Compare commits
No commits in common. "3250edc21ce283b37544c5904a746900e2d106d3" and "1524c347d6ca8eb3b4529fcf77d7721fcf630efe" have entirely different histories.
3250edc21c
...
1524c347d6
|
@ -162,7 +162,6 @@
|
||||||
(if devMaubot then import /${devPath}/maubot.nix/module else maubot.nixosModules.default)
|
(if devMaubot then import /${devPath}/maubot.nix/module else maubot.nixosModules.default)
|
||||||
(if devCoopOfd then import /${devPath}/coop-ofd else coop-ofd).nixosModules.default
|
(if devCoopOfd then import /${devPath}/coop-ofd else coop-ofd).nixosModules.default
|
||||||
./system/modules/scanservjs.nix
|
./system/modules/scanservjs.nix
|
||||||
./system/modules/qbittorrent.nix
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
server-cross = crossConfig server;
|
server-cross = crossConfig server;
|
||||||
|
|
|
@ -297,8 +297,6 @@ in {
|
||||||
bannedPorts = [
|
bannedPorts = [
|
||||||
631 9100 # printing
|
631 9100 # printing
|
||||||
5353 # avahi
|
5353 # avahi
|
||||||
# pass it through to VPN rather than WAN
|
|
||||||
server-config.services.qbittorrent-nox.torrent.port
|
|
||||||
];
|
];
|
||||||
inherit (server-config.networking.firewall) allowedTCPPorts allowedTCPPortRanges allowedUDPPorts allowedUDPPortRanges;
|
inherit (server-config.networking.firewall) allowedTCPPorts allowedTCPPortRanges allowedUDPPorts allowedUDPPortRanges;
|
||||||
|
|
||||||
|
@ -330,9 +328,6 @@ in {
|
||||||
}) ++ lib.toList {
|
}) ++ lib.toList {
|
||||||
port = 24; tcp = true; udp = true; target4.port = 22; target6.port = 22;
|
port = 24; tcp = true; udp = true; target4.port = 22; target6.port = 22;
|
||||||
target4.address = serverInitrdAddress4; target6.address = serverInitrdAddress6;
|
target4.address = serverInitrdAddress4; target6.address = serverInitrdAddress6;
|
||||||
} ++ lib.toList {
|
|
||||||
inVpn = true; port = server-config.services.qbittorrent-nox.torrent.port; tcp = true; udp = true;
|
|
||||||
target4.address = serverAddress4; target6.address = serverAddress6;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
router.enable = true;
|
router.enable = true;
|
||||||
|
|
|
@ -33,7 +33,7 @@ in {
|
||||||
services.certspotter = {
|
services.certspotter = {
|
||||||
enable = true;
|
enable = true;
|
||||||
extraFlags = [ ];
|
extraFlags = [ ];
|
||||||
watchlist = [ ".${cfg.domainName}" ];
|
watchlist = [ ".pavluk.org" ];
|
||||||
hooks = lib.toList (pkgs.writeShellScript "certspotter-hook" ''
|
hooks = lib.toList (pkgs.writeShellScript "certspotter-hook" ''
|
||||||
if [[ "$EVENT" == discovered_cert ]]; then
|
if [[ "$EVENT" == discovered_cert ]]; then
|
||||||
${pkgs.gnugrep}/bin/grep -r "$TBS_SHA256" /var/lib/certspotter/tbs-hashes/ && exit
|
${pkgs.gnugrep}/bin/grep -r "$TBS_SHA256" /var/lib/certspotter/tbs-hashes/ && exit
|
||||||
|
|
|
@ -79,23 +79,4 @@ in {
|
||||||
hostName = "cloud.${cfg.domainName}";
|
hostName = "cloud.${cfg.domainName}";
|
||||||
https = true;
|
https = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.qbittorrent-nox.enable = true;
|
|
||||||
services.qbittorrent-nox.ui.port = 19642;
|
|
||||||
services.qbittorrent-nox.torrent.port = 45522;
|
|
||||||
|
|
||||||
services.nginx.virtualHosts."home.${cfg.domainName}".locations."/torrent/" = {
