adriangl
/
nix-dotfiles
mirror of https://github.com/adrlau/nix-dotfiles.git
1
2
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: adriangl:4a3718a8069f7a7720ec875d62a10b2efba4299d
Branches Tags
adriangl:main
adriangl:sway-fixes
..
compare: adriangl:ca1e3458623985be2e298acf303f8e1d2b7769f8
Branches Tags
adriangl:main
adriangl:sway-fixes

3 Commits
4a3718a806 ... ca1e345862

Author SHA1 Message Date
Adrian Gunnar Lauterer ca1e345862
trying again with nix sops templates instead 2024-04-18 03:51:20 +02:00
Adrian Gunnar Lauterer 6a1f2e00b1 fixed qbit, with less customiable service 2024-04-18 03:39:32 +02:00
Adrian Gunnar Lauterer 7643267a1a added aragon 2024-04-18 01:35:47 +02:00
13 changed files with 114 additions and 661 deletions
Show Stats Expand all files Collapse all files

15
flake.nix
View File

@ -34,7 +34,7 @@
# aragon = nixpkgs.lib.nixosSystem { # aragon = nixpkgs.lib.nixosSystem {
# system = "x86_64-linux"; # system = "x83_64-linux";
# specialArgs = { # specialArgs = {
# inherit inputs; # inherit inputs;
# }; # };
@ -53,6 +53,19 @@
# }; # };
aragon = nixpkgs.lib.nixosSystem {
system = "x84_64-linux";
specialArgs = {
inherit inputs;
};
modules = [
# Overlays-module makes "pkgs.unstable" available in configuration.nix
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./machines/aragon/configuration.nix
sops-nix.nixosModules.sops
];
};
galadriel = nixpkgs.lib.nixosSystem { galadriel = nixpkgs.lib.nixosSystem {

5
home/code.nix
View File

@ -1,8 +1,7 @@
{pkgs, lib, ...}: {pkgs, lib, ...}:
let
unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
in
{ {
unstable.config.allowUnfree = true;
home-manager.users.gunalx = { home-manager.users.gunalx = {
#vscode with home manager #vscode with home manager
programs.vscode = { programs.vscode = {

5
home/home.nix
View File

@ -1,7 +1,4 @@
{ config, pkgs, ... }: { config, pkgs, home-manager, ... }:
let
home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-23.11.tar.gz";
in
{ {
imports = [ imports = [
(import "${home-manager}/nixos") (import "${home-manager}/nixos")

6
machines/aragon/steam.nix → home/steam.nix
View File

@ -15,6 +15,12 @@
environment.systemPackages = [ environment.systemPackages = [
pkgs.steam-run pkgs.steam-run
pkgs.unstable.alvr
pkgs.openvr
pkgs.openhmd
pkgs.sidequest
pkgs.mplayer
pkgs.appimage-run
]; ];

15
machines/aragon/code.nix
View File

@ -1,15 +0,0 @@
{pkgs, lib, ...}:
let
unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
in
{
home-manager.users.gunalx = {
#vscode with home manager
programs.vscode = {
enable = true;
enableUpdateCheck = false;
package = unstable.vscode-fhs;
};
};
}

