hd/cfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

qbittorrent wip

Browse source
This commit is contained in:
Henri Dohmen 2026-03-23 00:04:05 +01:00
parent 1af477fdd3
commit 65c5bcdd0d
5 changed files with 96 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
LICENSE
View file

@ -1,6 +1,6 @@
MIT License MIT License
Copyright (c) 2025 Henri Dohmen Copyright (c) 2025, 2026 Henri Dohmen
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal of this software and associated documentation files (the "Software"), to deal

7
host/roam/default.nix
View file

@ -16,6 +16,7 @@
./nextcloud.nix ./nextcloud.nix
./services.nix ./services.nix
./syncthing.nix ./syncthing.nix
./torrent.nix
]; ];
boot = { boot = {
@ -28,10 +29,16 @@
}; };
}; };
enableContainers = true;
kernelPackages = pkgs.linuxPackages_6_12; kernelPackages = pkgs.linuxPackages_6_12;
initrd.systemd.network.wait-online.enable = false; initrd.systemd.network.wait-online.enable = false;
}; };
virtualisation = {
containers.enable = true;
};
security = { security = {
acme = { acme = {
acceptTerms = true; acceptTerms = true;

12
host/roam/networking.nix
View file

@ -35,6 +35,7 @@ in
firewall = { firewall = {
enable = true; enable = true;
checkReversePath = "loose";
interfaces."wg0" = { interfaces."wg0" = {
allowedTCPPorts = [ 25565 ]; allowedTCPPorts = [ 25565 ];
}; };
@ -46,12 +47,17 @@ in
nat = { nat = {
enable = true; enable = true;
enableIPv6 = true;
externalInterface = "ens3"; externalInterface = "ens3";
internalInterfaces = [ "wg0" ]; internalInterfaces = [ "wg0" ];
}; };
firewall.allowedUDPPorts = [ wireguard-port ]; firewall.allowedUDPPorts = [ wireguard-port ];
localCommands = ''
ip route add default dev mullvad table 1000
'';
wireguard = { wireguard = {
enable = true; enable = true;
interfaces."wg0" = { interfaces."wg0" = {
@ -65,12 +71,16 @@ in
"10.69.173.41/32" "10.69.173.41/32"
"fc00:bbbb:bbbb:bb01::6:ad28/128" "fc00:bbbb:bbbb:bb01::6:ad28/128"
]; # free cat ]; # free cat
table = "1000";
privateKeyFile = config.age.secrets.mullvad-vpn-key.path; privateKeyFile = config.age.secrets.mullvad-vpn-key.path;
peers = [ peers = [
{ {
name = "de-fra-wg-007"; name = "de-fra-wg-007";
publicKey = "mTmrSuXmTnIC9l2Ur3/QgodGrVEhhIE3pRwOHZpiYys="; publicKey = "mTmrSuXmTnIC9l2Ur3/QgodGrVEhhIE3pRwOHZpiYys=";
allowedIPs = [ ]; allowedIPs = [
"0.0.0.0/0"
"::/0"
];
endpoint = "de-fra-wg-007.relays.mullvad.net:51820"; endpoint = "de-fra-wg-007.relays.mullvad.net:51820";
} }
]; ];

76
host/roam/torrent.nix Normal file
View file

@ -0,0 +1,76 @@
{ ... }:
let
containerIp = "192.168.100.11";
in
{
networking = {
localCommands = ''
# Route outgoing traffic over mullvad
ip rule add from ${containerIp} table 1000 priority 1000
ip route add blackhole default table 1000 metric 999
ip rule add from ${containerIp} to 192.168.1.0/24 table main priority 999
'';
nat = {
extraCommands = ''
iptables -t nat -A POSTROUTING -s ${containerIp} -o mullvad -j MASQUERADE
iptables -A PREROUTING -t mangle -i mullvad -s 192.168.100.0/24 -j DROP
iptables -A PREROUTING -t mangle -i mullvad -s 192.168.1.0/24 -j DROP
'';
};
};
services.nginx.privateVirtualHosts."qbt.lan" = {
locations."/" = {
proxyPass = "http://192.168.100.11:8080";
};
};
systemd.tmpfiles.rules = [
"d /data/torrent 0755 root root -"
];
containers.torrent = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = containerIp;
bindMounts = {
"/var/lib/qBittorrent/qBittorrent/downloads" = {
hostPath = "/data/torrent";
isReadOnly = false;
};
};
config =
{ ... }:
{
boot.isContainer = true;
# networking.nameservers = [ "10.64.0.1" ];
environment.etc."resolv.conf".text = ''
nameserver 10.64.0.1
options edns0 trust-ad
'';
services.resolved.enable = false;
networking.resolvconf.enable = false;
services.qbittorrent = {
enable = true;
openFirewall = true;
serverConfig = {
LegalNotice.Accepted = true;
Preferences = {
General.Locale = "en";
WebUI = {
Username = "admin";
Password_PBKDF2 = "nNQGvR+niYyKVaT5SQ+Kpw==:0lzflYcsj6d3p5B50ceOS9tZBbxnlkdY5hkK5Ki8ZE4zMI8ZfyJYfWDThjCOULPFNPkUnOWGKhnSPaOibzaNGw==";
};
};
};
};
system.stateVersion = "25.04";
};
};
}

1
var/lan-dns.nix
View file

@ -8,6 +8,7 @@ let
custom-hosts = with var.wg.ips; { custom-hosts = with var.wg.ips; {
"git.lan" = roam; "git.lan" = roam;
"syncthing.roam.lan" = roam; "syncthing.roam.lan" = roam;
"qbt.lan" = roam;
}; };
in in
rec { rec {