refactor: move to Debian on truenas scale

roles/arrstack/templates/custom-init/setup-wg.sh.j2

@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+apk add --no-cache wireguard-tools-wg
+
+local_gateway=$(ip route | grep default | awk '{print $3}')
+# This used as the gateway address for NAT-PMP to work properly
+wg_gateway="{{ wg_dns }}"
+wg_peer_address=$(echo "{{ wg_peer_endpoint }}" | cut -d: -f1)
+
+ip route add "$wg_peer_address" via "$local_gateway"
+ip link add wg0 type wireguard
+wg setconf wg0 /etc/wireguard/wg0.conf
+ip address add dev wg0 "{{ wg_address }}"
+ip link set wg0 up
+ip route add "$wg_gateway" dev wg0
+ip route del default
+ip route add default via "$wg_gateway"
+
+# Note that the DNS isn't changed, so there's actually a leak there
+# That's on purpose, just in case I want to access local jackett from qbit
+
+# Finally, optionally allow access to the home network
+# ip route add "\{\{ home_network }}" via "$local_gateway"

roles/arrstack/templates/docker-compose.yml.j2

@@ -0,0 +1,82 @@
+version: "3.7"
+
+networks:
+  default:
+  traefik_traefik:
+    external: true
+
+services:
+  qbittorrent:
+    image: linuxserver/qbittorrent:latest
+    container_name: qbittorrent
+    cap_add:
+      - NET_ADMIN
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.qbittorrent.rule=Host(`qbit.{{ domain }}`)
+      - traefik.http.services.qbittorrent.loadbalancer.server.port=8080
+    restart: unless-stopped
+    networks:
+      - default
+      - traefik_traefik
+    volumes:
+      - ./wireguard:/etc/wireguard:ro
+      - ./custom-init:/custom-cont-init.d:ro
+      - {{ base_volume_path }}/arrstack/config/qbittorrent:/config
+      - {{ base_volume_path }}/arrstack/downloads:/downloads
+      - {{ media_volume_path }}/Plex:/media/Plex
+      - {{ media_volume_path }}/iso-img:/media/iso-img
+
+  jackett:
+    image: linuxserver/jackett:latest
+    container_name: jackett
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.jackett.rule=Host(`jackett.{{ domain }}`)
+      - traefik.http.services.jackett.loadbalancer.server.port=9117
+    restart: unless-stopped
+    networks:
+      - default
+      - traefik_traefik
+    volumes:
+      - {{ base_volume_path }}/arrstack/config/jackett:/config
+      - {{ base_volume_path }}/arrstack/downloads:/downloads
+      - {{ media_volume_path }}/Plex:/media/Plex
+
+  sonarr:
+    image: linuxserver/sonarr:latest
+    container_name: sonarr
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.sonarr.rule=Host(`sonarr.{{ domain }}`)
+      - traefik.http.services.sonarr.loadbalancer.server.port=8989
+    restart: unless-stopped
+    depends_on:
+      - qbittorrent
+      - jackett
+    networks:
+      - default
+      - traefik_traefik
+    volumes:
+      - {{ base_volume_path }}/arrstack/config/sonarr:/config
+      - {{ base_volume_path }}/arrstack/downloads:/downloads
+      - {{ media_volume_path }}/Plex:/media/Plex
+
+  radarr:
+    image: linuxserver/radarr:latest
+    container_name: radarr
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.radarr.rule=Host(`radarr.{{ domain }}`)
+      - traefik.http.services.radarr.loadbalancer.server.port=7878
+    restart: unless-stopped
+    depends_on:
+      - qbittorrent
+      - jackett
+    networks:
+      - default
+      - traefik_traefik
+    volumes:
+      - {{ base_volume_path }}/arrstack/config/radarr:/config
+      - {{ base_volume_path }}/arrstack/downloads:/downloads
+      - {{ media_volume_path }}/Plex:/media/Plex

roles/arrstack/templates/wireguard/wg0.conf.j2

@@ -0,0 +1,11 @@
+# Stripped version of the wg config
+
+[Interface]
+PrivateKey = {{ wg_privkey }}
+# Address = {{ wg_address }}
+# DNS = {{ wg_dns }} # This is also used as the gateway address for NAT-PMP to work properly
+
+[Peer]
+PublicKey = {{ wg_peer_pubkey }}
+AllowedIPs = 0.0.0.0/0
+Endpoint = {{ wg_peer_endpoint }}