|
|
||||||
extraConfig = ''
|
|
||||||
proxy_pass http://127.0.0.1:${toString config.services.qbittorrent-nox.ui.port}/;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
|
|
||||||
proxy_set_header Host 127.0.0.1:30000;
|
|
||||||
proxy_set_header X-Forwarded-Host $http_host;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_cookie_path / "/; Secure";
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
services.jellyfin.enable = true;
|
|
||||||
services.jellyfin.openFirewall = true;
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -46,7 +46,6 @@ in {
|
||||||
enable = true;
|
enable = true;
|
||||||
config.listener = "127.0.0.1:25783";
|
config.listener = "127.0.0.1:25783";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts."home.${cfg.domainName}" = {
|
services.nginx.virtualHosts."home.${cfg.domainName}" = {
|
||||||
quic = true;
|
quic = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
|
|
@ -5,18 +5,48 @@
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.server;
|
cfg = config.server;
|
||||||
|
# i've yet to create a maubot module so this is hardcoded
|
||||||
|
maubotAddr = "127.0.0.1";
|
||||||
|
maubotPort = 29316;
|
||||||
in {
|
in {
|
||||||
impermanence.directories = [
|
impermanence.directories = [
|
||||||
{ directory = /var/lib/maubot; user = "maubot"; group = "maubot"; mode = "0755"; }
|
{ directory = /var/lib/maubot; user = "maubot"; group = "maubot"; mode = "0755"; }
|
||||||
];
|
];
|
||||||
services.nginx.virtualHosts."matrix.${cfg.domainName}".locations = let
|
services.nginx.virtualHosts."matrix.${cfg.domainName}".locations = {
|
||||||
inherit (config.services.maubot) settings;
|
|
||||||
in {
|
|
||||||
"/_matrix/maubot/" = {
|
"/_matrix/maubot/" = {
|
||||||
proxyPass = "http://${lib.quoteListenAddr settings.server.hostname}:${toString settings.server.port}";
|
proxyPass = "http://${lib.quoteListenAddr maubotAddr}:${toString maubotPort}";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
/*users.users.maubot = {
|
||||||
|
home = "/var/lib/maubot";
|
||||||
|
group = "maubot";
|
||||||
|
isSystemUser = true;
|
||||||
|
};
|
||||||
|
users.groups.maubot = { };*/
|
||||||
|
/*systemd.services.maubot = {
|
||||||
|
description = "Maubot";
|
||||||
|
wants = [ "matrix-synapse.service" "nginx.service" ];
|
||||||
|
after = [ "matrix-synapse.service" "nginx.service" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
environment = {
|
||||||
|
LD_LIBRARY_PATH = "${pkgs.stdenv.cc.cc.lib}/lib";
|
||||||
|
};
|
||||||
|
serviceConfig = {
|
||||||
|
User = "maubot";
|
||||||
|
Group = "maubot";
|
||||||
|
WorkingDirectory = "/var/lib/maubot/data";
|
||||||
|
};
|
||||||
|
script = "${pkgs.python3.withPackages (pks: with pks; [
|
||||||
|
pkgs.maubot (pkgs.pineapplebot.override {
|
||||||
|
magic = cfg.pizzabotMagic;
|
||||||
|
}) feedparser levenshtein python-dateutil pytz
|
||||||
|
])}/bin/python3 -m maubot";
|
||||||
|
};*/
|
||||||
|
systemd.services.maubot = {
|
||||||
|
after = [ "nginx.service" ];
|
||||||
|
requires = [ "nginx.service" ];
|
||||||
|
};
|
||||||
services.maubot.enable = true;
|
services.maubot.enable = true;
|
||||||
services.maubot.settings = {
|
services.maubot.settings = {
|
||||||
database = "postgresql://maubot@localhost/maubot";
