jahanson/mochi
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Packages Wiki Activity Actions

qbittorrent #68

Merged
jahanson merged 4 commits from qbittorrent into main 2025-01-24 10:29:19 -06:00
Conversation 0 Commits 4 Files changed 4 +32 -57
2 changed files with 32 additions and 57 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 619a00618d - Show all commits

49
nixos/hosts/shadowfax/default.nix
View file

@ -4,28 +4,26 @@
inputs,
pkgs,
...
}:
let
sanoidConfig = import ./config/sanoid.nix { };
}: let
sanoidConfig = import ./config/sanoid.nix {};
disks = import ./config/disks.nix;
smartdDevices = map (device: { inherit device; }) disks;
in
{
smartdDevices = map (device: {inherit device;}) disks;
in {
imports = [
inputs.disko.nixosModules.disko
(import ../../profiles/disko-nixos.nix {
disks = [ "/dev/sda|/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_500GB_S58SNM0W406409E" ];
disks = ["/dev/sda|/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_500GB_S58SNM0W406409E"];
})
inputs.nix-minecraft.nixosModules.minecraft-servers
];
boot = {
initrd = {
kernelModules = [ "nfs" ];
supportedFilesystems = [ "nfs" ];
kernelModules = ["nfs"];
supportedFilesystems = ["nfs"];
};
binfmt.emulatedSystems = [ "aarch64-linux" ]; # Enabled for arm compilation
binfmt.emulatedSystems = ["aarch64-linux"]; # Enabled for arm compilation
kernelModules = [
"vfio"
@ -33,11 +31,11 @@ in
"vfio_pci"
"vfio_virqfd"
];
extraModulePackages = [ ];
kernelParams = [ "zfs.zfs_arc_max=107374182400" ]; # 100GB
extraModulePackages = [];
kernelParams = ["zfs.zfs_arc_max=107374182400"]; # 100GB
};
swapDevices = [ ];
swapDevices = [];
hardware = {
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
@ -47,7 +45,7 @@ in
nvidia-container-toolkit.enable = true;
};
users.users.root.openssh.authorizedKeys.keys = [ ];
users.users.root.openssh.authorizedKeys.keys = [];
# Network settings
networking = {
@ -73,11 +71,6 @@ in
};
};
# Programs
environment.systemPackages = with pkgs; [
# Headless qBittorrent - qbittorrent-nox
];
programs = {
# 1Password cli
_1password.enable = true;
@ -124,7 +117,7 @@ in
# Minio
minio = {
enable = true;
dataDir = [ "/eru/minio" ];
dataDir = ["/eru/minio"];
rootCredentialsFile = config.sops.secrets."minio".path;
};
@ -151,7 +144,7 @@ in
# Soft Serve - SSH git server
soft-serve = {
enable = true;
settings = import ./config/soft-serve.nix { };
settings = import ./config/soft-serve.nix {};
};
# Tailscale
@ -163,7 +156,7 @@ in
# VSCode Compatibility Settings
vscode-server.enable = true;
xserver.videoDrivers = [ "nvidia" ];
xserver.videoDrivers = ["nvidia"];
};
# sops
@ -173,19 +166,19 @@ in
owner = "minio";
group = "minio";
mode = "400";
restartUnits = [ "minio.service" ];
restartUnits = ["minio.service"];
};
"syncthing/publicCert" = {
sopsFile = ./secrets.sops.yaml;
owner = "jahanson";
mode = "400";
restartUnits = [ "syncthing.service" ];
restartUnits = ["syncthing.service"];
};
"syncthing/privateKey" = {
sopsFile = ./secrets.sops.yaml;
owner = "jahanson";
mode = "400";
restartUnits = [ "syncthing.service" ];
restartUnits = ["syncthing.service"];
};
# "caddy/env" = {
# sopsFile = ./secrets.sops.yaml;
@ -236,7 +229,7 @@ in
# qBittorrent
qbittorrent = {
enable = true;
package = pkgs.unstable.qbittorrent.override { guiSupport = false; };
package = pkgs.unstable.qbittorrent.override {guiSupport = false;};
user = "qbittorrent";
group = "qbittorrent";
dataDir = "/nahar/qbittorrent";
@ -259,9 +252,9 @@ in
system = {
incus = {
enable = true;
preseed = import ./config/incus-preseed.nix { };
preseed = import ./config/incus-preseed.nix {};
};
motd.networkInterfaces = [ "bond0" ];
motd.networkInterfaces = ["bond0"];
nfs.enable = true;
zfs.enable = true;
zfs.mountPoolsAtBoot = [

40
nixos/modules/nixos/services/qbittorrent/default.nix
View file

@ -78,6 +78,7 @@ in
};
environment.systemPackages = [
cfg.package
];
systemd.services.qbittorrent = {
@ -88,34 +89,13 @@ in
QBT_DOWNLOADS_PATH = "${cfg.dataDir}/downloads";
XDG_CONFIG_HOME = cfg.dataDir;
XDG_DATA_HOME = cfg.dataDir;
CONFIG_DIR = "${cfg.dataDir}";
CONFIG_FILE = "${cfg.dataDir}/qBittorrent.conf";
CONFIG_DIR = "${cfg.dataDir}/qBittorrent";
CONFIG_FILE = "${cfg.dataDir}/qBittorrent/config/qBittorrent.conf";
LOG_DIR = "${cfg.dataDir}/logs";
LOG_FILE = "${cfg.dataDir}/logs/qbittorrent.log";
};
preStart = ''
# Ensure config directory exists
mkdir -p "$CONFIG_DIR"
# Set up log directory and file
mkdir -p "$LOG_DIR"
# Copy default config if it doesn't exist
if [[ ! -f "$CONFIG_FILE" ]]; then
cat > "$CONFIG_FILE" << EOF
[BitTorrent]
Session\DefaultSavePath=${cfg.downloadsDir}
Session\Port=${toString cfg.qbittorrentPort}
Session\TempPath=${cfg.downloadsDir}/temp
EOF
fi
# Ensure correct permissions
chown -R ${cfg.user}:${cfg.group} "$CONFIG_DIR"
'';
serviceConfig =
serviceConfig = lib.mkMerge [
{
ExecStart = "${cfg.package}/bin/qbittorrent-nox --profile=${cfg.dataDir}";
ReadWritePaths = [
@ -124,9 +104,12 @@ in
];
Restart = "on-failure";
RestartSec = 5;
User = cfg.user;
Group = cfg.group;
}
// lib.mkIf cfg.hardening {
CapabilityBoundingSet = [ ];
(lib.mkIf cfg.hardening {
CapabilityBoundingSet = [ "" ];
DeviceAllow = [ "" ];
DevicePolicy = "closed";
LockPersonality = true;
MemoryDenyWriteExecute = true;
@ -141,8 +124,6 @@ in
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_NETLINK"
"AF_UNIX"
];
RestrictNamespaces = [
"uts"
@ -159,7 +140,8 @@ in
"~@privileged"
"~@resources"
];
};
})
];
};
networking.firewall = mkIf cfg.openFirewall {