expand vpnNamespaceOpenPort

lib.nix

@@ -55,7 +55,7 @@ inputs.nixpkgs.lib.extend (
       ];
 
     vpnNamespaceOpenPort =
-      port:
+      port: service:
       { ... }:
       {
         vpnNamespaces.wg = {
@@ -73,6 +73,10 @@ inputs.nixpkgs.lib.extend (
             }
           ];
         };
+        systemd.services.${service}.vpnConfinement = {
+          enable = true;
+          vpnNamespace = "wg";
+        };
       };
   }
 )

services/bitmagnet.nix

@@ -7,7 +7,7 @@
 }:
 {
   imports = [
-    (lib.vpnNamespaceOpenPort service_configs.ports.bitmagnet)
+    (lib.vpnNamespaceOpenPort service_configs.ports.bitmagnet "bitmagnet")
   ];
 
   services.bitmagnet = {
@@ -28,9 +28,4 @@
     ${builtins.readFile ../secrets/caddy_auth}
     reverse_proxy ${service_configs.https.wg_ip}:${builtins.toString service_configs.ports.bitmagnet}
   '';
-
-  systemd.services.bitmagnet.vpnConfinement = {
-    enable = true;
-    vpnNamespace = "wg";
-  };
 }

services/qbittorrent.nix

@@ -13,7 +13,7 @@
       config.services.qbittorrent.serverConfig.Preferences.Downloads.TempPath
       "${config.services.qbittorrent.profileDir}/qBittorrent"
     ])
-    (lib.vpnNamespaceOpenPort config.services.qbittorrent.webuiPort)
+    (lib.vpnNamespaceOpenPort config.services.qbittorrent.webuiPort "qbittorrent")
   ];
 
   services.qbittorrent = {
@@ -203,12 +203,6 @@
     "d ${config.services.qbittorrent.profileDir} 0700 ${config.services.qbittorrent.user} ${config.services.qbittorrent.group}"
   ];
 
-  # make qbittorrent use a vpn
-  systemd.services.qbittorrent.vpnConfinement = {
-    enable = true;
-    vpnNamespace = "wg";
-  };
-
   services.caddy.virtualHosts."torrent.${service_configs.https.domain}".extraConfig = ''
     ${builtins.readFile ../secrets/caddy_auth}
     reverse_proxy ${service_configs.https.wg_ip}:${builtins.toString config.services.qbittorrent.webuiPort}