|
database = "postgresql://maubot@localhost/maubot";
|
||||||
|
|
|
@ -61,84 +61,78 @@ in {
|
||||||
{ directory = /var/spool; user = "root"; group = "root"; mode = "0777"; }
|
{ directory = /var/spool; user = "root"; group = "root"; mode = "0777"; }
|
||||||
] ++ lib.optionals cfg.persistTmp [
|
] ++ lib.optionals cfg.persistTmp [
|
||||||
{ directory = /tmp; user = "root"; group = "root"; mode = "1777"; }
|
{ directory = /tmp; user = "root"; group = "root"; mode = "1777"; }
|
||||||
] ++ lib.optionals config.networking.wireless.iwd.enable [
|
|
||||||
{ directory = /var/lib/iwd; user = "root"; group = "root"; mode = "0700"; }
|
|
||||||
] ++ lib.optionals (builtins.any (x: x.useDHCP != false) (builtins.attrValues config.networking.interfaces) || config.networking.useDHCP) [
|
|
||||||
{ directory = /var/db/dhcpcd; user = "root"; group = "root"; mode = "0755"; }
|
|
||||||
] ++ lib.optionals config.security.acme.acceptTerms [
|
|
||||||
{ directory = /var/lib/acme; user = "acme"; group = "acme"; mode = "0755"; }
|
|
||||||
] ++ lib.optionals config.services.akkoma.enable [
|
|
||||||
{ directory = /var/lib/akkoma; user = "akkoma"; group = "akkoma"; mode = "0700"; }
|
|
||||||
] ++ lib.optionals config.services.botamusique.enable [
|
|
||||||
{ directory = /var/lib/private/botamusique; user = "root"; group = "root"; mode = "0750"; }
|
|
||||||
] ++ lib.optionals config.programs.ccache.enable [
|
|
||||||
{ directory = config.programs.ccache.cacheDir; user = "root"; group = "nixbld"; mode = "0770"; }
|
|
||||||
{ directory = /var/cache/sccache; user = "root"; group = "nixbld"; mode = "0770"; }
|
|
||||||
] ++ lib.optionals config.services.coop-ofd.enable [
|
|
||||||
{ directory = /var/lib/coop-ofd; mode = "0750"; }
|
|
||||||
] ++ lib.optionals config.services.dovecot2.enable [
|
|
||||||
{ directory = /var/lib/dhparams; user = "root"; group = "root"; mode = "0755"; }
|
|
||||||
{ directory = /var/lib/dovecot; user = "root"; group = "root"; mode = "0755"; }
|
|
||||||
] ++ lib.optionals config.services.fail2ban.enable [
|
|
||||||
{ directory = /var/lib/fail2ban; user = "root"; group = "root"; mode = "0700"; }
|
|
||||||
] ++ lib.optionals config.services.forgejo.enable [
|
|
||||||
{ directory = /var/lib/forgejo; user = "forgejo"; group = "forgejo"; mode = "0755"; }
|
|
||||||
] ++ lib.optionals config.services.gitea.enable [
|
|
||||||
{ directory = /var/lib/gitea; user = "gitea"; group = "gitea"; mode = "0755"; }
|
|
||||||
] ++ lib.optionals config.services.grafana.enable [
|
|
||||||
{ directory = /var/lib/grafana; user = "grafana"; group = "grafana"; mode = "0755"; }
|
|
||||||
] ++ lib.optionals config.services.heisenbridge.enable [
|
|
||||||
{ directory = /var/lib/heisenbridge; user = "heisenbridge"; group = "heisenbridge"; mode = "0755"; }
|
|
||||||
] ++ lib.optionals config.services.hydra.enable [
|
|
||||||
{ directory = /var/lib/hydra; user = "hydra"; group = "hydra"; mode = "0755"; }
|
|
||||||
] ++ lib.optionals config.services.matrix-synapse.enable [
|
|
||||||
{ directory = /var/lib/matrix-synapse; user = "matrix-synapse"; group = "matrix-synapse"; mode = "0700"; }
|
|
||||||
] ++ lib.optionals config.services.monero.enable [
|
|
||||||
