Nix configurations for my homelab
1{
2 config,
3 lib,
4 pkgs,
5 ...
6}:
7{
8 environment.persistence."/data/persistent".directories = [
9 {
10 directory = "/var/lib/qBittorrent";
11 mode = "0700";
12 user = "qbittorrent";
13 group = "qbittorrent";
14 }
15 ];
16
17 networking.firewall.interfaces.${config.services.netbird.clients.homelab.interface}.allowedTCPPorts = lib.mkIf (
18 config.networking.hostName == "lily"
19 ) [ 8082 ];
20
21 users = {
22 users.qbittorrent = {
23 group = "qbittorrent";
24 isSystemUser = true;
25 uid = 998;
26 };
27 groups.qbittorrent.gid = 998;
28 };
29
30 containers.vpn = {
31 bindMounts = {
32 torrents = {
33 hostPath = "/data/torrents";
34 mountPoint = "/torrents";
35 isReadOnly = false;
36 };
37 qbittorrent = {
38 hostPath = "/var/lib/qBittorrent";
39 mountPoint = "/var/lib/qBittorrent";
40 isReadOnly = false;
41 };
42 };
43 forwardPorts = lib.mkIf (config.networking.hostName == "lily") [
44 {
45 hostPort = 8082;
46 containerPort = 8082;
47 }
48 ];
49 };
50
51 cafe.container.vpn.config = [
52 {
53 networking.firewall.allowedTCPPorts = [ 8082 ];
54
55 systemd.services.protonvpn-qbittorrent-natpmp = {
56 description = "Get a port and provide it to qBittorrent";
57 requires = [
58 "network-online.target"
59 "qbittorrent.service"
60 ];
61 wantedBy = [ "multi-user.target" ];
62 serviceConfig = {
63 ExecStart = "${
64 pkgs.writeShellApplication {
65 name = "protonvpn-natpmp";
66 runtimeInputs = with pkgs; [
67 curl
68 gnugrep
69 jq
70 libnatpmp
71 ];
72 text = builtins.readFile ../scripts/protonvpn-natpmp.sh;
73 }
74 }/bin/protonvpn-natpmp";
75 Restart = "on-failure";
76 };
77 };
78
79 services.qbittorrent = {
80 enable = true;
81 webuiPort = 8082;
82 serverConfig = {
83 LegalNotice.Accepted = true;
84 BitTorrent = {
85 ExcludedFileNamesEnabled = true;
86 Session = {
87 DefaultSavePath = "/torrents";
88 DHTEnabled = false; # TODO: This is an experiment to see if network stability improves
89 ExcludedFileNames = lib.strings.join ", " [
90 "*.exe"
91 "*.scr"
92 ];
93 Interface = "vpn";
94 InterfaceName = "vpn";
95 TorrentContentLayout = "Subfolder";
96 Preallocation = true;
97 QueueingSystemEnabled = false;
98 GlobalMaxInactiveSeedingMinutes = 61 * 24 * 60;
99 GlobalMaxSeedingMinutes = 31 * 24 * 60;
100 MaxConnections = 500;
101 MaxConnectionsPerTorrent = 50;
102 MaxUploads = -1;
103 MaxUploadsPerTorrent = 25;
104 ShareLimitAction = "Stop";
105 };
106 };
107 Network.PortForwardingEnabled = false;
108 Preferences = {
109 General = {
110 DeleteTorrentsFilesAsDefault = true;
111 StatusbarExternalIPDisplayed = true;
112 };
113 WebUI = {
114 Username = "mou";
115 Password_PBKDF2 =
116 "@ByteArray(oC8JAmq9UwLSd6SXZGeM/g==:9ElZqPoIQLPwfRlCxb8fZgFTZsrhF/zASd0RbVGgagYa2seez105FOW1QuwOrFpMlY"
117 + "v+lPW0NjT4PbgWomPFWA==)";
118 ReverseProxySupportEnabled = true;
119 };
120 };
121 };
122 };
123 }
124 ];
125}