Syzygial/NixMachines
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix Many PIA/Wireguard

Browse Source 
It logs out every restart

Token needs to regen

The linuxserver/wiregard contianer stopped working

So, we switch to a dedicated container for this, and also changed username and passwd becase.., well those also stopped working
This commit is contained in:
David Crompton
2023-12-06 13:28:49 -05:00
parent 5092943641
commit 4713c05ca4
2 changed files with 13 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
machines/hippocampus/oci/jelly.nix
View File

@@ -1,8 +1,4 @@
{ config, pkgs, ...}: { config, pkgs, ...}: {
let
in
{
imports = [ imports = [
../modules/pods.nix ../modules/pods.nix
]; ];
@@ -15,16 +11,17 @@ in
dataDir = "/jelly/data"; dataDir = "/jelly/data";
configDir = "/jelly/conf"; configDir = "/jelly/conf";
in { in {
sops.secrets.jellyfin-pia = {};
virtualisation.oci-containers = let virtualisation.oci-containers = let
cnt = config.virtualisation.oci-containers.containers; cnt = config.virtualisation.oci-containers.containers;
getPorts = l: builtins.concatMap (c: cnt."${c}".ports) l; getPorts = l: builtins.concatMap (c: cnt."${c}".ports) l;
in { in {
containers = { containers = {
wireguard = { wireguard = {
image = "linuxserver/wireguard:latest"; image = "thrnz/docker-wireguard-pia";
volumes = [ volumes = [
"${configDir}/wireguard:/config" # "${configDir}/wireguard:/config"
"${configDir}/wireguard_pia:/opt" "${configDir}/wireguard_pia:/pia"
]; ];
ports = getPorts [ ports = getPorts [
"deluge" "deluge"
@@ -37,22 +34,18 @@ in
]; ];
environment = { environment = {
TZ = "America/Toronto"; TZ = "America/Toronto";
PIA_USER = "p5062257"; LOC = "ca";
PIA_PASS = "HEqwg9CvQB";
AUTOCONNECT = "true";
PIA_PF = "false";
DISABLE_IPV6 = "yes";
PIA_DNS = "true";
VPN_PROTOCOL = "wireguard";
}; };
extraOptions = [ extraOptions = [
"--cap-add=ALL" "--cap-add=ALL"
"--pull=newer" "--pull=newer"
"--dns=1.1.1.1" "--dns=1.1.1.1"
"--env-file=${config.sops.secrets.jellyfin-pia.path}"
"--sysctl=net.ipv4.conf.all.src_valid_mark=1" "--sysctl=net.ipv4.conf.all.src_valid_mark=1"
"--sysctl=net.ipv6.conf.lo.disable_ipv6=1" "--sysctl=net.ipv6.conf.lo.disable_ipv6=1"
"--sysctl=net.ipv6.conf.all.disable_ipv6=1" "--sysctl=net.ipv6.conf.all.disable_ipv6=1"
"--sysctl=net.ipv6.conf.default.disable_ipv6=1" ]; "--sysctl=net.ipv6.conf.default.disable_ipv6=1"
];
}; };
deluge = { deluge = {

