diff --git a/machines/galadriel/configuration.nix b/machines/galadriel/configuration.nix index ffedcb6..e6b6137 100644 --- a/machines/galadriel/configuration.nix +++ b/machines/galadriel/configuration.nix @@ -16,7 +16,7 @@ ./zfs.nix ./backup.nix ../../services/smb.nix - ../../services/qbittorrent.nix + ../../services/torrent.nix #../../services/stableDiffusion.nix #../../services/freshrrs.nix #../../services/torrent.nix diff --git a/modules/qbittorrent-nox.nix b/modules/qbittorrent-nox.nix index fb1e1fa..deaad67 100644 --- a/modules/qbittorrent-nox.nix +++ b/modules/qbittorrent-nox.nix @@ -456,7 +456,7 @@ in users.users = lib.mkIf (cfg.user == "qbittorrent") { qbittorrent = { isSystemUser = true; - home = "/var/lib/qbittorrent"; + home = path; group = cfg.group; }; }; @@ -464,9 +464,9 @@ in qbittorrent = {}; }; - systemd.services."qbittorrent-nox@" ={ + systemd.services."qbittorrent-nox" ={ serviceConfig = { - ExecStart = "qbittorrent-nox -d --configuration=${cfg.configFile}"; + ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox --configuration=${cfg.configFile}"; User = cfg.user; Group = cfg.group; Restart = "on-failure"; diff --git a/services/torrent.nix b/services/torrent.nix new file mode 100644 index 0000000..361f0af --- /dev/null +++ b/services/torrent.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, options, ... }: +let + port = 8090; + torrentPort = 44183; + savePath = "/Main/Data/media/Downloads/"; +in +{ + networking.firewall.allowedTCPPorts = [ port torrentPort]; + networking.firewall.allowedUDPPorts = [ port torrentPort]; + + users.users.qbittorrent = { + isSystemUser = true; + home = "/var/lib/qbittorrent"; + group = "qbittorrent"; + }; + users.groups.qbittorrent = {}; + + systemd.services."qbittorrent-nox" ={ + after = [ "network.target" ]; + environment.HOME = "/var/lib/qbittorrent"; + serviceConfig = { + ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox --webui-port=${toString port} --torrenting-port=${toString torrentPort} --save-path=${savePath}"; + User = "qbittorrent"; + Group = "qbittorrent"; + Restart = "on-failure"; + + DynamicUser = true; + RuntimeDirectory = "qbittorrent"; + WorkingDirectory = "/var/lib/qbittorrent"; + InaccessiblePaths = [ "/home" "/root" "/run" "/boot" "/etc" "/proc" "/sys" "/usr" "/lib" "/bin" "/sbin" "/srv" "/opt" ]; + + # Security options + #PrivateTmp = true; + #ProtectSystem = "full"; + #ProtectKernelTunables = true; + #ProtectKernelModules = true; + #ProtectControlGroups = true; + #NoNewPrivileges = true; + #ProtectHome = true; + #PrivateDevices = true; + }; + }; +} \ No newline at end of file