{ config, lib, pkgs, ... }:
let
port = 8090;
torrentPort = 44183;
savePath = "/Main/Data/media/Downloads/";
path = "/var/lib/qbittorrent";
configurationFile = ''
[Application]
FileLogger\Age=1
FileLogger\AgeType=1
FileLogger\Backup=true
FileLogger\DeleteOld=true
FileLogger\Enabled=true
FileLogger\MaxSizeBytes=66560
FileLogger\Path=/Main/Data/media/.qbittorrent/logs
MemoryWorkingSetLimit=8192
[BitTorrent]
Session\AddExtensionToIncompleteFiles=true
Session\AlternativeGlobalDLSpeedLimit=1000
Session\AlternativeGlobalUPSpeedLimit=1000
Session\AnonymousModeEnabled=false
Session\BTProtocol=Both
Session\BandwidthSchedulerEnabled=false
Session\DefaultSavePath=/Main/Data/media/Downloads
Session\Encryption=1
Session\ExcludedFileNames=
Session\FinishedTorrentExportDirectory=/Main/Data/media/Downloads/torrents-complete
Session\GlobalDLSpeedLimit=0
Session\GlobalMaxRatio=1.5
Session\GlobalUPSpeedLimit=0
Session\I2P\Enabled=true
Session\IgnoreLimitsOnLAN=true
Session\IncludeOverheadInLimits=true
Session\Interface=tun0
Session\InterfaceAddress=${config.sops.placeholder."qbittorrent/interfaceAddress"}
Session\InterfaceName=tun0
Session\LSDEnabled=true
Session\MaxActiveCheckingTorrents=15
Session\MaxRatioAction=1
Session\Port=44183
Session\Preallocation=true
Session\QueueingSystemEnabled=false
Session\SubcategoriesEnabled=true
Session\Tags=movie, anime
Session\TempPath=/Main/Data/media/Downloads/temp
Session\TempPathEnabled=true
Session\TorrentContentLayout=Subfolder
Session\TorrentExportDirectory=/Main/Data/media/Downloads/torrents
Session\UseAlternativeGlobalSpeedLimit=false
[Core]
AutoDeleteAddedTorrentFile=Never
[LegalNotice]
Accepted=true
[Meta]
MigrationVersion=6
[Network]
PortForwardingEnabled=true
[Preferences]
General\Locale=en
MailNotification\req_auth=true
Scheduler\days=Weekday
Scheduler\end_time=@Variant(\0\0\0\xf\x5%q\xa0)
WebUI\AuthSubnetWhitelist=192.168.1.0/24, 100.0.0.0/8
WebUI\AuthSubnetWhitelistEnabled=true
WebUI\Port=${toString port}
WebUI\UseUPnP=false
[RSS]
AutoDownloader\DownloadRepacks=true
AutoDownloader\EnableProcessing=true
AutoDownloader\SmartEpisodeFilter=s(\\d+)e(\\d+), (\\d+)x(\\d+), "(\\d{4}[.\\-]\\d{1,2}[.\\-]\\d{1,2})", "(\\d{1,2}[.\\-]\\d{1,2}[.\\-]\\d{4})"
Session\EnableProcessing=true
'';
in
{
imports = [
../profiles/sops.nix
];
networking.firewall.allowedTCPPorts = [ port torrentPort];
networking.firewall.allowedUDPPorts = [ port torrentPort];
sops.secrets."qbittorrent/interfaceAddress" = {
restartUnits = [ "qbittorrent-nox.service" ];
owner = "qbittorrent";
mode = "0755";
};
sops.templates."qbittorrent/configuration" = {
content = configurationFile;
#path = "${path}/.config/qBittorrent/qBittorrent.conf"; #did not seem to work
owner = "qbittorrent";
mode = "0755";
};
users.users.qbittorrent = {
isNormalUser = true; #make this a normal user to be able to make files
home = path;
group = "media";
};
users.groups.qbittorrent = {};
systemd.services."qbittorrent-nox" = {
after = [ "network.target" ];
wants = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStartPre = "${pkgs.bash}/bin/bash -c '${pkgs.coreutils}/bin/mkdir -p ${path} && ${pkgs.coreutils}/bin/chmod -R 755 ${path} && ${pkgs.coreutils}/bin/cp ${config.sops.templates."qbittorrent/configuration".path} ${path}/.config/qBittorrent/qBittorrent.conf'";
ExecStart = "${pkgs.unstable.qbittorrent-nox}/bin/qbittorrent-nox";
User = "qbittorrent";
Group = "media";
Restart = "on-failure";
ProtectKernelModules = true;
NoNewPrivileges = true;
};
};
services.nginx.virtualHosts."qbittorrent.${config.networking.hostName}.${config.networking.domain}" = {
forceSSL = true;
#useACMEHost = config.networking.domain; #not sure if this will work, unless
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://localhost:${port}";
};
basicAuthFile = config.sops.secrets."nginx/defaultpass".path;
};
}