106 lines
3.2 KiB
Nix
106 lines
3.2 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
let
|
|
serviceValidation = import ../validation/service/qbittorrent.nix;
|
|
serviceData = import ../config/services.nix;
|
|
qbt = serviceValidation.getQbittorrent serviceData;
|
|
|
|
webPort = qbt.port;
|
|
|
|
rootDir = qbt.root_dir;
|
|
|
|
vpnUserPath = qbt.vpn.username_file;
|
|
vpnPasswordPath = qbt.vpn.password_file;
|
|
in {
|
|
systemd.tmpfiles.rules = [
|
|
"d ${rootDir} 0755 root root - -"
|
|
"d ${rootDir}/gluetun 0755 root root - -"
|
|
"d ${rootDir}/downloads 0755 root root - -"
|
|
"d ${rootDir}/config 0755 root root - -"
|
|
];
|
|
|
|
environment.etc."qbittorrent-compose/docker-compose.yml" = {
|
|
mode = "0444";
|
|
text = ''
|
|
services:
|
|
gluetun:
|
|
image: docker.io/qmcgaw/gluetun:latest
|
|
pull_policy: always
|
|
cap_add:
|
|
- NET_ADMIN
|
|
network_mode: bridge
|
|
ports:
|
|
- 127.0.0.1:${toString webPort}:${toString webPort} # qBittorrent
|
|
devices:
|
|
- /dev/net/tun:/dev/net/tun
|
|
volumes:
|
|
- ${rootDir}/gluetun/:/gluetun
|
|
environment:
|
|
- VPN_SERVICE_PROVIDER=protonvpn
|
|
- SERVER_HOSTNAME=node-nl-28.protonvpn.net,node-ch-06.protonvpn.net,node-nl-13.protonvpn.net,node-ch-06.protonvpn.net,node-es-04.protonvpn.net
|
|
- UPDATER_PERIOD=24h
|
|
|
|
- OPENVPN_USER=$${OPENVPN_USER:-DUMMY_NOT_USED}
|
|
- OPENVPN_PASSWORD=$${OPENVPN_PASSWORD:-DUMMY_NOT_USED}
|
|
|
|
- DOT_PROVIDERS=cloudflare,google
|
|
- BLOCK_ADS=off
|
|
- BLOCK_MALICIOUS=off
|
|
- BLOCK_SURVEILLANCE=off
|
|
|
|
- TZ=Europe/Berlin
|
|
|
|
qbittorrent:
|
|
image: lscr.io/linuxserver/qbittorrent:latest
|
|
pull_policy: always
|
|
network_mode: 'service:gluetun'
|
|
environment:
|
|
- PUID=1000
|
|
- PGID=1000
|
|
- TZ=Europe/Berlin
|
|
- WEBUI_PORT=${toString webPort}
|
|
volumes:
|
|
- ${rootDir}/config/:/config
|
|
- ${rootDir}/downloads/:/downloads
|
|
'';
|
|
};
|
|
systemd.services.qbittorrent-stack = {
|
|
description = "qbittorrent stack";
|
|
after = ["docker.service" "network.target"];
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
RemainAfterExit = true;
|
|
WorkingDirectory = rootDir;
|
|
ExecStart = "${pkgs.writeShellScript "torrent-start" ''
|
|
set -eu
|
|
export OPENVPN_USER="$(${pkgs.coreutils}/bin/cat ${vpnUserPath} | ${pkgs.coreutils}/bin/tr -d '\r\n')"
|
|
export OPENVPN_PASSWORD="$(${pkgs.coreutils}/bin/cat ${vpnPasswordPath} | ${pkgs.coreutils}/bin/tr -d '\r\n')"
|
|
|
|
# Copy compose file to working directory
|
|
cp /etc/qbittorrent-compose/docker-compose.yml ${rootDir}/
|
|
cd ${rootDir}
|
|
${pkgs.docker-compose}/bin/docker-compose up -d
|
|
''}";
|
|
ExecStop = "${pkgs.writeShellScript "torrent-stop" ''
|
|
cd ${rootDir}
|
|
${pkgs.docker-compose}/bin/docker-compose down
|
|
''}";
|
|
ExecReload = "${pkgs.writeShellScript "torrent-reload" ''
|
|
set -eu
|
|
export OPENVPN_USER="$(${pkgs.coreutils}/bin/cat ${vpnUserPath} | ${pkgs.coreutils}/bin/tr -d '\r\n')"
|
|
export OPENVPN_PASSWORD="$(${pkgs.coreutils}/bin/cat ${vpnPasswordPath} | ${pkgs.coreutils}/bin/tr -d '\r\n')"
|
|
|
|
cd ${rootDir}
|
|
${pkgs.docker-compose}/bin/docker-compose restart
|
|
''}";
|
|
|
|
Restart = "on-failure";
|
|
RestartSec = 10;
|
|
};
|
|
};
|
|
|
|
networking.firewall = {
|
|
allowedTCPPorts = [ webPort ];
|
|
};
|
|
}
|