59
machines/aragon/configuration.nix
View File

@ -3,18 +3,23 @@
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
#profiles
../../profiles/base.nix
#home manager #home manager
./home.nix #../../home/home.nix
#customised applications #customised applications
./steam.nix ../../home/steam.nix
./podman.nix ../../services/podman.nix
]; ];
# Bootloader. # Bootloader.
@ -69,7 +74,7 @@
xkbVariant = ""; xkbVariant = "";
}; };
fonts.fonts = with pkgs; [ fonts.packages = with pkgs; [
noto-fonts noto-fonts
noto-fonts-cjk noto-fonts-cjk
noto-fonts-emoji noto-fonts-emoji
@ -97,11 +102,12 @@ fonts.fonts = with pkgs; [
alsa.support32Bit = true; alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
# If you want to use JACK applications, uncomment this # If you want to use JACK applications, uncomment this
#jack.enable = true; jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default, # use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now) # no need to redefine it in your config for now)
#media-session.enable = true; #media-session.enable = true;
}; };
# Enable touchpad support (enabled default in most desktopManager). # Enable touchpad support (enabled default in most desktopManager).
@ -113,15 +119,15 @@ fonts.fonts = with pkgs; [
description = "Adrian Gunnar Lauterer"; description = "Adrian Gunnar Lauterer";
extraGroups = [ "networkmanager" "wheel" ]; extraGroups = [ "networkmanager" "wheel" ];
packages = with pkgs; [ packages = with pkgs; [
firefox firefox
kate kate
unstable.ollama
python310 python310
python310Packages.scipy python310Packages.scipy
python310Packages.sympy python310Packages.sympy
python310Packages.numpy python310Packages.numpy
python310Packages.matplotlib python310Packages.matplotlib
python310Packages.torch python310Packages.torchWithRocm
python310Packages.torchvision python310Packages.torchvision
gcc gcc
gpp gpp
@ -129,11 +135,24 @@ fonts.fonts = with pkgs; [
rustup rustup
rustc rustc
cargo cargo
etcher
rpi-imager
minecraft
prismlauncher
hmcl
appimage-run
#unstable.alvr
easyeffects
]; ];
}; };
#allow electron 19 becasue of etcher
nixpkgs.config.permittedInsecurePackages = [
"electron-19.1.9"
];
# Allow unfree packages # Allow unfree packages
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
@ -155,15 +174,19 @@ fonts.fonts = with pkgs; [
python310Packages.sympy python310Packages.sympy
python310Packages.numpy python310Packages.numpy
python310Packages.matplotlib python310Packages.matplotlib
python310Packages.torch #python310Packages.torch
python310Packages.torchvision python310Packages.torchvision
python310Packages.torchWithRocm
gcc gcc
gpp gpp
cmake gdb
cmake
rustup rustup
rustc rustc
cargo cargo
cura cura
prusa-slicer
openscad
htop htop
killall killall
docker-compose docker-compose
@ -195,10 +218,12 @@ fonts.fonts = with pkgs; [
services.udev.extraRules = '' services.udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="pci", DRIVER=="pcieport", ATTR{power/wakeup}="disabled" ACTION=="add", SUBSYSTEM=="pci", DRIVER=="pcieport", ATTR{power/wakeup}="disabled"
''; '';
# systemd.targets.sleep.enable = false;
# systemd.targets.suspend.enable = false; #comment out to enable sleep. Uncommented over vacations
# systemd.targets.hibernate.enable = false; # systemd.targets.sleep.enable = false;
# systemd.targets.hybrid-sleep.enable = false; # systemd.targets.suspend.enable = false;
# systemd.targets.hibernate.enable = false;
# systemd.targets.hybrid-sleep.enable = false;
# Some programs need SUID wrappers, can be configured further or are # Some programs need SUID wrappers, can be configured further or are
@ -218,7 +243,7 @@ fonts.fonts = with pkgs; [
# networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether. # Or disable the firewall altogether.
# networking.firewall.enable = false; networking.firewall.enable = false;
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions

20
machines/aragon/hardware-configuration.nix
View File

@ -9,12 +9,30 @@
]; ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
#boot.initrd.kernelModules = ["amdgou" ];
boot.initrd.kernelModules = ["amdgpu" ]; boot.initrd.kernelModules = ["amdgpu" ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
services.xserver.videoDrivers = [ "amdgpu" ];
systemd.tmpfiles.rules = [
"L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}"
];
hardware.opengl.extraPackages = with pkgs; [
rocmPackages.clr.icd
#amdvlk
libva-utils
];
#hardware.opengl.extraPackages32 = with pkgs; [
# driversi686Linux.amdvlk
#];
hardware.opengl.driSupport = true; # This is already enabled by default
hardware.opengl.driSupport32Bit = true; # For 32 bit applications
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/8ab16ad5-08d2-44f9-a9e4-2e6240bfd8f8"; { device = "/dev/disk/by-uuid/8ab16ad5-08d2-44f9-a9e4-2e6240bfd8f8";
fsType = "ext4"; fsType = "ext4";

