create 'lib.vpnNamespaceOpenPort'

lib.nix

@@ -54,5 +54,26 @@ inputs.nixpkgs.lib.extend (
         "-march=znver3"
         "-mtune=znver3"
       ];
+
+    vpnNamespaceOpenPort =
+      port:
+      { ... }:
+      {
+        vpnNamespaces.wg = {
+          portMappings = [
+            {
+              from = port;
+              to = port;
+            }
+          ];
+
+          openVPNPorts = [
+            {
+              port = port;
+              protocol = "both";
+            }
+          ];
+        };
+      };
   }
 )

services/bitmagnet.nix

@@ -2,25 +2,14 @@
   pkgs,
   service_configs,
   config,
+  lib,
   ...
 }:
 {
-  vpnNamespaces.wg = {
-    portMappings = [
-      {
-        from = service_configs.ports.bitmagnet;
-        to = service_configs.ports.bitmagnet;
-      }
+  imports = [
+    (lib.vpnNamespaceOpenPort service_configs.ports.bitmagnet)
   ];
 
-    openVPNPorts = [
-      {
-        port = service_configs.ports.bitmagnet;
-        protocol = "both";
-      }
-    ];
-  };
-
   services.bitmagnet = {
     enable = true;
 

services/qbittorrent.nix

@@ -11,31 +11,15 @@
     (lib.serviceMountDeps "qbittorrent" [
       service_configs.torrents_path
       config.services.qbittorrent.serverConfig.Preferences.Downloads.TempPath
-      "/var/lib/qBittorrent/qBittorrent"
+      "${config.services.qbittorrent.profileDir}/qBittorrent"
     ])
+    (lib.vpnNamespaceOpenPort config.services.qbittorrent.webuiPort)
   ];
 
-  # network namespace that is proxied through mullvad
-  vpnNamespaces.wg = {
-    portMappings = [
-      {
-        from = config.services.qbittorrent.webuiPort;
-        to = config.services.qbittorrent.webuiPort;
-      }
-    ];
-
-    openVPNPorts = [
-      {
-        port = config.services.qbittorrent.webuiPort;
-        protocol = "both";
-      }
-    ];
-  };
-
   services.qbittorrent = {
     enable = true;
-    package = pkgs.qbittorrent-nox;
     webuiPort = service_configs.ports.torrent;
+    profileDir = "/var/lib/qBittorrent";
 
     serverConfig.LegalNotice.Accepted = true;
 
@@ -44,8 +28,8 @@
         AlternativeUIEnabled = true;
         RootFolder = builtins.toString (
           pkgs.fetchzip {
-            url = "https://github.com/VueTorrent/VueTorrent/releases/download/v2.26.0/vuetorrent.zip";
-            sha256 = "EFVzsr/OZ/QMJ+NN3kDkmIk6FCCnqgK6DgsLWNonspU=";
+            url = "https://github.com/VueTorrent/VueTorrent/releases/download/v2.28.2/vuetorrent.zip";
+            sha256 = "8aKmiXcr2pp8qt4w/lYBAIjLPh8tlgYsx6PbovY54KM=";
           }
         );
 
@@ -55,8 +39,7 @@
       };
 
       Downloads = {
-        SavePath = service_configs.torrent.SavePath;
-        TempPath = service_configs.torrent.TempPath;
+        inherit (service_configs.torrent) SavePath TempPath;
       };
     };
 
@@ -67,7 +50,7 @@
 
         IgnoreLimitsOnLAN = true;
 
-        IncludeOverheadInLimits = true;
+        IncludeOverheadInLimits = false;
 
         GlobalMaxRatio = 6.0;
         QueueingSystemEnabled = false; # seed all torrents all the time
@@ -201,7 +184,7 @@
         AnnounceToAllTrackers = true;
 
         # idk why it also has to be specified here too?
-        TempPath = config.services.qbittorrent.serverConfig.Preferences.Downloads.TempPath;
+        inherit (config.services.qbittorrent.serverConfig.Preferences.Downloads) TempPath;
         TempPathEnabled = true;
 
         # how many connections per sec
@@ -217,6 +200,7 @@
   systemd.tmpfiles.rules = [
     "d ${config.services.qbittorrent.serverConfig.Preferences.Downloads.SavePath} 0750 ${config.services.qbittorrent.user} ${service_configs.media_group}"
     "d ${config.services.qbittorrent.serverConfig.Preferences.Downloads.TempPath} 0750 ${config.services.qbittorrent.user} ${service_configs.media_group}"
+    "d ${config.services.qbittorrent.profileDir} 0700 ${config.services.qbittorrent.user} ${config.services.qbittorrent.group}"
   ];
 
   # make qbittorrent use a vpn