mirror of
https://github.com/adrlau/nix-dotfiles.git
synced 2024-12-22 18:57:29 +01:00
retried simple
This commit is contained in:
parent
695bcd65c9
commit
4a3718a806
@ -16,7 +16,7 @@
|
||||
./zfs.nix
|
||||
./backup.nix
|
||||
../../services/smb.nix
|
||||
../../services/qbittorrent.nix
|
||||
../../services/torrent.nix
|
||||
#../../services/stableDiffusion.nix
|
||||
#../../services/freshrrs.nix
|
||||
#../../services/torrent.nix
|
||||
|
@ -16,7 +16,7 @@
|
||||
sops.age.sshKeyPaths = [
|
||||
"/etc/ssh/nixos"
|
||||
#"/$HOME/.ssh/nixos"
|
||||
#"/home/gunalx/.ssh/nixos"
|
||||
#"/home/gunalx/.ssh/nixos"
|
||||
];
|
||||
# This is using an age key that is expected to already be in the filesystem
|
||||
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
||||
|
@ -4,6 +4,10 @@ acme:
|
||||
certs: ENC[AES256_GCM,data:L9v0y/T4Vq+fZt5U8YAcyxtvMzv8w+gCwk2z5N027cYiuauuNFYDQ4WV5bTfDL1cSjp30oYvGTlgn3+8s9MA8xqaPJytCNNClRK4isvZKP1YdiVwKdxTg814LDzgPoZsyErSHb+MvgMEUpONifRxFJ7n1HHqcyfeXpV1Bx0=,iv:dnct9KU24ZVaQThA6rTTClRjT+vTi4aD+7UV+oiqoVU=,tag:vTMcHHexHVST3r4wiiTuXA==,type:str]
|
||||
nginx:
|
||||
defaultpass: ENC[AES256_GCM,data:kbWRuL4GiHjOoy4bvDZN9etrnP9mm3Sc5+ltxXzFzU5G1cbHAa6Si9zzhoA67/MXXvOQ1mp31rQpV1K/WsrxGaajFdHgVYGUJB/RaZfZfg1THF5qvqR7vdOiVRWSIalzGMOSUyJTNg2dgQMbymVbmc/k/vZjkjjsI3oze7oN/NZnQ7nolGybQ6W8DCTRzHi5x20/zTJdXNmJf450az9sWOw7i1A6Avg2pPZ9t2N0WyuIcy1MsQICs7PE4ztrxIF82IsFLQNj6LmXXRQaZ9dCF/3h3yyNShfjgI2owYMmrRJssZCdF5dOPq+HVCEfE3jYBFcAWrvCCnYBczCx+WGl+5sQbfJtZdcDGw1bRw41I71h/W4micjo6W5XbeHVx+Rd,iv:h6gn2VKancyy6dZlON99zjRj4smArwt6I4a3PRjGfZ8=,tag:F++P/Qhh+uUUhBJYp3rGvA==,type:str]
|
||||
qbittorrent:
|
||||
interfaceAddress: ENC[AES256_GCM,data:GsDv+UB07bQGh/DISw==,iv:Hn1zGJweLj5jy8sk4aN9rob/6kfzo7iLXPgaLBIMSVs=,tag:fbKSrAIOqTsnCCI1DBUZkA==,type:str]
|
||||
freshrss:
|
||||
passwordFile: ENC[AES256_GCM,data:Ya8KuaSEKjFQzIeJ7h7QuelqXTbcAw==,iv:yL04SCesgfPJUYBzfJuSduRx07Z20TMLHGdH7PMeIxo=,tag:vHcj8uehEWDk4Zgq4iRwAQ==,type:str]
|
||||
openvpn:
|
||||
galadriel:
|
||||
config: ENC[AES256_GCM,data:f9uDYNLHP63oee5lGMPsmZ76f80n51eYxd3hvF5ZhPGtCspBEOMLHRonTSEril1wKCT3i1DWR967lWTdjJs6KOpoX5JqKz2Qj9tkpXS5jnHZAf0JQg1l7jmf9/a2OKJparVCFJyNPTN5mzl3gGOyDGe0TIT+ZtP8/PCWsQNjB89Crd/kHSSAmIUb2fcNXEkxs6XwgsBAlhbR69e+06NYaRyX5ydVV/kDekx+ixpx2bIqMQqIdEk358RLCauP3wAh1FoqTTJ2eqLcDhuPySFol9cLCInWnColNdyb/0+czrEa4DiLrbFVXx7bUVwjd9rb+eoajC1e09d41aJkVHG1LxlSRjq1sBlI3v3E1vaUBJWegZBROEpqEOCKfHSagkmaanaBv/KMq1MFmXJ1MzyskDJb9MdNFKRQBjQLwBXnURts/Yj9ChrT51z+/bwItxt8XmlwIEgL65F/8h1+bUJGOi27ZAvfkixflff0ELYSPvQI+N1vFlF9QP6AmIFxF2SdmOSlYzTYIz0+LMejLltCEUdU2qdlZ0a9DuYlsxvnZ75JgWXviw==,iv:C2Zb1DLTMlsEqQ5/UUrpT9k5Z51YYGu3SUcu1F20ydc=,tag:wGkQ7LWgCfy0K3zM38JxHQ==,type:str]
|
||||
@ -26,8 +30,8 @@ sops:
|
||||
OHNBdXMzZTN0VEVTYkVSbUVRYmo3eUUKvRiPgmrCCK1F5QoSHlV89C2MPl5FvU5i
|
||||
z61NMJu68UEDsDu8qNRaW3aqpT+1GYsr1evi5imzNwr0qTM2oRwkFQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-12-29T13:53:15Z"
|
||||
