retried simple
This commit is contained in:
parent
695bcd65c9
commit
4a3718a806
|
@ -16,7 +16,7 @@
|
||||||
./zfs.nix
|
./zfs.nix
|
||||||
./backup.nix
|
./backup.nix
|
||||||
../../services/smb.nix
|
../../services/smb.nix
|
||||||
../../services/qbittorrent.nix
|
../../services/torrent.nix
|
||||||
#../../services/stableDiffusion.nix
|
#../../services/stableDiffusion.nix
|
||||||
#../../services/freshrrs.nix
|
#../../services/freshrrs.nix
|
||||||
#../../services/torrent.nix
|
#../../services/torrent.nix
|
||||||
|
|
|
@ -4,6 +4,10 @@ acme:
|
||||||
certs: ENC[AES256_GCM,data:L9v0y/T4Vq+fZt5U8YAcyxtvMzv8w+gCwk2z5N027cYiuauuNFYDQ4WV5bTfDL1cSjp30oYvGTlgn3+8s9MA8xqaPJytCNNClRK4isvZKP1YdiVwKdxTg814LDzgPoZsyErSHb+MvgMEUpONifRxFJ7n1HHqcyfeXpV1Bx0=,iv:dnct9KU24ZVaQThA6rTTClRjT+vTi4aD+7UV+oiqoVU=,tag:vTMcHHexHVST3r4wiiTuXA==,type:str]
|
certs: ENC[AES256_GCM,data:L9v0y/T4Vq+fZt5U8YAcyxtvMzv8w+gCwk2z5N027cYiuauuNFYDQ4WV5bTfDL1cSjp30oYvGTlgn3+8s9MA8xqaPJytCNNClRK4isvZKP1YdiVwKdxTg814LDzgPoZsyErSHb+MvgMEUpONifRxFJ7n1HHqcyfeXpV1Bx0=,iv:dnct9KU24ZVaQThA6rTTClRjT+vTi4aD+7UV+oiqoVU=,tag:vTMcHHexHVST3r4wiiTuXA==,type:str]
|
||||||
nginx:
|
nginx:
|
||||||
defaultpass: ENC[AES256_GCM,data:kbWRuL4GiHjOoy4bvDZN9etrnP9mm3Sc5+ltxXzFzU5G1cbHAa6Si9zzhoA67/MXXvOQ1mp31rQpV1K/WsrxGaajFdHgVYGUJB/RaZfZfg1THF5qvqR7vdOiVRWSIalzGMOSUyJTNg2dgQMbymVbmc/k/vZjkjjsI3oze7oN/NZnQ7nolGybQ6W8DCTRzHi5x20/zTJdXNmJf450az9sWOw7i1A6Avg2pPZ9t2N0WyuIcy1MsQICs7PE4ztrxIF82IsFLQNj6LmXXRQaZ9dCF/3h3yyNShfjgI2owYMmrRJssZCdF5dOPq+HVCEfE3jYBFcAWrvCCnYBczCx+WGl+5sQbfJtZdcDGw1bRw41I71h/W4micjo6W5XbeHVx+Rd,iv:h6gn2VKancyy6dZlON99zjRj4smArwt6I4a3PRjGfZ8=,tag:F++P/Qhh+uUUhBJYp3rGvA==,type:str]
|
defaultpass: ENC[AES256_GCM,data:kbWRuL4GiHjOoy4bvDZN9etrnP9mm3Sc5+ltxXzFzU5G1cbHAa6Si9zzhoA67/MXXvOQ1mp31rQpV1K/WsrxGaajFdHgVYGUJB/RaZfZfg1THF5qvqR7vdOiVRWSIalzGMOSUyJTNg2dgQMbymVbmc/k/vZjkjjsI3oze7oN/NZnQ7nolGybQ6W8DCTRzHi5x20/zTJdXNmJf450az9sWOw7i1A6Avg2pPZ9t2N0WyuIcy1MsQICs7PE4ztrxIF82IsFLQNj6LmXXRQaZ9dCF/3h3yyNShfjgI2owYMmrRJssZCdF5dOPq+HVCEfE3jYBFcAWrvCCnYBczCx+WGl+5sQbfJtZdcDGw1bRw41I71h/W4micjo6W5XbeHVx+Rd,iv:h6gn2VKancyy6dZlON99zjRj4smArwt6I4a3PRjGfZ8=,tag:F++P/Qhh+uUUhBJYp3rGvA==,type:str]
|
||||||
|
qbittorrent:
|
||||||
|
interfaceAddress: ENC[AES256_GCM,data:GsDv+UB07bQGh/DISw==,iv:Hn1zGJweLj5jy8sk4aN9rob/6kfzo7iLXPgaLBIMSVs=,tag:fbKSrAIOqTsnCCI1DBUZkA==,type:str]
|
||||||
|
freshrss:
|
||||||
|
passwordFile: ENC[AES256_GCM,data:Ya8KuaSEKjFQzIeJ7h7QuelqXTbcAw==,iv:yL04SCesgfPJUYBzfJuSduRx07Z20TMLHGdH7PMeIxo=,tag:vHcj8uehEWDk4Zgq4iRwAQ==,type:str]
|
||||||
openvpn:
|
openvpn:
|
||||||
galadriel:
|
galadriel:
|
||||||