18
machines/aragon/home.nix
View File

@ -1,18 +0,0 @@
{ config, pkgs, ... }:
let
home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-23.05.tar.gz";
in
{
imports = [
(import "${home-manager}/nixos")
./code.nix
];
home-manager.users.gunalx = {
/* The home.stateVersion option does not have a default and must be set */
home.stateVersion = "23.05";
/* Here goes the rest of your home-manager config, e.g. home.packages = [ pkgs.foo ]; */
};
}

11
machines/aragon/podman.nix
View File

@ -1,11 +0,0 @@
{
virtualisation.podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true ;
autoPrune.flags = ["--all"];
autoPrune.enable = true;
};
}

481
modules/qbittorrent-nox.nix
View File

@ -1,481 +0,0 @@
{ config, lib, pkgs, options, ... }:
let
cfg = config.services.qbittorrent-nox;
path = "/var/lib/qbittorrent";
cfgPath = "${path}/.config/qBittorrent/qBittorrent.conf";
configurationFile = pkgs.writeText "qbittorrent-nox.conf" ''
[Application]
FileLogger\Age=${toString cfg.Filelogger.age}
FileLogger\AgeType=${toString cfg.Filelogger.ageType}
FileLogger\Backup=${toString cfg.Filelogger.backup}
FileLogger\DeleteOld=${toString cfg.Filelogger.deleteOld}
FileLogger\Enabled=${toString cfg.Filelogger.enable}
FileLogger\MaxSizeBytes=${toString cfg.Filelogger.maxSizeBytes}
FileLogger\Path=${cfg.Filelogger.path}
MemoryWorkingSetLimit=${toString cfg.MemoryWorkingSetLimit}
[BitTorrent]
Session\AddExtensionToIncompleteFiles=${toString cfg.AddExtensionToIncompleteFiles}
Session\AlternativeGlobalDLSpeedLimit=${toString cfg.AlternativeGlobalDLSpeedLimit}
Session\AlternativeGlobalUPSpeedLimit=${toString cfg.AlternativeGlobalUPSpeedLimit}
Session\AnonymousModeEnabled=${toString cfg.AnonymousModeEnabled}
Session\BTProtocol=${cfg.BTProtocol}
Session\BandwidthSchedulerEnabled=${toString cfg.BandwidthSchedulerEnabled}
Session\DefaultSavePath=${cfg.DefaultSavePath}
Session\Encryption=${toString cfg.Encryption }
Session\ExcludedFileNames=${cfg.ExcludedFileNames}
Session\FinishedTorrentExportDirectory=${cfg.FinishedTorrentExportDirectory}
Session\GlobalDLSpeedLimit=${toString cfg.GlobalDLSpeedLimit}
Session\GlobalMaxRatio=${toString cfg.GlobalMaxRatio}
Session\GlobalUPSpeedLimit=${toString cfg.GlobalUPSpeedLimit}
Session\I2P\Enabled=${toString cfg.I2PEnabled}
Session\IgnoreLimitsOnLAN=${toString cfg.IgnoreLimitsOnLAN}
Session\IncludeOverheadInLimits=${toString cfg.IncludeOverheadInLimits}
Session\Interface=${cfg.Interface}
Session\InterfaceAddress=${cfg.InterfaceAddress}
Session\InterfaceName=${cfg.InterfaceName}
Session\LSDEnabled=${toString cfg.LSDEnabled}
Session\MaxActiveCheckingTorrents=${toString cfg.MaxActiveCheckingTorrents}
Session\MaxRatioAction=${toString cfg.MaxRatioAction}
Session\Port=${toString cfg.Port}
Session\Preallocation=${toString cfg.Preallocation}
Session\QueueingSystemEnabled=${toString cfg.QueueingSystemEnabled}
Session\SubcategoriesEnabled=${toString cfg.SubcategoriesEnabled}
Session\Tags=${cfg.Tags}
Session\TempPath=${cfg.TempPath}
Session\TempPathEnabled=${toString cfg.TempPathEnabled}
