From a374b2575397e1fb3e2d9083c67c70523bb8b102 Mon Sep 17 00:00:00 2001
From: Andre <andre@8bitbuddhism.com>
Date: Tue, 10 Sep 2024 20:14:40 -0400
Subject: [PATCH] Services: ok ok wait, let's try qBittorrent instead

---
 flake.lock                       |   9 +--
 hosts/Hevana/default.nix         |   9 ++-
 modules/services/qbittorrent.nix | 111 +++++++++++++++++++++++++++++++
 secrets                          |   2 +-
 4 files changed, 123 insertions(+), 8 deletions(-)
 create mode 100644 modules/services/qbittorrent.nix

diff --git a/flake.lock b/flake.lock
index 1a20239..2df0073 100644
--- a/flake.lock
+++ b/flake.lock
@@ -378,10 +378,11 @@
     "secrets": {
       "flake": false,
       "locked": {
-        "dirtyRev": "9821d2162d2e2ee58ff65e12c986ef3a8f105058-dirty",
-        "dirtyShortRev": "9821d21-dirty",
-        "lastModified": 1725996724,
-        "narHash": "sha256-xL7dP5DVkG56pbY9wSJ8v9gpCjtA7UfXC6MwttF8teE=",
+        "lastModified": 1726013505,
+        "narHash": "sha256-0xzIUXzp3P5sUVB2XLmtxXoxleqHdSw9j/hpbcOCpRg=",
+        "ref": "refs/heads/main",
+        "rev": "75970a6034cc961a749d07d9c51ef9f8f8f48848",
+        "revCount": 73,
         "type": "git",
         "url": "file:./secrets"
       },
diff --git a/hosts/Hevana/default.nix b/hosts/Hevana/default.nix
index fd98c75..96f9a63 100644
--- a/hosts/Hevana/default.nix
+++ b/hosts/Hevana/default.nix
@@ -20,13 +20,11 @@ let
 
   # List of subdomains to add to the TLS certificate
   subdomains = with config.secrets.services; [
-    deluge.url
     forgejo.url
     gremlin-lab.url
-    home-assistant.url
     jellyfin.url
     netdata.url
-    transmission.url
+    qbittorrent.url
   ];
 in
 {
@@ -188,6 +186,11 @@ in
           };
         };
       };
+      qbittorrent = {
+        enable = true;
+        home = "${services-root}/qbittorrent";
+        url = config.secrets.services.qbittorrent.url;
+      };
       ssh = {
         enable = true;
         ports = [ config.secrets.hosts.dimaga.ssh.port ];
diff --git a/modules/services/qbittorrent.nix b/modules/services/qbittorrent.nix
new file mode 100644
index 0000000..0a619a2
--- /dev/null
+++ b/modules/services/qbittorrent.nix
@@ -0,0 +1,111 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  cfg = config.aux.system.services.qbittorrent;
+  UID = 850;
+  GID = 850;
+  package = pkgs.qbittorrent;
+  port = 8080;
+in
+{
+  options = {
+    aux.system.services.qbittorrent = {
+      enable = lib.mkEnableOption "Enables qBittorrent.";
+      home = lib.mkOption {
+        default = "/var/lib/qbittorrent";
+        type = lib.types.str;
+        description = "Where to store qBittorrent's files";
+      };
+      url = lib.mkOption {
+        default = "";
+        type = lib.types.str;
+        description = "The complete URL where qBittorrent is hosted.";
+        example = "https://qbittorrent.example.com";
+      };
+      user = lib.mkOption {
+        type = lib.types.str;
+        default = "qbittorrent";
+        description = "User account under which qBittorrent runs.";
+      };
+      group = lib.mkOption {
+        type = lib.types.str;
+        default = "qbittorrent";
+        description = "Group under which qBittorrent runs.";
+      };
+    };
+
+  };
+
+  config = lib.mkIf cfg.enable {
+    services = {
+      nginx.virtualHosts."${cfg.url}" = {
+        useACMEHost = pkgs.util.getDomainFromURL cfg.url;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:8080";
+          extraConfig = ''
+            proxy_set_header   X-Real-IP $remote_addr;
+            proxy_set_header   X-Forwarded-Host $host;
+            proxy_set_header   X-Forwarded-Server $host;
+            proxy_set_header   X-Forwarded-For $proxy_add_x_forwnoxarded_for;
+          '';
+        };
+      };
+    };
+
+    systemd.services.qbittorrent = {
+      # based on the plex.nix service module and
+      # https://github.com/qbittorrent/qBittorrent/blob/master/dist/unix/systemd/qbittorrent-nox%40.service.in
+      description = "qBittorrent service";
+      documentation = [ "man:qbittorrent(1)" ];
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      unitConfig.RequiresMountsFor = cfg.home;
+
+      serviceConfig = {
+        Type = "simple";
+        User = cfg.user;
+        Group = cfg.group;
+
+        # Run the pre-start script with full permissions (the "!" prefix) so it
+        # can create the data directory if necessary.
+        ExecStartPre =
+          let
+            preStartScript = pkgs.writeScript "qbittorrent-run-prestart" ''
+              #!${pkgs.bash}/bin/bash
+
+              # Create data directory if it doesn't exist
+              if ! test -d "$QBT_PROFILE"; then
+                echo "Creating initial qBittorrent data directory in: $QBT_PROFILE"
+                install -d -m 0755 -o "${cfg.user}" -g "${cfg.group}" "$QBT_PROFILE"
+              fi
+            '';
+          in
+          "!${preStartScript}";
+        ExecStart = "${package}/bin/qbittorrent";
+      };
+
+      environment = {
+        QBT_PROFILE = cfg.home;
+        QBT_WEBUI_PORT = toString port;
+      };
+    };
+
+    users = {
+      users.${cfg.user} = {
+        description = "qBittorrent user";
+        isNormalUser = false;
+        group = cfg.group;
+        uid = UID;
+      };
+      groups.${cfg.group}.gid = GID;
+    };
+
+    systemd.services.nginx.wants = [ config.systemd.services.qbittorrent.name ];
+  };
+}
diff --git a/secrets b/secrets
index b086ea5..75970a6 160000
--- a/secrets
+++ b/secrets
@@ -1 +1 @@
-Subproject commit b086ea560a8c5e2266b70710c6c2478a010f4c59
+Subproject commit 75970a6034cc961a749d07d9c51ef9f8f8f48848