config: ENC[AES256_GCM,data:f9uDYNLHP63oee5lGMPsmZ76f80n51eYxd3hvF5ZhPGtCspBEOMLHRonTSEril1wKCT3i1DWR967lWTdjJs6KOpoX5JqKz2Qj9tkpXS5jnHZAf0JQg1l7jmf9/a2OKJparVCFJyNPTN5mzl3gGOyDGe0TIT+ZtP8/PCWsQNjB89Crd/kHSSAmIUb2fcNXEkxs6XwgsBAlhbR69e+06NYaRyX5ydVV/kDekx+ixpx2bIqMQqIdEk358RLCauP3wAh1FoqTTJ2eqLcDhuPySFol9cLCInWnColNdyb/0+czrEa4DiLrbFVXx7bUVwjd9rb+eoajC1e09d41aJkVHG1LxlSRjq1sBlI3v3E1vaUBJWegZBROEpqEOCKfHSagkmaanaBv/KMq1MFmXJ1MzyskDJb9MdNFKRQBjQLwBXnURts/Yj9ChrT51z+/bwItxt8XmlwIEgL65F/8h1+bUJGOi27ZAvfkixflff0ELYSPvQI+N1vFlF9QP6AmIFxF2SdmOSlYzTYIz0+LMejLltCEUdU2qdlZ0a9DuYlsxvnZ75JgWXviw==,iv:C2Zb1DLTMlsEqQ5/UUrpT9k5Z51YYGu3SUcu1F20ydc=,tag:wGkQ7LWgCfy0K3zM38JxHQ==,type:str]
|
config: ENC[AES256_GCM,data:f9uDYNLHP63oee5lGMPsmZ76f80n51eYxd3hvF5ZhPGtCspBEOMLHRonTSEril1wKCT3i1DWR967lWTdjJs6KOpoX5JqKz2Qj9tkpXS5jnHZAf0JQg1l7jmf9/a2OKJparVCFJyNPTN5mzl3gGOyDGe0TIT+ZtP8/PCWsQNjB89Crd/kHSSAmIUb2fcNXEkxs6XwgsBAlhbR69e+06NYaRyX5ydVV/kDekx+ixpx2bIqMQqIdEk358RLCauP3wAh1FoqTTJ2eqLcDhuPySFol9cLCInWnColNdyb/0+czrEa4DiLrbFVXx7bUVwjd9rb+eoajC1e09d41aJkVHG1LxlSRjq1sBlI3v3E1vaUBJWegZBROEpqEOCKfHSagkmaanaBv/KMq1MFmXJ1MzyskDJb9MdNFKRQBjQLwBXnURts/Yj9ChrT51z+/bwItxt8XmlwIEgL65F/8h1+bUJGOi27ZAvfkixflff0ELYSPvQI+N1vFlF9QP6AmIFxF2SdmOSlYzTYIz0+LMejLltCEUdU2qdlZ0a9DuYlsxvnZ75JgWXviw==,iv:C2Zb1DLTMlsEqQ5/UUrpT9k5Z51YYGu3SUcu1F20ydc=,tag:wGkQ7LWgCfy0K3zM38JxHQ==,type:str]
|
||||||
|
@ -26,8 +30,8 @@ sops:
|
||||||
OHNBdXMzZTN0VEVTYkVSbUVRYmo3eUUKvRiPgmrCCK1F5QoSHlV89C2MPl5FvU5i
|
OHNBdXMzZTN0VEVTYkVSbUVRYmo3eUUKvRiPgmrCCK1F5QoSHlV89C2MPl5FvU5i
|
||||||
z61NMJu68UEDsDu8qNRaW3aqpT+1GYsr1evi5imzNwr0qTM2oRwkFQ==
|
z61NMJu68UEDsDu8qNRaW3aqpT+1GYsr1evi5imzNwr0qTM2oRwkFQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-12-29T13:53:15Z"
|
lastmodified: "2024-04-14T14:05:51Z"
|
||||||
mac: ENC[AES256_GCM,data:VwvrLvThROjtsQme9ncE2ceBbO5HF4qC+JTBKPRxbtLe0APvQVDrTDN6cltOcAOkmvbPfm2wTRlgnmQtbnIZwsmDwtHriKcLXjyFFlHfP1G1GP1uHSGuRgHwQcqLnyfZnQipOG+RfrQjkK8vrN2aKor9Eg26AqWu1/CZPcJHbz0=,iv:pcm7Mb5sPn5h4y3ZCnsyKCAWsksw9PT0wmj6mNbb79o=,tag:vedRTJK0GZnWZEebAvZEoQ==,type:str]
|
mac: ENC[AES256_GCM,data:67fAXvpbW/N/kH4A9GX7Aq6BxpHxxRURJ4QDqqgqTMMc+Xm6u+5E6pm9sbv7tYs79/0zUy/OaxLTH8N0CvMUzOGhmK1Mov/t2Qd7eFM24IvY3ffRtQyCk+U8XkdYb6awBCjphS+WbhspI3KTOOA5kYb9y/5adzVTwQhNQ+L6YPY=,iv:aTAIgr7X/5lzNM5Hv6IafrqqNiezWjZZHuv31Nv2mzo=,tag:aR1eclrNkRw2fybeEwu1Jg==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
@ -1,22 +1,95 @@
|
||||||
{ config, lib, pkgs, options, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
port = 8090;
|
port = 8090;
|
||||||
torrentPort = 44183;
|
torrentPort = 44183;
|
||||||
savePath = "/Main/Data/media/Downloads/";
|
savePath = "/Main/Data/media/Downloads/";
|
||||||
path = "/var/lib/qbittorrent";
|
path = "/var/lib/qbittorrent";
|
||||||
|
