Compare commits
2 Commits
3ae047f2f4
...
695bcd65c9
Author | SHA1 | Date |
---|---|---|
Adrian Gunnar Lauterer | 695bcd65c9 | |
Adrian Gunnar Lauterer | 1648415ea3 |
|
@ -16,7 +16,7 @@
|
||||||
./zfs.nix
|
./zfs.nix
|
||||||
./backup.nix
|
./backup.nix
|
||||||
../../services/smb.nix
|
../../services/smb.nix
|
||||||
../../services/torrent.nix
|
../../services/qbittorrent.nix
|
||||||
#../../services/stableDiffusion.nix
|
#../../services/stableDiffusion.nix
|
||||||
#../../services/freshrrs.nix
|
#../../services/freshrrs.nix
|
||||||
#../../services/torrent.nix
|
#../../services/torrent.nix
|
||||||
|
|
|
@ -2,10 +2,10 @@
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.services.qbittorrent-nox;
|
cfg = config.services.qbittorrent-nox;
|
||||||
cfgPath = "/var/lib/qbittorrent/.config/qBittorrent/qBittorrent.conf";
|
|
||||||
path = "/var/lib/qbittorrent";
|
path = "/var/lib/qbittorrent";
|
||||||
|
cfgPath = "${path}/.config/qBittorrent/qBittorrent.conf";
|
||||||
|
|
||||||
configurationFile = lib.writeText "${cfgPath}" ''
|
configurationFile = pkgs.writeText "qbittorrent-nox.conf" ''
|
||||||
[Application]
|
[Application]
|
||||||
FileLogger\Age=${toString cfg.Filelogger.age}
|
FileLogger\Age=${toString cfg.Filelogger.age}
|
||||||
FileLogger\AgeType=${toString cfg.Filelogger.ageType}
|
FileLogger\AgeType=${toString cfg.Filelogger.ageType}
|
||||||
|
@ -24,7 +24,7 @@ let
|
||||||
Session\BTProtocol=${cfg.BTProtocol}
|
Session\BTProtocol=${cfg.BTProtocol}
|
||||||
Session\BandwidthSchedulerEnabled=${toString cfg.BandwidthSchedulerEnabled}
|
Session\BandwidthSchedulerEnabled=${toString cfg.BandwidthSchedulerEnabled}
|
||||||
Session\DefaultSavePath=${cfg.DefaultSavePath}
|
Session\DefaultSavePath=${cfg.DefaultSavePath}
|
||||||
Session\Encryption=${ lib.mkIf cfg.Encryption "1" "0" }
|
Session\Encryption=${toString cfg.Encryption }
|
||||||
Session\ExcludedFileNames=${cfg.ExcludedFileNames}
|
Session\ExcludedFileNames=${cfg.ExcludedFileNames}
|
||||||
Session\FinishedTorrentExportDirectory=${cfg.FinishedTorrentExportDirectory}
|
Session\FinishedTorrentExportDirectory=${cfg.FinishedTorrentExportDirectory}
|
||||||
Session\GlobalDLSpeedLimit=${toString cfg.GlobalDLSpeedLimit}
|
Session\GlobalDLSpeedLimit=${toString cfg.GlobalDLSpeedLimit}
|
||||||
|
@ -190,8 +190,9 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
Encryption = lib.mkOption {
|
Encryption = lib.mkOption {
|
||||||
type = lib.types.bool;
|
type = lib.types.int;
|
||||||
default = true;
|
default = 1;
|
||||||
|
example = "0";
|
||||||
description = "Enable encryption.";
|
description = "Enable encryption.";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -440,12 +441,6 @@ in
|
||||||
description = "RSS Session enable processing.";
|
description = "RSS Session enable processing.";
|
||||||
};
|
};
|
||||||
|
|
||||||
configFile = lib.mkOption {
|
|
||||||
type = lib.types.path;
|
|
||||||
default = "${cfgPath}";
|
|
||||||
description = "Path to qbittorrent-nox configuration file.";
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
@ -455,7 +450,7 @@ in
|
||||||
|
|
||||||
users.users = lib.mkIf (cfg.user == "qbittorrent") {
|
users.users = lib.mkIf (cfg.user == "qbittorrent") {
|
||||||
qbittorrent = {
|
qbittorrent = {
|
||||||
isSystemUser = true;
|
isNormalUser = true;
|
||||||
home = path;
|
home = path;
|
||||||
group = cfg.group;
|
group = cfg.group;
|
||||||
};
|
};
|
||||||