{ directory = config.services.monero.dataDir; user = "monero"; group = "monero"; mode = "0750"; }
|
|
||||||
] ++ lib.optionals config.services.mullvad-vpn.enable [
|
] ++ lib.optionals config.services.mullvad-vpn.enable [
|
||||||
{ directory = /etc/mullvad-vpn; user = "root"; group = "root"; mode = "0700"; }
|
{ directory = /etc/mullvad-vpn; user = "root"; group = "root"; mode = "0700"; }
|
||||||
{ directory = /var/cache/mullvad-vpn; user = "root"; group = "root"; mode = "0755"; }
|
{ directory = /var/cache/mullvad-vpn; user = "root"; group = "root"; mode = "0755"; }
|
||||||
] ++ lib.optionals config.services.murmur.enable [
|
|
||||||
{ directory = /var/lib/murmur; user = "murmur"; group = "murmur"; mode = "0700"; }
|
|
||||||
] ++ lib.optionals config.services.nextcloud.enable [
|
|
||||||
{ directory = /var/lib/nextcloud; user = "nextcloud"; group = "nextcloud"; mode = "0750"; }
|
|
||||||
] ++ lib.optionals config.services.opendkim.enable [
|
|
||||||
{ directory = /var/lib/opendkim; user = "opendkim"; group = "opendkim"; mode = "0700"; }
|
|
||||||
] ++ lib.optionals config.services.openldap.enable [
|
|
||||||
{ directory = /var/lib/openldap; inherit (config.services.openldap) user group; mode = "0755"; }
|
|
||||||
] ++ lib.optionals config.services.pleroma.enable [
|
|
||||||
{ directory = /var/lib/pleroma; user = "pleroma"; group = "pleroma"; mode = "0700"; }
|
|
||||||
] ++ lib.optionals config.services.postfix.enable [
|
|
||||||
{ directory = /var/lib/postfix; user = "root"; group = "root"; mode = "0755"; }
|
|
||||||
] ++ lib.optionals config.services.postgresql.enable [
|
|
||||||
{ directory = /var/lib/postgresql; user = "postgres"; group = "postgres"; mode = "0755"; }
|
|
||||||
] ++ lib.optionals config.services.printing.enable [
|
|
||||||
{ directory = /var/lib/cups; user = "root"; group = "root"; mode = "0755"; }
|
|
||||||
{ directory = /var/cache/cups; user = "root"; group = "lp"; mode = "0770"; }
|
|
||||||
] ++ lib.optionals config.services.prometheus.enable [
|
|
||||||
{ directory = /var/lib/${config.services.prometheus.stateDir}; user = "prometheus"; group = "prometheus"; mode = "0755"; }
|
|
||||||
] ++ lib.optionals config.services.qbittorrent-nox.enable [
|
|
||||||
{ directory = /var/lib/qbittorrent-nox; mode = "0755"; }
|
|
||||||
] ++ lib.optionals (config.services.redis.servers.rspamd.enable or false) [
|
|
||||||
{ directory = /var/lib/redis-rspamd; user = "redis-rspamd"; group = "redis-rspamd"; mode = "0700"; }
|
|
||||||
] ++ lib.optionals config.services.roundcube.enable [
|
|
||||||
{ directory = /var/lib/roundcube; user = "roundcube"; group = "roundcube"; mode = "0700"; }
|
|
||||||
] ++ lib.optionals config.services.rspamd.enable [
|
|
||||||
{ directory = /var/lib/rspamd; user = "rspamd"; group = "rspamd"; mode = "0700"; }
|
|
||||||
] ++ lib.optionals (config.services.scanservjs.enable or false) [
|
|
||||||
{ directory = /var/lib/scanservjs; user = "scanservjs"; group = "scanservjs"; mode = "0750"; }
|
|
||||||
] ++ lib.optionals config.services.searx.enable [
|
|
||||||
{ directory = /var/lib/searx; user = "searx"; group = "searx"; mode = "0700"; }
|
|
||||||
] ++ lib.optionals config.security.sudo.enable [
|
|
||||||
