf; - # mode = "0755"; - # }; - # "openvpn/routing.sh" = - # { - # source = ../../../scripts/server1/routing.sh; - # mode = "0755"; - # }; - # "openvpn/ca.rsa.2048.crt" = - # { - # source = ../../../secrets/certs/ca.rsa.2048.crt; - # mode = "0644"; - # }; - # "openvpn/crl.rsa.2048.pem" = - # { - # source = ../../../secrets/certs/crl.rsa.2048.pem; - # mode = "0644"; - # }; - # }; - - # networking = { - # firewall.extraCommands = '' - # sudo iptables -A OUTPUT ! -o lo -m owner --uid-owner vpn -j DROP - # ''; - # iproute2 = { - # enable = true; - # rttablesExtraConfig = '' - # 200 vpn - # ''; - # }; - # }; - - # users = { - # groups = { - # vpn = { }; - # }; - # users = { - # vpn = { - # isNormalUser = true; - # group = "vpn"; - # home = "/home/vpn"; - # }; - # }; - # }; - - # sops = { - # secrets = { - # vpnuser = { }; - # rpcuser = { owner = "vpn"; }; - # vpnpass = { }; - # rpcpass = { owner = "vpn"; }; - # vpnprot = { }; - # vpnloc = { }; - # }; - # templates = { - # "transmission-rpc" = { - # owner = "vpn"; - # content = builtins.toJSON { - # rpc-username = config.sops.placeholder.rpcuser; - # rpc-password = config.sops.placeholder.rpcpass; - # }; - # }; - - # pia.content = '' - # ${config.sops.placeholder.vpnuser} - # ${config.sops.placeholder.vpnpass} - # ''; - - # vpn = { - # path = "/etc/openvpn/openvpn.conf"; - # mode = "0644"; - # content = '' - # client - # dev tun - # proto ${config.sops.placeholder.vpnprot} - # remote ${config.sops.placeholder.vpnloc} - # resolv-retry infinite - # nobind - # persist-key - # persist-tun - # cipher aes-128-cbc - # auth sha1 - # tls-client - # remote-cert-tls server - - # auth-user-pass ${config.sops.templates.pia.path} - # auth-nocache - # comp-lzo - # compress - # verb 1 - # reneg-sec 0 - - # crl-verify /etc/openvpn/crl.rsa.2048.pem - # ca /etc/openvpn/ca.rsa.2048.crt - - # disable-occ - # script-security 2 - # route-noexec - - # up /etc/openvpn/iptables.sh - # down /etc/openvpn/update-resolv-conf - # ''; - # }; - # }; - # }; - - # systemd = { - # timers."restart-pia-monthly" = { - # wantedBy = [ "timers.target" ]; - # timerConfig = { - # OnBootSec = "1M"; - # OnUnitActiveSec = "1M"; - # Unit = "restart-pia-monthly.service"; - # }; - # }; - - # services."restart-pia-monthly" = { - # script = '' - # systemctl restart pia-pf.service - # ''; - # serviceConfig = { - # Type = "oneshot"; - # User = "root"; - # }; - # }; - - # timers."reboot-portforward-2h" = { - # wantedBy = [ "timers.target" ]; - # timerConfig = { - # OnBootSec = "2h"; - # OnUnitActiveSec = "2h"; - # Unit = "reboot-portforward-2h.service"; - # }; - # }; - - # services."reboot-portforward-2h" = { - # script = '' - # /etc/openvpn/portforward.sh | while IFS= read -r line; do echo "$(date) $line"; done >> /var/log/pia_portforward.log 2>&1 - # ''; - # serviceConfig = { - # Type = "oneshot"; - # User = "root"; - # }; - # }; - - # timers."hourly-services" = { - # wantedBy = [ "timers.target" ]; - # timerConfig = { - # OnBootSec = "1h"; - # OnUnitActiveSec = "1h"; - # Unit = "hourly-services.service"; - # }; - # }; - - # services."hourly-services" = { - # script = '' - # ${pkgs.sudo}/bin/sudo /etc/openvpn/iptables.sh - # ${pkgs.sudo}/bin/sudo -u vpn -i -- ${pkgs.curl}/bin/curl -c /opt/persists/mam.cookies -b /opt/persists/mam.cookies https://t.myanonamouse.net/json/dynamicSeedbox.php - # ''; - # serviceConfig = { - # Type = "oneshot"; - # User = "root"; - # }; - # }; - - # timers."reboot-portforward" = { - # wantedBy = [ "timers.target" ]; - # timerConfig = { - # OnBootSec = "1m"; - # Unit = "reboot-portforward.service"; - # }; - # }; - - # services."reboot-portforward" = { - # script = '' - # sleep 60 - # /etc/openvpn/portforward.sh | while IFS= read -r line; do echo "$(date) $line"; done >> /var/log/pia_portforward.log 2>&1 - # ''; - # serviceConfig = { - # Type = "oneshot"; - # User = "root"; - # }; - # }; - - # tmpfiles.rules = [ - # "d /run/openvpn 644 root root 10d" - # "f /run/openvpn/openvpn.pid 0644 root root" - # "f /run/openvpn/openvpn.status 0644 root root" - # ]; - - # services."pia-pf" = { - - # path = with pkgs; [ - # toybox - # jq - # curl - # traceroute - # bash - # gawk - # ]; - # description = "PIA Port Forwarding Daemon"; - # after = [ "network.target" "openvpn@openvpn.service" ]; - # wantedBy = [ "multi-user.target" ]; - # serviceConfig = { - # SyslogIdentifier = "pia-pf"; - # Type = "simple"; - # ExecStartPre = "${pkgs.toybox}/bin/sleep 10"; - # ExecStart = "/etc/openvpn/pia-portforward.sh -f tun0 -p /etc/openvpn/port.dat -s /etc/openvpn/portforward.sh"; - # WorkingDirectory = "/etc/openvpn"; - # Restart = "always"; - # RestartSec = 5; - # TimeoutStopSec = 30; - # }; - # }; - # services."openvpn@openvpn" = { - - # description = "Open VPN connection to %i"; - # after = [ "network.target" ]; - # wantedBy = [ "multi-user.target" ]; - # serviceConfig = { - # RuntimeDirectory = "openvpn"; - # PrivateTmp = true; - # KillMode = "mixed"; - # Type = "forking"; - # ExecStart = "${pkgs.openvpn}/bin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid"; - # PIDFile = "/run/openvpn/%i.pid"; - # ExecReload = "/bin/kill -HUP $MAINPID"; - # WorkingDirectory = "/etc/openvpn"; - # Restart = "on-failure"; - # RestartSec = 3; - # ProtectSystem = "yes"; - # LimitNPROC = 10; - # DeviceAllow = [ - # "/dev/null rw" - # "/dev/net/tun rw" - # ]; - # }; - # }; - # }; services = { radarr = { @@ -283,103 +23,6 @@ prowlarr = { enable = true; }; - # openvpn.servers = { - # pia = { - # autoStart = false; - # updateResolvConf = false; - # config = "config ${config.sops.templates.vpn.path}"; - # }; - # }; - # transmission = { - # enable = true; - # package = - # let - # pkgs2_94 = import - # (builtins.fetchGit { - # name = "transmission-2.94"; - # url = "https://github.com/NixOS/nixpkgs/"; - # ref = "refs/heads/nixpkgs-unstable"; - # rev = "4426104c8c900fbe048c33a0e6f68a006235ac50"; - # }) - # { }; - - # transmission2_94 = pkgs2_94.transmission; - # in - # transmission2_94; - # user = "vpn"; - # credentialsFile = config.sops.templates."transmission-rpc".path; - # openPeerPorts = true; - # settings = { - # alt-speed-down = 6000; - # alt-speed-enabled = false; - # alt-speed-time-begin = 0; - # alt-speed-time-day = 127; - # alt-speed-time-enabled = true; - # alt-speed-time-end = 360; - # alt-speed-up = 1000; - # bind-address-ipv4 = "0.0.0.0"; - # bind-address-ipv6 = "fe80::"; - # blocklist-enabled = false; - # blocklist-url = "http://www.example.com/blocklist"; - # cache-size-mb = 256; - # dht-enabled = false; - # download-dir = "/Vault/Eternor/New"; - # download-limit = 100; - # download-limit-enabled = 0; - # download-queue-enabled = true; - # download-queue-size = 5; - # encryption = 2; - # idle-seeding-limit = 30; - # idle-seeding-limit-enabled = false; - # incomplete-dir = "/var/lib/transmission-daemon/Downloads"; - # incomplete-dir-enabled = false; - # lpd-enabled = false; - # max-peers-global = 200; - # message-level = 1; - # peer-congestion-algorithm = ""; - # peer-id-ttl-hours = 6; - # peer-limit-global = 100; - # peer-limit-per-torrent = 40; - # peer-port = 22371; - # peer-port-random-high = 65535; - # peer-port-random-low = 49152; - # peer-port-random-on-start = false; - # peer-socket-tos = "default"; - # pex-enabled = false; - # port-forwarding-enabled = false; - # preallocation = 1; - # prefetch-enabled = true; - # queue-stalled-enabled = true; - # queue-stalled-minutes = 30; - # ratio-limit = 2; - # ratio-limit-enabled = false; - # rename-partial-files = true; - # rpc-authentication-required = true; - # rpc-bind-address = "0.0.0.0"; - # rpc-enabled = true; - # rpc-host-whitelist = ""; - # rpc-host-whitelist-enabled = true; - # rpc-port = 9091; - # rpc-url = "/transmission/"; - # rpc-whitelist = "127.0.0.1,192.168.3.2,192.168.3.3"; - # rpc-whitelist-enabled = true; - # scrape-paused-torrents-enabled = true; - # script-torrent-done-enabled = false; - # seed-queue-enabled = false; - # seed-queue-size = 10; - # speed-limit-down = 6000; - # speed-limit-down-enabled = true; - # speed-limit-up = 500; - # speed-limit-up-enabled = true; - # start-added-torrents = true; - # trash-original-torrent-files = false; - # umask = 2; - # upload-limit = 100; - # upload-limit-enabled = 0; - # upload-slots-per-torrent = 14; - # utp-enabled = false; - # }; - # }; nginx = { virtualHosts = {