interfaceAddress = pkgs.coreutils + "/bin/cat ${config.sops.secrets."qbittorrent/interfaceAddress".path}";
|
||||||
|
|
||||||
|
configurationFile = pkgs.writeText "qbittorrent.conf" ''
|
||||||
|
[Application]
|
||||||
|
FileLogger\Age=1
|
||||||
|
FileLogger\AgeType=1
|
||||||
|
FileLogger\Backup=true
|
||||||
|
FileLogger\DeleteOld=true
|
||||||
|
FileLogger\Enabled=true
|
||||||
|
FileLogger\MaxSizeBytes=66560
|
||||||
|
FileLogger\Path=/Main/Data/media/.qbittorrent/logs
|
||||||
|
MemoryWorkingSetLimit=8192
|
||||||
|
|
||||||
|
[BitTorrent]
|
||||||
|
Session\AddExtensionToIncompleteFiles=true
|
||||||
|
Session\AlternativeGlobalDLSpeedLimit=1000
|
||||||
|
Session\AlternativeGlobalUPSpeedLimit=1000
|
||||||
|
Session\AnonymousModeEnabled=false
|
||||||
|
Session\BTProtocol=Both
|
||||||
|
Session\BandwidthSchedulerEnabled=false
|
||||||
|
Session\DefaultSavePath=/Main/Data/media/Downloads
|
||||||
|
Session\Encryption=1
|
||||||
|
Session\ExcludedFileNames=
|
||||||
|
Session\FinishedTorrentExportDirectory=/Main/Data/media/Downloads/torrents-complete
|
||||||
|
Session\GlobalDLSpeedLimit=0
|
||||||
|
Session\GlobalMaxRatio=1.5
|
||||||
|
Session\GlobalUPSpeedLimit=0
|
||||||
|
Session\I2P\Enabled=true
|
||||||
|
Session\IgnoreLimitsOnLAN=true
|
||||||
|
Session\IncludeOverheadInLimits=true
|
||||||
|
Session\Interface=tun0
|
||||||
|
Session\InterfaceAddress=${interfaceAddress}
|
||||||
|
Session\InterfaceName=tun0
|
||||||
|
Session\LSDEnabled=true
|
||||||
|
Session\MaxActiveCheckingTorrents=15
|
||||||
|
Session\MaxRatioAction=1
|
||||||
|
Session\Port=44183
|
||||||
|
Session\Preallocation=true
|
||||||
|
Session\QueueingSystemEnabled=false
|
||||||
|
Session\SubcategoriesEnabled=true
|
||||||
|
Session\Tags=movie, anime
|
||||||
|
Session\TempPath=/Main/Data/media/Downloads/temp
|
||||||
|
Session\TempPathEnabled=true
|
||||||
|
Session\TorrentExportDirectory=/Main/Data/media/Downloads/torrents
|
||||||
|
Session\UseAlternativeGlobalSpeedLimit=false
|
||||||
|
|
||||||
|
[Core]
|
||||||
|
AutoDeleteAddedTorrentFile=Never
|
||||||
|
|
||||||
|
[LegalNotice]
|
||||||
|
Accepted=true
|
||||||
|
|
||||||
|
[Meta]
|
||||||
|
MigrationVersion=6
|
||||||
|
|
||||||
|
[Network]
|
||||||
|
Cookies="__ddg1_=taU4w9Chkfjo3Llq2wDx; HttpOnly; expires=Sun, 09-Feb-2025 16:45:23 GMT; domain=.nyaa.si; path=/"
|
||||||
|
PortForwardingEnabled=true
|
||||||
|
|
||||||
|
[Preferences]
|
||||||
|
General\Locale=en
|
||||||
|
MailNotification\req_auth=true
|
||||||
|
Scheduler\days=Weekday
|
||||||
|
Scheduler\end_time=@Variant(\0\0\0\xf\x5%q\xa0)
|
||||||
|
WebUI\AuthSubnetWhitelist=192.168.1.0/24, 100.0.0.0/8
|
||||||
|
WebUI\AuthSubnetWhitelistEnabled=true
