hd/cfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

qbittorrent wip

Browse source
This commit is contained in:
Henri Dohmen 2026-03-23 00:04:05 +01:00
parent 1af477fdd3
commit 65c5bcdd0d
5 changed files with 96 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
LICENSE
View file

@ -1,6 +1,6 @@
MIT License
Copyright (c) 2025 Henri Dohmen
Copyright (c) 2025, 2026 Henri Dohmen
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

7
host/roam/default.nix
View file

@ -16,6 +16,7 @@
./nextcloud.nix
./services.nix
./syncthing.nix
./torrent.nix
];
boot = {
@ -28,10 +29,16 @@
};
};
enableContainers = true;
kernelPackages = pkgs.linuxPackages_6_12;
initrd.systemd.network.wait-online.enable = false;
};
virtualisation = {
containers.enable = true;
};
security = {
acme = {
acceptTerms = true;

12
host/roam/networking.nix
View file

@ -35,6 +35,7 @@ in
firewall = {
enable = true;
checkReversePath = "loose";
interfaces."wg0" = {
allowedTCPPorts = [ 25565 ];
};
@ -46,12 +47,17 @@ in
nat = {
enable = true;
enableIPv6 = true;
externalInterface = "ens3";
internalInterfaces = [ "wg0" ];
};
firewall.allowedUDPPorts = [ wireguard-port ];
localCommands = ''
ip route add default dev mullvad table 1000
'';
wireguard = {
enable = true;
interfaces."wg0" = {
@ -65,12 +71,16 @@ in
"10.69.173.41/32"
"fc00:bbbb:bbbb:bb01::6:ad28/128"
]; # free cat
table = "1000";
privateKeyFile = config.age.secrets.mullvad-vpn-key.path;
peers = [
{
name = "de-fra-wg-007";
publicKey = "mTmrSuXmTnIC9l2Ur3/QgodGrVEhhIE3pRwOHZpiYys=";
allowedIPs = [ ];
allowedIPs = [
"0.0.0.0/0"
"::/0"
];
endpoint = "de-fra-wg-007.relays.mullvad.net:51820";
}
];

76
host/roam/torrent.nix Normal file
View file

@ -0,0 +1,76 @@
{ ... }:
let
containerIp = "192.168.100.11";
in
{
networking = {
localCommands = ''
# Route outgoing traffic over mullvad
ip rule add from ${containerIp} table 1000 priority 1000
ip route add blackhole default table 1000 metric 999
ip rule add from ${containerIp} to 192.168.1.0/24 table main priority 999
'';
nat = {
extraCommands = ''
iptables -t nat -A POSTROUTING -s ${containerIp} -o mullvad -j MASQUERADE
iptables -A PREROUTING -t mangle -i mullvad -s 192.168.100.0/24 -j DROP
iptables -A PREROUTING -t mangle -i mullvad -s 192.168.1.0/24 -j DROP
'';
};
};
services.nginx.privateVirtualHosts."qbt.lan" = {
locations."/" = {
proxyPass = "http://192.168.100.11:8080";
};
};
systemd.tmpfiles.rules = [
"d /data/torrent 0755 root root -"
];
containers.torrent = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = containerIp;
bindMounts = {
"/var/lib/qBittorrent/qBittorrent/downloads" = {
hostPath = "/data/torrent";
isReadOnly = false;
};
};
config =
{ ... }:
{
boot.isContainer = true;
# networking.nameservers = [ "10.64.0.1" ];
environment.etc."resolv.conf".text = ''
nameserver 10.64.0.1
options edns0 trust-ad
'';
services.resolved.enable = false;
networking.resolvconf.enable = false;
services.qbittorrent = {
enable = true;
openFirewall = true;
serverConfig = {
LegalNotice.Accepted = true;
Preferences = {
General.Locale = "en";
WebUI = {
Username = "admin";
Password_PBKDF2 = "nNQGvR+niYyKVaT5SQ+Kpw==:0lzflYcsj6d3p5B50ceOS9tZBbxnlkdY5hkK5Ki8ZE4zMI8ZfyJYfWDThjCOULPFNPkUnOWGKhnSPaOibzaNGw==";
};
};
};
};
system.stateVersion = "25.04";
};
};
}

1
var/lan-dns.nix
View file

@ -8,6 +8,7 @@ let
custom-hosts = with var.wg.ips; {
"git.lan" = roam;
"syncthing.roam.lan" = roam;
"qbt.lan" = roam;
};
in
rec {