76 lines
2 KiB
Nix
76 lines
2 KiB
Nix
{ ... }:
|
|
let
|
|
containerIp = "192.168.100.11";
|
|
in
|
|
{
|
|
networking = {
|
|
localCommands = ''
|
|
# Route outgoing traffic over mullvad
|
|
ip rule add from ${containerIp} table 1000 priority 1000
|
|
ip route add blackhole default table 1000 metric 999
|
|
|
|
ip rule add from ${containerIp} to 192.168.1.0/24 table main priority 999
|
|
'';
|
|
|
|
nat = {
|
|
extraCommands = ''
|
|
iptables -t nat -A POSTROUTING -s ${containerIp} -o mullvad -j MASQUERADE
|
|
|
|
iptables -A PREROUTING -t mangle -i mullvad -s 192.168.100.0/24 -j DROP
|
|
iptables -A PREROUTING -t mangle -i mullvad -s 192.168.1.0/24 -j DROP
|
|
'';
|
|
};
|
|
};
|
|
|
|
services.nginx.privateVirtualHosts."qbt.lan" = {
|
|
locations."/" = {
|
|
proxyPass = "http://192.168.100.11:8080";
|
|
};
|
|
};
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"d /data/torrent 0755 root root -"
|
|
];
|
|
|
|
containers.torrent = {
|
|
autoStart = true;
|
|
privateNetwork = true;
|
|
hostAddress = "192.168.100.10";
|
|
localAddress = containerIp;
|
|
|
|
bindMounts = {
|
|
"/var/lib/qBittorrent/qBittorrent/downloads" = {
|
|
hostPath = "/data/torrent";
|
|
isReadOnly = false;
|
|
};
|
|
};
|
|
|
|
config =
|
|
{ ... }:
|
|
{
|
|
boot.isContainer = true;
|
|
# networking.nameservers = [ "10.64.0.1" ];
|
|
environment.etc."resolv.conf".text = ''
|
|
nameserver 10.64.0.1
|
|
options edns0 trust-ad
|
|
'';
|
|
services.resolved.enable = false;
|
|
networking.resolvconf.enable = false;
|
|
services.qbittorrent = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
serverConfig = {
|
|
LegalNotice.Accepted = true;
|
|
Preferences = {
|
|
General.Locale = "en";
|
|
WebUI = {
|
|
Username = "admin";
|
|
Password_PBKDF2 = "nNQGvR+niYyKVaT5SQ+Kpw==:0lzflYcsj6d3p5B50ceOS9tZBbxnlkdY5hkK5Ki8ZE4zMI8ZfyJYfWDThjCOULPFNPkUnOWGKhnSPaOibzaNGw==";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
system.stateVersion = "25.04";
|
|
};
|
|
};
|
|
}
|