job "qbittorrent" { # region = "global" datacenters = ["dc1"] type = "service" # priority = 50 constraint { attribute = "${attr.unique.hostname}" operator = "regexp" value = "odroid.*" // weight = 100 } affinity { attribute = "${attr.unique.hostname}" value = "odroid3" weight = 100 } constraint { attribute = "${attr.kernel.name}" value = "linux" } update { # Stagger updates every 60 seconds stagger = "90s" max_parallel = 1 healthy_deadline = "4m" health_check = "task_states" } group "qbittorrent" { count = 1 restart { attempts = 8 interval = "20m" delay = "10s" mode = "delay" } task "qbittorrent-vpn" { driver = "docker" lifecycle { hook = "prestart" sidecar = true } config { // image = "registry.service.dc1.consul:5000/openpyn:latest" // image = "qmcgaw/gluetun" image = "qmcgaw/gluetun" memory_hard_limit = "1024" ports = [ "shadowsocks", "http_proxy", "http_admin", "qbittorrent_51413", "qbittorrent_80", "socks" ] cap_add = [ "NET_ADMIN", "NET_BIND_SERVICE", ] #network_mode = "host" #network_mode = "vpn" volumes = [ "/etc/localtime:/etc/localtime", "/mnt/syncthing/mullvad:/vpn", ] devices = [ { host_path = "/dev/net/tun" container_path = "/dev/net/tun" }, ] } env { VPN_SERVICE_PROVIDER="airvpn" VPN_TYPE="wireguard" WIREGUARD_PRIVATE_KEY="EF39fCd2/ycBG88qrk0Wgzak4wDLwq9kxLpzNM2se0s=" WIREGUARD_PRESHARED_KEY="utk1Fqp8N1T20qwof6xGxIDPnrOO49tM6+nQBCBC9OY=" WIREGUARD_ADDRESSES="10.152.125.142/32" SERVER_COUNTRIES="Canada" SERVER_CITIES="Montreal" FIREWALL_VPN_INPUT_PORTS = "54547" FIREWALL_INPUT_PORTS="8080,1080" FIREWALL_DEBUG="on" HEALTH_TARGET_ADDRESS="1.1.1.1" HEALTH_SUCCESS_WAIT_DURATION="30s" // HEALTH_TARGET_ADDRESS="cloudflare.com:443" ##Mullvad #VPNSP = "mullvad" #VPN_TYPE = "wireguard" #COUNTRY = "Canada" #CITY = "Toronto" #FIREWALL_VPN_INPUT_PORTS = "56987" #WIREGUARD_PRIVATE_KEY = "iA64ImY2XNvml7s+HEHWNNGXeqpzFN0/KYGxhCsHLV8=" #WIREGUARD_ADDRESS = "10.64.141.217/32" HTTPPROXY = "on" SHADOWSOCKS_PASSWORD = "farscape5" SHADOWSOCKS = "on" DOT_PROVIDERS = "cloudflare,google,quad9,quadrant" DOT = "off" WEBUI_PORT=8081 } service { name = "qbittorrent" tags = ["global", "tools"] port = "qbittorrent_80" } service { name = "${TASKGROUP}-admin" tags = ["global"] port = "http_admin" } service { name = "sp" tags = ["global", "ovpn-openpyn", "enable_gocast", "gocast_vip=192.168.1.242/32", "gocast_nat=tcp:1080:1080", "gocast_nat=udp:1080:1080", ] port = "socks" } resources { cpu = 100 # 500 MHz memory = 250 # 128MB } } #task ovpn task "dante" { driver = "docker" config { image = "serjs/go-socks5-proxy" // image = "ghcr.io/sstent/dante-wg:latest" network_mode = "container:qbittorrent-vpn-${NOMAD_ALLOC_ID}" memory_hard_limit = 256 devices = [ { host_path = "/dev/net/tun" container_path = "/dev/net/tun" }, ] } env { REQUIRE_AUTH = "false" # Option 1: Disable auth # OR # REQUIRE_AUTH = "true" # Option 2: Enable auth with credentials # PROXY_USER = "your-username" # PROXY_PASSWORD = "your-password" } resources { cpu = 64 # 500 MHz memory = 128 # 128MB } } #end dante task "init" { driver = "docker" lifecycle { hook = "prestart" sidecar = false } config { memory_hard_limit = "2048" image = "ghcr.io/sstent/rsync" volumes = [ "/mnt/configs/${NOMAD_GROUP_NAME}:/config", "/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup", "/mnt/Public/config/locks:/locks" ] args = ["flock", "-x", "/locks/${NOMAD_GROUP_NAME}_rsync.lock", "rsync", "-av", "/configbackup/", "/config/", "--delete-before"] } resources { cpu = 20 # 500 MHz memory = 20 # 128MB } } task "finalsync" { driver = "docker" lifecycle { hook = "poststop" } config { memory_hard_limit = "2048" image = "ghcr.io/sstent/rsync" volumes = [ "/mnt/configs/${NOMAD_GROUP_NAME}:/config", "/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup", "/mnt/Public/config/locks:/locks" ] args = ["flock", "-x", "/locks/${NOMAD_GROUP_NAME}_rsync.lock", "rsync", "-av", "--delete", "/config/", "/configbackup/"] } resources { cpu = 20 # 500 MHz memory = 128 # 128MB } } task "sync" { driver = "docker" lifecycle { hook = "poststart" sidecar = true } config { memory_hard_limit = "2048" image = "ghcr.io/sstent/rsync" volumes = [ "/mnt/configs/:/configs", "/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup", ] args = ["client"] } env { CRON_TASK_1 = "25 8-20 * * * chmod a-w /configs/${NOMAD_GROUP_NAME}/ ; rsync -avz --delete /configs/${NOMAD_GROUP_NAME}/ /configbackup/; chmod a+w /configs/${NOMAD_GROUP_NAME}/;" } resources { cpu = 20 # 500 MHz memory = 20 # 128MB } } #end sync task "qbittorrent" { driver = "docker" // "/mnt/Public/config/qbittorrent:/config", config { // image = "lscr.io/linuxserver/qbittorrent:latest" image = "linuxserver/qbittorrent:4.6.5" network_mode = "container:qbittorrent-vpn-${NOMAD_ALLOC_ID}" memory_hard_limit = 2048 #cpuset_cpus = "4-7" volumes = [ "/mnt/Public/Downloads/news/qbittorrent:/downloads/", "/mnt/configs/qbittorrent:/config", "/mnt/Archive/seeding:/archiveseeding", "/mnt/odroid5:/odroid5", ] // ulimit { // nproc = "4242" // nofile = "2048:4096" // } sysctl = { "net.core.somaxconn" = "4096" } } env { TZ = "EST5EDT" PUID = 1000 PGID = 1000 WEBUI_PORT=8080 } service { name = "qb" tags = ["global", "ovpn-openpyn", "enable_gocast", "gocast_vip=192.168.1.244/32", "gocast_nat=tcp:8080:8080", "gocast_nat=udp:8080:8080" ] port = "qbittorrent_80" check { type = "script" name = "check_up" command = "/bin/bash" args = ["/local/qbithealth.sh"] interval = "120s" timeout = "10s" check_restart { limit = 10 grace = "120s" ignore_warnings = false } } } template { data = <