From 0a6b0bd7c780060f11aac8aa67ed5398c6911e9a Mon Sep 17 00:00:00 2001
From: mat ess <mat@mat.services>
Date: Fri, 28 Jul 2023 22:08:34 -0400
Subject: [PATCH] Homelab TLS domain variable, set externally configured
 services, deluge->transmission

---
 compose.libsonnet | 14 ++++++++---
 services.jsonnet  | 60 ++++++++++++++++++++++++++++++++++-------------
 2 files changed, 55 insertions(+), 19 deletions(-)

diff --git a/compose.libsonnet b/compose.libsonnet
index 2c1fe0d..eeb0095 100644
--- a/compose.libsonnet
+++ b/compose.libsonnet
@@ -13,11 +13,12 @@ local toList(fmt) = function(object) std.objectValues(std.mapWithKey(formatHelpe
 local toLabels = toList('%s=%s');
 local toVolumes = toList('%s:%s');
 
+local homelabDomain = '0w0.casa';
 local traefikLabels(name, host, port, extras) = toLabels({
   'traefik.enable': 'true',
   ['traefik.http.routers.%s.rule' % name]: 'Host(`%s.mat`)' % host,
   ['traefik.http.routers.%s.entrypoints' % name]: 'web',
-  ['traefik.http.routers.%s-tls.rule' % name]: 'Host(`%s.home.mat.services`)' % host,
+  ['traefik.http.routers.%s-tls.rule' % name]: 'Host(`%s.%s`)' % [host, homelabDomain],
   ['traefik.http.routers.%s-tls.entrypoints' % name]: 'web-tls',
   'traefik.docker.network': 'traefik',
 } + extras + if port == null then {} else {
@@ -57,6 +58,11 @@ local extractVolumes(cfg) = {
   ])
 };
 
+local mediaVolumes(name, external) = 
+  local volume = if external then 'media_%s_config' else '%s_config';
+  {
+    [volume % name]: '/config',
+  };
 local mediaMounts(mounts) = {
   ['/media/mat/%s' % path]: mounts[path]
   for path in std.objectFields(mounts)
@@ -77,12 +83,14 @@ local mediaMounts(mounts) = {
 
   MediaMounts:: mediaMounts,
 
-  MediaService(name, tag='latest', env={}, mounts={}, webPort=null, ports=[], extras={}):: {
+  MediaService(name, tag='latest', env={}, mounts={}, webPort=null, ports=[], extras={}, external=false):: {
     image: 'lscr.io/linuxserver/%s:%s' % [name, tag],
     environment: mediaEnv + env,
-    volumes: { ['media_%s_config' % name]: '/config' },
+    volumes: mediaVolumes(name, external),
     mounts:: mediaMounts(mounts),
     webPort:: webPort,
     ports: ports,
   } + extras,
+
+  HomelabDomain:: homelabDomain,
 }
diff --git a/services.jsonnet b/services.jsonnet
index 8422207..3d1f253 100644
--- a/services.jsonnet
+++ b/services.jsonnet
@@ -4,6 +4,7 @@ local Command = compose.Command;
 local Port = compose.Port;
 local MediaService = compose.MediaService;
 local MediaMounts = compose.MediaMounts;
+local HomelabDomain = compose.HomelabDomain;
 