Session\TorrentExportDirectory=${cfg.TorrentExportDirectory}
Session\UseAlternativeGlobalSpeedLimit=${toString cfg.UseAlternativeGlobalSpeedLimit}
[Core]
AutoDeleteAddedTorrentFile=${cfg.AutoDeleteAddedTorrentFile}
[LegalNotice]
Accepted=${toString cfg.Accepted}
[Meta]
MigrationVersion=${toString cfg.MigrationVersion}
[Network]
PortForwardingEnabled=${toString cfg.PortForwardingEnabled}
[Preferences]
General\Locale=${cfg.GeneralLocale}
MailNotification\req_auth=${toString cfg.MailNotificationReqAuth}
Scheduler\days=${cfg.SchedulerDays}
Scheduler\end_time=${cfg.SchedulerEndTime}
WebUI\AuthSubnetWhitelist=${cfg.WebUIAuthSubnetWhitelist}
WebUI\AuthSubnetWhitelistEnabled=${toString cfg.WebUIAuthSubnetWhitelistEnabled}
WebUI\Port=${toString cfg.WebUIPort}
WebUI\UseUPnP=${toString cfg.WebUIUseUPnP}
[RSS]
AutoDownloader\DownloadRepacks=${toString cfg.AutoDownloaderDownloadRepacks}
AutoDownloader\EnableProcessing=${toString cfg.AutoDownloaderEnableProcessing}
AutoDownloader\SmartEpisodeFilter=${cfg.AutoDownloaderSmartEpisodeFilter}
Session\EnableProcessing=${toString cfg.SessionEnableProcessing}
'';
in
{
options.services.qbittorrent-nox = {
enable = lib.mkEnableOption {
default = false;
description = "Enable qbittorrent-nox service.";
};
openFirewall = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Whether to open the qbittorrent-nox port in the firewall.";
};
user = lib.mkOption {
type = lib.types.str;
default = "qbittorrent";
description = "User to run qbittorrent-nox as.";
};
group = lib.mkOption {
type = lib.types.str;
default = "qbittorrent";
description = "Group to run qbittorrent-nox as.";
};
# FileLogger
Filelogger.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Whether to enable the file logger.";
};
Filelogger.age = lib.mkOption {
type = lib.types.int;
default = 1;
description = "Age of the log file.";
};
Filelogger.ageType = lib.mkOption {
type = lib.types.int;
default = 1;
description = "Age type of the log file.";
};
Filelogger.backup = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Whether to backup the log file.";
};
Filelogger.deleteOld = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Whether to delete old log files.";
};
Filelogger.maxSizeBytes = lib.mkOption {
type = lib.types.int;
default = 66560;
description = "Max size of the log file in bytes.";
};
Filelogger.path = lib.mkOption {
type = lib.types.str;
default = "${path}/.qbittorrent/logs";
description = "Path to the log file.";
};
MemoryWorkingSetLimit = lib.mkOption {
type = lib.types.int;
default = 8192;
description = "Memory working set limit.";
};
# BitTorrent
AddExtensionToIncompleteFiles = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Add extension to incomplete files.";
};
AlternativeGlobalDLSpeedLimit = lib.mkOption {
type = lib.types.int;
default = 1000;
description = "Alternative global download speed limit.";
};
AlternativeGlobalUPSpeedLimit = lib.mkOption {
type = lib.types.int;
default = 1000;
description = "Alternative global upload speed limit.";
};
AnonymousModeEnabled = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable anonymous mode.";
