{ config, lib, ... }: let srv = config.server; cfg = config.server.podman; in { options.server.podman = { enable = lib.mkEnableOption "Enables Podman"; qbittorrent = { enable = lib.mkEnableOption "Enable qBittorrent"; url = lib.mkOption { type = lib.types.str; default = "qbt.${srv.domain}"; }; port = lib.mkOption { type = lib.types.int; default = 8080; description = "The port to host qBittorrent on."; }; homepage.name = lib.mkOption { type = lib.types.str; default = "qBittorrent"; }; homepage.description = lib.mkOption { type = lib.types.str; default = "Torrent client"; }; homepage.icon = lib.mkOption { type = lib.types.str; default = "qbittorrent.svg"; }; homepage.category = lib.mkOption { type = lib.types.str; default = "Downloads"; }; }; pihole = { enable = lib.mkEnableOption { description = "Enable"; }; port = lib.mkOption { type = lib.types.int; default = 8053; description = "The port to host PiHole on."; }; url = lib.mkOption { type = lib.types.str; default = "pihole.${srv.domain}"; }; homepage.name = lib.mkOption { type = lib.types.str; default = "PiHole"; }; homepage.description = lib.mkOption { type = lib.types.str; default = "Adblocking and DNS service"; }; homepage.icon = lib.mkOption { type = lib.types.str; default = "pi-hole.svg"; }; homepage.category = lib.mkOption { type = lib.types.str; default = "Services"; }; }; }; config = lib.mkIf cfg.enable { virtualisation = { containers.enable = true; podman.enable = true; }; networking.firewall = lib.mkIf cfg.pihole.enable { allowedTCPPorts = [53 5335]; allowedUDPPorts = [53 5335]; }; services.caddy.virtualHosts = lib.mkMerge [ (lib.mkIf cfg.qbittorent.enable { "${cfg.qbittorrent.url}" = { useACMEHost = srv.domain; extraConfig = '' reverse_proxy http://127.0.0.1:${toString cfg.qbittorrent.port} ''; }; }) (lib.mkIf cfg.pihole.enable { "${cfg.pihole.url}" = { useACMEHost = srv.domain; extraConfig = '' reverse_proxy http://127.0.0.1:${toString cfg.pihole.port} ''; }; }) ]; virtualisation.oci-containers.containers = lib.mkMerge [ (lib.mkIf cfg.qbittorrent.enable { qbittorrent = { image = "ghcr.io/hotio/qbittorrent:latest"; autoStart = true; dependsOn = ["gluetun"]; ports = [ "8080:8080" "58846:58846" ]; extraOptions = [ "--network=container:gluetun" ]; volumes = [ "/var/lib/qbittorrent:/config:rw" "/share/downloads:/downloads:rw" ]; environmentFiles = [ config.age.secrets.gluetunEnv.path ]; environment = { PUID = "994"; PGID = "993"; TZ = "Europe/Stockholm"; WEBUI_PORT = "${builtins.toString cfg.qbittorrent.port}"; }; }; gluetun = { image = "qmcgaw/gluetun"; ports = [ "8388:8388" "58846:58846" "8080:8080" ]; devices = ["/dev/net/tun:/dev/net/tun"]; autoStart = true; extraOptions = [ "--cap-add=NET_ADMIN" ]; volumes = ["/var:/gluetun"]; environmentFiles = [ config.age.secrets.gluetunEnv.path ]; environment = { DEV_MODE = "false"; VPN_SERVICE_PROVIDER = "mullvad"; VPN_TYPE = "wireguard"; SERVER_CITIES = "Stockholm"; }; }; }) (lib.mkIf cfg.pihole.enable { pihole = { autoStart = true; image = "pihole/pihole:latest"; volumes = [ "/var/lib/pihole:/etc/pihole/" "/var/lib/dnsmasq.d:/etc/dnsmasq.d/" ]; environment = { TZ = "Europe/Stockholm"; CUSTOM_CACHE_SIZE = "0"; # PIHOLE_DNS_ = "10.88.0.1#5335"; # DNSSEC = "false"; # REV_SERVER = "true"; WEBTHEME = "default-darker"; }; environmentFiles = [config.age.secrets.pihole.path]; ports = [ "53:53/tcp" "53:53/udp" "8053:80/tcp" ]; extraOptions = [ "--cap-add=NET_ADMIN" "--cap-add=SYS_NICE" "--cap-add=SYS_TIME" ]; }; }) ]; }; }