mac: ENC[AES256_GCM,data:VwvrLvThROjtsQme9ncE2ceBbO5HF4qC+JTBKPRxbtLe0APvQVDrTDN6cltOcAOkmvbPfm2wTRlgnmQtbnIZwsmDwtHriKcLXjyFFlHfP1G1GP1uHSGuRgHwQcqLnyfZnQipOG+RfrQjkK8vrN2aKor9Eg26AqWu1/CZPcJHbz0=,iv:pcm7Mb5sPn5h4y3ZCnsyKCAWsksw9PT0wmj6mNbb79o=,tag:vedRTJK0GZnWZEebAvZEoQ==,type:str]
|
||||
lastmodified: "2024-04-14T14:05:51Z"
|
||||
mac: ENC[AES256_GCM,data:67fAXvpbW/N/kH4A9GX7Aq6BxpHxxRURJ4QDqqgqTMMc+Xm6u+5E6pm9sbv7tYs79/0zUy/OaxLTH8N0CvMUzOGhmK1Mov/t2Qd7eFM24IvY3ffRtQyCk+U8XkdYb6awBCjphS+WbhspI3KTOOA5kYb9y/5adzVTwQhNQ+L6YPY=,iv:aTAIgr7X/5lzNM5Hv6IafrqqNiezWjZZHuv31Nv2mzo=,tag:aR1eclrNkRw2fybeEwu1Jg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
@ -1,22 +1,95 @@
|
||||
{ config, lib, pkgs, options, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
port = 8090;
|
||||
torrentPort = 44183;
|
||||
savePath = "/Main/Data/media/Downloads/";
|
||||
path = "/var/lib/qbittorrent";
|
||||
interfaceAddress = pkgs.coreutils + "/bin/cat ${config.sops.secrets."qbittorrent/interfaceAddress".path}";
|
||||
|
||||
configurationFile = pkgs.writeText "qbittorrent.conf" ''
|
||||
[Application]
|
||||
FileLogger\Age=1
|
||||
FileLogger\AgeType=1
|
||||
FileLogger\Backup=true
|
||||
FileLogger\DeleteOld=true
|
||||
FileLogger\Enabled=true
|
||||
FileLogger\MaxSizeBytes=66560
|
||||
FileLogger\Path=/Main/Data/media/.qbittorrent/logs
|
||||
MemoryWorkingSetLimit=8192
|
||||
|
||||
|
||||
[BitTorrent]
|
||||
Session\AddExtensionToIncompleteFiles=true
|
||||
Session\AlternativeGlobalDLSpeedLimit=1000
|
||||
Session\AlternativeGlobalUPSpeedLimit=1000
|
||||
Session\AnonymousModeEnabled=false
|
||||
Session\BTProtocol=Both
|
||||
Session\BandwidthSchedulerEnabled=false
|
||||
Session\DefaultSavePath=/Main/Data/media/Downloads
|
||||
Session\Encryption=1
|
||||
Session\ExcludedFileNames=
|
||||
Session\FinishedTorrentExportDirectory=/Main/Data/media/Downloads/torrents-complete
|
||||
Session\GlobalDLSpeedLimit=0
|
||||
Session\GlobalMaxRatio=1.5
|
||||
Session\GlobalUPSpeedLimit=0
|
||||
Session\I2P\Enabled=true
|
||||
Session\IgnoreLimitsOnLAN=true
|
||||
Session\IncludeOverheadInLimits=true
|
||||
Session\Interface=tun0
|
||||
Session\InterfaceAddress=${interfaceAddress}
|
||||
Session\InterfaceName=tun0
|
||||
Session\LSDEnabled=true
|
||||
Session\MaxActiveCheckingTorrents=15
|
||||
Session\MaxRatioAction=1
|
||||
Session\Port=44183
|
||||
Session\Preallocation=true
|
||||
Session\QueueingSystemEnabled=false
|
||||
Session\SubcategoriesEnabled=true
|
||||
Session\Tags=movie, anime
|
||||
Session\TempPath=/Main/Data/media/Downloads/temp
|
||||
Session\TempPathEnabled=true
|
||||
Session\TorrentExportDirectory=/Main/Data/media/Downloads/torrents
|
||||
Session\UseAlternativeGlobalSpeedLimit=false
|
||||
|
||||
[Core]
|
||||
AutoDeleteAddedTorrentFile=Never
|
||||
|
||||
[LegalNotice]
|
||||
Accepted=true
|
||||
|
||||
[Meta]
|
||||
MigrationVersion=6
|
||||
|
||||
[Network]
|
||||
Cookies="__ddg1_=taU4w9Chkfjo3Llq2wDx; HttpOnly; expires=Sun, 09-Feb-2025 16:45:23 GMT; domain=.nyaa.si; path=/"