|
@ -466,7 +461,9 @@ in
|
||||||
|
|
||||||
systemd.services."qbittorrent-nox" ={
|
systemd.services."qbittorrent-nox" ={
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox --configuration=${cfg.configFile}";
|
#create the configuration file from string using echo
|
||||||
|
ExecStartPre = "${pkgs.coreutils}/bin/cat ${configurationFile}";
|
||||||
|
ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox --configuration=${configurationFile}";
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
Group = cfg.group;
|
Group = cfg.group;
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
|
|
|
@ -3,41 +3,53 @@ let
|
||||||
port = 8090;
|
port = 8090;
|
||||||
torrentPort = 44183;
|
torrentPort = 44183;
|
||||||
savePath = "/Main/Data/media/Downloads/";
|
savePath = "/Main/Data/media/Downloads/";
|
||||||
|
path = "/var/lib/qbittorrent";
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
networking.firewall.allowedTCPPorts = [ port torrentPort];
|
networking.firewall.allowedTCPPorts = [ port torrentPort];
|
||||||
networking.firewall.allowedUDPPorts = [ port torrentPort];
|
networking.firewall.allowedUDPPorts = [ port torrentPort];
|
||||||
|
|
||||||
users.users.qbittorrent = {
|
users.users.qbittorrent = {
|
||||||
isSystemUser = true;
|
isNormalUser = true; #make this a normal user to be able to make files
|
||||||
home = "/var/lib/qbittorrent";
|
home = path;
|
||||||
group = "qbittorrent";
|
group = "qbittorrent";
|
||||||
};
|
};
|
||||||
users.groups.qbittorrent = {};
|
users.groups.qbittorrent = {};
|
||||||
|
|
||||||
systemd.services."qbittorrent-nox" ={
|
systemd.services."qbittorrent-nox" ={
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
environment.HOME = "/var/lib/qbittorrent";
|
#environment.HOME = "/var/lib/qbittorrent";
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
|
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${path}";
|
||||||
ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox --webui-port=${toString port} --torrenting-port=${toString torrentPort} --save-path=${savePath}";
|
ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox --webui-port=${toString port} --torrenting-port=${toString torrentPort} --save-path=${savePath}";
|
||||||
User = "qbittorrent";
|
User = "qbittorrent";
|
||||||
Group = "qbittorrent";
|
Group = "qbittorrent";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
|
|
||||||
DynamicUser = true;
|
DynamicUser = true;
|
||||||
RuntimeDirectory = "qbittorrent";
|
|
||||||
WorkingDirectory = "/var/lib/qbittorrent";
|
|
||||||
InaccessiblePaths = [ "/home" "/root" "/run" "/boot" "/etc" "/proc" "/sys" "/usr" "/lib" "/bin" "/sbin" "/srv" "/opt" ];
|
InaccessiblePaths = [ "/home" "/root" "/run" "/boot" "/etc" "/proc" "/sys" "/usr" "/lib" "/bin" "/sbin" "/srv" "/opt" ];
|
||||||
|
|
||||||
# Security options
|
# Security options
|
||||||
#PrivateTmp = true;
|
PrivateTmp = true;
|
||||||
#ProtectSystem = "full";
|
ProtectSystem = "full";
|
||||||
#ProtectKernelTunables = true;
|
ProtectKernelTunables = true;
|
||||||
#ProtectKernelModules = true;
|
ProtectKernelModules = true;
|
||||||
#ProtectControlGroups = true;
|
ProtectControlGroups = true;
|
||||||
#NoNewPrivileges = true;
|
NoNewPrivileges = true;
|
||||||
#ProtectHome = true;
|
ProtectHome = true;
|
||||||
#PrivateDevices = true;
|
PrivateDevices = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
Loading…
Reference in New Issue