};
BTProtocol = lib.mkOption {
type = lib.types.str;
default = "Both";
description = "BitTorrent protocol.";
};
BandwidthSchedulerEnabled = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable bandwidth scheduler.";
};
DefaultSavePath = lib.mkOption {
type = lib.types.str;
default = "${path}";
description = "Default save path.";
};
Encryption = lib.mkOption {
type = lib.types.int;
default = 1;
example = "0";
description = "Enable encryption.";
};
ExcludedFileNames = lib.mkOption {
type = lib.types.str;
default = "";
description = "Excluded file names.";
};
FinishedTorrentExportDirectory = lib.mkOption {
type = lib.types.str;
default = "${path}";
description = "Finished torrent export directory.";
};
GlobalDLSpeedLimit = lib.mkOption {
type = lib.types.int;
default = 0;
description = "Global download speed limit.";
};
GlobalMaxRatio = lib.mkOption {
type = lib.types.float;
default = 0;
description = "Global max ratio.";
};
GlobalUPSpeedLimit = lib.mkOption {
type = lib.types.int;
default = 0;
description = "Global upload speed limit.";
};
I2PEnabled = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable I2P.";
};
IgnoreLimitsOnLAN = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Ignore limits on LAN.";
};
IncludeOverheadInLimits = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Include overhead in limits.";
};
Interface = lib.mkOption {
type = lib.types.str;
default = "";
example = "tun0";
description = "Interface.";
};
InterfaceAddress = lib.mkOption {
type = lib.types.str;
example = "";
default = "10.0.0.0";
description = "Interface address.";
};
InterfaceName = lib.mkOption {
type = lib.types.str;
default = "";
example = "tun0";
description = "Interface name.";
};
LSDEnabled = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable LSD.";
};
MaxActiveCheckingTorrents = lib.mkOption {
type = lib.types.int;
default = 15;
description = "Max active checking torrents.";
};
MaxRatioAction = lib.mkOption {
type = lib.types.int;
default = 1;
description = "Max ratio action.";
};
Port = lib.mkOption {
type = lib.types.int;
default = 4132;
description = "Port for bittorrent";
};
Preallocation = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Preallocation of storage.";
};
QueueingSystemEnabled = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable queueing system.";
};
SubcategoriesEnabled = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable subcategories.";
};
Tags = lib.mkOption {
type = lib.types.str;
default = "";
description = "Tags";
};
TempPath = lib.mkOption {
type = lib.types.str;
default = "${path}/temp";
description = "Temporary path.";
};
TempPathEnabled = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable temporary path.";
};
TorrentExportDirectory = lib.mkOption {
type = lib.types.str;
default = "${path}/torrents";
description = "Torrent export directory.";
};
UseAlternativeGlobalSpeedLimit = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Use alternative global speed limit.";
};
# Core
AutoDeleteAddedTorrentFile = lib.mkOption {
