91 lines
2.9 KiB
HolyC
91 lines
2.9 KiB
HolyC
{
|
|
config,
|
|
hostname,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
|
|
let
|
|
isPersonal = hostname == "framework";
|
|
|
|
configureQbittorrentTailscale = pkgs.writeShellApplication {
|
|
name = "configure-qbittorrent-tailscale";
|
|
runtimeInputs = [
|
|
pkgs.coreutils
|
|
pkgs.crudini
|
|
];
|
|
text = ''
|
|
conf="''${XDG_CONFIG_HOME:-$HOME/.config}/qBittorrent/qBittorrent.conf"
|
|
mkdir -p "$(dirname "$conf")"
|
|
|
|
crudini --set "$conf" BitTorrent 'Session\Interface' tailscale0
|
|
crudini --set "$conf" BitTorrent 'Session\InterfaceName' tailscale0
|
|
crudini --set "$conf" BitTorrent 'Session\LSDEnabled' false
|
|
crudini --del "$conf" BitTorrent 'Session\InterfaceAddress' 2>/dev/null || true
|
|
'';
|
|
};
|
|
|
|
qbittorrentTailscale = pkgs.symlinkJoin {
|
|
name = "qbittorrent-enhanced-tailscale";
|
|
paths = [ pkgs.qbittorrent-enhanced ];
|
|
postBuild = ''
|
|
rm -f "$out/bin/qbittorrent"
|
|
# Enforce qBittorrent's bind settings, then add a systemd interface allowlist.
|
|
# RestrictNetworkInterfaces works for transient services, not transient scopes.
|
|
cat > "$out/bin/qbittorrent" <<'EOF'
|
|
#!${pkgs.runtimeShell}
|
|
set -eu
|
|
|
|
${configureQbittorrentTailscale}/bin/configure-qbittorrent-tailscale
|
|
|
|
if [ -z "''${XDG_RUNTIME_DIR:-}" ]; then
|
|
printf '%s\n' 'qBittorrent not started: XDG_RUNTIME_DIR is not set, so systemd cannot apply the Tailscale-only network restriction.' >&2
|
|
exit 1
|
|
fi
|
|
|
|
exec ${pkgs.systemd}/bin/systemd-run \
|
|
--user \
|
|
--quiet \
|
|
--collect \
|
|
--property='RestrictNetworkInterfaces=lo tailscale0' \
|
|
-- \
|
|
${pkgs.qbittorrent-enhanced}/bin/qbittorrent "$@"
|
|
EOF
|
|
chmod +x "$out/bin/qbittorrent"
|
|
|
|
desktop="$out/share/applications/org.qbittorrent.qBittorrent.desktop"
|
|
if [ -e "$desktop" ]; then
|
|
rm -f "$desktop"
|
|
install -Dm644 ${pkgs.qbittorrent-enhanced}/share/applications/org.qbittorrent.qBittorrent.desktop "$desktop"
|
|
substituteInPlace "$desktop" \
|
|
--replace-fail 'Exec=qbittorrent %U' "Exec=$out/bin/qbittorrent %U"
|
|
fi
|
|
'';
|
|
};
|
|
in
|
|
|
|
lib.mkIf isPersonal {
|
|
home.activation.configureQbittorrentTailscale = config.lib.dag.entryAfter [ "writeBoundary" ] ''
|
|
${configureQbittorrentTailscale}/bin/configure-qbittorrent-tailscale
|
|
'';
|
|
|
|
home.file.".local/share/applications/org.qbittorrent.qBittorrent.desktop".text = ''
|
|
[Desktop Entry]
|
|
Categories=Network;FileTransfer;P2P;Qt;
|
|
Exec=${qbittorrentTailscale}/bin/qbittorrent %U
|
|
GenericName=BitTorrent client
|
|
Comment=Download and share files over BitTorrent
|
|
Icon=qbittorrent
|
|
MimeType=application/x-bittorrent;x-scheme-handler/magnet;
|
|
Name=qBittorrent
|
|
Terminal=false
|
|
Type=Application
|
|
StartupNotify=false
|
|
StartupWMClass=qbittorrent
|
|
Keywords=bittorrent;torrent;magnet;download;p2p;
|
|
SingleMainWindow=true
|
|
'';
|
|
|
|
home.packages = [ qbittorrentTailscale ];
|
|
}
|