|
||||
PortForwardingEnabled=true
|
||||
|
||||
[Preferences]
|
||||
General\Locale=en
|
||||
MailNotification\req_auth=true
|
||||
Scheduler\days=Weekday
|
||||
Scheduler\end_time=@Variant(\0\0\0\xf\x5%q\xa0)
|
||||
WebUI\AuthSubnetWhitelist=192.168.1.0/24, 100.0.0.0/8
|
||||
WebUI\AuthSubnetWhitelistEnabled=true
|
||||
WebUI\Port=${toString port}
|
||||
WebUI\UseUPnP=false
|
||||
|
||||
[RSS]
|
||||
AutoDownloader\DownloadRepacks=true
|
||||
AutoDownloader\EnableProcessing=true
|
||||
AutoDownloader\SmartEpisodeFilter=s(\\d+)e(\\d+), (\\d+)x(\\d+), "(\\d{4}[.\\-]\\d{1,2}[.\\-]\\d{1,2})", "(\\d{1,2}[.\\-]\\d{1,2}[.\\-]\\d{4})"
|
||||
Session\EnableProcessing=true
|
||||
'';
|
||||
|
||||
|
||||
in
|
||||
{
|
||||
|
||||
imports = [
|
||||
../profiles/sops.nix
|
||||
];
|
||||
|
||||
sops.secrets."qbittorrent/interfaceAddress" = {};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ port torrentPort];
|
||||
networking.firewall.allowedUDPPorts = [ port torrentPort];
|
||||
|
||||
@ -27,29 +100,29 @@ in
|
||||
};
|
||||
users.groups.qbittorrent = {};
|
||||
|
||||
systemd.services."qbittorrent-nox" ={
|
||||
systemd.services."qbittorrent-nox" = {
|
||||
after = [ "network.target" ];
|
||||
#environment.HOME = "/var/lib/qbittorrent";
|
||||
|
||||
serviceConfig = {
|
||||
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${path}";
|
||||
ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox --webui-port=${toString port} --torrenting-port=${toString torrentPort} --save-path=${savePath}";
|
||||
ExecStartPre = "${pkgs.bash}/bin/bash -c '${pkgs.coreutils}/bin/mkdir -p ${path} && ${pkgs.coreutils}/bin/chown -R qbittorrent:qbittorrent ${path} && ${pkgs.coreutils}/bin/chmod -R 755 ${path} && ${pkgs.coreutils}/bin/cp ${configurationFile} ${path}/.config/qBittorrent/qBittorrent.conf'";
|
||||
ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox";
|
||||
User = "qbittorrent";
|
||||
Group = "qbittorrent";
|
||||
Restart = "on-failure";
|
||||
|
||||
DynamicUser = true;
|
||||
InaccessiblePaths = [ "/home" "/root" "/run" "/boot" "/etc" "/proc" "/sys" "/usr" "/lib" "/bin" "/sbin" "/srv" "/opt" ];
|
||||
#DynamicUser = true;
|
||||
#InaccessiblePaths = [ "/home" "/root" "/boot" "/etc" "/proc" "/sys" "/usr" "/lib" "/bin" "/sbin" "/srv" "/opt" ];
|
||||
|
||||
# Security options
|
||||
PrivateTmp = true;
|
||||
ProtectSystem = "full";
|
||||
ProtectKernelTunables = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectControlGroups = true;
|
||||
NoNewPrivileges = true;
|
||||
ProtectHome = true;
|
||||
PrivateDevices = true;
|
||||
#PrivateTmp = true;
|
||||
#ProtectSystem = "full";
|
||||
#ProtectKernelTunables = true;
|
||||
#ProtectKernelModules = true;
|
||||
#ProtectControlGroups = true;
|
||||
#NoNewPrivileges = true;
|
||||
#ProtectHome = true;
|
||||
#PrivateDevices = true;
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue
Block a user