rope/nixos
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update qbittorrent-nox.nix

Browse source
This commit is contained in:
ediblerope 2026-01-26 19:41:28 +00:00 committed by GitHub
parent efb0b5d262
commit 9b7567419b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 16 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

33
services/qbittorrent-nox.nix
View file

@ -1,4 +1,3 @@
#qbittorrent-nox.nix
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") { config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {
@ -9,13 +8,13 @@
# Create qbittorrent user with media group # Create qbittorrent user with media group
users.users.qbittorrent = { users.users.qbittorrent = {
isSystemUser = true; isSystemUser = true;
group = "media"; # Changed to media group for sharing group = "media";
extraGroups = [ "media" ]; extraGroups = [ "media" ];
home = "/var/lib/qbittorrent"; home = "/var/lib/qbittorrent";
createHome = true; createHome = true;
}; };
# Create media group (shared with sonarr) # Create media group (shared with sonarr/radarr)
users.groups.media = { users.groups.media = {
gid = 3000; gid = 3000;
}; };
@ -27,35 +26,35 @@
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
User = "qbittorrent"; User = "qbittorrent";
Group = "media"; # Changed to media Group = "media";
ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox"; ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox --confirm-legal-notice";
Restart = "on-failure"; Restart = "on-failure";
# Security hardening # Security hardening - FIXED
NoNewPrivileges = true; NoNewPrivileges = true;
PrivateTmp = true; PrivateTmp = true;
ProtectSystem = "strict"; ProtectSystem = "strict";
ProtectHome = true; ProtectHome = false; # Changed to false so it can write to /var/lib/qbittorrent
ReadWritePaths = [ ReadWritePaths = [
"/var/lib/qbittorrent" "/var/lib/qbittorrent"
"/mnt/storage/torrents" "/mnt/storage/torrents"
]; ];
# Set proper working directory
WorkingDirectory = "/var/lib/qbittorrent";
}; };
preStart = ''
mkdir -p /var/lib/qbittorrent/.config/qBittorrent
cat > /var/lib/qbittorrent/.config/qBittorrent/qBittorrent.conf << EOF
[Preferences]
Downloads\SavePath=/mnt/storage/torrents/downloads
EOF
chown -R qbittorrent:media /var/lib/qbittorrent/.config
'';
}; };
# Ensure the download directory exists with proper permissions # Ensure directories exist with proper permissions
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /var/lib/qbittorrent 0755 qbittorrent media -"
"d /var/lib/qbittorrent/.config 0755 qbittorrent media -"
"d /var/lib/qbittorrent/.config/qBittorrent 0755 qbittorrent media -"
"d /var/lib/qbittorrent/.local 0755 qbittorrent media -"
"d /var/lib/qbittorrent/.local/share 0755 qbittorrent media -"
"d /var/lib/qbittorrent/.local/share/qBittorrent 0755 qbittorrent media -"
"d /mnt/storage/torrents/downloads 0775 qbittorrent media -" "d /mnt/storage/torrents/downloads 0775 qbittorrent media -"
]; ];
users.users.fred.extraGroups = [ "media" ]; # Changed to media group users.users.fred.extraGroups = [ "media" ];
}; };
} }