retried simple

machines/galadriel/configuration.nix

@@ -16,7 +16,7 @@
      ./zfs.nix
      ./backup.nix
      ../../services/smb.nix
-     ../../services/qbittorrent.nix
+     ../../services/torrent.nix
      #../../services/stableDiffusion.nix
      #../../services/freshrrs.nix 
      #../../services/torrent.nix

profiles/sops.nix

@@ -16,7 +16,7 @@
   sops.age.sshKeyPaths = [
 			  "/etc/ssh/nixos"
 			  #"/$HOME/.ssh/nixos"
-                          #"/home/gunalx/.ssh/nixos"
+        #"/home/gunalx/.ssh/nixos"
 			];
   # This is using an age key that is expected to already be in the filesystem
   sops.age.keyFile = "/var/lib/sops-nix/key.txt";

secrets/secrets.yaml

@@ -4,6 +4,10 @@ acme:
     certs: ENC[AES256_GCM,data:L9v0y/T4Vq+fZt5U8YAcyxtvMzv8w+gCwk2z5N027cYiuauuNFYDQ4WV5bTfDL1cSjp30oYvGTlgn3+8s9MA8xqaPJytCNNClRK4isvZKP1YdiVwKdxTg814LDzgPoZsyErSHb+MvgMEUpONifRxFJ7n1HHqcyfeXpV1Bx0=,iv:dnct9KU24ZVaQThA6rTTClRjT+vTi4aD+7UV+oiqoVU=,tag:vTMcHHexHVST3r4wiiTuXA==,type:str]
 nginx:
     defaultpass: ENC[AES256_GCM,data:kbWRuL4GiHjOoy4bvDZN9etrnP9mm3Sc5+ltxXzFzU5G1cbHAa6Si9zzhoA67/MXXvOQ1mp31rQpV1K/WsrxGaajFdHgVYGUJB/RaZfZfg1THF5qvqR7vdOiVRWSIalzGMOSUyJTNg2dgQMbymVbmc/k/vZjkjjsI3oze7oN/NZnQ7nolGybQ6W8DCTRzHi5x20/zTJdXNmJf450az9sWOw7i1A6Avg2pPZ9t2N0WyuIcy1MsQICs7PE4ztrxIF82IsFLQNj6LmXXRQaZ9dCF/3h3yyNShfjgI2owYMmrRJssZCdF5dOPq+HVCEfE3jYBFcAWrvCCnYBczCx+WGl+5sQbfJtZdcDGw1bRw41I71h/W4micjo6W5XbeHVx+Rd,iv:h6gn2VKancyy6dZlON99zjRj4smArwt6I4a3PRjGfZ8=,tag:F++P/Qhh+uUUhBJYp3rGvA==,type:str]
+qbittorrent:
+    interfaceAddress: ENC[AES256_GCM,data:GsDv+UB07bQGh/DISw==,iv:Hn1zGJweLj5jy8sk4aN9rob/6kfzo7iLXPgaLBIMSVs=,tag:fbKSrAIOqTsnCCI1DBUZkA==,type:str]
+freshrss:
+    passwordFile: ENC[AES256_GCM,data:Ya8KuaSEKjFQzIeJ7h7QuelqXTbcAw==,iv:yL04SCesgfPJUYBzfJuSduRx07Z20TMLHGdH7PMeIxo=,tag:vHcj8uehEWDk4Zgq4iRwAQ==,type:str]
 openvpn:
     galadriel:
         config: ENC[AES256_GCM,data:f9uDYNLHP63oee5lGMPsmZ76f80n51eYxd3hvF5ZhPGtCspBEOMLHRonTSEril1wKCT3i1DWR967lWTdjJs6KOpoX5JqKz2Qj9tkpXS5jnHZAf0JQg1l7jmf9/a2OKJparVCFJyNPTN5mzl3gGOyDGe0TIT+ZtP8/PCWsQNjB89Crd/kHSSAmIUb2fcNXEkxs6XwgsBAlhbR69e+06NYaRyX5ydVV/kDekx+ixpx2bIqMQqIdEk358RLCauP3wAh1FoqTTJ2eqLcDhuPySFol9cLCInWnColNdyb/0+czrEa4DiLrbFVXx7bUVwjd9rb+eoajC1e09d41aJkVHG1LxlSRjq1sBlI3v3E1vaUBJWegZBROEpqEOCKfHSagkmaanaBv/KMq1MFmXJ1MzyskDJb9MdNFKRQBjQLwBXnURts/Yj9ChrT51z+/bwItxt8XmlwIEgL65F/8h1+bUJGOi27ZAvfkixflff0ELYSPvQI+N1vFlF9QP6AmIFxF2SdmOSlYzTYIz0+LMejLltCEUdU2qdlZ0a9DuYlsxvnZ75JgWXviw==,iv:C2Zb1DLTMlsEqQ5/UUrpT9k5Z51YYGu3SUcu1F20ydc=,tag:wGkQ7LWgCfy0K3zM38JxHQ==,type:str]
@@ -26,8 +30,8 @@ sops:
             OHNBdXMzZTN0VEVTYkVSbUVRYmo3eUUKvRiPgmrCCK1F5QoSHlV89C2MPl5FvU5i
             z61NMJu68UEDsDu8qNRaW3aqpT+1GYsr1evi5imzNwr0qTM2oRwkFQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-29T13:53:15Z"
-    mac: ENC[AES256_GCM,data:VwvrLvThROjtsQme9ncE2ceBbO5HF4qC+JTBKPRxbtLe0APvQVDrTDN6cltOcAOkmvbPfm2wTRlgnmQtbnIZwsmDwtHriKcLXjyFFlHfP1G1GP1uHSGuRgHwQcqLnyfZnQipOG+RfrQjkK8vrN2aKor9Eg26AqWu1/CZPcJHbz0=,iv:pcm7Mb5sPn5h4y3ZCnsyKCAWsksw9PT0wmj6mNbb79o=,tag:vedRTJK0GZnWZEebAvZEoQ==,type:str]
+    lastmodified: "2024-04-14T14:05:51Z"
+    mac: ENC[AES256_GCM,data:67fAXvpbW/N/kH4A9GX7Aq6BxpHxxRURJ4QDqqgqTMMc+Xm6u+5E6pm9sbv7tYs79/0zUy/OaxLTH8N0CvMUzOGhmK1Mov/t2Qd7eFM24IvY3ffRtQyCk+U8XkdYb6awBCjphS+WbhspI3KTOOA5kYb9y/5adzVTwQhNQ+L6YPY=,iv:aTAIgr7X/5lzNM5Hv6IafrqqNiezWjZZHuv31Nv2mzo=,tag:aR1eclrNkRw2fybeEwu1Jg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1