{ directory = /var/db/sudo/lectured; user = "root"; group = "root"; mode = "0700"; }
|
|
||||||
] ++ lib.optionals config.services.unbound.enable [
|
|
||||||
{ directory = /var/lib/unbound; user = "unbound"; group = "unbound"; mode = "0755"; }
|
|
||||||
] ++ lib.optionals config.virtualisation.libvirtd.enable ([
|
] ++ lib.optionals config.virtualisation.libvirtd.enable ([
|
||||||
# { directory = /var/cache/libvirt; user = "root"; group = "root"; mode = "0755"; }
|
# { directory = /var/cache/libvirt; user = "root"; group = "root"; mode = "0755"; }
|
||||||
{ directory = /var/lib/libvirt; user = "root"; group = "root"; mode = "0755"; }
|
{ directory = /var/lib/libvirt; user = "root"; group = "root"; mode = "0755"; }
|
||||||
] ++ lib.optionals config.virtualisation.libvirtd.qemu.swtpm.enable [
|
] ++ lib.optionals config.virtualisation.libvirtd.qemu.swtpm.enable [
|
||||||
{ directory = /var/lib/swtpm-localca; user = "root"; group = "root"; mode = "0750"; }
|
{ directory = /var/lib/swtpm-localca; user = "root"; group = "root"; mode = "0750"; }
|
||||||
]) ++ cfg.directories);
|
]) ++ lib.optionals config.networking.wireless.iwd.enable [
|
||||||
|
{ directory = /var/lib/iwd; user = "root"; group = "root"; mode = "0700"; }
|
||||||
|
] ++ lib.optionals (builtins.any (x: x.useDHCP != false) (builtins.attrValues config.networking.interfaces) || config.networking.useDHCP) [
|
||||||
|
{ directory = /var/db/dhcpcd; user = "root"; group = "root"; mode = "0755"; }
|
||||||
|
] ++ lib.optionals config.services.gitea.enable [
|
||||||
|
{ directory = /var/lib/gitea; user = "gitea"; group = "gitea"; mode = "0755"; }
|
||||||
|
] ++ lib.optionals config.services.forgejo.enable [
|
||||||
|
{ directory = /var/lib/forgejo; user = "forgejo"; group = "forgejo"; mode = "0755"; }
|
||||||
|
] ++ lib.optionals config.services.matrix-synapse.enable [
|
||||||
|
{ directory = /var/lib/matrix-synapse; user = "matrix-synapse"; group = "matrix-synapse"; mode = "0700"; }
|
||||||
|
] ++ lib.optionals config.services.heisenbridge.enable [
|
||||||
|
{ directory = /var/lib/heisenbridge; user = "heisenbridge"; group = "heisenbridge"; mode = "0755"; }
|
||||||
|
] ++ lib.optionals config.services.murmur.enable [
|
||||||
|
{ directory = /var/lib/murmur; user = "murmur"; group = "murmur"; mode = "0700"; }
|
||||||
|
] ++ lib.optionals config.services.nextcloud.enable [
|
||||||
|
{ directory = /var/lib/nextcloud; user = "nextcloud"; group = "nextcloud"; mode = "0750"; }
|
||||||
|
] ++ lib.optionals config.services.botamusique.enable [
|
||||||
|
{ directory = /var/lib/private/botamusique; user = "root"; group = "root"; mode = "0750"; }
|
||||||
|
] ++ lib.optionals config.security.acme.acceptTerms [
|
||||||
|
{ directory = /var/lib/acme; user = "acme"; group = "acme"; mode = "0755"; }
|
||||||
|
] ++ lib.optionals config.services.printing.enable [
|
||||||
|
{ directory = /var/lib/cups; user = "root"; group = "root"; mode = "0755"; }
|
||||||
|
{ directory = /var/cache/cups; user = "root"; group = "lp"; mode = "0770"; }
|
||||||
|
] ++ lib.optionals config.services.fail2ban.enable [
|
||||||
|
{ directory = /var/lib/fail2ban; user = "root"; group = "root"; mode = "0700"; }
|
||||||
|
] ++ lib.optionals config.services.opendkim.enable [
