Rework sturzbach service

2025-09-02 00:31:38 +02:00 · 2025-09-02 00:31:38 +02:00 · 23222c0c34
commit 23222c0c34
parent 8cec9745da
5 changed files with 65 additions and 103 deletions
--- a/hosts/iron/configuration.nix
+++ b/hosts/iron/configuration.nix
@ -18,8 +18,8 @@ let
    "rpool/nixos/home" = "/home";
    "rpool/nixos/root" = "/";
    "rpool/nixos/var/lib" = "/var/lib";
-    "rpool/nixos/var/lib/qbittorrent" = "/var/lib/qbittorrent";
-    "rpool/nixos/var/lib/qbittorrent/downloads" = "/var/lib/qbittorrent/downloads";
+    "rpool/nixos/var/lib/qBittorrent" = "/var/lib/qBittorrent";
+    "rpool/nixos/var/lib/qBittorrent/downloads" = "/var/lib/qBittorrent/downloads";
    "rpool/nixos/var/log" = "/var/log";
  };
  partitionScheme = {
--- a/hosts/iron/services/jellyfin.nix
+++ b/hosts/iron/services/jellyfin.nix
@ -17,7 +17,7 @@ in
        "/nix/store"
        "/filebitch/pub/Filme"
        "/filebitch/pub/Serien"
-        "/var/lib/qbittorrent/downloads"
+        "/var/lib/qBittorrent/downloads"
      ];
      CapabilityBoundingSet = "";
      #IPAddressAllow = "localhost";
--- a/hosts/iron/services/sturzbach.nix
+++ b/hosts/iron/services/sturzbach.nix
@ -2,15 +2,72 @@

 let
  inherit (config.networking) ports;
+  interfaces = import ../interfaces.nix;
+  domain = "sturzbach.jalr.de";
+  cfg = config.services.qbittorrent;
 in
 {
-  jalr.qbittorrent = {
-    enable = true;
-    downloadDir = "/sturzbach";
-    fqdn = "sturzbach.jalr.de";
-    webuiPort = ports.qbittorrent-webui.tcp;
+  sops.secrets.sturzbach-htpasswd = {
+    owner = "nginx";
  };
+
  networking.firewall = {
    allowedTCPPorts = [ ports.qbittorrent-torrent.tcp ];
  };
+
+  systemd.services.qbittorrent.serviceConfig = {
+    # Increase number of open file descriptors (default: 1024)
+    LimitNOFILE = 65536;
+  };
+
+  services = {
+    qbittorrent = {
+      enable = true;
+      torrentingPort = ports.qbittorrent-torrent.tcp;
+      webuiPort = ports.qbittorrent-webui.tcp;
+      serverConfig = {
+        Network.PortForwardingEnabled = false;
+        Preferences.WebUI = {
+          Address = "127.0.0.1";
+          LocalHostAuth = false;
+          SecureCookie = true;
+          ServerDomains = domain;
+          SessionTimeout = 24 * 60 * 60;
+          UseUPnP = false;
+        };
+        BitTorrent.Session = {
+          DHTEnabled = false;
+          LSDEnabled = false;
+          PeXEnabled = false;
+          MaxActiveDownloads = 5;
+          MaxActiveTorrents = 10000;
+          MaxActiveUploads = 10000;
+          TempPath = "${cfg.profileDir}/downloads/incomplete";
+          TorrentContentLayout = "Subfolder";
+          AddTorrentStopped = false;
+          AnnounceToAllTiers = false;
+          DefaultSavePath = "${cfg.profileDir}/downloads";
+          DisableAutoTMMByDefault = false;
+          Interface = interfaces.wan;
+          InterfaceAddress = "0.0.0.0";
+          InterfaceName = interfaces.wan;
+          QueueingSystemEnabled = true;
+          ReannounceWhenAddressChanged = false;
+        };
+      };
+    };
+    nginx.virtualHosts."${domain}" = {
+      enableACME = true;
+      forceSSL = true;
+
+      basicAuthFile = config.sops.secrets.sturzbach-htpasswd.path;
+
+      locations = {
+        "/" = {
+          proxyPass = "http://127.0.0.1:${toString config.services.qbittorrent.webuiPort}";
+          proxyWebsockets = true;
+        };
+      };
+    };
+  };
 }