7
machines/hippocampus/secrets/pass.yaml
View File

@@ -1,6 +1,7 @@
nextcloud: nextcloud:
adminPass: ENC[AES256_GCM,data:D2SAD/Somvw8abIm0KX4fWRfuQ==,iv:Y7K14yZZFcu97KVBd0219hwnGY4LEX2DNxxulSegr/8=,tag:aRJAlz1xvQxWodcE2bZLdQ==,type:str] adminPass: ENC[AES256_GCM,data:D2SAD/Somvw8abIm0KX4fWRfuQ==,iv:Y7K14yZZFcu97KVBd0219hwnGY4LEX2DNxxulSegr/8=,tag:aRJAlz1xvQxWodcE2bZLdQ==,type:str]
s3secret: ENC[AES256_GCM,data:lIVuiZMh376MSuu13UPCu49Q64bVbk+WM/CUEIGzV0Q=,iv:J2vHalppWEupWK07zXsMoiH6avmpsgg0Cqcc7EkZVV4=,tag:pxKwiaH5SZa8Vh71gLGQWw==,type:str] s3secret: ENC[AES256_GCM,data:lIVuiZMh376MSuu13UPCu49Q64bVbk+WM/CUEIGzV0Q=,iv:J2vHalppWEupWK07zXsMoiH6avmpsgg0Cqcc7EkZVV4=,tag:pxKwiaH5SZa8Vh71gLGQWw==,type:str]
jellyfin-pia: ENC[AES256_GCM,data:rbqpmm2EtxcMeJfjlGaJOwPCn4UAZaKsH8Zeztk7A6QiSw==,iv:8A6NHVHgKIL6iwLKgRrT6T3k0pgDI5lL5rDMN5/Egrw=,tag:P6Kh9cOnrB23Z7S72xBK7g==,type:str]
vaultenv: ENC[AES256_GCM,data:oTMhUU23v0SFImzDNjfqo3wn26ghqHGfArQl+K9E3u3YI9qmwdN/Z0dpLvT7TI01cdEIwM8ToKAd2HueymTHMT0wXMNAWMFVNm5lUot6U9kV+Pwfq3W+c8MygqXL/QVeFCzUsEa4ZvAE647+2JIkcI95H8mIWfenL0wA5O+OLiEz1fFykMbGBvWm7GM5oFWU9RXo0d5BAIaqd7D5oL3tgi2EnrtnVMJ8USgYA+d3TNCEatHO8ARwtCRhC8FK+86RowBlwiylIySuJiMScvzstB8TWVps4wo7xK0lZ8PUicFI2q+N+Q7B3x1hUW0Z2f4pmxAwb8qRxXZtA7B99bBjAwSwh1A301LYMAKJqELNiNOZ9xjl5r12fAOqP3ujJ84eacNVmsKFpA5HxIfUQBlkoHYRXfkd+Z8wz9fhzr53PvWHblr4eS+jCpJzSP98uyou4FYfMXoYOT9kzNNHGsWAoxLxQusehIaHyicG6uVE53wEQw/r9xeJeg==,iv:anKhX3TVyEeatnB/qjlce3g7cifrX8QlBJ/9UzWUa8k=,tag:BDccovkJBW8q0URMLBxbcQ==,type:str] vaultenv: ENC[AES256_GCM,data:oTMhUU23v0SFImzDNjfqo3wn26ghqHGfArQl+K9E3u3YI9qmwdN/Z0dpLvT7TI01cdEIwM8ToKAd2HueymTHMT0wXMNAWMFVNm5lUot6U9kV+Pwfq3W+c8MygqXL/QVeFCzUsEa4ZvAE647+2JIkcI95H8mIWfenL0wA5O+OLiEz1fFykMbGBvWm7GM5oFWU9RXo0d5BAIaqd7D5oL3tgi2EnrtnVMJ8USgYA+d3TNCEatHO8ARwtCRhC8FK+86RowBlwiylIySuJiMScvzstB8TWVps4wo7xK0lZ8PUicFI2q+N+Q7B3x1hUW0Z2f4pmxAwb8qRxXZtA7B99bBjAwSwh1A301LYMAKJqELNiNOZ9xjl5r12fAOqP3ujJ84eacNVmsKFpA5HxIfUQBlkoHYRXfkd+Z8wz9fhzr53PvWHblr4eS+jCpJzSP98uyou4FYfMXoYOT9kzNNHGsWAoxLxQusehIaHyicG6uVE53wEQw/r9xeJeg==,iv:anKhX3TVyEeatnB/qjlce3g7cifrX8QlBJ/9UzWUa8k=,tag:BDccovkJBW8q0URMLBxbcQ==,type:str]
minioRoot: ENC[AES256_GCM,data:z6+VkyRjWRSh8pu5gO58RRyGXT+Lvl+AVr37A5nXh6aj+q6SevNL7wLf9Joao4xmjXexKVavOhs/9OSBJpmbq0R+MRI=,iv:vrow7hvrTacnMi7sFnsuXwMOHrvr6c8YUTYFUry4E4U=,tag:fWfiEvkuSiXHIFqWnLiMiQ==,type:str] minioRoot: ENC[AES256_GCM,data:z6+VkyRjWRSh8pu5gO58RRyGXT+Lvl+AVr37A5nXh6aj+q6SevNL7wLf9Joao4xmjXexKVavOhs/9OSBJpmbq0R+MRI=,iv:vrow7hvrTacnMi7sFnsuXwMOHrvr6c8YUTYFUry4E4U=,tag:fWfiEvkuSiXHIFqWnLiMiQ==,type:str]
restic: restic:
@@ -22,8 +23,8 @@ sops:
RVUzMlFya3Z0amdTUTJ5YjFRck5kZzQKoWZzExqzPRpQPL4CdqBalc1/dYtjBH6J RVUzMlFya3Z0amdTUTJ5YjFRck5kZzQKoWZzExqzPRpQPL4CdqBalc1/dYtjBH6J
LGR0oImfOWlIJwcaJLv/fc470UvXHHwIji9v/pbV7xMkgMjlJthaYg== LGR0oImfOWlIJwcaJLv/fc470UvXHHwIji9v/pbV7xMkgMjlJthaYg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-08-22T13:45:33Z" lastmodified: "2023-12-06T18:23:17Z"
mac: ENC[AES256_GCM,data:uUQiV70p91N6PHd39n7ArKEhbeb43vSdrXYJ/MVKSZUG6bX3ilFhNOFkopKFMstprsVRsQyndGaSwWRViL9BKp9ejJ+VQj7d1EbapaSwp08tDIm4GC2EbGs6VuEJv0HcBoOOGrg6iO4+uM9IAVwp1rLaxkNNfWF1J3V6QUKPHJc=,iv:hdYgUbAjXo/XnXC2PanU8yeK5mxDs07osF7OgZ67mcE=,tag:m6MfHu11vBJHa4Np+PpxFw==,type:str] mac: ENC[AES256_GCM,data:WRuoG1B+DrhgL/KLUTmwiSOB58T52Ga6nA5K3LFOy4gu/hBCg85kndsVozJzY434PSY5w6Vposow4UvYQE/8xh8Y8lMlKZHZAMXxmnFvVdpL2bWe04qwBnAVXKj0Fru8sTNGPnRzDE6XETLdkRQyl//u5mFGDIDJeh1dV/VHUc0=,iv:W/VFGKabYdrNVY/GfNYMxTvdk/HO0Gh147t+xREU4+g=,tag:uLhXrb9V7wRx9EnaU7NWkQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.8.1