|
||||||
|
{ directory = /var/lib/opendkim; user = "opendkim"; group = "opendkim"; mode = "0700"; }
|
||||||
|
] ++ lib.optionals config.services.pleroma.enable [
|
||||||
|
{ directory = /var/lib/pleroma; user = "pleroma"; group = "pleroma"; mode = "0700"; }
|
||||||
|
] ++ lib.optionals config.services.akkoma.enable [
|
||||||
|
{ directory = /var/lib/akkoma; user = "akkoma"; group = "akkoma"; mode = "0700"; }
|
||||||
|
] ++ lib.optionals config.services.hydra.enable [
|
||||||
|
{ directory = /var/lib/hydra; user = "hydra"; group = "hydra"; mode = "0755"; }
|
||||||
|
] ++ lib.optionals config.services.grafana.enable [
|
||||||
|
{ directory = /var/lib/grafana; user = "grafana"; group = "grafana"; mode = "0755"; }
|
||||||
|
] ++ lib.optionals config.services.prometheus.enable [
|
||||||
|
{ directory = /var/lib/${config.services.prometheus.stateDir}; user = "prometheus"; group = "prometheus"; mode = "0755"; }
|
||||||
|
] ++ lib.optionals config.services.postfix.enable [
|
||||||
|
{ directory = /var/lib/postfix; user = "root"; group = "root"; mode = "0755"; }
|
||||||
|
] ++ lib.optionals config.services.postgresql.enable [
|
||||||
|
{ directory = /var/lib/postgresql; user = "postgres"; group = "postgres"; mode = "0755"; }
|
||||||
|
] ++ lib.optionals config.services.unbound.enable [
|
||||||
|
{ directory = /var/lib/unbound; user = "unbound"; group = "unbound"; mode = "0755"; }
|
||||||
|
] ++ lib.optionals config.services.searx.enable [
|
||||||
|
{ directory = /var/lib/searx; user = "searx"; group = "searx"; mode = "0700"; }
|
||||||
|
] ++ lib.optionals config.services.roundcube.enable [
|
||||||
|
{ directory = /var/lib/roundcube; user = "roundcube"; group = "roundcube"; mode = "0700"; }
|
||||||
|
] ++ lib.optionals config.services.rspamd.enable [
|
||||||
|
{ directory = /var/lib/rspamd; user = "rspamd"; group = "rspamd"; mode = "0700"; }
|
||||||
|
] ++ lib.optionals (config.services.redis.servers.rspamd.enable or false) [
|
||||||
|
{ directory = /var/lib/redis-rspamd; user = "redis-rspamd"; group = "redis-rspamd"; mode = "0700"; }
|
||||||
|
] ++ lib.optionals config.services.dovecot2.enable [
|
||||||
|
{ directory = /var/lib/dhparams; user = "root"; group = "root"; mode = "0755"; }
|
||||||
|
{ directory = /var/lib/dovecot; user = "root"; group = "root"; mode = "0755"; }
|
||||||
|
] ++ lib.optionals config.security.sudo.enable [
|
||||||
|
{ directory = /var/db/sudo/lectured; user = "root"; group = "root"; mode = "0700"; }
|
||||||
|
] ++ lib.optionals config.services.openldap.enable [
|
||||||
|
{ directory = /var/lib/openldap; inherit (config.services.openldap) user group; mode = "0755"; }
|
||||||
|
] ++ lib.optionals (config.services.scanservjs.enable or false) [
|
||||||
|
{ directory = /var/lib/scanservjs; user = "scanservjs"; group = "scanservjs"; mode = "0750"; }
|
||||||
|
] ++ lib.optionals config.programs.ccache.enable [
|
||||||
|
{ directory = config.programs.ccache.cacheDir; user = "root"; group = "nixbld"; mode = "0770"; }
|
||||||
|
{ directory = /var/cache/sccache; user = "root"; group = "nixbld"; mode = "0770"; }
|
||||||
|
] ++ cfg.directories);
|
||||||
files = map (x:
|
files = map (x:
|
||||||
if builtins.isPath x then toString x
|
