From 4713c05ca4a8c902a991192e5f489f3eaaa5c5d9 Mon Sep 17 00:00:00 2001 From: David Crompton Date: Wed, 6 Dec 2023 13:28:49 -0500 Subject: [PATCH] Fix Many PIA/Wireguard It logs out every restart Token needs to regen The linuxserver/wiregard contianer stopped working So, we switch to a dedicated container for this, and also changed username and passwd becase.., well those also stopped working --- machines/hippocampus/oci/jelly.nix | 25 +++++++++---------------- machines/hippocampus/secrets/pass.yaml | 7 ++++--- 2 files changed, 13 insertions(+), 19 deletions(-) diff --git a/machines/hippocampus/oci/jelly.nix b/machines/hippocampus/oci/jelly.nix index 12a7e65..12689ee 100644 --- a/machines/hippocampus/oci/jelly.nix +++ b/machines/hippocampus/oci/jelly.nix @@ -1,8 +1,4 @@ -{ config, pkgs, ...}: -let - -in -{ +{ config, pkgs, ...}: { imports = [ ../modules/pods.nix ]; @@ -15,16 +11,17 @@ in dataDir = "/jelly/data"; configDir = "/jelly/conf"; in { + sops.secrets.jellyfin-pia = {}; virtualisation.oci-containers = let cnt = config.virtualisation.oci-containers.containers; getPorts = l: builtins.concatMap (c: cnt."${c}".ports) l; in { containers = { wireguard = { - image = "linuxserver/wireguard:latest"; + image = "thrnz/docker-wireguard-pia"; volumes = [ - "${configDir}/wireguard:/config" - "${configDir}/wireguard_pia:/opt" + # "${configDir}/wireguard:/config" + "${configDir}/wireguard_pia:/pia" ]; ports = getPorts [ "deluge" @@ -37,22 +34,18 @@ in ]; environment = { TZ = "America/Toronto"; - PIA_USER = "p5062257"; - PIA_PASS = "HEqwg9CvQB"; - AUTOCONNECT = "true"; - PIA_PF = "false"; - DISABLE_IPV6 = "yes"; - PIA_DNS = "true"; - VPN_PROTOCOL = "wireguard"; + LOC = "ca"; }; extraOptions = [ "--cap-add=ALL" "--pull=newer" "--dns=1.1.1.1" + "--env-file=${config.sops.secrets.jellyfin-pia.path}" "--sysctl=net.ipv4.conf.all.src_valid_mark=1" "--sysctl=net.ipv6.conf.lo.disable_ipv6=1" "--sysctl=net.ipv6.conf.all.disable_ipv6=1" - "--sysctl=net.ipv6.conf.default.disable_ipv6=1" ]; + "--sysctl=net.ipv6.conf.default.disable_ipv6=1" + ]; }; deluge = { diff --git a/machines/hippocampus/secrets/pass.yaml b/machines/hippocampus/secrets/pass.yaml index 3e579b4..c73466e 100644 --- a/machines/hippocampus/secrets/pass.yaml +++ b/machines/hippocampus/secrets/pass.yaml @@ -1,6 +1,7 @@ nextcloud: adminPass: ENC[AES256_GCM,data:D2SAD/Somvw8abIm0KX4fWRfuQ==,iv:Y7K14yZZFcu97KVBd0219hwnGY4LEX2DNxxulSegr/8=,tag:aRJAlz1xvQxWodcE2bZLdQ==,type:str] s3secret: ENC[AES256_GCM,data:lIVuiZMh376MSuu13UPCu49Q64bVbk+WM/CUEIGzV0Q=,iv:J2vHalppWEupWK07zXsMoiH6avmpsgg0Cqcc7EkZVV4=,tag:pxKwiaH5SZa8Vh71gLGQWw==,type:str] +jellyfin-pia: ENC[AES256_GCM,data:rbqpmm2EtxcMeJfjlGaJOwPCn4UAZaKsH8Zeztk7A6QiSw==,iv:8A6NHVHgKIL6iwLKgRrT6T3k0pgDI5lL5rDMN5/Egrw=,tag:P6Kh9cOnrB23Z7S72xBK7g==,type:str] vaultenv: ENC[AES256_GCM,data:oTMhUU23v0SFImzDNjfqo3wn26ghqHGfArQl+K9E3u3YI9qmwdN/Z0dpLvT7TI01cdEIwM8ToKAd2HueymTHMT0wXMNAWMFVNm5lUot6U9kV+Pwfq3W+c8MygqXL/QVeFCzUsEa4ZvAE647+2JIkcI95H8mIWfenL0wA5O+OLiEz1fFykMbGBvWm7GM5oFWU9RXo0d5BAIaqd7D5oL3tgi2EnrtnVMJ8USgYA+d3TNCEatHO8ARwtCRhC8FK+86RowBlwiylIySuJiMScvzstB8TWVps4wo7xK0lZ8PUicFI2q+N+Q7B3x1hUW0Z2f4pmxAwb8qRxXZtA7B99bBjAwSwh1A301LYMAKJqELNiNOZ9xjl5r12fAOqP3ujJ84eacNVmsKFpA5HxIfUQBlkoHYRXfkd+Z8wz9fhzr53PvWHblr4eS+jCpJzSP98uyou4FYfMXoYOT9kzNNHGsWAoxLxQusehIaHyicG6uVE53wEQw/r9xeJeg==,iv:anKhX3TVyEeatnB/qjlce3g7cifrX8QlBJ/9UzWUa8k=,tag:BDccovkJBW8q0URMLBxbcQ==,type:str] minioRoot: ENC[AES256_GCM,data:z6+VkyRjWRSh8pu5gO58RRyGXT+Lvl+AVr37A5nXh6aj+q6SevNL7wLf9Joao4xmjXexKVavOhs/9OSBJpmbq0R+MRI=,iv:vrow7hvrTacnMi7sFnsuXwMOHrvr6c8YUTYFUry4E4U=,tag:fWfiEvkuSiXHIFqWnLiMiQ==,type:str] restic: @@ -22,8 +23,8 @@ sops: RVUzMlFya3Z0amdTUTJ5YjFRck5kZzQKoWZzExqzPRpQPL4CdqBalc1/dYtjBH6J LGR0oImfOWlIJwcaJLv/fc470UvXHHwIji9v/pbV7xMkgMjlJthaYg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-08-22T13:45:33Z" - mac: ENC[AES256_GCM,data:uUQiV70p91N6PHd39n7ArKEhbeb43vSdrXYJ/MVKSZUG6bX3ilFhNOFkopKFMstprsVRsQyndGaSwWRViL9BKp9ejJ+VQj7d1EbapaSwp08tDIm4GC2EbGs6VuEJv0HcBoOOGrg6iO4+uM9IAVwp1rLaxkNNfWF1J3V6QUKPHJc=,iv:hdYgUbAjXo/XnXC2PanU8yeK5mxDs07osF7OgZ67mcE=,tag:m6MfHu11vBJHa4Np+PpxFw==,type:str] + lastmodified: "2023-12-06T18:23:17Z" + mac: ENC[AES256_GCM,data:WRuoG1B+DrhgL/KLUTmwiSOB58T52Ga6nA5K3LFOy4gu/hBCg85kndsVozJzY434PSY5w6Vposow4UvYQE/8xh8Y8lMlKZHZAMXxmnFvVdpL2bWe04qwBnAVXKj0Fru8sTNGPnRzDE6XETLdkRQyl//u5mFGDIDJeh1dV/VHUc0=,iv:W/VFGKabYdrNVY/GfNYMxTvdk/HO0Gh147t+xREU4+g=,tag:uLhXrb9V7wRx9EnaU7NWkQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1