From a827438a4c65cc824c2c4402c98a4aa68fb2d8ea Mon Sep 17 00:00:00 2001
From: Simon Gardling <titaniumtown@proton.me>
Date: Wed, 20 Aug 2025 12:33:27 -0400
Subject: [PATCH] expand vpnNamespaceOpenPort

---
 lib.nix                  | 6 +++++-
 services/bitmagnet.nix   | 7 +------
 services/qbittorrent.nix | 8 +-------
 3 files changed, 7 insertions(+), 14 deletions(-)

diff --git a/lib.nix b/lib.nix
index 9316287..5fa56af 100644
--- a/lib.nix
+++ b/lib.nix
@@ -55,7 +55,7 @@ inputs.nixpkgs.lib.extend (
       ];
 
     vpnNamespaceOpenPort =
-      port:
+      port: service:
       { ... }:
       {
         vpnNamespaces.wg = {
@@ -73,6 +73,10 @@ inputs.nixpkgs.lib.extend (
             }
           ];
         };
+        systemd.services.${service}.vpnConfinement = {
+          enable = true;
+          vpnNamespace = "wg";
+        };
       };
   }
 )
diff --git a/services/bitmagnet.nix b/services/bitmagnet.nix
index 571112a..cebecc6 100644
--- a/services/bitmagnet.nix
+++ b/services/bitmagnet.nix
@@ -7,7 +7,7 @@
 }:
 {
   imports = [
-    (lib.vpnNamespaceOpenPort service_configs.ports.bitmagnet)
+    (lib.vpnNamespaceOpenPort service_configs.ports.bitmagnet "bitmagnet")
   ];
 
   services.bitmagnet = {
@@ -28,9 +28,4 @@
     ${builtins.readFile ../secrets/caddy_auth}
     reverse_proxy ${service_configs.https.wg_ip}:${builtins.toString service_configs.ports.bitmagnet}
   '';
-
-  systemd.services.bitmagnet.vpnConfinement = {
-    enable = true;
-    vpnNamespace = "wg";
-  };
 }
diff --git a/services/qbittorrent.nix b/services/qbittorrent.nix
index dc8482c..f35c061 100644
--- a/services/qbittorrent.nix
+++ b/services/qbittorrent.nix
@@ -13,7 +13,7 @@
       config.services.qbittorrent.serverConfig.Preferences.Downloads.TempPath
       "${config.services.qbittorrent.profileDir}/qBittorrent"
     ])
-    (lib.vpnNamespaceOpenPort config.services.qbittorrent.webuiPort)
+    (lib.vpnNamespaceOpenPort config.services.qbittorrent.webuiPort "qbittorrent")
   ];
 
   services.qbittorrent = {
@@ -203,12 +203,6 @@
     "d ${config.services.qbittorrent.profileDir} 0700 ${config.services.qbittorrent.user} ${config.services.qbittorrent.group}"
   ];
 
-  # make qbittorrent use a vpn
-  systemd.services.qbittorrent.vpnConfinement = {
-    enable = true;
-    vpnNamespace = "wg";
-  };
-
   services.caddy.virtualHosts."torrent.${service_configs.https.domain}".extraConfig = ''
     ${builtins.readFile ../secrets/caddy_auth}
     reverse_proxy ${service_configs.https.wg_ip}:${builtins.toString config.services.qbittorrent.webuiPort}