type = lib.types.str;
default = "Never";
description = "Auto delete added torrent file.";
};
# LegalNotice
Accepted = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Accepted legal notice.";
};
# Meta
MigrationVersion = lib.mkOption {
type = lib.types.int;
default = 6;
description = "Migration version.";
};
# Network
PortForwardingEnabled = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable port forwarding.";
};
# Preferences
GeneralLocale = lib.mkOption {
type = lib.types.str;
default = "en";
description = "General locale.";
};
MailNotificationReqAuth = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Mail notification requires authentication.";
};
SchedulerDays = lib.mkOption {
type = lib.types.str;
default = "Weekday";
description = "Scheduler days.";
};
SchedulerEndTime = lib.mkOption {
type = lib.types.str;
default = "@Variant(\\0\\0\\0\\xf\\x5%q\\xa0)";
description = "Scheduler end time.";
};
WebUIAuthSubnetWhitelist = lib.mkOption {
type = lib.types.str;
default = "";
example = "192.168.1.0/24, 10.0.0.0/24";
description = "WebUI auth subnet whitelist.";
};
WebUIAuthSubnetWhitelistEnabled = lib.mkOption {
type = lib.types.bool;
default = false;
description = "WebUI auth subnet whitelist enabled.";
};
WebUIPort = lib.mkOption {
type = lib.types.int;
default = 8080;
description = "WebUI port.";
};
WebUIUseUPnP = lib.mkOption {
type = lib.types.bool;
default = false;
description = "WebUI use UPnP.";
};
# RSS
AutoDownloaderDownloadRepacks = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Auto downloader download repacks.";
};
AutoDownloaderEnableProcessing = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Auto downloader enable processing.";
};
AutoDownloaderSmartEpisodeFilter = lib.mkOption {
type = lib.types.str;
default = "s(\\d+)e(\\d+), (\\d+)x(\\d+), \"(\\d{4}[.\\-]\\d{1,2}[.\\-]\\d{1,2})\", \"(\\d{1,2}[.\\-]\\d{1,2}[.\\-]\\d{4})\"";
example = "s(\\d+)e(\\d+), (\\d+)x(\\d+), \"(\\d{4}[.\\-]\\d{1,2}[.\\-]\\d{1,2})\", \"(\\d{1,2}[.\\-]\\d{1,2}[.\\-]\\d{4})\"";
description = "Auto downloader smart episode filter.";
};
SessionEnableProcessing = lib.mkOption {
type = lib.types.bool;
default = false;
description = "RSS Session enable processing.";
};
};
config = lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ cfg.Port cfg.WebUIPort ];
networking.firewall.allowedUDPPorts = lib.mkIf cfg.openFirewall [ cfg.Port cfg.WebUIPort];
users.users = lib.mkIf (cfg.user == "qbittorrent") {
qbittorrent = {
isNormalUser = true;
home = path;
group = cfg.group;
};
};
users.groups = lib.mkIf (cfg.group == "qbittorrent") {
qbittorrent = {};
};
systemd.services."qbittorrent-nox" ={
serviceConfig = {
#create the configuration file from string using echo
ExecStartPre = "${pkgs.coreutils}/bin/cat ${configurationFile}";
ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox --configuration=${configurationFile}";
User = cfg.user;
Group = cfg.group;
Restart = "on-failure";
# Security options
PrivateTmp = true;
ProtectSystem = "full";
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
};
};
};
}

