Setup radarr and sonarr on torrent host

2023-12-16 00:22:34 +01:00 · 2023-12-16 00:22:34 +01:00 · 2733d28a99
commit 2733d28a99
parent 2085dfb783
13 changed files with 245 additions and 1 deletions
--- a/config/hosts/torrent/qbittorrent-nox/default.nix
+++ b/config/hosts/torrent/qbittorrent-nox/default.nix
@ -0,0 +1,8 @@
+{ ... }:
+{
+  imports = [
+    ./nginx.nix
+    ./services.nix
+    ./users.nix
+  ];
+}
--- a/config/hosts/torrent/qbittorrent-nox/nginx.nix
+++ b/config/hosts/torrent/qbittorrent-nox/nginx.nix
@ -0,0 +1,51 @@
+# Sources for this configuration:
+# - https://github.com/qbittorrent/qBittorrent/wiki/NGINX-Reverse-Proxy-for-Web-UI
+# - https://github.com/qbittorrent/qBittorrent/wiki/Linux-WebUI-HTTPS-with-Let's-Encrypt-certificates-and-NGINX-SSL-reverse-proxy
+
+{ ... }:
+{
+  services.nginx = {
+    enable = true;
+
+    virtualHosts."torrent.grzb.de" = {
+      forceSSL = true;
+      enableACME = true;
+
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 80;
+        }
+        {
+          addr = "0.0.0.0";
+          port = 443;
+          ssl = true;
+        }
+      ];
+
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8080";
+        extraConfig = ''
+          proxy_http_version 1.1;
+
+          client_max_body_size 100M;
+
+          # From:
+          # https://github.com/qbittorrent/qBittorrent/wiki/NGINX-Reverse-Proxy-for-Web-UI
+          #
+          # Since v4.2.2, is possible to configure qBittorrent
+          # to set the "Secure" flag for the session cookie automatically.
+          # However, that option does nothing unless using qBittorrent's built-in HTTPS functionality.
+          # For this use case, where qBittorrent itself is using plain HTTP
+          # (and regardless of whether or not the external website uses HTTPS),
+          # the flag must be set here, in the proxy configuration itself.
+          # Note: If this flag is set while the external website uses only HTTP, this will cause
+          # the login mechanism to not work without any apparent errors in console/network resulting in "auth loops".
+          proxy_cookie_path  /                  "/; Secure";
+        '';
+      };
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+}
--- a/config/hosts/torrent/qbittorrent-nox/services.nix
+++ b/config/hosts/torrent/qbittorrent-nox/services.nix
@ -0,0 +1,13 @@
+# Sources for this configuration:
+# - https://github.com/NixOS/nixpkgs/issues/236736#issuecomment-1704670598
+# - https://nixos.org/manual/nixos/stable/#sect-nixos-systemd-nixos
+
+{ pkgs, ... }:
+{
+  systemd.packages = [ pkgs.qbittorrent-nox ];
+
+  systemd.services."qbittorrent-nox@torrent" = {
+    overrideStrategy = "asDropin";
+    wantedBy = [ "multi-user.target" ];
+  };
+}
--- a/config/hosts/torrent/qbittorrent-nox/users.nix
+++ b/config/hosts/torrent/qbittorrent-nox/users.nix
@ -0,0 +1,9 @@
+{  ... }:
+{
+  users.users.torrent = {
+    isNormalUser = true;
+    group = "torrent";
+  };
+
+  users.groups.torrent = {};
+}