364 lines
8.5 KiB
HCL
364 lines
8.5 KiB
HCL
job "qbittorrent" {
|
|
# region = "global"
|
|
datacenters = ["dc1"]
|
|
type = "service"
|
|
|
|
# priority = 50
|
|
constraint {
|
|
attribute = "${attr.unique.hostname}"
|
|
operator = "regexp"
|
|
value = "odroid.*"
|
|
// weight = 100
|
|
}
|
|
affinity {
|
|
attribute = "${attr.unique.hostname}"
|
|
value = "odroid3"
|
|
weight = 100
|
|
}
|
|
constraint {
|
|
attribute = "${attr.kernel.name}"
|
|
value = "linux"
|
|
}
|
|
|
|
update {
|
|
# Stagger updates every 60 seconds
|
|
stagger = "90s"
|
|
max_parallel = 1
|
|
healthy_deadline = "4m"
|
|
health_check = "task_states"
|
|
|
|
}
|
|
|
|
group "qbittorrent" {
|
|
count = 1
|
|
|
|
restart {
|
|
attempts = 8
|
|
interval = "20m"
|
|
delay = "10s"
|
|
mode = "delay"
|
|
}
|
|
|
|
task "qbittorrent-vpn" {
|
|
driver = "docker"
|
|
lifecycle {
|
|
hook = "prestart"
|
|
sidecar = true
|
|
}
|
|
|
|
config {
|
|
// image = "registry.service.dc1.consul:5000/openpyn:latest"
|
|
// image = "qmcgaw/gluetun"
|
|
image = "qmcgaw/gluetun"
|
|
|
|
memory_hard_limit = "1024"
|
|
ports = [
|
|
"shadowsocks",
|
|
"http_proxy",
|
|
"http_admin",
|
|
"qbittorrent_51413",
|
|
"qbittorrent_80",
|
|
"socks"
|
|
]
|
|
|
|
cap_add = [
|
|
"NET_ADMIN",
|
|
"NET_BIND_SERVICE",
|
|
]
|
|
|
|
#network_mode = "host"
|
|
#network_mode = "vpn"
|
|
|
|
volumes = [
|
|
"/etc/localtime:/etc/localtime",
|
|
"/mnt/syncthing/mullvad:/vpn",
|
|
|
|
]
|
|
devices = [
|
|
{
|
|
host_path = "/dev/net/tun"
|
|
container_path = "/dev/net/tun"
|
|
},
|
|
]
|
|
}
|
|
|
|
env {
|
|
VPN_SERVICE_PROVIDER="airvpn"
|
|
VPN_TYPE="wireguard"
|
|
WIREGUARD_PRIVATE_KEY="EF39fCd2/ycBG88qrk0Wgzak4wDLwq9kxLpzNM2se0s="
|
|
WIREGUARD_PRESHARED_KEY="utk1Fqp8N1T20qwof6xGxIDPnrOO49tM6+nQBCBC9OY="
|
|
WIREGUARD_ADDRESSES="10.152.125.142/32"
|
|
SERVER_COUNTRIES="Canada"
|
|
SERVER_CITIES="Montreal"
|
|
FIREWALL_VPN_INPUT_PORTS = "54547"
|
|
FIREWALL_INPUT_PORTS="8080,1080"
|
|
FIREWALL_DEBUG="on"
|
|
HEALTH_TARGET_ADDRESS="1.1.1.1"
|
|
HEALTH_SUCCESS_WAIT_DURATION="30s"
|
|
// HEALTH_TARGET_ADDRESS="cloudflare.com:443"
|
|
|
|
|
|
##Mullvad
|
|
#VPNSP = "mullvad"
|
|
#VPN_TYPE = "wireguard"
|
|
#COUNTRY = "Canada"
|
|
#CITY = "Toronto"
|
|
#FIREWALL_VPN_INPUT_PORTS = "56987"
|
|
#WIREGUARD_PRIVATE_KEY = "iA64ImY2XNvml7s+HEHWNNGXeqpzFN0/KYGxhCsHLV8="
|
|
#WIREGUARD_ADDRESS = "10.64.141.217/32"
|
|
HTTPPROXY = "on"
|
|
SHADOWSOCKS_PASSWORD = "farscape5"
|
|
SHADOWSOCKS = "on"
|
|
DOT_PROVIDERS = "cloudflare,google,quad9,quadrant"
|
|
DOT = "off"
|
|
