118 lines
3.5 KiB
Nix
118 lines
3.5 KiB
Nix
{
|
|
pkgs,
|
|
config,
|
|
service_configs,
|
|
username,
|
|
lib,
|
|
...
|
|
}:
|
|
{
|
|
# network namespace that is proxied through mullvad
|
|
vpnNamespaces.wg = {
|
|
portMappings = [
|
|
{
|
|
from = config.services.qbittorrent.webuiPort;
|
|
to = config.services.qbittorrent.webuiPort;
|
|
}
|
|
];
|
|
|
|
openVPNPorts = [
|
|
{
|
|
port = config.services.qbittorrent.webuiPort;
|
|
protocol = "both";
|
|
}
|
|
];
|
|
};
|
|
|
|
services.qbittorrent = {
|
|
enable = true;
|
|
package = pkgs.qbittorrent-nox;
|
|
webuiPort = service_configs.ports.torrent;
|
|
|
|
serverConfig.LegalNotice.Accepted = true;
|
|
|
|
serverConfig.Preferences = {
|
|
WebUI = {
|
|
AlternativeUIEnabled = true;
|
|
RootFolder = "${pkgs.fetchzip {
|
|
url = "https://github.com/VueTorrent/VueTorrent/releases/download/v2.22.0/vuetorrent.zip";
|
|
sha256 = "UJflyTyftWSIOi942OgH/tvylyAeo6EjR14U0SHk6bs=";
|
|
}}";
|
|
|
|
# disable auth because we use caddy for auth
|
|
AuthSubnetWhitelist = "0.0.0.0/0";
|
|
AuthSubnetWhitelistEnabled = true;
|
|
};
|
|
|
|
Downloads = {
|
|
SavePath = service_configs.torrent.SavePath;
|
|
TempPath = service_configs.torrent.TempPath;
|
|
};
|
|
};
|
|
|
|
serverConfig.BitTorrent = {
|
|
Session = {
|
|
GlobalUPSpeedLimit = 500; # in KiB/s
|
|
GlobalDLSpeedLimit = 0;
|
|
IgnoreLimitsOnLAN = true;
|
|
|
|
# Including overhead in limits ruins download because download
|
|
# uses upload to communicate with seeders
|
|
IncludeOverheadInLimits = false;
|
|
|
|
GlobalMaxRatio = 4;
|
|
QueueingSystemEnabled = false; # seed all torrents all the time
|
|
|
|
AddTrackersEnabled = true;
|
|
AdditionalTrackers = (
|
|
lib.concatStringsSep "\\n" [
|
|
"udp://tracker.opentrackr.org:1337/announce"
|
|
"udp://open.stealth.si:80/announce"
|
|
"udp://open.demonii.com:1337"
|
|
"udp://exodus.desync.com:6969/announce"
|
|
"udp://tracker.dler.org:6969/announce"
|
|
"udp://tracker.bittor.pw:1337/announce"
|
|
"udp://tracker.torrent.eu.org:451/announce"
|
|
# "udp://opentracker.i2p.rocks:6969/announce"
|
|
# "udp://tracker.openbittorrent.com:6969/announce"
|
|
# "udp://aarsen.me:6969/announce"
|
|
"udp://explodie.org:6969/announce"
|
|
# "udp://uploads.gamecoast.net:6969/announce"
|
|
"http://tracker.files.fm:6969/announce"
|
|
"udp://tracker.tiny-vps.com:6969/announce"
|
|
"udp://p4p.arenabg.com:1337/announce"
|
|
"udp://tracker.dler.com:6969/announce"
|
|
"udp://inferno.demonoid.is:3391/announce"
|
|
]
|
|
);
|
|
};
|
|
};
|
|
};
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"d ${config.services.qbittorrent.serverConfig.Preferences.Downloads.SavePath} 0770 ${config.services.qbittorrent.user} ${service_configs.torrent_group}"
|
|
"d ${config.services.qbittorrent.serverConfig.Preferences.Downloads.TempPath} 0770 ${config.services.qbittorrent.user} ${service_configs.torrent_group}"
|
|
];
|
|
|
|
# make qbittorrent use a vpn
|
|
systemd.services.qbittorrent.vpnConfinement = {
|
|
enable = true;
|
|
vpnNamespace = "wg";
|
|
};
|
|
|
|
services.caddy.virtualHosts."torrent.${service_configs.https.domain}".extraConfig = ''
|
|
# tls internal
|
|
${builtins.readFile ../secrets/caddy_auth}
|
|
reverse_proxy ${service_configs.https.wg_ip}:${builtins.toString config.services.qbittorrent.webuiPort}
|
|
'';
|
|
|
|
users.users.${config.services.qbittorrent.user}.extraGroups = [
|
|
service_configs.torrent_group
|
|
];
|
|
|
|
users.users.${username}.extraGroups = [
|
|
config.services.qbittorrent.group
|
|
];
|
|
|
|
}
|