From ab0e287a85f1b82a7bcd1336206ddfead6968c32 Mon Sep 17 00:00:00 2001 From: s-prechtl Date: Sat, 9 Aug 2025 14:30:35 +0200 Subject: [PATCH 1/6] update --- flake.lock | 70 +++++++++++++++++++++++++++--------------------------- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/flake.lock b/flake.lock index db74829..806a408 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1750173260, - "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", + "lastModified": 1754433428, + "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", "owner": "ryantm", "repo": "agenix", - "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", + "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", "type": "github" }, "original": { @@ -24,16 +24,16 @@ "brew-src": { "flake": false, "locked": { - "lastModified": 1751910772, - "narHash": "sha256-jQNdIkq2iRDNWskd5f8kX6q9BO/CBSXhMH41WNRft8E=", + "lastModified": 1753461463, + "narHash": "sha256-kGc7pRH0diLzKmOHsEFA8sZ9NJpgT+tqxAMsuqNd5Po=", "owner": "Homebrew", "repo": "brew", - "rev": "700d67a85e0129ab8a893ff69246943479e33df1", + "rev": "4d14be89e99a45181c18e96a5f19a5b43343cc0f", "type": "github" }, "original": { "owner": "Homebrew", - "ref": "4.5.9", + "ref": "4.5.13", "repo": "brew", "type": "github" } @@ -119,11 +119,11 @@ ] }, "locked": { - "lastModified": 1749396052, - "narHash": "sha256-fJvPyUBat+krIrCrGO0Z40OaCKAluViL1nJ7wBo3dAU=", + "lastModified": 1754613544, + "narHash": "sha256-ueR1mGX4I4DWfDRRxxMphbKDNisDeMPMusN72VV1+cc=", "owner": "nix-community", "repo": "home-manager", - "rev": "f23b0935a3c7a3ec1907359b49962393af248734", + "rev": "cc2fa2331aebf9661d22bb507d362b39852ac73f", "type": "github" }, "original": { @@ -140,11 +140,11 @@ ] }, "locked": { - "lastModified": 1751336185, - "narHash": "sha256-ptnVr2x+sl7cZcTuGx/0BOE2qCAIYHTcgfA+/h60ml0=", + "lastModified": 1752603129, + "narHash": "sha256-S+wmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR+kw=", "owner": "nix-community", "repo": "home-manager", - "rev": "96354906f58464605ff81d2f6c2ea23211cbf051", + "rev": "e8c19a3cec2814c754f031ab3ae7316b64da085b", "type": "github" }, "original": { @@ -236,11 +236,11 @@ "brew-src": "brew-src" }, "locked": { - "lastModified": 1752160973, - "narHash": "sha256-BCC8KB7TEtwv7vZN1WDu870tRbXtzUcmF9xNr6ws5Wc=", + "lastModified": 1754250993, + "narHash": "sha256-MEin+qoQKtFC1b0f4tnQ+Z82BQWSCgh6Ef7rpmH9gig=", "owner": "zhaofengli", "repo": "nix-homebrew", - "rev": "69c1aa2f136f3c3326d9b6770e0eb54f12832971", + "rev": "314d057294e79bc2596972126b84c6f9f144499a", "type": "github" }, "original": { @@ -251,11 +251,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1749195551, - "narHash": "sha256-W5GKQHgunda/OP9sbKENBZhMBDNu2QahoIPwnsF6CeM=", + "lastModified": 1754564048, + "narHash": "sha256-dz303vGuzWjzOPOaYkS9xSW+B93PSAJxvBd6CambXVA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "4602f7e1d3f197b3cb540d5accf5669121629628", + "rev": "26ed7a0d4b8741fe1ef1ee6fa64453ca056ce113", "type": "github" }, "original": { @@ -267,16 +267,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1745391562, - "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=", + "lastModified": 1754028485, + "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7", + "rev": "59e69648d345d6e8fef86158c555730fa12af9de", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } @@ -299,11 +299,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1750259320, - "narHash": "sha256-H8J4H2XCIMEJ5g6fZ179QfQvsc2dUqhqfBjC8RAHNRY=", + "lastModified": 1754689972, + "narHash": "sha256-eogqv6FqZXHgqrbZzHnq43GalnRbLTkbBbFtEfm1RSc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9ba04bda9249d5d5e5238303c9755de5a49a79c5", + "rev": "fc756aa6f5d3e2e5666efcf865d190701fef150a", "type": "github" }, "original": { @@ -347,11 +347,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1749285348, - "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", + "lastModified": 1754498491, + "narHash": "sha256-erbiH2agUTD0Z30xcVSFcDHzkRvkRXOQ3lb887bcVrs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", + "rev": "c2ae88e026f9525daf89587f3cbee584b92b6134", "type": "github" }, "original": { @@ -363,11 +363,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1727348695, - "narHash": "sha256-J+PeFKSDV+pHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI=", + "lastModified": 1752480373, + "narHash": "sha256-JHQbm+OcGp32wAsXTE/FLYGNpb+4GLi5oTvCxwSoBOA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1925c603f17fc89f4c8f6bf6f631a802ad85d784", + "rev": "62e0f05ede1da0d54515d4ea8ce9c733f12d9f08", "type": "github" }, "original": { @@ -411,11 +411,11 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1751341208, - "narHash": "sha256-D659vmh5bseh5rB0tH4osXFXimh+QQLBBMKkdMH/DMk=", + "lastModified": 1754739276, + "narHash": "sha256-HQotJt480NsHIEgkt2ZiuvjGa50sc7cRhhsZXqZIWpU=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "97da6393f00eff37d787dcb1447afc65e9b4d57e", + "rev": "b5b7136bb6ed82504c3613a7e0cbe6f69b72e7f1", "type": "github" }, "original": { From 9b940895c0802bddd28de0c4b22bc14720ff38ea Mon Sep 17 00:00:00 2001 From: System administrator Date: Sun, 10 Aug 2025 21:52:41 +0200 Subject: [PATCH 2/6] qbittorrent moved to unstable --- hosts/saberofxebec/configuration.nix | 1 - modules/nixos/qbittorrent.nix | 226 --------------------------- 2 files changed, 227 deletions(-) delete mode 100644 modules/nixos/qbittorrent.nix diff --git a/hosts/saberofxebec/configuration.nix b/hosts/saberofxebec/configuration.nix index 2ef85f4..d893110 100644 --- a/hosts/saberofxebec/configuration.nix +++ b/hosts/saberofxebec/configuration.nix @@ -12,7 +12,6 @@ in { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix - ../../modules/nixos/qbittorrent.nix ./secrets.nix ]; diff --git a/modules/nixos/qbittorrent.nix b/modules/nixos/qbittorrent.nix deleted file mode 100644 index 6851e8c..0000000 --- a/modules/nixos/qbittorrent.nix +++ /dev/null @@ -1,226 +0,0 @@ -# NOTE: -# This file is 1:1 stolen from the latest update of this nixpkgs pull request: -# https://github.com/NixOS/nixpkgs/pull/287923 -# If that at any point gets merged I would much rather just use that. -{ - config, - pkgs, - lib, - utils, - ... -}: let - cfg = config.services.qbittorrent; - inherit (builtins) concatStringsSep isAttrs isString; - inherit - (lib) - literalExpression - getExe - mkEnableOption - mkOption - mkPackageOption - mkIf - maintainers - escape - collect - mapAttrsRecursive - ; - inherit - (lib.types) - str - port - path - nullOr - listOf - attrsOf - anything - submodule - ; - inherit (lib.generators) toINI mkKeyValueDefault mkValueStringDefault; - gendeepINI = toINI { - mkKeyValue = let - sep = "="; - in - k: v: - if isAttrs v - then - concatStringsSep "\n" ( - collect isString ( - mapAttrsRecursive ( - path: value: "${escape [sep] (concatStringsSep "\\" ([k] ++ path))}${sep}${mkValueStringDefault {} value}" - ) - v - ) - ) - else mkKeyValueDefault {} sep k v; - }; - configFile = pkgs.writeText "qBittorrent.conf" (gendeepINI cfg.serverConfig); -in { - options.services.qbittorrent = { - enable = mkEnableOption "qbittorrent, BitTorrent client"; - - package = mkPackageOption pkgs "qbittorrent-nox" {}; - - user = mkOption { - type = str; - default = "qbittorrent"; - description = "User account under which qbittorrent runs."; - }; - - group = mkOption { - type = str; - default = "qbittorrent"; - description = "Group under which qbittorrent runs."; - }; - - profileDir = mkOption { - type = path; - default = "/var/lib/qBittorrent/"; - description = "the path passed to qbittorrent via --profile."; - }; - - openFirewall = mkEnableOption "opening both the webuiPort and torrentPort over TCP in the firewall"; - - webuiPort = mkOption { - default = 8080; - type = nullOr port; - description = "the port passed to qbittorrent via `--webui-port`"; - }; - - torrentingPort = mkOption { - default = null; - type = nullOr port; - description = "the port passed to qbittorrent via `--torrenting-port`"; - }; - - serverConfig = mkOption { - type = submodule { - freeformType = attrsOf (attrsOf anything); - options.Preferences.WebUI.UseUPnP = mkEnableOption "UPnP for access to the qbittorrent WebUI"; - }; - description = '' - Free-form settings mapped to the `qBittorrent.conf` file in the profile. - Refer to [Explanation-of-Options-in-qBittorrent](https://github.com/qbittorrent/qBittorrent/wiki/Explanation-of-Options-in-qBittorrent) - the Password_PBKDF2 format is oddly unique, you will likely want to use [this tool](https://codeberg.org/feathecutie/qbittorrent_password) to generate the format. - alternatively you can run qBittorrent independently first and use its webUI to generate the format. - ''; - example = literalExpression '' - { - LegalNotice.Accepted = true; - Preferences = { - WebUI = { - Username = "user"; - Password_PBKDF2 = "generated ByteArray."; - }; - General.Locale = "en"; - }; - } - ''; - }; - extraArgs = mkOption { - type = listOf str; - default = []; - description = '' - Extra arguments passed to qbittorrent. See `qbittorrent -h`, or the [source code](https://github.com/qbittorrent/qBittorrent/blob/master/src/app/cmdoptions.cpp), for the available arguments. - ''; - example = [ - "--confirm-legal-notice" - ]; - }; - }; - config = mkIf cfg.enable { - systemd = { - tmpfiles.settings = { - qbittorrent = { - "${cfg.profileDir}/qBittorrent/"."d" = { - mode = "775"; - inherit (cfg) user group; - }; - "${cfg.profileDir}/qBittorrent/config/"."d" = { - mode = "700"; - inherit (cfg) user group; - }; - "${cfg.profileDir}/qBittorrent/config/qBittorrent.conf"."L+" = lib.mkIf (cfg.serverConfig != null) { - mode = "1400"; - inherit (cfg) user group; - argument = "${configFile}"; - }; - }; - }; - services.qbittorrent = { - description = "qbittorrent BitTorrent client"; - wants = ["network-online.target"]; - after = [ - "local-fs.target" - "network-online.target" - "nss-lookup.target" - ]; - wantedBy = ["multi-user.target"]; - restartTriggers = lib.optional (cfg.serverConfig != null) configFile; - - serviceConfig = { - Type = "simple"; - User = cfg.user; - Group = cfg.group; - ExecStart = utils.escapeSystemdExecArgs ( - [ - (getExe