 function(secrets={})
   Compose({
@@ -13,15 +14,19 @@ function(secrets={})
       devices: ['/dev/net/tun:/dev/net/tun'],
       environment: {
         TZ: 'America/New_York',
-        VPN_SERVICE_PROVIDER: 'custom',
-        VPN_TYPE: 'wireguard',
-        // VPN_PORT_FORWARDING: 'on',
+        // VPN_SERVICE_PROVIDER: 'custom',
+        // VPN_TYPE: 'wireguard',
         // VPN_PORT_FORWARDING_PROVIDER: 'protonvpn',
-        VPN_ENDPOINT_IP: std.get(secrets, 'VPN_ENDPOINT_IP'),
-        VPN_ENDPOINT_PORT: std.get(secrets, 'VPN_ENDPOINT_PORT'),
-        WIREGUARD_PUBLIC_KEY: std.get(secrets, 'WIREGUARD_PUBLIC_KEY'),
-        WIREGUARD_PRIVATE_KEY: std.get(secrets, 'WIREGUARD_PRIVATE_KEY'),
-        WIREGUARD_ADDRESSES: std.get(secrets, 'WIREGUARD_ADDRESSES'),
+        // VPN_ENDPOINT_IP: std.get(secrets, 'VPN_ENDPOINT_IP'),
+        // VPN_ENDPOINT_PORT: std.get(secrets, 'VPN_ENDPOINT_PORT'),
+        // WIREGUARD_PUBLIC_KEY: std.get(secrets, 'WIREGUARD_PUBLIC_KEY'),
+        // WIREGUARD_PRIVATE_KEY: std.get(secrets, 'WIREGUARD_PRIVATE_KEY'),
+        // WIREGUARD_ADDRESSES: std.get(secrets, 'WIREGUARD_ADDRESSES'),
+        VPN_SERVICE_PROVIDER: 'protonvpn',
+        VPN_PORT_FORWARDING: 'on',
+        OPENVPN_USER: std.get(secrets, 'OPENVPN_USER'),
+        OPENVPN_PASSWORD: std.get(secrets, 'OPENVPN_PASSWORD'),
+        SERVER_HOSTNAMES: 'node-ch-08.protonvpn.net',
       },
       ports: [
         // http proxy
@@ -29,6 +34,13 @@ function(secrets={})
         // shadowsocks proxy
         // Port(8388),
         // Port(8388, kind='udp'),
+        // app local ports
+        // deluge
+        // Port(58846),
+        // Port(58846, kind='udp'),
+        // transmission
+        Port(9091),
+        Port(9091, kind='udp'),
       ],
       webPort:: 8000,
       volumes: { gluetun_data: '/gluetun' },
@@ -36,14 +48,14 @@ function(secrets={})
     traefik: {
       image: 'traefik:latest',
       command: Command({
-        'log.level': 'ERROR',
+        'log.level': 'DEBUG',
         'api.insecure': 'true',
         'providers.docker': 'true',
         'providers.docker.exposedbydefault': 'false',
         'entrypoints.web.address': ':80',
         'entrypoints.web-tls.address': ':443',
-        'entrypoints.web-tls.http.tls.domains[0].main': 'home.mat.services',
-        'entrypoints.web-tls.http.tls.domains[0].sans': '*.home.mat.services',
+        'entrypoints.web-tls.http.tls.domains[0].main': HomelabDomain,
+        'entrypoints.web-tls.http.tls.domains[0].sans': '*.%s' % HomelabDomain,
         'entrypoints.web-tls.http.tls.certresolver': 'letsencrypt',
         'certificatesresolvers.letsencrypt.acme.dnschallenge': true,
         'certificatesresolvers.letsencrypt.acme.dnschallenge.provider': 'luadns',
@@ -58,7 +70,7 @@ function(secrets={})
       ],
       environment: {
         LUADNS_API_USERNAME: 'mat@mat.services',
-        LUADNS_API_TOKEN: std.get(secrets, 'LUADNS_API_TOKEN'),
+        LUADNS_API_TOKEN: std.get(secrets, 'LETSENCRYPT_DNS_PROVIDER_KEY'),
       },
       traefik:: {
         // 'traefik.http.routers.http-catchall.rule': 'hostregexp(`{host:.+}`)'
@@ -76,13 +88,25 @@ function(secrets={})
       // useful when traefik is having issues
       // ports: [Port(9443)],
     },
-    deluge: MediaService(
-      name='deluge',
-      env={ DELUGE_LOGLEVEL: 'error' },
+    transmission: MediaService(
+      name='transmission',
+      env={
+        USER: 'mat',
+        PASS: std.get(secrets, 'TRANSMISSION_PASS'),
+        PEERPORT: 55249,
+      },
       mounts={ torrents: '/downloads' },
-      webPort=8112,
+      webPort=9091,
       extras={ gluetun:: true },
     ),
+    // deluge: MediaService(
+    //   name='deluge',
+    //   env={ DELUGE_LOGLEVEL: 'error' },
+    //   mounts={ torrents: '/downloads' },
+    //   webPort=8112,
+    //   extras={ gluetun:: true },
+    //   external=true,
+    // ),
     prowlarr: MediaService(
       name='prowlarr',
       tag='develop',
@@ -93,6 +117,7 @@ function(secrets={})
         'passport-1tb': '/passport-1tb',
       },
       extras={ gluetun:: true },
+      external=true,
     ),
     bazarr: MediaService(
       name='bazarr',
@@ -102,6 +127,7 @@ function(secrets={})
         'passport-1tb': '/passport-1tb',
       },
       extras={ gluetun:: true },
+      external=true,
     ),
     radarr: MediaService(
       name='radarr',
@@ -112,6 +138,7 @@ function(secrets={})
         torrents: '/downloads',
       },
       extras={ gluetun:: true },
+      external=true,
     ),
     sonarr: MediaService(
       name='sonarr',
@@ -122,6 +149,7 @@ function(secrets={})
         torrents: '/downloads',
       },
       extras={ gluetun:: true },
+      external=true,
     ),
     plex: {
       image: 'plexinc/pms-docker',