WEBUI_PORT=8081
|
|
}
|
|
|
|
service {
|
|
name = "qbittorrent"
|
|
tags = ["global", "tools"]
|
|
port = "qbittorrent_80"
|
|
}
|
|
|
|
service {
|
|
name = "${TASKGROUP}-admin"
|
|
tags = ["global"]
|
|
port = "http_admin"
|
|
}
|
|
service {
|
|
name = "sp"
|
|
tags = ["global", "ovpn-openpyn",
|
|
"enable_gocast",
|
|
"gocast_vip=192.168.1.242/32",
|
|
"gocast_nat=tcp:1080:1080",
|
|
"gocast_nat=udp:1080:1080",
|
|
]
|
|
port = "socks"
|
|
}
|
|
|
|
resources {
|
|
cpu = 100 # 500 MHz
|
|
memory = 250 # 128MB
|
|
}
|
|
} #task ovpn
|
|
|
|
task "dante" {
|
|
driver = "docker"
|
|
|
|
config {
|
|
image = "serjs/go-socks5-proxy"
|
|
// image = "ghcr.io/sstent/dante-wg:latest"
|
|
network_mode = "container:qbittorrent-vpn-${NOMAD_ALLOC_ID}"
|
|
memory_hard_limit = 256
|
|
|
|
devices = [
|
|
{
|
|
host_path = "/dev/net/tun"
|
|
container_path = "/dev/net/tun"
|
|
},
|
|
]
|
|
}
|
|
|
|
env {
|
|
REQUIRE_AUTH = "false" # Option 1: Disable auth
|
|
# OR
|
|
# REQUIRE_AUTH = "true" # Option 2: Enable auth with credentials
|
|
# PROXY_USER = "your-username"
|
|
# PROXY_PASSWORD = "your-password"
|
|
}
|
|
resources {
|
|
cpu = 64 # 500 MHz
|
|
memory = 128 # 128MB
|
|
}
|
|
} #end dante
|
|
|
|
|
|
task "init" {
|
|
driver = "docker"
|
|
lifecycle {
|
|
hook = "prestart"
|
|
sidecar = false
|
|
}
|
|
config {
|
|
memory_hard_limit = "2048"
|
|
|
|
image = "ghcr.io/sstent/rsync"
|
|
volumes = [
|
|
"/mnt/configs/${NOMAD_GROUP_NAME}:/config",
|
|
"/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup",
|
|
"/mnt/Public/config/locks:/locks"
|
|
]
|
|
|
|
args = ["flock", "-x", "/locks/${NOMAD_GROUP_NAME}_rsync.lock", "rsync", "-av", "/configbackup/", "/config/", "--delete-before"]
|
|
}
|
|
resources {
|
|
cpu = 20 # 500 MHz
|
|
memory = 20 # 128MB
|
|
}
|
|
}
|
|
|
|
|
|
task "finalsync" {
|
|
driver = "docker"
|
|
lifecycle {
|
|
hook = "poststop"
|
|
}
|
|
config {
|
|
memory_hard_limit = "2048"
|
|
|
|
image = "ghcr.io/sstent/rsync"
|
|
volumes = [
|
|
"/mnt/configs/${NOMAD_GROUP_NAME}:/config",
|
|
"/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup",
|
|
"/mnt/Public/config/locks:/locks"
|
|
]
|
|
|
|
args = ["flock", "-x", "/locks/${NOMAD_GROUP_NAME}_rsync.lock", "rsync", "-av", "--delete", "/config/", "/configbackup/"]
|
|
}
|
|
resources {
|
|
cpu = 20 # 500 MHz
|
|
memory = 128 # 128MB
|
|
}
|
|
}
|
|
|
|
|
|
task "sync" {
|
|
driver = "docker"
|
|
lifecycle {
|
|
hook = "poststart"
|
|
sidecar = true
|
|
}
|
|
config {
|
|
memory_hard_limit = "2048"
|
|
|
|
image = "ghcr.io/sstent/rsync"
