Personal-use NixOS configuration
Get rtorrent and soulseek fully working
+115
-32
+9
-9
flake.lock
+9
-9
flake.lock
···
333
333
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
334
334
},
335
335
"locked": {
336
-
"lastModified": 1757870947,
337
-
"narHash": "sha256-0N8w6SB6a68kWioFmlr+KfwfG44KVjPjJIBSQKNdNhE=",
336
+
"lastModified": 1757942412,
337
+
"narHash": "sha256-iDnEKwUYNOJZU/2B4bt8tfKUwN0J7RFJ7BXmf17VJOM=",
338
338
"owner": "sodiboo",
339
339
"repo": "niri-flake",
340
-
"rev": "8e9b1a571399104e42d8fa5de6c28c63bff0c16a",
340
+
"rev": "1da07fd6a9d44a7875d2843cccab1179085edb2c",
341
341
"type": "github"
342
342
},
343
343
"original": {
···
366
366
"niri-unstable": {
367
367
"flake": false,
368
368
"locked": {
369
-
"lastModified": 1757832020,
370
-
"narHash": "sha256-SCdus7r4IS8l3jzF8mcMFMlDvACTdmDCcsPnGUEqll0=",
369
+
"lastModified": 1757916394,
370
+
"narHash": "sha256-nSmVJLjTGwQYC+pqD7GLt7Yt6oktawAMRld6oyFwMd0=",
371
371
"owner": "YaLTeR",
372
372
"repo": "niri",
373
-
"rev": "e6a8ad38479eb179dc7301755316f993e3e872ea",
373
+
"rev": "cd0d45fdb88641aa5211c81e69301e85c5dd53a2",
374
374
"type": "github"
375
375
},
376
376
"original": {
···
425
425
},
426
426
"nixos-hardware": {
427
427
"locked": {
428
-
"lastModified": 1757891025,
429
-
"narHash": "sha256-NfiTk59huy/YK9H4W4wVwRYyiP2u86QqROM5KK4f5F4=",
428
+
"lastModified": 1757943327,
429
+
"narHash": "sha256-w6cDExPBqbq7fTLo4dZ1ozDGeq3yV6dSN4n/sAaS6OM=",
430
430
"owner": "NixOS",
431
431
"repo": "nixos-hardware",
432
-
"rev": "4c38a024fa32e61db2be8573e5282b15d9733a79",
432
+
"rev": "67a709cfe5d0643dafd798b0b613ed579de8be05",
433
433
"type": "github"
434
434
},
435
435
"original": {
+32
hosts/index/config/nfs.nix
+32
hosts/index/config/nfs.nix
···
9
9
nproc = 16;
10
10
};
11
11
12
+
# TODO: Write a function that can improve this
13
+
12
14
fileSystems."/export/media" = {
13
15
depends = [
14
16
"/mnt/data"
···
23
25
];
24
26
};
25
27
28
+
fileSystems."/export/torrents" = {
29
+
depends = [
30
+
"/mnt/data"
31
+
];
32
+
33
+
device = "/mnt/data/rtorrent/downloads";
34
+
fsType = "none";
35
+
36
+
options = [
37
+
"bind"
38
+
"x-systemd.requires=zfs-mount.service"
39
+
];
40
+
};
41
+
42
+
fileSystems."/export/soulseek" = {
43
+
depends = [
44
+
"/mnt/data"
45
+
];
46
+
47
+
device = "/mnt/data/soulseek/downloads";
48
+
fsType = "none";
49
+
50
+
options = [
51
+
"bind"
52
+
"x-systemd.requires=zfs-mount.service"
53
+
];
54
+
};
55
+
26
56
services.nfs.server.exports = ''
27
57
/export *(fsid=0,ro,insecure)
28
58
/export/media *(rw,insecure,async,no_subtree_check,nohide,all_squash,anonuid=974,anongid=442)
59
+
/export/torrents *(rw,insecure,async,no_subtree_check,nohide,all_squash,anonuid=987,anongid=972)
60
+
/export/soulseek *(rw,insecure,async,no_subtree_check,nohide,all_squash,anonuid=985,anongid=973)
29
61
'';
30
62
}
+15
-2
hosts/index/config/torrenting/rtorrent.nix
+15
-2
hosts/index/config/torrenting/rtorrent.nix
···
1
-
{ flakeRoot, lib, ... }:
1
+
{
2
+
flakeRoot,
3
+
config,
4
+
lib,
5
+
...
