diff --git a/system/hosts/server/files.nix b/system/hosts/server/files.nix index 5d8c0c9..ccaf757 100644 --- a/system/hosts/server/files.nix +++ b/system/hosts/server/files.nix @@ -84,18 +84,23 @@ in { services.qbittorrent-nox.ui.port = 19642; services.qbittorrent-nox.torrent.port = 45522; - services.nginx.virtualHosts."home.${cfg.domainName}".locations."/torrent/" = { - extraConfig = '' - proxy_pass http://127.0.0.1:${toString config.services.qbittorrent-nox.ui.port}/; - proxy_http_version 1.1; - - proxy_set_header Host 127.0.0.1:30000; - proxy_set_header X-Forwarded-Host $http_host; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_cookie_path / "/; Secure"; - ''; - }; - services.jellyfin.enable = true; - services.jellyfin.openFirewall = true; + + services.nginx.virtualHosts."home.${cfg.domainName}".locations = { + "/torrent/" = { + extraConfig = '' + proxy_pass http://127.0.0.1:${toString config.services.qbittorrent-nox.ui.port}/; + proxy_http_version 1.1; + + proxy_set_header Host 127.0.0.1:30000; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_cookie_path / "/; Secure"; + ''; + }; + "/jelly/" = { + proxyPass = "http://127.0.0.1:8096"; + proxyWebsockets = true; + }; + }; } diff --git a/system/modules/impermanence.nix b/system/modules/impermanence.nix index 3d2fbe3..f736eab 100644 --- a/system/modules/impermanence.nix +++ b/system/modules/impermanence.nix @@ -91,6 +91,8 @@ in { { directory = /var/lib/heisenbridge; user = "heisenbridge"; group = "heisenbridge"; mode = "0755"; } ] ++ lib.optionals config.services.hydra.enable [ { directory = /var/lib/hydra; user = "hydra"; group = "hydra"; mode = "0755"; } + ] ++ lib.optionals config.services.jellyfin.enable [ + { directory = /var/lib/jellyfin; user = "jellyfin"; group = "jellyfin"; mode = "0750"; } ] ++ lib.optionals config.services.matrix-synapse.enable [ { directory = /var/lib/matrix-synapse; user = "matrix-synapse"; group = "matrix-synapse"; mode = "0700"; } ] ++ lib.optionals config.services.maubot.enable [ diff --git a/system/modules/qbittorrent.nix b/system/modules/qbittorrent.nix index 88616dd..6835360 100644 --- a/system/modules/qbittorrent.nix +++ b/system/modules/qbittorrent.nix @@ -1,11 +1,17 @@ -{ config, lib, pkgs, ... }: +{ config +, lib +, pkgs +, ... +}: let cfg = config.services.qbittorrent-nox; in { options.services.qbittorrent-nox = { enable = lib.mkEnableOption "qbittorrent-nox"; + package = lib.mkPackageOptionMD pkgs "qbittorrent-nox" { }; + ui.addToFirewall = lib.mkOption { description = "Add the web UI port to firewall"; type = lib.types.bool; @@ -16,6 +22,7 @@ in { type = lib.types.port; default = 8080; }; + torrent.addToFirewall = lib.mkOption { description = "Add the torrenting port to firewall"; type = lib.types.bool; @@ -27,35 +34,37 @@ in { default = null; }; }; + config = lib.mkIf cfg.enable { networking.firewall.allowedTCPPorts = lib.optional (cfg.torrent.addToFirewall && cfg.torrent.port != null) cfg.torrent.port - ++ lib.optional (cfg.ui.addToFirewall && cfg.ui.port != null) cfg.ui.port; + ++ lib.optional cfg.ui.addToFirewall cfg.ui.port; networking.firewall.allowedUDPPorts = lib.optional (cfg.torrent.addToFirewall && cfg.torrent.port != null) cfg.torrent.port; - # users.users.qbittorrent-nox = { - # isSystemUser = true; - # group = "qbittorrent-nox"; - # home = "/var/lib/qbittorrent-nox"; - # }; - # groups.groups.qbittorrent-nox = { }; + + users.users.qbittorrent-nox = { + isSystemUser = true; + group = "qbittorrent-nox"; + home = "/var/lib/qbittorrent-nox"; + }; + users.groups.qbittorrent-nox = { }; + systemd.services.qbittorrent-nox = { description = "qBittorrent-nox service"; wants = [ "network-online.target" ]; after = [ "local-fs.target" "network-online.target" "nss-lookup.target" ]; wantedBy = [ "multi-user.target" ]; unitConfig.Documentation = "man:qbittorrent-nox(1)"; + # required for reverse proxying preStart = '' if [[ ! -f /var/lib/qbittorrent-nox/qBittorrent/config/qBittorrent.conf ]]; then mkdir -p /var/lib/qbittorrent-nox/qBittorrent/config - echo "[Preferences]" > /var/lib/qbittorrent-nox/qBittorrent/config/qBittorrent.conf - echo "WebUI\UseUPnP=false" > /var/lib/qbittorrent-nox/qBittorrent/config/qBittorrent.conf + echo "Preferences\WebUI\HostHeaderValidation=false" >> /var/lib/qbittorrent-nox/qBittorrent/config/qBittorrent.conf fi ''; serviceConfig = { User = "qbittorrent-nox"; Group = "qbittorrent-nox"; - DynamicUser = true; StateDirectory = "qbittorrent-nox"; WorkingDirectory = "/var/lib/qbittorrent-nox"; ExecStart = ''