nixos/services/arr-stack.nix

{ config, pkgs, lib, ... }:
{
	config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {
		environment.systemPackages = with pkgs; [
		    qbittorrent-nox
		];

		systemd.services.qbittorrent-nox = {
			description = "qBittorrent-nox service";
			after = [ "network.target" ];
			wantedBy = [ "multi-user.target" ];

			serviceConfig = {
				Type = "simple";
				User = "qbittorrent";
				Group = "qbittorrent";
				ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox";
				Restart = "on-failure";
				
				# Security hardening
				NoNewPrivileges = true;
				PrivateTmp = true;
				ProtectSystem = "strict";
				ProtectHome = true;
				ReadWritePaths = [ 
					"/var/lib/qbittorrent"
					"/mnt/storage/torrents"
				];
			};

			preStart = ''
				mkdir -p /var/lib/qbittorrent/.config/qBittorrent
				cat > /var/lib/qbittorrent/.config/qBittorrent/qBittorrent.conf << EOF
				[Preferences]
				Downloads\SavePath=/mnt/storage/torrents/downloads
				EOF
				chown -R qbittorrent:qbittorrent /var/lib/qbittorrent/.config
			'';
		};

		users.users.qbittorrent = {
			isSystemUser = true;
			group = "qbittorrent";
			home = "/var/lib/qbittorrent";
			createHome = true;
		};

		users.groups.qbittorrent = {};

		# Ensure the download directory exists with proper permissions
		systemd.tmpfiles.rules = [
			"d /mnt/storage/torrents/downloads 0775 qbittorrent qbittorrent -"
		];
		
		users.users.fred.extraGroups = [ "qbittorrent" ];
	};
}
Update arr-stack.nix 2026-01-20 21:10:47 +00:00			`{ config, pkgs, lib, ... }:`
			`{`
			`config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {`
Update arr-stack.nix 2026-01-21 22:37:12 +00:00			`environment.systemPackages = with pkgs; [`
Update arr-stack.nix 2026-01-21 22:34:37 +00:00			`qbittorrent-nox`
			`];`
Update arr-stack.nix 2026-01-21 22:41:48 +00:00
			`systemd.services.qbittorrent-nox = {`
			`description = "qBittorrent-nox service";`
			`after = [ "network.target" ];`
			`wantedBy = [ "multi-user.target" ];`

			`serviceConfig = {`
			`Type = "simple";`
			`User = "qbittorrent";`
			`Group = "qbittorrent";`
			`ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox";`
			`Restart = "on-failure";`

Update arr-stack.nix 2026-01-21 22:49:01 +00:00			`# Security hardening`
Update arr-stack.nix 2026-01-21 22:41:48 +00:00			`NoNewPrivileges = true;`
			`PrivateTmp = true;`
			`ProtectSystem = "strict";`
Update arr-stack.nix 2026-01-21 22:49:01 +00:00			`ProtectHome = true;`
Update arr-stack.nix 2026-01-21 22:41:48 +00:00			`ReadWritePaths = [`
			`"/var/lib/qbittorrent"`
Update arr-stack.nix 2026-01-21 22:49:01 +00:00			`"/mnt/storage/torrents"`
Update arr-stack.nix 2026-01-21 22:41:48 +00:00			`];`
			`};`

			`preStart = ''`
			`mkdir -p /var/lib/qbittorrent/.config/qBittorrent`
			`cat > /var/lib/qbittorrent/.config/qBittorrent/qBittorrent.conf << EOF`
			`[Preferences]`
Update arr-stack.nix 2026-01-21 22:49:01 +00:00			`Downloads\SavePath=/mnt/storage/torrents/downloads`
Update arr-stack.nix 2026-01-21 22:41:48 +00:00			`EOF`
			`chown -R qbittorrent:qbittorrent /var/lib/qbittorrent/.config`
			`'';`
			`};`

			`users.users.qbittorrent = {`
			`isSystemUser = true;`
			`group = "qbittorrent";`
			`home = "/var/lib/qbittorrent";`
			`createHome = true;`
			`};`

			`users.groups.qbittorrent = {};`

			`# Ensure the download directory exists with proper permissions`
			`systemd.tmpfiles.rules = [`
Update arr-stack.nix 2026-01-21 22:49:01 +00:00			`"d /mnt/storage/torrents/downloads 0775 qbittorrent qbittorrent -"`
Update arr-stack.nix 2026-01-21 22:41:48 +00:00			`];`
Update arr-stack.nix 2026-01-21 22:49:01 +00:00
			`users.users.fred.extraGroups = [ "qbittorrent" ];`
Update arr-stack.nix 2026-01-20 21:39:16 +00:00			`};`
Update arr-stack.nix 2026-01-20 21:10:47 +00:00			`}`