services/torrent.nix

@@ -1,22 +1,95 @@
-{ config, lib, pkgs, options, ... }:
+{ config, lib, pkgs, ... }:
 let
   port = 8090;
   torrentPort = 44183;
   savePath = "/Main/Data/media/Downloads/";
   path = "/var/lib/qbittorrent";
+  interfaceAddress = pkgs.coreutils + "/bin/cat ${config.sops.secrets."qbittorrent/interfaceAddress".path}";
 
+configurationFile = pkgs.writeText "qbittorrent.conf" ''
+[Application]
+FileLogger\Age=1
+FileLogger\AgeType=1
+FileLogger\Backup=true
+FileLogger\DeleteOld=true
+FileLogger\Enabled=true
+FileLogger\MaxSizeBytes=66560
+FileLogger\Path=/Main/Data/media/.qbittorrent/logs
+MemoryWorkingSetLimit=8192
 
-  
+[BitTorrent]
+Session\AddExtensionToIncompleteFiles=true
+Session\AlternativeGlobalDLSpeedLimit=1000
+Session\AlternativeGlobalUPSpeedLimit=1000
+Session\AnonymousModeEnabled=false
+Session\BTProtocol=Both
+Session\BandwidthSchedulerEnabled=false
+Session\DefaultSavePath=/Main/Data/media/Downloads
+Session\Encryption=1
+Session\ExcludedFileNames=
+Session\FinishedTorrentExportDirectory=/Main/Data/media/Downloads/torrents-complete
+Session\GlobalDLSpeedLimit=0
+Session\GlobalMaxRatio=1.5
+Session\GlobalUPSpeedLimit=0
+Session\I2P\Enabled=true
+Session\IgnoreLimitsOnLAN=true
+Session\IncludeOverheadInLimits=true
+Session\Interface=tun0
+Session\InterfaceAddress=${interfaceAddress}
+Session\InterfaceName=tun0
+Session\LSDEnabled=true
+Session\MaxActiveCheckingTorrents=15
+Session\MaxRatioAction=1
+Session\Port=44183
+Session\Preallocation=true
+Session\QueueingSystemEnabled=false
+Session\SubcategoriesEnabled=true
+Session\Tags=movie, anime
+Session\TempPath=/Main/Data/media/Downloads/temp
+Session\TempPathEnabled=true
+Session\TorrentExportDirectory=/Main/Data/media/Downloads/torrents
+Session\UseAlternativeGlobalSpeedLimit=false
 