12
services/podman.nix
View File

@ -3,10 +3,14 @@
# Arion works with Docker, but for NixOS-based containers, you need Podman # Arion works with Docker, but for NixOS-based containers, you need Podman
# since NixOS 21.05. # since NixOS 21.05.
virtualisation.docker.enable = false; virtualisation.docker.enable = false;
virtualisation.podman.enable = true; virtualisation.podman = {
virtualisation.podman.dockerSocket.enable = true; enable = true;
virtualisation.podman.defaultNetwork.settings = { dns_enabled = true; }; dockerCompat = true;
dockerSocket.enable = true ;
autoPrune.flags = ["--all"];
autoPrune.enable = true;
defaultNetwork.settings = { dns_enabled = true; };
};
# Use your username instead of `myuser`
users.extraUsers.gunalx.extraGroups = ["podman"]; users.extraUsers.gunalx.extraGroups = ["podman"];
} }

83
services/qbittorrent.nix
View File

@ -1,83 +0,0 @@
{ config, lib, pkgs, options, ... }:
let
port = 8090;
Interface = "tun0";
InterfaceAddress = "";
torrentPort = 44183;
TempPath = "/Main/Data/media/Downloads/temp";
TorrentExportPath = "/Main/Data/media/Downloads/torrents";
FinishedTorrentExportDirectory = "/Main/Data/media/Downloads/torrents-complete";
in
{
imports = [
../modules/qbittorrent-nox.nix
];
environment.systemPackages = [
pkgs.qbittorrent-nox
];
services.qbittorrent-nox = {
enable = true;
Interface = Interface;
openFirewall = true;
user = "qbittorrent";
group = "qbittorrent";
Filelogger = {
enable = true;
age = 1;
ageType = 1;
backup = true;
deleteOld = true;
maxSizeBytes = 66560;
path = "/Main/Data/media/.qbittorrent/logs";
};
MemoryWorkingSetLimit = 8192;
AddExtensionToIncompleteFiles = true;
AlternativeGlobalDLSpeedLimit = 1000;
AlternativeGlobalUPSpeedLimit = 1000;
AnonymousModeEnabled = false;
BTProtocol = "Both";
BandwidthSchedulerEnabled = false;
DefaultSavePath = TorrentExportPath;
Encryption = 1;
ExcludedFileNames = "";
FinishedTorrentExportDirectory = FinishedTorrentExportDirectory;
GlobalDLSpeedLimit = 0;
GlobalMaxRatio = 1.5;
GlobalUPSpeedLimit = 0;
I2PEnabled = true;
IgnoreLimitsOnLAN = true;
IncludeOverheadInLimits = true;
InterfaceAddress = InterfaceAddress;
InterfaceName = Interface;
LSDEnabled = true;
MaxActiveCheckingTorrents = 15;
MaxRatioAction = 1;
Port = torrentPort;
Preallocation = true;
QueueingSystemEnabled = false;
SubcategoriesEnabled = true;
Tags = "movie, anime";
TempPath = TempPath;
TempPathEnabled = true;
TorrentExportDirectory = TorrentExportPath;
UseAlternativeGlobalSpeedLimit = false;
AutoDeleteAddedTorrentFile = "Never";
Accepted = true;
MigrationVersion = 6;
PortForwardingEnabled = true;
GeneralLocale = "en";
MailNotificationReqAuth = true;
SchedulerDays = "Weekday";
SchedulerEndTime = "@Variant(\\0\\0\\0\\xf\\x5%q\\xa0)";
WebUIAuthSubnetWhitelist = "192.168.1.0/24, 100.0.0.0/8";
WebUIAuthSubnetWhitelistEnabled = true;
WebUIPort = port;
WebUIUseUPnP = false;
AutoDownloaderDownloadRepacks = true;
AutoDownloaderEnableProcessing = true;
AutoDownloaderSmartEpisodeFilter = "s(\\d+)e(\\d+), (\\d+)x(\\d+), \"(\\d{4}[.\\-]\\d{1,2}[.\\-]\\d{1,2})\", \"(\\d{1,2}[.\\-]\\d{1,2}[.\\-]\\d{4})\"";
SessionEnableProcessing = true;
};
}