cfg.package) - "--profile=${cfg.profileDir}" - ] - ++ lib.optional (cfg.webuiPort != null) "--webui-port=${toString cfg.webuiPort}" - ++ lib.optional (cfg.torrentingPort != null) "--torrenting-port=${toString cfg.torrentingPort}" - ++ cfg.extraArgs - ); - TimeoutStopSec = 1800; - - # https://github.com/qbittorrent/qBittorrent/pull/6806#discussion_r121478661 - PrivateTmp = false; - - PrivateNetwork = false; - RemoveIPC = true; - NoNewPrivileges = true; - PrivateDevices = true; - PrivateUsers = true; - ProtectHome = "yes"; - ProtectProc = "invisible"; - ProcSubset = "pid"; - ProtectSystem = "full"; - ProtectClock = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectControlGroups = true; - RestrictAddressFamilies = [ - "AF_INET" - "AF_INET6" - "AF_NETLINK" - ]; - RestrictNamespaces = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - LockPersonality = true; - MemoryDenyWriteExecute = true; - SystemCallArchitectures = "native"; - CapabilityBoundingSet = ""; - SystemCallFilter = ["@system-service"]; - }; - }; - }; - - users = { - users = mkIf (cfg.user == "qbittorrent") { - qbittorrent = { - inherit (cfg) group; - isSystemUser = true; - }; - }; - groups = mkIf (cfg.group == "qbittorrent") {qbittorrent = {};}; - }; - - networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall ( - lib.optional (cfg.webuiPort != null) cfg.webuiPort - ++ lib.optional (cfg.torrentingPort != null) cfg.torrentingPort - ); - }; - meta.maintainers = with maintainers; [fsnkty]; -} From 5a02d69a4d3b105cfcdf4f36419d6ac2a5410913 Mon Sep 17 00:00:00 2001 From: System administrator Date: Mon, 25 Aug 2025 21:09:16 +0200 Subject: [PATCH 3/6] feat: qbittorrent alternative schedule --- hosts/saberofxebec/configuration.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/hosts/saberofxebec/configuration.nix b/hosts/saberofxebec/configuration.nix index d893110..f95e434 100644 --- a/hosts/saberofxebec/configuration.nix +++ b/hosts/saberofxebec/configuration.nix @@ -141,6 +141,10 @@ in { Username = "Spr3eZ"; Password_PBKDF2 = "@ByteArray(rSRSjyLjKHX4KeDHgtx8qA==:EdZC27+FdG0aFtqVtEsiuqQAA6NROdBRXVSySD6ktgBY7k9ORrq8Kgo2uIkXvAWssmMIFb+C3RZS2PMWAt/Ihw==)"; }; + Scheduler = { + end_time = ''@Variant(\0\0\0\xf\0\x36\xee\x80)''; + start_time = ''@Variant(\0\0\0\xf\x1\xb7t\0)''; + }; }; AutoRun = { OnTorrentAdded.Enabled = true; @@ -151,8 +155,8 @@ in { BitTorrent = { Session.AddTorrentStopped = false; - Session.AlternativeGlobalDLSpeedLimit = 100000; - Session.AlternativeGlobalUPSpeedLimit = 1000; + Session.AlternativeGlobalDLSpeedLimit = 200000; + Session.AlternativeGlobalUPSpeedLimit = 10000; Session.BandwidthSchedulerEnabled = true; Session.ExcludedFileNames = ""; Session.QueueingSystemEnabled = false; From 5fbd256c93971daa01205d6cd72a78a29391dea0 Mon Sep 17 00:00:00 2001 From: System administrator Date: Wed, 27 Aug 2025 18:39:03 +0200 Subject: [PATCH 4/6] feat: samc --- hosts/saberofxebec/configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/saberofxebec/configuration.nix b/hosts/saberofxebec/configuration.nix index f95e434..40364e8 100644 --- a/hosts/saberofxebec/configuration.nix +++ b/hosts/saberofxebec/configuration.nix @@ -155,8 +155,8 @@ in { BitTorrent = { Session.AddTorrentStopped = false; - Session.AlternativeGlobalDLSpeedLimit = 200000; - Session.AlternativeGlobalUPSpeedLimit = 10000; + Session.AlternativeGlobalDLSpeedLimit = 