2024-05-23 20:08:11 +03:00
|
|
|
{ config
|
|
|
|
|
, pkgs
|
|
|
|
|
, lib
|
|
|
|
|
, ...
|
|
|
|
|
}:
|
|
|
|
|
let
|
2024-03-29 22:36:02 +02:00
|
|
|
cfg = config.services.qbittorrent-nox;
|
2024-05-23 20:08:11 +03:00
|
|
|
in
|
|
|
|
|
{
|
2024-03-29 22:36:02 +02:00
|
|
|
options.services.qbittorrent-nox = {
|
|
|
|
|
enable = lib.mkEnableOption "qbittorrent, BitTorrent client.";
|
|
|
|
|
|
2024-05-23 20:08:11 +03:00
|
|
|
package = lib.mkPackageOption pkgs "qbittorrent-nox" { };
|
2024-03-29 22:36:02 +02:00
|
|
|
|
|
|
|
|
openFirewall = lib.mkOption {
|
|
|
|
|
default = false;
|
|
|
|
|
description = "Opens the torreting port";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
webuiPort = lib.mkOption {
|
|
|
|
|
type = lib.types.int;
|
|
|
|
|
description = "the port passed to qbittorrent via `--webui-port`";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
torrentingPort = lib.mkOption {
|
|
|
|
|
type = lib.types.int;
|
|
|
|
|
description = "the port passed to qbittorrent via `--torrenting-port`";
|
|
|
|
|
};
|
2024-04-16 10:11:48 +03:00
|
|
|
|
|
|
|
|
user = lib.mkOption {
|
|
|
|
|
type = lib.types.str;
|
|
|
|
|
default = "qbittorrent";
|
|
|
|
|
description = "User account under which qbittorrent runs.";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
group = lib.mkOption {
|
|
|
|
|
type = lib.types.str;
|
|
|
|
|
default = "qbittorrent";
|
|
|
|
|
description = "Group under which qbittorrent runs.";
|
|
|
|
|
};
|
2024-03-29 22:36:02 +02:00
|
|
|
};
|
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
|
|
|
systemd = {
|
|
|
|
|
services.qbittorrent-nox = {
|
|
|
|
|
description = "qbittorrent BitTorrent client";
|
2024-05-23 20:08:11 +03:00
|
|
|
wants = [ "network-online.target" ];
|
2024-03-29 22:36:02 +02:00
|
|
|
after = [
|
|
|
|
|
"local-fs.target"
|
|
|
|
|
"network-online.target"
|
|
|
|
|
"nss-lookup.target"
|
|
|
|
|
];
|
2024-05-23 20:08:11 +03:00
|
|
|
wantedBy = [ "multi-user.target" ];
|
2024-03-29 22:36:02 +02:00
|
|
|
|
|
|
|
|
# Needed for running cross-seed's hook
|
|
|
|
|
# /bin/sh -c "curl -XPOST http://localhost:2468/api/webhook --data-urlencode 'name=%N'"
|
|
|
|
|
path = with pkgs; [
|
|
|
|
|
curl
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
# paths: ~/.config/qBittorrent/ and ~/.local/share/qBittorrent/
|
|
|
|
|
serviceConfig = {
|
2024-04-16 10:11:48 +03:00
|
|
|
Type = "simple";
|
|
|
|
|
User = cfg.user;
|
|
|
|
|
Group = cfg.group;
|
2024-03-29 22:36:02 +02:00
|
|
|
ExecStart = "${lib.getExe cfg.package} --webui-port=${toString cfg.webuiPort} --torrenting-port=${toString cfg.torrentingPort}";
|
|
|
|
|
|
|
|
|
|
TimeoutStopSec = 1800;
|
|
|
|
|
RemoveIPC = true;
|
|
|
|
|
NoNewPrivileges = true;
|
|
|
|
|
ProtectProc = "invisible";
|
|
|
|
|
ProcSubset = "pid";
|
|
|
|
|
ProtectSystem = "full";
|
|
|
|
|
ProtectClock = true;
|
|
|
|
|
ProtectHostname = true;
|
|
|
|
|
ProtectKernelLogs = true;
|
|
|
|
|
ProtectKernelModules = true;
|
|
|
|
|
ProtectKernelTunables = true;
|
|
|
|
|
ProtectControlGroups = true;
|
|
|
|
|
RestrictAddressFamilies = [
|
|
|
|
|
"AF_INET"
|
|
|
|
|
"AF_INET6"
|
|
|
|
|
"AF_NETLINK"
|
|
|
|
|
];
|
|
|
|
|
RestrictNamespaces = true;
|
|
|
|
|
RestrictRealtime = true;
|
|
|
|
|
RestrictSUIDSGID = true;
|
|
|
|
|
LockPersonality = true;
|
|
|
|
|
MemoryDenyWriteExecute = true;
|
|
|
|
|
SystemCallArchitectures = "native";
|
|
|
|
|
CapabilityBoundingSet = "";
|
2024-05-23 20:08:11 +03:00
|
|
|
SystemCallFilter = [ "@system-service" ];
|
2024-03-29 22:36:02 +02:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [
|
|
|
|
|
cfg.torrentingPort
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
}
|
