nix-dotfiles/services/torrent.nix

55 lines
1.4 KiB
Nix

{ config, lib, pkgs, options, ... }:
let
port = 8090;
torrentPort = 44183;
savePath = "/Main/Data/media/Downloads/";
path = "/var/lib/qbittorrent";
in
{
networking.firewall.allowedTCPPorts = [ port torrentPort];
networking.firewall.allowedUDPPorts = [ port torrentPort];
users.users.qbittorrent = {
isNormalUser = true; #make this a normal user to be able to make files
home = path;
group = "qbittorrent";
};
users.groups.qbittorrent = {};
systemd.services."qbittorrent-nox" ={
after = [ "network.target" ];
#environment.HOME = "/var/lib/qbittorrent";
serviceConfig = {
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${path}";
ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox --webui-port=${toString port} --torrenting-port=${toString torrentPort} --save-path=${savePath}";
User = "qbittorrent";
Group = "qbittorrent";
Restart = "on-failure";
DynamicUser = true;
InaccessiblePaths = [ "/home" "/root" "/run" "/boot" "/etc" "/proc" "/sys" "/usr" "/lib" "/bin" "/sbin" "/srv" "/opt" ];
# Security options
PrivateTmp = true;
ProtectSystem = "full";
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
NoNewPrivileges = true;
ProtectHome = true;
PrivateDevices = true;
};
};
}