From eeb4dfae7a6c9906650b2d76c943ec7d47e55f5c Mon Sep 17 00:00:00 2001
From: Simon Gardling <titaniumtown@proton.me>
Date: Tue, 12 Nov 2024 17:52:18 -0500
Subject: [PATCH] try and do native qbittorrent

---
 .gitattributes    |   1 +
 configuration.nix |  42 ++++++++++++++++++++++++++++++++++++++++++
 flake.lock        |  41 +++++++++++++++++++++++++++++++++++++----
 flake.nix         |  11 +++++++++++
 secrets/wg0.conf  | Bin 0 -> 312 bytes
 5 files changed, 91 insertions(+), 4 deletions(-)
 create mode 100644 secrets/wg0.conf

diff --git a/.gitattributes b/.gitattributes
index 4c9ff84..0bb32ff 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -2,3 +2,4 @@ secrets/murmur_password filter=git-crypt diff=git-crypt
 secrets/hashedPass filter=git-crypt diff=git-crypt
 secrets/mullvad.nix filter=git-crypt diff=git-crypt
 secrets/minecraft-whitelist.nix filter=git-crypt diff=git-crypt
+secrets/wg0.conf filter=git-crypt diff=git-crypt
diff --git a/configuration.nix b/configuration.nix
index e96dbf2..998f0a8 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -21,6 +21,48 @@
     # ./services/soulseek.nix
   ];
 
+  # vpnNamespaces.wg = {
+  #   enable = true;
+  #   wireguardConfigFile = ./secrets/wg0.conf;
+  #   accessibleFrom = [
+  #     # "192.168.1.0/24"
+  #     # "127.0.0.1"
+  #     "0.0.0.0/32"
+  #   ];
+  #   # portMappings = [
+  #   #   {
+  #   #     from = config.services.qbittorrent.webuiPort;
+  #   #     to = config.services.qbittorrent.webuiPort;
+  #   #   }
+  #   # ];
+  #   openVPNPorts = [
+  #     {
+  #       port = config.services.qbittorrent.webuiPort;
+  #       protocol = "tcp";
+  #     }
+  #   ];
+  # };
+
+  # services.qbittorrent = {
+  #   enable = true;
+  #   openFirewall = true;
+  #   package = pkgs.qbittorrent-nox;
+  #   webuiPort = service_configs.ports.torrent;
+  #   serverConfig.LegalNotice.Accepted = true;
+  #   serverConfig.Preferences.WebUI = {
+  #     AlternativeUIEnabled = true;
+  #     RootFolder = "${pkgs.fetchzip {
+  #       url = "https://github.com/VueTorrent/VueTorrent/releases/download/v2.17.0/vuetorrent.zip";
+  #       hash = "sha256-PpumQCgIZp9wENL1XZvf7CdUAW9W0pQP5wqtG9oOUpM=";
+  #     }}";
+  #   };
+  # };
+
+  #   systemd.services.qbittorrent.vpnConfinement = {
+  #   enable = true;
+  #   vpnNamespace = "wg";
+  # };
+
   systemd.targets = {
     sleep.enable = false;
     suspend.enable = false;
diff --git a/flake.lock b/flake.lock
index e119398..8cec60a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -74,11 +74,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1731432729,
-        "narHash": "sha256-xMIgn4+PJrb9IQh/Llq4EOmeoHnz2rDWSqlF2BDPkNQ=",
+        "lastModified": 1731433909,
+        "narHash": "sha256-uB4TW3PP9ZC85OjbNV3n5VPAFEdJ5852erzlaE9+vSs=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "9c66a68772c91490d7991b5136873e09e75d517d",
+        "rev": "ef9b4bce3e4829beefebc2246d08517732fbffbf",
         "type": "github"
       },
       "original": {
@@ -88,6 +88,22 @@
         "type": "github"
       }
     },
+    "nixpkgs-qbt": {
+      "locked": {
+        "lastModified": 1728358927,
+        "narHash": "sha256-8SUsg/Nmn8aEURRdZwxKKNnz22zRMyNwNoP1+aWnhlg=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "ed446194bbf78795e4ec2d004da093116c93653f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "pull/287923/head",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "quadlet-nix": {
       "inputs": {
         "nixpkgs": [
@@ -113,7 +129,9 @@
         "nix-minecraft": "nix-minecraft",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
-        "quadlet-nix": "quadlet-nix"
+        "nixpkgs-qbt": "nixpkgs-qbt",
+        "quadlet-nix": "quadlet-nix",
+        "vpn-confinement": "vpn-confinement"
       }
     },
     "systems": {
@@ -130,6 +148,21 @@
         "repo": "default",
         "type": "github"
       }
+    },
+    "vpn-confinement": {
+      "locked": {
+        "lastModified": 1731209328,
+        "narHash": "sha256-b3jggBHZh20jUfBxoaIvew23czsw82zBc0aKxtkF3g8=",
+        "owner": "Maroka-chan",
+        "repo": "VPN-Confinement",
+        "rev": "74e6fd47804b5ca69187200efbb14cf1ecb9ea07",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Maroka-chan",
+        "repo": "VPN-Confinement",
+        "type": "github"
+      }
     }
   },
   "root": "root",
diff --git a/flake.nix b/flake.nix
index 778678a..bd3db0f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -12,6 +12,10 @@
 
     nix-minecraft.url = "github:Infinidoge/nix-minecraft";
     nix-minecraft.inputs.nixpkgs.follows = "nixpkgs";
+
+    vpn-confinement.url = "github:Maroka-chan/VPN-Confinement";
+
+    nixpkgs-qbt.url = "github:NixOS/nixpkgs/pull/287923/head";
   };
 
   outputs =
@@ -20,6 +24,8 @@
       quadlet-nix,
       nix-minecraft,
       nixos-hardware,
+      vpn-confinement,
+      nixpkgs-qbt,
       ...
     }@inputs:
     let
@@ -99,6 +105,11 @@
           nixos-hardware.nixosModules.common-pc-ssd
           nixos-hardware.nixosModules.common-gpu-intel
 
+          vpn-confinement.nixosModules.default
+
+          # import the `services.qbittorrent` module
+          (nixpkgs-qbt + "/nixos/modules/services/torrent/qbittorrent.nix")
+
           (
             { pkgs, lib, ... }:
             {
diff --git a/secrets/wg0.conf b/secrets/wg0.conf
new file mode 100644
index 0000000000000000000000000000000000000000..9d2e7b84af8518ccd5493db9711519b7e424150d
GIT binary patch
literal 312
zcmZQ@_Y83kiVO&0=npVF@9XzZdByq#66OzAyuPvgfYb`Nz4taunsR2+P06WNuas6_
z4OwyYl5dc+ZO(J6;CbsAIW6V9XD8L%$lqm{-ItzrJT`!hS@U21iJ4L|e|(lKdLHyF
z@I%*aE#dtw(;a+`Uj&)W+TvyJA$sO~EYq^BEXxY7sWrJYoEO<+COs#2<GZEI(({X*
z3=5x~KC@+0V8;I|`_ykJifowg*zOb=ow&BqE?VI3mb2^5%(#C2py6F*l}b&YlxQWx
zO+OER&SKtgAosALz}xj_oY|AGIZxDzT^-(^C|%5_AUo$dZ^Q%n3PBEuy+UU*gnX=?
z*T%%IFsNkM`1e|&NcHB`AGW6PH-0I*-Em{i$IBD^e&0H7?s@-)Pv!hpR;|E=d<m+v
YGjD7=#`NWbK;YClwo+%(vI}1U0J~h4!~g&Q

literal 0
HcmV?d00001