From f48c4b2bbe687af127c0bac3044a0891e0cc6ea3 Mon Sep 17 00:00:00 2001
From: ediblerope <fredrik@nordhammer.it>
Date: Wed, 21 Jan 2026 22:41:48 +0000
Subject: [PATCH] Update arr-stack.nix

---
 services/arr-stack.nix | 48 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/services/arr-stack.nix b/services/arr-stack.nix
index bb87267..a1f57db 100644
--- a/services/arr-stack.nix
+++ b/services/arr-stack.nix
@@ -4,5 +4,53 @@
 		environment.systemPackages = with pkgs; [
 		    qbittorrent-nox
 		];
+
+		systemd.services.qbittorrent-nox = {
+			description = "qBittorrent-nox service";
+			after = [ "network.target" ];
+			wantedBy = [ "multi-user.target" ];
+
+			serviceConfig = {
+				Type = "simple";
+				User = "qbittorrent";
+				Group = "qbittorrent";
+				ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox";
+				Restart = "on-failure";
+				
+				# Security hardening (optional but recommended)
+				NoNewPrivileges = true;
+				PrivateTmp = true;
+				ProtectSystem = "strict";
+				ProtectHome = "read-only";
+				ReadWritePaths = [ 
+					"/var/lib/qbittorrent"
+					"/home/fred/storage/torrents"
+				];
+			};
+
+			preStart = ''
+				mkdir -p /var/lib/qbittorrent/.config/qBittorrent
+				cat > /var/lib/qbittorrent/.config/qBittorrent/qBittorrent.conf << EOF
+				[Preferences]
+				Downloads\SavePath=/home/fred/storage/torrents/downloads
+				EOF
+				chown -R qbittorrent:qbittorrent /var/lib/qbittorrent/.config
+			'';
+		};
+
+		# Create the user and group
+		users.users.qbittorrent = {
+			isSystemUser = true;
+			group = "qbittorrent";
+			home = "/var/lib/qbittorrent";
+			createHome = true;
+		};
+
+		users.groups.qbittorrent = {};
+
+		# Ensure the download directory exists with proper permissions
+		systemd.tmpfiles.rules = [
+			"d /home/fred/storage/torrents/downloads 0775 qbittorrent qbittorrent -"
+		];
 	};
 }