feat: initial

2026-03-09 22:06:13 +01:00 · 2026-03-09 22:06:13 +01:00 · bba9ceff39
commit bba9ceff39
18 changed files with 750 additions and 0 deletions
--- a/services/qbittorrent.nix
+++ b/services/qbittorrent.nix
@ -0,0 +1,92 @@
+{ config, pkgs, lib, ... }:
+let
+  net = import ../data/network.nix;
+  serviceData = import ../data/services.nix;
+  qbt = serviceData.qbittorrent;
+in { 
+  systemd.tmpfiles.rules = [
+    "d ${qbt.root_dir} 0755 root root - -"
+    "d ${qbt.root_dir}/gluetun 0755 root root - -"
+    "d ${qbt.root_dir}/downloads 0755 root root - -"
+    "d ${qbt.root_dir}/config 0755 root root - -"
+  ];
+
+  environment.etc."qbittorrent-compose/docker-compose.yml" = {
+    mode = "0444";
+    text = ''
+services:
+  gluetun:
+    image: docker.io/qmcgaw/gluetun:latest
+    pull_policy: always
+    cap_add:
+      - NET_ADMIN
+    network_mode: bridge
+    ports:
+      - 127.0.0.1:8085:8085   # qBittorrent
+    devices:
+      - /dev/net/tun:/dev/net/tun
+    volumes:
+      - ${qbt.root_dir}/gluetun/:/gluetun
+    environment:
+      - VPN_SERVICE_PROVIDER=protonvpn
+      - SERVER_HOSTNAME=node-nl-28.protonvpn.net,node-ch-06.protonvpn.net,node-nl-13.protonvpn.net,node-ch-06.protonvpn.net,node-es-04.protonvpn.net
+      - UPDATER_PERIOD=24h
+
+      - OPENVPN_USER=${qbt.vpn.username}
+      - OPENVPN_PASSWORD=${qbt.vpn.password}
+
+      - DOT_PROVIDERS=cloudflare,google
+      - BLOCK_ADS=off
+      - BLOCK_MALICIOUS=off
+      - BLOCK_SURVEILLANCE=off
+
+      - TZ=Europe/Berlin
+
+  qbittorrent:
+    image: lscr.io/linuxserver/qbittorrent:latest
+    pull_policy: always
+    network_mode: 'service:gluetun'
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Europe/Berlin
+      - WEBUI_PORT=8085
+    volumes:
+      - ${qbt.root_dir}/config/:/config
+      - ${qbt.root_dir}/downloads/:/downloads
+    '';
+  };
+  systemd.services.qbittorrent-stack = {
+    description = "qbittorrent stack";
+    after = ["docker.service" "network.target"];
+    wantedBy = [ "multi-user.target" ];
+
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      WorkingDirectory = qbt.root_dir;
+      ExecStart = "${pkgs.writeShellScript "torrent-start" ''
+        set -e
+        # Copy compose file to working directory
+        cp /etc/qbittorrent-compose/docker-compose.yml ${qbt.root_dir}/
+        cd ${qbt.root_dir}
+        ${pkgs.docker-compose}/bin/docker-compose up -d
+      ''}";
+      ExecStop = "${pkgs.writeShellScript "torrent-stop" ''
+        cd ${qbt.root_dir}
+        ${pkgs.docker-compose}/bin/docker-compose down
+      ''}";
+      ExecReload = "${pkgs.writeShellScript "torrent-reload" ''
+        cd ${qbt.root_dir}
+        ${pkgs.docker-compose}/bin/docker-compose restart
+      ''}";
+
+      Restart = "on-failure";
+      RestartSec = 10;
+    };
+  };
+
+  networking.firewall = {
+    allowedTCPPorts = [8085];
+  };
+}