6
+
}:
2
7
3
8
let
4
-
interface = "rtornt";
9
+
interface = "sh1";
5
10
6
11
dhtPort = 6771;
7
12
listenStartPort = 33101;
···
42
47
43
48
wireguardConfigFile = "/mnt/apps/rtorrent/wg0.conf";
44
49
50
+
namespaceAddress = "192.168.15.3";
51
+
45
52
openVPNPorts = [
46
53
{
47
54
port = dhtPort;
···
55
62
services.rtorrent = {
56
63
dataDir = "/mnt/apps/rtorrent";
57
64
downloadDir = "/mnt/data/rtorrent/downloads";
65
+
};
66
+
67
+
systemd.services.rtorrent.vpnConfinement = {
68
+
enable = true;
69
+
70
+
vpnNamespace = interface;
58
71
};
59
72
}
+7
-1
hosts/index/config/torrenting/soulseek.nix
+7
-1
hosts/index/config/torrenting/soulseek.nix
···
1
1
{ flakeRoot, config, ... }:
2
2
3
3
let
4
-
interface = "soulsk";
4
+
interface = "sh0";
5
5
6
6
port = 50220;
7
7
···
24
24
vpnNamespaces.${interface} = {
25
25
enable = true;
26
26
27
+
namespaceAddress = "192.168.15.2";
28
+
27
29
portMappings = [
28
30
{
29
31
from = config.services.slskd.settings.web.port;
30
32
to = config.services.slskd.settings.web.port;
31
33
}
32
34
];
35
+
36
+
accessibleFrom = [ "127.0.0.1" ];
33
37
34
38
openVPNPorts = [
35
39
{
···
68
72
69
73
vpnNamespace = interface;
70
74
};
75
+
76
+
users.users.${config.services.slskd.user}.extraGroups = [ "media" ];
71
77
}
+1
-1
hosts/index/default.nix
+1
-1
hosts/index/default.nix
+26
-15
packages/server/torrenting/flood.nix
+26
-15
packages/server/torrenting/flood.nix
···
7
7
lib,
8
8
flakeLib,
9
9
pkgs,
10
+
pkgs-unstable,
10
11
utils ? pkgs.utils,
11
12
...
12
13
}:
13
14
14
15
let
15
16
socket = "/run/flood/flood.sock";
16
-
17
-
rtorrentModule = import ./rtorrent.nix { };
18
17
in
19
18
{
20
-
imports = [
21
-
rtorrentModule
22
-
];
23
19
24
20
services.flood = {
25
21
enable = true;
26
22
23
+
package = pkgs-unstable.flood;
24
+
27
25
extraArgs = [
28
26
"--rtsocket=${config.services.rtorrent.rpcSocket}"
29
27
];
30
28
};
31
29
32
-
systemd.services.flood.serviceConfig.ExecStart = lib.mkForce (
33
-
utils.escapeSystemdExecArgs (
34
-
[
35
-
(lib.getExe pkgs.flood)
36
-
"--port ${socket}"
37
-
"--rundir=/var/lib/flood"
38
-
]
39
-
++ config.services.flood.extraArgs
40
-
)
41
-
);
30
+
systemd.services.flood.serviceConfig = {
31
+
ExecStart = lib.mkForce (
32
+
utils.escapeSystemdExecArgs (
33
+
[
34
+
(lib.getExe config.services.flood.package)
35
+
"--port"
36
+
socket
37
+
"--rundir=/var/lib/flood"
38
+
]
39
+
++ config.services.flood.extraArgs
40
+
)
41
+
);
42
+
43
+
RuntimeDirectory = "flood";
44
+
RuntimeDirectoryMode = "0750";
45
+
UMask = "0007";
46
+
47
+
Group = "flood-proxy";
48
+
};
49
+
50
+
users.groups.flood-proxy = { };
51
+
52
+
users.users.caddy.extraGroups = [ "flood-proxy" ];
42
53
43
54
services.caddy.virtualHosts = flakeLib.mkProxies hosts ''
44
55
reverse_proxy unix/${socket}
+25
-4
packages/server/torrenting/rtorrent.nix
+25
-4
packages/server/torrenting/rtorrent.nix
···
7
7
}:
8
8
9
9
{
10
+
config,
11
+
pkgs-unstable,
12
+
lib,
13
+
...
14
+
}:
15
+
16
+
{
10
17
services.rtorrent = {
11
18
enable = true;
12
19
20
+
package = pkgs-unstable.rtorrent;
21
+
13
22
configText = ''
14
-
dht.mode.set = auto
15
-
dht.port.set = "${toString dhtPort}"
23
+
dht.mode.set = off
24
+
dht.port.set = ${toString dhtPort}
16
25
17
26
protocol.pex.set = yes
18
27
19
-
network.port_range.set = "${toString listenPorts.start}-${toString listenPorts.end}"
28
+
trackers.use_udp.set = yes
20
29
21
-
trackers.use_udp.set = yes
30
+
network.port_range.set = ${toString listenPorts.start}-${toString listenPorts.end}
22
31
23
32
throttle.max_downloads.set = 100
24
33
throttle.max_uploads.global.set = 300
···
39
48
#system.method.set = group.seeding.ratio.command, d.close=
40
49
41
50
schedule2 = throttle_slow, 10:00:00, 24:00:00, ((throttle.global_up.max_rate.set_kb, 4000))
51
+
52
+
# Compatibility with Flood
53
+
method.redirect = load.throw,load.normal
54
+
method.redirect = load.start_throw,load.start
55
+
method.insert = d.down.sequential,value|const,0
56
+
method.insert = d.down.sequential.set,value|const,0
42
57
'';
43
58
};
59
+
60
+
systemd.services.rtorrent.serviceConfig = {
61
+
SystemCallFilter = lib.mkForce "@system-service";
62
+
};
63
+
64
+
systemd.services.flood.serviceConfig.SupplementaryGroups = [ config.services.rtorrent.group ];
44
65
}