43
services/torrent.nix
View File

@ -4,9 +4,10 @@ let
torrentPort = 44183; torrentPort = 44183;
savePath = "/Main/Data/media/Downloads/"; savePath = "/Main/Data/media/Downloads/";
path = "/var/lib/qbittorrent"; path = "/var/lib/qbittorrent";
interfaceAddress = pkgs.coreutils + "/bin/cat ${config.sops.secrets."qbittorrent/interfaceAddress".path}";
configurationFile = pkgs.writeText "qbittorrent.conf" '' contentLayout = "Subfolder";
configurationFile = ''
[Application] [Application]
FileLogger\Age=1 FileLogger\Age=1
FileLogger\AgeType=1 FileLogger\AgeType=1
@ -35,7 +36,7 @@ Session\I2P\Enabled=true
Session\IgnoreLimitsOnLAN=true Session\IgnoreLimitsOnLAN=true
Session\IncludeOverheadInLimits=true Session\IncludeOverheadInLimits=true
Session\Interface=tun0 Session\Interface=tun0
Session\InterfaceAddress=${interfaceAddress} Session\InterfaceAddress=${config.sops.placeholder."qbittorrent/interfaceAddress"}
Session\InterfaceName=tun0 Session\InterfaceName=tun0
Session\LSDEnabled=true Session\LSDEnabled=true
Session\MaxActiveCheckingTorrents=15 Session\MaxActiveCheckingTorrents=15
@ -47,6 +48,7 @@ Session\SubcategoriesEnabled=true
Session\Tags=movie, anime Session\Tags=movie, anime
Session\TempPath=/Main/Data/media/Downloads/temp Session\TempPath=/Main/Data/media/Downloads/temp
Session\TempPathEnabled=true Session\TempPathEnabled=true
Session\TorrentContentLayout=${contentLayout}
Session\TorrentExportDirectory=/Main/Data/media/Downloads/torrents Session\TorrentExportDirectory=/Main/Data/media/Downloads/torrents
Session\UseAlternativeGlobalSpeedLimit=false Session\UseAlternativeGlobalSpeedLimit=false
@ -60,7 +62,6 @@ Accepted=true
MigrationVersion=6 MigrationVersion=6
[Network] [Network]
Cookies="__ddg1_=taU4w9Chkfjo3Llq2wDx; HttpOnly; expires=Sun, 09-Feb-2025 16:45:23 GMT; domain=.nyaa.si; path=/"
PortForwardingEnabled=true PortForwardingEnabled=true
[Preferences] [Preferences]
@ -88,41 +89,39 @@ in
../profiles/sops.nix ../profiles/sops.nix
]; ];
sops.secrets."qbittorrent/interfaceAddress" = {};
networking.firewall.allowedTCPPorts = [ port torrentPort]; networking.firewall.allowedTCPPorts = [ port torrentPort];
networking.firewall.allowedUDPPorts = [ port torrentPort]; networking.firewall.allowedUDPPorts = [ port torrentPort];
sops.secrets."qbittorrent/interfaceAddress" = {
};
sops.templates."qbittorrent/configuration" = {
content = configurationFile;
path = "${path}/.config/qBittorrent/qBittorrent.conf";
};
users.users.qbittorrent = { users.users.qbittorrent = {
isNormalUser = true; #make this a normal user to be able to make files isNormalUser = true; #make this a normal user to be able to make files
home = path; home = path;
group = "qbittorrent"; group = "media";
}; };
users.groups.qbittorrent = {}; users.groups.qbittorrent = {};
systemd.services."qbittorrent-nox" = { systemd.services."qbittorrent-nox" = {
after = [ "network.target" ]; after = [ "network.target" ];
#environment.HOME = "/var/lib/qbittorrent"; wants = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
ExecStartPre = "${pkgs.bash}/bin/bash -c '${pkgs.coreutils}/bin/mkdir -p ${path} && ${pkgs.coreutils}/bin/chown -R qbittorrent:qbittorrent ${path} && ${pkgs.coreutils}/bin/chmod -R 755 ${path} && ${pkgs.coreutils}/bin/cp ${configurationFile} ${path}/.config/qBittorrent/qBittorrent.conf'";
ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox"; ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox";
User = "qbittorrent"; User = "qbittorrent";
Group = "qbittorrent"; Group = "media";
Restart = "on-failure"; Restart = "on-failure";
#DynamicUser = true; ProtectKernelModules = true;
#InaccessiblePaths = [ "/home" "/root" "/boot" "/etc" "/proc" "/sys" "/usr" "/lib" "/bin" "/sbin" "/srv" "/opt" ]; NoNewPrivileges = true;
# Security options
#PrivateTmp = true;
#ProtectSystem = "full";
#ProtectKernelTunables = true;
#ProtectKernelModules = true;
#ProtectControlGroups = true;
#NoNewPrivileges = true;
#ProtectHome = true;
#PrivateDevices = true;
}; };
}; };
} }