+[Core]
+AutoDeleteAddedTorrentFile=Never
 
+[LegalNotice]
+Accepted=true
 
+[Meta]
+MigrationVersion=6
 
+[Network]
+Cookies="__ddg1_=taU4w9Chkfjo3Llq2wDx; HttpOnly; expires=Sun, 09-Feb-2025 16:45:23 GMT; domain=.nyaa.si; path=/"
+PortForwardingEnabled=true
 
+[Preferences]
+General\Locale=en
+MailNotification\req_auth=true
+Scheduler\days=Weekday
+Scheduler\end_time=@Variant(\0\0\0\xf\x5%q\xa0)
+WebUI\AuthSubnetWhitelist=192.168.1.0/24, 100.0.0.0/8
+WebUI\AuthSubnetWhitelistEnabled=true
+WebUI\Port=${toString port}
+WebUI\UseUPnP=false
 
+[RSS]
+AutoDownloader\DownloadRepacks=true
+AutoDownloader\EnableProcessing=true
+AutoDownloader\SmartEpisodeFilter=s(\\d+)e(\\d+), (\\d+)x(\\d+), "(\\d{4}[.\\-]\\d{1,2}[.\\-]\\d{1,2})", "(\\d{1,2}[.\\-]\\d{1,2}[.\\-]\\d{4})"
+Session\EnableProcessing=true
+'';
 
 
 in
 {
+
+  imports = [
+    ../profiles/sops.nix
+  ];
+
+  sops.secrets."qbittorrent/interfaceAddress" = {};
+  
   networking.firewall.allowedTCPPorts = [ port torrentPort];
   networking.firewall.allowedUDPPorts = [ port torrentPort];
 
@@ -27,29 +100,29 @@ in
   };
   users.groups.qbittorrent = {};
 
-  systemd.services."qbittorrent-nox" ={
+  systemd.services."qbittorrent-nox" = {
     after = [ "network.target" ];
     #environment.HOME = "/var/lib/qbittorrent";
 
     serviceConfig = {
-      ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${path}";
-      ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox --webui-port=${toString port} --torrenting-port=${toString torrentPort} --save-path=${savePath}";
+      ExecStartPre = "${pkgs.bash}/bin/bash -c '${pkgs.coreutils}/bin/mkdir -p ${path} && ${pkgs.coreutils}/bin/chown -R qbittorrent:qbittorrent ${path} && ${pkgs.coreutils}/bin/chmod -R 755 ${path} && ${pkgs.coreutils}/bin/cp ${configurationFile} ${path}/.config/qBittorrent/qBittorrent.conf'";
+      ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox";
       User = "qbittorrent";
       Group = "qbittorrent";
       Restart = "on-failure";
 
-      DynamicUser = true;
-      InaccessiblePaths = [ "/home" "/root" "/run" "/boot" "/etc" "/proc" "/sys" "/usr" "/lib" "/bin" "/sbin" "/srv" "/opt" ];
+      #DynamicUser = true;
+      #InaccessiblePaths = [ "/home" "/root" "/boot" "/etc" "/proc" "/sys" "/usr" "/lib" "/bin" "/sbin" "/srv" "/opt" ];
       
       # Security options
-      PrivateTmp = true;
-      ProtectSystem = "full";
-      ProtectKernelTunables = true;
-      ProtectKernelModules = true;
-      ProtectControlGroups = true;
-      NoNewPrivileges = true;
-      ProtectHome = true;
-      PrivateDevices = true;
+      #PrivateTmp = true;
+      #ProtectSystem = "full";
+      #ProtectKernelTunables = true;
+      #ProtectKernelModules = true;
+      #ProtectControlGroups = true;
+      #NoNewPrivileges = true;
+      #ProtectHome = true;
+      #PrivateDevices = true;
     };
   };
 }