yemou.pink / nix-configs
Nix configurations for my homelab
0
Fork 0

Configure Feed

Select the types of activity you want to include in your feed.

nix-configs / modules / qbittorrent.nix
at main 3.7 kB View raw
yemou qbittorrent: add ip whitelists to allow arr apps to work
4892d09b
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7{ 8 environment.persistence."/data/persistent".directories = [ 9 { 10 directory = "/var/lib/qBittorrent"; 11 mode = "0700"; 12 user = "qbittorrent"; 13 group = "qbittorrent"; 14 } 15 ]; 16 17 networking.firewall.interfaces.${config.services.netbird.clients.homelab.interface}.allowedTCPPorts = lib.mkIf ( 18 config.networking.hostName == "lily" 19 ) [ 8082 ]; 20 21 users = { 22 users.qbittorrent = { 23 group = "qbittorrent"; 24 isSystemUser = true; 25 uid = 998; 26 }; 27 groups.qbittorrent.gid = 998; 28 }; 29 30 containers.vpn = { 31 bindMounts = { 32 torrents = { 33 hostPath = "/data/torrents"; 34 mountPoint = "/torrents"; 35 isReadOnly = false; 36 }; 37 qbittorrent = { 38 hostPath = "/var/lib/qBittorrent"; 39 mountPoint = "/var/lib/qBittorrent"; 40 isReadOnly = false; 41 }; 42 }; 43 forwardPorts = lib.mkIf (config.networking.hostName == "lily") [ 44 { 45 hostPort = 8082; 46 containerPort = 8082; 47 } 48 ]; 49 }; 50 51 cafe.container.vpn.config = [ 52 { 53 networking.firewall.allowedTCPPorts = [ 8082 ]; 54 55 systemd.services.protonvpn-qbittorrent-natpmp = { 56 description = "Get a port and provide it to qBittorrent"; 57 requires = [ 58 "network-online.target" 59 "qbittorrent.service" 60 ]; 61 wantedBy = [ "multi-user.target" ]; 62 serviceConfig = { 63 ExecStart = "${ 64 pkgs.writeShellApplication { 65 name = "protonvpn-natpmp"; 66 runtimeInputs = with pkgs; [ 67 curl 68 gnugrep 69 jq 70 libnatpmp 71 ]; 72 text = builtins.readFile ../scripts/protonvpn-natpmp.sh; 73 } 74 }/bin/protonvpn-natpmp"; 75 Restart = "on-failure"; 76 }; 77 }; 78 79 services.qbittorrent = { 80 enable = true; 81 webuiPort = 8082; 82 serverConfig = { 83 LegalNotice.Accepted = true; 84 BitTorrent = { 85 ExcludedFileNamesEnabled = true; 86 Session = { 87 DefaultSavePath = "/torrents"; 88 DHTEnabled = false; # TODO: This is an experiment to see if network stability improves 89 ExcludedFileNames = lib.strings.join ", " [ 90 "*.exe" 91 "*.scr" 92 ]; 93 Interface = "vpn"; 94 InterfaceName = "vpn"; 95 TorrentContentLayout = "Subfolder"; 96 Preallocation = true; 97 QueueingSystemEnabled = false; 98 GlobalMaxInactiveSeedingMinutes = 61 * 24 * 60; 99 GlobalMaxSeedingMinutes = 31 * 24 * 60; 100 MaxConnections = 500; 101 MaxConnectionsPerTorrent = 50; 102 MaxUploads = -1; 103 MaxUploadsPerTorrent = 25; 104 ShareLimitAction = "Stop"; 105 }; 106 }; 107 Network.PortForwardingEnabled = false; 108 Preferences = { 109 General = { 110 DeleteTorrentsFilesAsDefault = true; 111 StatusbarExternalIPDisplayed = true; 112 }; 113 WebUI = { 114 Username = "mou"; 115 Password_PBKDF2 = 116 "@ByteArray(oC8JAmq9UwLSd6SXZGeM/g==:9ElZqPoIQLPwfRlCxb8fZgFTZsrhF/zASd0RbVGgagYa2seez105FOW1QuwOrFpMlY" 117 + "v+lPW0NjT4PbgWomPFWA==)"; 118 ReverseProxySupportEnabled = true; 119 LocalHostAuth = false; 120 AuthSubnetWhitelistEnabled = true; 121 AuthSubnetWhitelist = lib.strings.join ", " [ 122 "192.168.2.1/32" 123 "fd6c:696c:6163::1/128" 124 ]; 125 }; 126 }; 127 }; 128 }; 129 } 130 ]; 131}