if builtins.isPath x then toString x
|
||||||
else if builtins.isPath (x.file or null) then x // { file = toString x.file; }
|
else if builtins.isPath (x.file or null) then x // { file = toString x.file; }
|
||||||
|
|
|
@ -1,68 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
let
|
|
||||||
cfg = config.services.qbittorrent-nox;
|
|
||||||
in {
|
|
||||||
options.services.qbittorrent-nox = {
|
|
||||||
enable = lib.mkEnableOption "qbittorrent-nox";
|
|
||||||
package = lib.mkPackageOptionMD pkgs "qbittorrent-nox" { };
|
|
||||||
ui.addToFirewall = lib.mkOption {
|
|
||||||
description = "Add the web UI port to firewall";
|
|
||||||
type = lib.types.bool;
|
|
||||||
default = false;
|
|
||||||
};
|
|
||||||
ui.port = lib.mkOption {
|
|
||||||
description = "Web UI port";
|
|
||||||
type = lib.types.port;
|
|
||||||
default = 8080;
|
|
||||||
};
|
|
||||||
torrent.addToFirewall = lib.mkOption {
|
|
||||||
description = "Add the torrenting port to firewall";
|
|
||||||
type = lib.types.bool;
|
|
||||||
default = true;
|
|
||||||
};
|
|
||||||
torrent.port = lib.mkOption {
|
|
||||||
description = "Torrenting port";
|
|
||||||
type = with lib.types; nullOr port;
|
|
||||||
default = null;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
config = lib.mkIf cfg.enable {
|
|
||||||
networking.firewall.allowedTCPPorts =
|
|
||||||
lib.optional (cfg.torrent.addToFirewall && cfg.torrent.port != null) cfg.torrent.port
|
|
||||||
++ lib.optional (cfg.ui.addToFirewall && cfg.ui.port != null) cfg.ui.port;
|
|
||||||
networking.firewall.allowedUDPPorts =
|
|
||||||
lib.optional (cfg.torrent.addToFirewall && cfg.torrent.port != null) cfg.torrent.port;
|
|
||||||
# users.users.qbittorrent-nox = {
|
|
||||||
# isSystemUser = true;
|
|
||||||
# group = "qbittorrent-nox";
|
|
||||||
# home = "/var/lib/qbittorrent-nox";
|
|
||||||
# };
|
|
||||||
# groups.groups.qbittorrent-nox = { };
|
|
||||||
systemd.services.qbittorrent-nox = {
|
|
||||||
description = "qBittorrent-nox service";
|
|
||||||
wants = [ "network-online.target" ];
|
|
||||||
after = [ "local-fs.target" "network-online.target" "nss-lookup.target" ];
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
unitConfig.Documentation = "man:qbittorrent-nox(1)";
|
|
||||||
preStart = ''
|
|
||||||
if [[ ! -f /var/lib/qbittorrent-nox/qBittorrent/config/qBittorrent.conf ]]; then
|
|
||||||
mkdir -p /var/lib/qbittorrent-nox/qBittorrent/config
|
|
||||||
echo "[Preferences]" > /var/lib/qbittorrent-nox/qBittorrent/config/qBittorrent.conf
|
|
||||||
echo "WebUI\UseUPnP=false" > /var/lib/qbittorrent-nox/qBittorrent/config/qBittorrent.conf
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
serviceConfig = {
|
|
||||||
User = "qbittorrent-nox";
|
|
||||||
Group = "qbittorrent-nox";
|
|
||||||
DynamicUser = true;
|
|
||||||
StateDirectory = "qbittorrent-nox";
|
|
||||||
WorkingDirectory = "/var/lib/qbittorrent-nox";
|
|
||||||
ExecStart = ''
|
|
||||||
${cfg.package}/bin/qbittorrent-nox ${lib.optionalString (cfg.torrent.port != null) "--torrenting-port=${toString cfg.torrent.port}"} \
|
|
||||||
--webui-port=${toString cfg.ui.port} --profile=/var/lib/qbittorrent-nox
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
Loading…
Reference in a new issue