|
|
volumes = [
|
|
"/mnt/configs/:/configs",
|
|
"/mnt/Public/config/${NOMAD_GROUP_NAME}:/configbackup",
|
|
]
|
|
args = ["client"]
|
|
}
|
|
env {
|
|
CRON_TASK_1 = "25 8-20 * * * chmod a-w /configs/${NOMAD_GROUP_NAME}/ ; rsync -avz --delete /configs/${NOMAD_GROUP_NAME}/ /configbackup/; chmod a+w /configs/${NOMAD_GROUP_NAME}/;"
|
|
|
|
}
|
|
resources {
|
|
cpu = 20 # 500 MHz
|
|
memory = 20 # 128MB
|
|
}
|
|
} #end sync
|
|
|
|
|
|
task "qbittorrent" {
|
|
driver = "docker"
|
|
|
|
// "/mnt/Public/config/qbittorrent:/config",
|
|
config {
|
|
// image = "lscr.io/linuxserver/qbittorrent:latest"
|
|
image = "linuxserver/qbittorrent:4.6.5"
|
|
network_mode = "container:qbittorrent-vpn-${NOMAD_ALLOC_ID}"
|
|
memory_hard_limit = 2048
|
|
|
|
#cpuset_cpus = "4-7"
|
|
|
|
volumes = [
|
|
"/mnt/Public/Downloads/news/qbittorrent:/downloads/",
|
|
"/mnt/configs/qbittorrent:/config",
|
|
"/mnt/Archive/seeding:/archiveseeding",
|
|
"/mnt/odroid5:/odroid5",
|
|
]
|
|
// ulimit {
|
|
// nproc = "4242"
|
|
// nofile = "2048:4096"
|
|
// }
|
|
sysctl = {
|
|
"net.core.somaxconn" = "4096"
|
|
}
|
|
}
|
|
env {
|
|
TZ = "EST5EDT"
|
|
PUID = 1000
|
|
PGID = 1000
|
|
WEBUI_PORT=8080
|
|
}
|
|
service {
|
|
name = "qb"
|
|
tags = ["global", "ovpn-openpyn",
|
|
"enable_gocast",
|
|
"gocast_vip=192.168.1.244/32",
|
|
"gocast_nat=tcp:8080:8080",
|
|
"gocast_nat=udp:8080:8080"
|
|
]
|
|
port = "qbittorrent_80"
|
|
|
|
check {
|
|
type = "script"
|
|
name = "check_up"
|
|
command = "/bin/bash"
|
|
args = ["/local/qbithealth.sh"]
|
|
interval = "120s"
|
|
timeout = "10s"
|
|
|
|
check_restart {
|
|
limit = 10
|
|
grace = "120s"
|
|
ignore_warnings = false
|
|
}
|
|
}
|
|
}
|
|
|
|
template {
|
|
data = <<EOH
|
|
#!/bin/bash
|
|
curl -sL http://127.0.0.1:8080/api/v2/transfer/info | grep connected || exit;
|
|
EOH
|
|
|
|
destination = "local/qbithealth.sh"
|
|
change_mode = "noop"
|
|
perms = "0777"
|
|
}
|
|
|
|
resources {
|
|
cpu = 128 # 500 MHz
|
|
memory = 256 # 128MB
|
|
}
|
|
} #task resilio-sync
|
|
|
|
network {
|
|
// mode = "bridge"
|
|
port "qbittorrent_51413" {
|
|
static = 6881
|
|
to = 6881
|
|
}
|
|
|
|
port "shadowsocks" {
|
|
static = "8388"
|
|
to = "8388"
|
|
}
|
|
port "socks" {
|
|
static = "1080"
|
|
to = "1080"
|
|
}
|
|
|
|
port "http_proxy" {
|
|
static = "8888"
|
|
to = "8888"
|
|
}
|
|
port "http_admin" {
|
|
static = "8000"
|
|
to = "8000"
|
|
}
|
|
|
|
|
|
port "qbittorrent_80" {
|
|
static = 8080
|
|
to = 8080
|
|
}
|
|
|
|
}
|
|
} #group "au-proxy"
|
|
}
|
|
|
|
// }
|
|
|