alternate simple qbittorrent service

This commit is contained in:
Adrian Gunnar Lauterer 2024-04-14 05:37:25 +02:00
parent c58e599ea3
commit 3ae047f2f4
3 changed files with 47 additions and 4 deletions

View File

@ -16,7 +16,7 @@
./zfs.nix
./backup.nix
../../services/smb.nix
../../services/qbittorrent.nix
../../services/torrent.nix
#../../services/stableDiffusion.nix
#../../services/freshrrs.nix
#../../services/torrent.nix

View File

@ -456,7 +456,7 @@ in
users.users = lib.mkIf (cfg.user == "qbittorrent") {
qbittorrent = {
isSystemUser = true;
home = "/var/lib/qbittorrent";
home = path;
group = cfg.group;
};
};
@ -464,9 +464,9 @@ in
qbittorrent = {};
};
systemd.services."qbittorrent-nox@" ={
systemd.services."qbittorrent-nox" ={
serviceConfig = {
ExecStart = "qbittorrent-nox -d --configuration=${cfg.configFile}";
ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox --configuration=${cfg.configFile}";
User = cfg.user;
Group = cfg.group;
Restart = "on-failure";

43
services/torrent.nix Normal file
View File

@ -0,0 +1,43 @@
{ config, lib, pkgs, options, ... }:
let
port = 8090;
torrentPort = 44183;
savePath = "/Main/Data/media/Downloads/";
in
{
networking.firewall.allowedTCPPorts = [ port torrentPort];
networking.firewall.allowedUDPPorts = [ port torrentPort];
users.users.qbittorrent = {
isSystemUser = true;
home = "/var/lib/qbittorrent";
group = "qbittorrent";
};
users.groups.qbittorrent = {};
systemd.services."qbittorrent-nox" ={
after = [ "network.target" ];
environment.HOME = "/var/lib/qbittorrent";
serviceConfig = {
ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox --webui-port=${toString port} --torrenting-port=${toString torrentPort} --save-path=${savePath}";
User = "qbittorrent";
Group = "qbittorrent";
Restart = "on-failure";
DynamicUser = true;
RuntimeDirectory = "qbittorrent";
WorkingDirectory = "/var/lib/qbittorrent";
InaccessiblePaths = [ "/home" "/root" "/run" "/boot" "/etc" "/proc" "/sys" "/usr" "/lib" "/bin" "/sbin" "/srv" "/opt" ];
# Security options
#PrivateTmp = true;
#ProtectSystem = "full";
#ProtectKernelTunables = true;
#ProtectKernelModules = true;
#ProtectControlGroups = true;
#NoNewPrivileges = true;
#ProtectHome = true;
#PrivateDevices = true;
};
};
}