From 8d0d4995c388062f295e6c1fb1e8c9e5c3259c52 Mon Sep 17 00:00:00 2001
From: Martin Fischer <martin@push-f.com>
Date: Fri, 27 Dec 2024 19:46:21 +0100
Subject: feat(ev): add qbittorrent

---
 nixos/hosts/ev/default.nix |  4 ++++
 nixos/hosts/ev/torrent.nix | 43 +++++++++++++++++++++++++++++++++++++++++++
 nixos/lib.nix              | 20 ++++++++++++++++++++
 3 files changed, 67 insertions(+)
 create mode 100644 nixos/hosts/ev/torrent.nix

(limited to 'nixos')

diff --git a/nixos/hosts/ev/default.nix b/nixos/hosts/ev/default.nix
index dbda5f3..e59ec01 100644
--- a/nixos/hosts/ev/default.nix
+++ b/nixos/hosts/ev/default.nix
@@ -11,11 +11,15 @@
     <top/profiles/server>
     <top/shared/tailscale.nix>
     <top/shared/basics-physical.nix>
+    <top/shared/vpn.nix>
     ./home-automation.nix
     ./kodi.nix
+    ./torrent.nix
   ];
 
   home-automation.zigbee2mqttPort = 8080;
+  torrent.qbittorrentWebUiPort = 7777;
+  torrent.networkNamespace = "se";
 
   home-automation.zigbeeSerialPort = "/dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_e2fed465c59ded11962fd7a5a7669f5d-if00-port0";
 
diff --git a/nixos/hosts/ev/torrent.nix b/nixos/hosts/ev/torrent.nix
new file mode 100644
index 0000000..93a7b43
--- /dev/null
+++ b/nixos/hosts/ev/torrent.nix
@@ -0,0 +1,43 @@
+{ config, lib, pkgs, ... }:
+
+let
+  mylib = import <top/lib.nix>;
+  cfg = config.torrent;
+in
+{
+  options.torrent = {
+    qbittorrentWebUiPort = lib.mkOption {
+      type = lib.types.int;
+    };
+    networkNamespace = lib.mkOption {
+      type = lib.types.str;
+    };
+  };
+
+  config = {
+    environment.systemPackages = [pkgs.qbittorrent-nox];
+
+    users.extraUsers.qbittorrent = {
+      isSystemUser = true;
+      group = "qbittorrent";
+      home = "/var/lib/qbittorrent";
+      createHome = true;
+    };
+    users.groups.qbittorrent = {};
+
+    systemd = {
+      packages = [pkgs.qbittorrent-nox];
+      services."qbittorrent" = mylib.joinWgNamespace cfg.networkNamespace {
+        enable = true;
+        path = [pkgs.qbittorrent-nox];
+        serviceConfig = {
+          ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox --webui-port=${toString cfg.qbittorrentWebUiPort}";
+          User = "qbittorrent";
+        };
+        wantedBy = ["multi-user.target"];
+      };
+
+      services.qbittorrent-webui-proxy = mylib.mkPortProxy "qbittorrent" cfg.networkNamespace cfg.qbittorrentWebUiPort;
+    };
+  };
+}
diff --git a/nixos/lib.nix b/nixos/lib.nix
index a2d8193..7880cc7 100644
--- a/nixos/lib.nix
+++ b/nixos/lib.nix
@@ -9,4 +9,24 @@ in
     unitConfig.JoinsNamespaceOf = "netns@${ns}.service";
     serviceConfig.NetworkNamespacePath = "/var/run/netns/${ns}";
   };
+
+  mkPortProxy = service: ns: port: {
+    description = "Forward to ${service} in network namespace ${ns}";
+    requires = ["${service}.service"];
+    after = ["${service}.service"];
+    partOf = ["${service}.service"];
+    serviceConfig = {
+      Restart = "on-failure";
+      TimeoutStopSec = 300;
+    };
+    wantedBy = ["multi-user.target"];
+    script =
+      let
+        pkgs = nixpkgs.pkgs;
+      in
+      ''
+        ${pkgs.iproute2}/bin/ip netns exec ${ns} ${pkgs.iproute2}/bin/ip link set dev lo up
+        ${pkgs.socat}/bin/socat tcp-listen:${toString port},fork,reuseaddr exec:'${pkgs.iproute2}/bin/ip netns exec ${ns} ${pkgs.socat}/bin/socat STDIO "tcp-connect:localhost:${toString port}"',nofork
+      '';
+  };
 }
-- 
cgit v1.2.3