modules/qbittorrent.nix at main · yemou.pink/nix-configs

yemou.pink / nix-configs
Nix configurations for my homelab
nix-configs / modules / qbittorrent.nix
at main 3.1 kB view raw
  1{
  2  config,
  3  lib,
  4  pkgs,
  5  ...
  6}:
  7{
  8  environment.persistence."/data/persistent".directories = [
  9    {
 10      directory = "/var/lib/qBittorrent";
 11      mode = "0700";
 12      user = "qbittorrent";
 13      group = "qbittorrent";
 14    }
 15  ];
 16
 17  networking.firewall.interfaces.${config.services.netbird.clients.homelab.interface}.allowedTCPPorts = lib.mkIf (
 18    config.networking.hostName == "lily"
 19  ) [ 8082 ];
 20
 21  users = {
 22    users.qbittorrent = {
 23      group = "qbittorrent";
 24      isSystemUser = true;
 25      uid = 998;
 26    };
 27    groups.qbittorrent.gid = 998;
 28  };
 29
 30  containers.vpn = {
 31    bindMounts = {
 32      torrents = {
 33        hostPath = "/data/torrents";
 34        mountPoint = "/torrents";
 35        isReadOnly = false;
 36      };
 37      qbittorrent = {
 38        hostPath = "/var/lib/qBittorrent";
 39        mountPoint = "/var/lib/qBittorrent";
 40        isReadOnly = false;
 41      };
 42    };
 43    forwardPorts = lib.mkIf (config.networking.hostName == "lily") [
 44      {
 45        hostPort = 8082;
 46        containerPort = 8082;
 47      }
 48    ];
 49  };
 50
 51  garden.container.vpn.config = [
 52    {
 53      networking.firewall.allowedTCPPorts = [ 8082 ];
 54
 55      systemd.services.protonvpn-qbittorrent-natpmp = {
 56        description = "Get a port and provide it to qBittorrent";
 57        requires = [
 58          "network-online.target"
 59          "qbittorrent.service"
 60        ];
 61        wantedBy = [ "multi-user.target" ];
 62        serviceConfig = {
 63          ExecStart = "${
 64            pkgs.writeShellApplication {
 65              name = "protonvpn-natpmp";
 66              runtimeInputs = with pkgs; [
 67                curl
 68                gnugrep
 69                jq
 70                libnatpmp
 71              ];
 72              text = builtins.readFile ../scripts/protonvpn-natpmp.sh;
 73            }
 74          }/bin/protonvpn-natpmp";
 75          Restart = "on-failure";
 76        };
 77      };
 78
 79      services.qbittorrent = {
 80        enable = true;
 81        webuiPort = 8082;
 82        serverConfig = {
 83          LegalNotice.Accepted = true;
 84          BitTorrent.Session = {
 85            DefaultSavePath = "/torrents";
 86            Interface = "vpn";
 87            InterfaceName = "vpn";
 88            TorrentContentLayout = "Subfolder";
 89            Preallocation = true;
 90            QueueingSystemEnabled = false;
 91            GlobalMaxInactiveSeedingMinutes = 43200;
 92            GlobalMaxSeedingMinutes = 43200;
 93            ShareLimitAction = "RemoveWithContent"; # TODO: For some reason this gets overridden at start up
 94          };
 95          Network.PortForwardingEnabled = false;
 96          Preferences = {
 97            General = {
 98              DeleteTorrentsFilesAsDefault = true;
 99              StatusbarExternalIPDisplayed = true;
100            };
101            WebUI = {
102              LocalHostAuth = false;
103              AuthSubnetWhitelistEnabled = true;
104              AuthSubnetWhitelist = lib.strings.join ", " [
105                "192.168.2.1/32"
106                (lib.optionalString (config.networking.hostName == "lily") "${config.garden.info.network.lutea.netbird-ip}/32")
107              ];
108            };
109          };
110        };
111      };
112    }
113  ];
114}