|
||||||
|
WebUI\Port=${toString port}
|
||||||
|
WebUI\UseUPnP=false
|
||||||
|
|
||||||
|
[RSS]
|
||||||
|
AutoDownloader\DownloadRepacks=true
|
||||||
|
AutoDownloader\EnableProcessing=true
|
||||||
|
AutoDownloader\SmartEpisodeFilter=s(\\d+)e(\\d+), (\\d+)x(\\d+), "(\\d{4}[.\\-]\\d{1,2}[.\\-]\\d{1,2})", "(\\d{1,2}[.\\-]\\d{1,2}[.\\-]\\d{4})"
|
||||||
|
Session\EnableProcessing=true
|
||||||
|
'';
|
||||||
|
|
||||||
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
../profiles/sops.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
sops.secrets."qbittorrent/interfaceAddress" = {};
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ port torrentPort];
|
networking.firewall.allowedTCPPorts = [ port torrentPort];
|
||||||
networking.firewall.allowedUDPPorts = [ port torrentPort];
|
networking.firewall.allowedUDPPorts = [ port torrentPort];
|
||||||
|
|
||||||
|
@ -32,24 +105,24 @@ in
|
||||||
#environment.HOME = "/var/lib/qbittorrent";
|
#environment.HOME = "/var/lib/qbittorrent";
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${path}";
|
ExecStartPre = "${pkgs.bash}/bin/bash -c '${pkgs.coreutils}/bin/mkdir -p ${path} && ${pkgs.coreutils}/bin/chown -R qbittorrent:qbittorrent ${path} && ${pkgs.coreutils}/bin/chmod -R 755 ${path} && ${pkgs.coreutils}/bin/cp ${configurationFile} ${path}/.config/qBittorrent/qBittorrent.conf'";
|
||||||
ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox --webui-port=${toString port} --torrenting-port=${toString torrentPort} --save-path=${savePath}";
|
ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox";
|
||||||
User = "qbittorrent";
|
User = "qbittorrent";
|
||||||
Group = "qbittorrent";
|
Group = "qbittorrent";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
|
|
||||||
DynamicUser = true;
|
#DynamicUser = true;
|
||||||
InaccessiblePaths = [ "/home" "/root" "/run" "/boot" "/etc" "/proc" "/sys" "/usr" "/lib" "/bin" "/sbin" "/srv" "/opt" ];
|
#InaccessiblePaths = [ "/home" "/root" "/boot" "/etc" "/proc" "/sys" "/usr" "/lib" "/bin" "/sbin" "/srv" "/opt" ];
|
||||||
|
|
||||||
# Security options
|
# Security options
|
||||||
PrivateTmp = true;
|
#PrivateTmp = true;
|
||||||
ProtectSystem = "full";
|
#ProtectSystem = "full";
|
||||||
ProtectKernelTunables = true;
|
#ProtectKernelTunables = true;
|
||||||
ProtectKernelModules = true;
|
#ProtectKernelModules = true;
|
||||||
ProtectControlGroups = true;
|
#ProtectControlGroups = true;
|
||||||
NoNewPrivileges = true;
|
#NoNewPrivileges = true;
|
||||||
ProtectHome = true;
|
#ProtectHome = true;
|
||||||
PrivateDevices = true;
|
#PrivateDevices = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
Loading…
Reference in New Issue