declare qbittorrent

2026-04-01 23:34:28 -06:00
parent 645b022bcf
commit 5a4f7c2734
5 changed files with 157 additions and 99 deletions
--- a/modules/servers/homepage/service-widgets.nix
+++ b/modules/servers/homepage/service-widgets.nix
@@ -147,7 +147,7 @@
    };
  qbittorrent =
    let
-      url = "https://${config.my.ips.server}:${toString config.my.servers.qbittorrent.port}";
+      url = "http://${config.my.ips.server}:${toString config.my.servers.qbittorrent.port}";
      name = "qbittorrent";
    in
    lib.mkIf config.my.servers.qbittorrent.enable {
--- a/modules/servers/qbittorrent.nix
+++ b/modules/servers/qbittorrent.nix
@@ -6,12 +6,13 @@
  ...
 }:
 let
-  inherit (inputs) qbit_manage;
-  vuetorrent = pkgs.fetchzip {
-    url = "https://github.com/VueTorrent/VueTorrent/releases/download/v2.31.0/vuetorrent.zip";
-    sha256 = "sha256-kVDnDoCoJlY2Ew71lEMeE67kNOrKTJEMqNj2OfP01qw=";
-    stripRoot = true;
-  };
+  inherit (inputs) qbit_manage trackerslist;
+  qbitProfileDir = "/var/lib/qbittorrent";
+  qbitUser = "qbittorrent";
+  wgInterface = "wg0";
+  qbitDownloadDir = "/srv/pool/multimedia/downloads/torrent";
+  qbitIncompleteDir = "${qbitDownloadDir}/.incomplete";
+  additionalTrackers = lib.strings.trim (builtins.readFile "${trackerslist}/trackers_all.txt");
  qbit_manageEnv = pkgs.python3.withPackages (
    ps:
    builtins.attrValues {
@@ -33,8 +34,7 @@ let
    }
  );
  torrentCompletionScript = pkgs.writeShellScript "qbit-torrent-completion" ''
-    chown jawz:piracy -R "$1"
-    chmod -R 775 "$1"
+    chmod -R u+rwX,g+rwX,o-rwx "$1"
  '';
 in
 {
@@ -51,51 +51,75 @@ in
  };
  config = lib.mkIf (config.my.servers.qbittorrent.enable && config.my.secureHost) {
    my.network.firewall.additionalPorts = [ config.my.servers.qbittorrent.port ];
-    home-manager.users.jawz.xdg.dataFile.vuetorrent.source = vuetorrent;
-    home-manager.users.jawz.imports = [
-      (
-        { lib, ... }:
-        {
-          home.activation.qbittorrentAutorunCommand = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
-            conf=/home/jawz/.config/qBittorrent/qBittorrent.conf
-            if [ -f "$conf" ]; then
-              sed -i \
-                's|^program=.*$|program=${torrentCompletionScript} %F|' \
-                "$conf"
-            fi
-          '';
-        }
-      )
+    services.qbittorrent = {
+      enable = true;
+      user = qbitUser;
+      group = "piracy";
+      profileDir = qbitProfileDir;
+      webuiPort = config.my.servers.qbittorrent.port;
+      torrentingPort = config.my.ports.qbittorrent;
+      extraArgs = [ "--confirm-legal-notice" ];
+      serverConfig = {
+        AutoRun = {
+          enabled = true;
+          program = "${torrentCompletionScript} %F";
+        };
+        BitTorrent.Session = {
+          AddExtensionToIncompleteFiles = true;
+          AddTrackersEnabled = true;
+          AdditionalTrackers = additionalTrackers;
+          AnnounceIP = config.my.ips.vps;
+          DefaultSavePath = qbitDownloadDir;
+          GlobalMaxRatio = 1;
+          GlobalMaxSeedingMinutes = 120;
+          Interface = wgInterface;
+          InterfaceAddress = config.my.ips.wg-server;
+          InterfaceName = wgInterface;
+          MaxActiveDownloads = 5;
+          MaxActiveTorrents = 100;
+          MaxActiveUploads = 90;
+          QueueingSystemEnabled = true;
+          ShareLimitAction = "Stop";
+          TempPath = qbitIncompleteDir;
+          TempPathEnabled = true;
+        };
+        Core.AutoDeleteAddedTorrentFile = "Never";
+        Network.PortForwardingEnabled = false;
+        Preferences = {
+          Bittorrent.CustomizeTrackersListUrl = "https://raw.githubusercontent.com/ngosang/trackerslist/master/trackers_all.txt";
+          WebUI = {
+            AlternativeUIEnabled = true;
+            HTTPS.Enabled = false;
+            Password_PBKDF2 = "@ByteArray(ZYy4l3ORHihzBrRYqIfmOA==:SYv4Gor5ZSI9FfAPOxAAdhlmz/h+vViEHnoW6tfJYLNnFL9DQ8udqkO9Na83RJauzhVVGvAgauPq/y4UNPyl3g==)";
+            ReverseProxySupportEnabled = false;
+            RootFolder = "${pkgs.vuetorrent}/share/vuetorrent";
+            Username = "9VcZWt3d0u6mmMOhryUZAcpIe8WML9J7Icj00Vu5fuOFXRB0ECAItetKAK1NnfrD";
+          };
+        };
+      };
+    };
+    users.users.${qbitUser} = {
+      home = qbitProfileDir;
+      createHome = true;
+    };
+    systemd.tmpfiles.rules = [
+      "d ${qbitDownloadDir} 0775 ${qbitUser} piracy -"
+      "d ${qbitIncompleteDir} 0775 ${qbitUser} piracy -"
    ];
    sops.secrets =
      let
-        mkQbitSecret = file: mode: {
-          inherit mode;
-          inherit (config.users.users.jawz) group;
-          sopsFile = ../../secrets/keys.yaml;
-          owner = config.users.users.jawz.name;
-          path = "/home/jawz/.config/qBittorrent/ssl/${file}";
-        };
        mkUnpackerrSecret = {
          sopsFile = ../../secrets/secrets.yaml;
          owner = config.users.users.jawz.name;
        };
      in
      {
-        "certificates/qbit_cert" = mkQbitSecret "server.crt" "0644";
-        "certificates/qbit_key" = mkQbitSecret "server.key" "0600";
        "unpackerr/sonarr-api" = mkUnpackerrSecret;
        "unpackerr/radarr-api" = mkUnpackerrSecret;
      };
    systemd = {
-      packages = [
-        pkgs.qbittorrent-nox
-        torrentCompletionScript
-      ];
-      services."qbittorrent-nox@jawz" = {
-        enable = true;
-        overrideStrategy = "asDropin";
-        wantedBy = [ "multi-user.target" ];
+      packages = [ torrentCompletionScript ];
+      services = {
      };
      user = {
        services = {