From 2c245e142589c981e6034570d2f62e729d207aa1 Mon Sep 17 00:00:00 2001
From: Simon Gardling <titaniumtown@proton.me>
Date: Wed, 13 Nov 2024 10:04:33 -0500
Subject: [PATCH] use native qbittorrent

---
 configuration.nix        | 46 ++-----------------------------
 flake.lock               |  6 ++--
 services/caddy.nix       |  2 +-
 services/qbittorrent.nix | 59 ++++++++++++++++++++++++++++++++++++++++
 4 files changed, 65 insertions(+), 48 deletions(-)
 create mode 100644 services/qbittorrent.nix

diff --git a/configuration.nix b/configuration.nix
index 998f0a8..896977f 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -13,56 +13,14 @@
     ./hardware.nix
     ./services/jellyfin.nix
     ./services/caddy.nix
-    ./services/quadlet.nix
+    # ./services/quadlet.nix
     ./services/immich.nix
     ./services/gitea.nix
     ./services/minecraft.nix
-    # ./services/llm.nix
     # ./services/soulseek.nix
+    ./services/qbittorrent.nix
   ];
 
-  # vpnNamespaces.wg = {
-  #   enable = true;
-  #   wireguardConfigFile = ./secrets/wg0.conf;
-  #   accessibleFrom = [
-  #     # "192.168.1.0/24"
-  #     # "127.0.0.1"
-  #     "0.0.0.0/32"
-  #   ];
-  #   # portMappings = [
-  #   #   {
-  #   #     from = config.services.qbittorrent.webuiPort;
-  #   #     to = config.services.qbittorrent.webuiPort;
-  #   #   }
-  #   # ];
-  #   openVPNPorts = [
-  #     {
-  #       port = config.services.qbittorrent.webuiPort;
-  #       protocol = "tcp";
-  #     }
-  #   ];
-  # };
-
-  # services.qbittorrent = {
-  #   enable = true;
-  #   openFirewall = true;
-  #   package = pkgs.qbittorrent-nox;
-  #   webuiPort = service_configs.ports.torrent;
-  #   serverConfig.LegalNotice.Accepted = true;
-  #   serverConfig.Preferences.WebUI = {
-  #     AlternativeUIEnabled = true;
-  #     RootFolder = "${pkgs.fetchzip {
-  #       url = "https://github.com/VueTorrent/VueTorrent/releases/download/v2.17.0/vuetorrent.zip";
-  #       hash = "sha256-PpumQCgIZp9wENL1XZvf7CdUAW9W0pQP5wqtG9oOUpM=";
-  #     }}";
-  #   };
-  # };
-
-  #   systemd.services.qbittorrent.vpnConfinement = {
-  #   enable = true;
-  #   vpnNamespace = "wg";
-  # };
-
   systemd.targets = {
     sleep.enable = false;
     suspend.enable = false;
diff --git a/flake.lock b/flake.lock
index 8cec60a..a772f4f 100644
--- a/flake.lock
+++ b/flake.lock
@@ -74,11 +74,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1731433909,
-        "narHash": "sha256-uB4TW3PP9ZC85OjbNV3n5VPAFEdJ5852erzlaE9+vSs=",
+        "lastModified": 1731474235,
+        "narHash": "sha256-wcteA0D0PKmULhuHKhIsnXpngAAmbMMrWxvGwi/eITM=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ef9b4bce3e4829beefebc2246d08517732fbffbf",
+        "rev": "1641c8d30380e2507a5ccff8f4a4800311bdfe5a",
         "type": "github"
       },
       "original": {
diff --git a/services/caddy.nix b/services/caddy.nix
index cba1ce7..119079b 100644
--- a/services/caddy.nix
+++ b/services/caddy.nix
@@ -12,7 +12,7 @@
         tls ${service_configs.https.certs}/cert.crt ${service_configs.https.certs}/cert.key
 
         handle_path /torrent* {
-        	reverse_proxy 127.0.0.1:${builtins.toString service_configs.ports.torrent}
+        	reverse_proxy 192.168.15.1:${builtins.toString service_configs.ports.torrent}
         }
 
         root * ${service_configs.https.data_dir}
diff --git a/services/qbittorrent.nix b/services/qbittorrent.nix
new file mode 100644
index 0000000..f1fcfda
--- /dev/null
+++ b/services/qbittorrent.nix
@@ -0,0 +1,59 @@
+{
+  pkgs,
+  config,
+  service_configs,
+  ...
+}:
+{
+  # network namespace that is proxied through mullvad
+  vpnNamespaces.wg = {
+    enable = true;
+    wireguardConfigFile = ./secrets/wg0.conf;
+    accessibleFrom = [
+      "192.168.0.0/24"
+    ];
+    portMappings = [
+      {
+        from = config.services.qbittorrent.webuiPort;
+        to = config.services.qbittorrent.webuiPort;
+      }
+    ];
+    openVPNPorts = [
+      {
+        port = config.services.qbittorrent.webuiPort;
+        protocol = "both";
+      }
+    ];
+  };
+
+  services.qbittorrent = {
+    enable = true;
+    package = pkgs.qbittorrent-nox;
+    webuiPort = service_configs.ports.torrent;
+    serverConfig.LegalNotice.Accepted = true;
+    serverConfig.Preferences.WebUI = {
+      AlternativeUIEnabled = true;
+      RootFolder = "${pkgs.fetchzip {
+        url = "https://github.com/VueTorrent/VueTorrent/releases/download/v2.17.0/vuetorrent.zip";
+        hash = "sha256-PpumQCgIZp9wENL1XZvf7CdUAW9W0pQP5wqtG9oOUpM=";
+      }}";
+      Password_PBKDF2 = "@ByteArray(U6PmgkmajHD6Nu5rLbazHw==:ycEEnAMGTxwAhkFiQtdkc6mbGArmnZ2Tkujk6wt4CCytlX0mzGgjQVLKzRb8vSV/S1Yu6+PuAO5gC8IxGR97jA==)";
+    };
+
+    serverConfig.Preferences.Downloads = {
+      SavePath = service_configs.hdd_path + "/torrents";
+      TempPath = service_configs.hdd_path + "/torrents/incomplete";
+    };
+
+    serverConfig.BitTorrent.Session = {
+      GlobalUPSpeedLimit = 1000; # 1 MiB/s
+      QueueingSystemEnabled = false; # seed all torrents all the time
+    };
+  };
+
+  # make qbittorrent use a vpn
+  systemd.services.qbittorrent.vpnConfinement = {
+    enable = true;
+    vpnNamespace = "wg";
+  };
+}