diff --git a/devices/nas/modules/qbittorrent/default.nix b/devices/nas/modules/qbittorrent/default.nix index 82d1a54..629a613 100644 --- a/devices/nas/modules/qbittorrent/default.nix +++ b/devices/nas/modules/qbittorrent/default.nix @@ -1,5 +1,17 @@ {...}: { imports = [ + ./qbittorrent.nix ./wireguard.nix ]; + + users.groups."matt" = { + gid = 1000; + members = ["matt"]; + }; + + services.qbittorrent = { + enable = true; + user = "matt"; + group = "matt"; + }; } diff --git a/devices/nas/modules/qbittorrent/qbittorrent.nix b/devices/nas/modules/qbittorrent/qbittorrent.nix new file mode 100644 index 0000000..6ea5c6c --- /dev/null +++ b/devices/nas/modules/qbittorrent/qbittorrent.nix @@ -0,0 +1,132 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.services.qbittorrent; + pkg = pkgs.qbittorrent-nox; + + vue = pkgs.stdenv.mkDerivation { + name = "vuetorrent"; + nativeBuildInputs = [pkgs.unzip]; + buildInputs = [pkgs.unzip]; + src = pkgs.fetchurl { + url = "https://github.com/VueTorrent/VueTorrent/releases/download/v2.7.1/vuetorrent.zip"; + hash = "sha256-/6biiWVgYQF7SpiY3JmcW4NDAvePLwPyD+j12/BqPIE="; + }; + postInstall = '' + mkdir $out + cp -a ./* $out + ''; + }; + + inherit + (lib) + mkEnableOption + mkOption + types + mkIf + ; +in { + options.services.qbittorrent = { + enable = mkEnableOption "qbittorrent"; + + dataDir = mkOption { + type = types.path; + default = "/var/lib/qbittorrent"; + description = '' + The directory where qBittorrent will create files. + ''; + }; + + configDir = mkOption { + type = types.path; + default = "${cfg.dataDir}/.config"; + description = '' + The directory where qBittorrent will store its configuration. + ''; + }; + + user = mkOption { + type = types.str; + default = "qbittorrent"; + description = '' + User account under which qBittorrent runs. + ''; + }; + + group = mkOption { + type = types.str; + default = "qbittorrent"; + description = '' + Group under which qBittorrent runs. + ''; + }; + + port = mkOption { + type = types.port; + default = 8080; + description = '' + qBittorrent web UI port. + ''; + }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Allow qBittorrent's ports to accept connections from the outside network. + ''; + }; + + openFilesLimit = mkOption { + default = 4096; + description = '' + Number of files to allow qBittorrent to open. + ''; + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [pkg]; + + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [cfg.port]; + allowedUDPPorts = [cfg.port]; + }; + + systemd.services.qbittorrent = { + after = ["network.target"]; + description = "qBittorrent Daemon"; + wantedBy = ["multi-user.target"]; + path = [pkg]; + script = '' + ln -sf ${vue} ${cfg.configDir}/vuetorrent + qbittorrent-nox \ + --profile=${cfg.configDir} \ + --webui-port=${toString cfg.port} + ''; + serviceConfig = { + Restart = "on-success"; + User = cfg.user; + Group = cfg.group; + UMask = "0002"; + LimitNOFILE = cfg.openFilesLimit; + }; + }; + + users.users = mkIf (cfg.user == "qbittorrent") { + qbittorrent = { + group = cfg.group; + home = cfg.dataDir; + createHome = true; + description = "qBittorrent Daemon user"; + }; + }; + + users.groups = mkIf (cfg.group == "qbittorrent") { + qbittorrent = {}; + }; + }; +} diff --git a/devices/nas/modules/qbittorrent/wireguard.nix b/devices/nas/modules/qbittorrent/wireguard.nix index 54f984e..a379393 100644 --- a/devices/nas/modules/qbittorrent/wireguard.nix +++ b/devices/nas/modules/qbittorrent/wireguard.nix @@ -42,6 +42,7 @@ in { description = "Forward to ${service} in wireguard namespace"; requires = ["${service}.service"]; after = ["${service}.service"]; + partOf = ["${service}.service"]; serviceConfig = { Restart = "on-failure"; TimeoutStopSec = 300; @@ -66,5 +67,8 @@ in { }; }; "wireguard-wg0".wants = ["netns@wg.service"]; + + "qbittorrent" = joinWgNamespace; + "qbittorrent-port-route" = mkPortRoute "qbittorrent" "8080"; }; }