204800; + Session.AlternativeGlobalUPSpeedLimit = 10240; Session.BandwidthSchedulerEnabled = true; Session.ExcludedFileNames = ""; Session.QueueingSystemEnabled = false; From 4493d60a5cf70a6fcdfc7b5582157ee651c10017 Mon Sep 17 00:00:00 2001 From: System administrator Date: Wed, 27 Aug 2025 18:50:23 +0200 Subject: [PATCH 5/6] feat: homarr --- hosts/saberofxebec/configuration.nix | 14 ++++++++++++++ hosts/saberofxebec/secrets.nix | 5 +++++ secrets/secrets.nix | 1 + 3 files changed, 20 insertions(+) diff --git a/hosts/saberofxebec/configuration.nix b/hosts/saberofxebec/configuration.nix index 40364e8..401cc12 100644 --- a/hosts/saberofxebec/configuration.nix +++ b/hosts/saberofxebec/configuration.nix @@ -93,6 +93,16 @@ in { ]; workdir = "/var/lib/pihole/"; }; + containers.homarr = { + image = "ghcr.io/homarr-labs/homarr:v1.34.0"; + ports = [ + "7575:7575" + ]; + volumes = [ + "/var/lib/homarr/:/appdata" + ]; + environmentFiles = [config.age.secrets.homarr.path]; + }; containers.speedtest-tracker = { image = "lscr.io/linuxserver/speedtest-tracker:latest"; @@ -231,6 +241,10 @@ in { reverse_proxy :5055 tls internal ''; + virtualHosts."homarr.saberofxebec".extraConfig = '' + reverse_proxy :7575 + tls internal + ''; virtualHosts."pihole.saberofxebec".extraConfig = '' reverse_proxy :12345 tls internal diff --git a/hosts/saberofxebec/secrets.nix b/hosts/saberofxebec/secrets.nix index cb4055b..ac76230 100644 --- a/hosts/saberofxebec/secrets.nix +++ b/hosts/saberofxebec/secrets.nix @@ -4,4 +4,9 @@ owner = "root"; group = "root"; }; + age.secrets.homarr = { + file = ../../secrets/homarr.age; + owner = "root"; + group = "root"; + }; } diff --git a/secrets/secrets.nix b/secrets/secrets.nix index c720d6d..017a654 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -9,6 +9,7 @@ in { "nextcloud-tprechtl.age".publicKeys = [hitsugibune key]; "onlyoffice.age".publicKeys = [hitsugibune key]; "speedtest-tracker.age".publicKeys = [saberofxebec key]; + "homarr.age".publicKeys = [saberofxebec key]; "matrix.age".publicKeys = [hitsugibune key]; "mautrix-signal.age".publicKeys = [hitsugibune key]; "mautrix-whatsapp.age".publicKeys = [hitsugibune key]; From 73d5cbcecbb0d21a2e3f6963a3b077cf6bdc278e Mon Sep 17 00:00:00 2001 From: s-prechtl Date: Wed, 27 Aug 2025 18:57:30 +0200 Subject: [PATCH 6/6] feat: homarr secret --- secrets/homarr.age | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 secrets/homarr.age diff --git a/secrets/homarr.age b/secrets/homarr.age new file mode 100644 index 0000000..6e03ecb --- /dev/null +++ b/secrets/homarr.age @@ -0,0 +1,17 @@ +age-encryption.org/v1 +-> ssh-ed25519 eXAfqw dpl0Wpy5veeULIzJFHCGmZTnl4iB/2tsbnyM2XZ7KWo +s5m5l8noX3zlIbEevz0+hJvVtMru/TVxrHT2XJ4m9wQ +-> ssh-rsa LgF3EQ +pbtNY7vbvFpZ6+lKKRcuN7LMdAqn1t2qcF2GKRFR0yQV2zBhcu3Mdk4uAN2YhqMO +bwqnfR/jwf7RkJka4fhMtZeOjxKWYtLhEM8uD0Zn1/bmE7Djjw+ChagBFwys6sf+ +AewCzEdLmz+QoEB3Qnh3qBppuu+q1gG0hEpP284TNwiNftgesQJ0H3uFpKcy2Kqd +cY8wUCQqvMd7Mo7P8DToKxWWToXBstFTH0ULFeaSyWTdCcv3kGpHXqcdOOfqR3AN +pbrEXf6lzyCK1v2E1FiTmtdkosEhCtv3AoiAIB3VQ+AxyG9EsdTcQFW4ky3N7yxF +xbB0/nAcDsKWzSYvwNLMSBsCks/NB3xzW7Fo83vIVP7/q6tTPYZK7294sxhNQvD/ +8Qe/SD2nV9EZhVJit+dXsXM2j8AKMdUkegxyLO7y0dDRk43VpmlCIletBu0VnH1K +qZodD763V1O8LoDRqppzAOiK2TVWEaQmUOz0a2GWYaW+A6Ybe0/sjEZ3T5tAVDtt + +--- alnSDMRGCOSQ/YO9Q6iNitTzMNNZ2jtDZIeXsYI1mY4 +Y1.;6uPn>;ٝ<2 t>ҳLqJ +S25Cy_Q8Az@&Zv]o< tHXߓ +.enق \ No newline at end of file