diff options
-rw-r--r-- | nixos/hosts/ev/default.nix | 4 | ||||
-rw-r--r-- | nixos/hosts/ev/torrent.nix | 43 | ||||
-rw-r--r-- | nixos/lib.nix | 20 |
3 files changed, 67 insertions, 0 deletions
diff --git a/nixos/hosts/ev/default.nix b/nixos/hosts/ev/default.nix index dbda5f3..e59ec01 100644 --- a/nixos/hosts/ev/default.nix +++ b/nixos/hosts/ev/default.nix @@ -11,11 +11,15 @@ <top/profiles/server> <top/shared/tailscale.nix> <top/shared/basics-physical.nix> + <top/shared/vpn.nix> ./home-automation.nix ./kodi.nix + ./torrent.nix ]; home-automation.zigbee2mqttPort = 8080; + torrent.qbittorrentWebUiPort = 7777; + torrent.networkNamespace = "se"; home-automation.zigbeeSerialPort = "/dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_e2fed465c59ded11962fd7a5a7669f5d-if00-port0"; diff --git a/nixos/hosts/ev/torrent.nix b/nixos/hosts/ev/torrent.nix new file mode 100644 index 0000000..93a7b43 --- /dev/null +++ b/nixos/hosts/ev/torrent.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, ... }: + +let + mylib = import <top/lib.nix>; + cfg = config.torrent; +in +{ + options.torrent = { + qbittorrentWebUiPort = lib.mkOption { + type = lib.types.int; + }; + networkNamespace = lib.mkOption { + type = lib.types.str; + }; + }; + + config = { + environment.systemPackages = [pkgs.qbittorrent-nox]; + + users.extraUsers.qbittorrent = { + isSystemUser = true; + group = "qbittorrent"; + home = "/var/lib/qbittorrent"; + createHome = true; + }; + users.groups.qbittorrent = {}; + + systemd = { + packages = [pkgs.qbittorrent-nox]; + services."qbittorrent" = mylib.joinWgNamespace cfg.networkNamespace { + enable = true; + path = [pkgs.qbittorrent-nox]; + serviceConfig = { + ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox --webui-port=${toString cfg.qbittorrentWebUiPort}"; + User = "qbittorrent"; + }; + wantedBy = ["multi-user.target"]; + }; + + services.qbittorrent-webui-proxy = mylib.mkPortProxy "qbittorrent" cfg.networkNamespace cfg.qbittorrentWebUiPort; + }; + }; +} diff --git a/nixos/lib.nix b/nixos/lib.nix index a2d8193..7880cc7 100644 --- a/nixos/lib.nix +++ b/nixos/lib.nix @@ -9,4 +9,24 @@ in unitConfig.JoinsNamespaceOf = "netns@${ns}.service"; serviceConfig.NetworkNamespacePath = "/var/run/netns/${ns}"; }; + + mkPortProxy = service: ns: port: { + description = "Forward to ${service} in network namespace ${ns}"; + requires = ["${service}.service"]; + after = ["${service}.service"]; + partOf = ["${service}.service"]; + serviceConfig = { + Restart = "on-failure"; + TimeoutStopSec = 300; + }; + wantedBy = ["multi-user.target"]; + script = + let + pkgs = nixpkgs.pkgs; + in + '' + ${pkgs.iproute2}/bin/ip netns exec ${ns} ${pkgs.iproute2}/bin/ip link set dev lo up + ${pkgs.socat}/bin/socat tcp-listen:${toString port},fork,reuseaddr exec:'${pkgs.iproute2}/bin/ip netns exec ${ns} ${pkgs.socat}/bin/socat STDIO "tcp-connect:localhost:${toString port}"',nofork + ''; + }; } |