nix-infra/common/fragments/bittorrent.nix

{ pkgs, ... }:
{
  system.fsPackages = with pkgs; [
    gocryptfs
    cifs-utils
  ];
  systemd.mounts = [
    {
      after = [ "network.target" ];
      what = "//library.technogothic.net/backup";
      where = "/mnt/library-raw";
      type = "cifs";
      options = "gid=users,file_mode=0664,dir_mode=0775";
      mountConfig.EnvironmentFile = "/var/lib/secrets/hetzner-env";
    }
    {
      what = "/mnt/library-raw";
      where = "/mnt/library";
      type = "fuse.gocryptfs";
      options = "allow_other,passfile=/var/lib/secrets/gocryptfs-pass";
      wantedBy = [ "multi-user.target" ];
    }
  ];

  virtualisation.oci-containers.containers = {
    "qbittorrent" = {
      image = "dyonr/qbittorrentvpn";
      autoStart = true;
      volumes = [
        "/var/lib/qbittorrent:/config"
        "/mnt/library:/downloads"
      ];
      environment = {
        VPN_TYPE = "wireguard";
        LAN_NETWORK = "10.21.0.0/16,10.42.0.0/24,100.64.0.0/24";
      };
      ports = [ "8080:8080" ];
      extraOptions = [
        "--cap-add=NET_ADMIN"
        "--device=/dev/net/tun"
        "--privileged"
      ];
    };
  };

  services.flood = {
    enable = true;
    extraArgs = [ "--baseuri=/flood" ];
  };

  # Jellyfin
  services.jellyfin = {
    enable = true;
    openFirewall = true;
  };
  environment.systemPackages = with pkgs; [
    jellyfin
    jellyfin-web
    jellyfin-ffmpeg
  ];

  # SMB Share
  services.samba = {
    enable = true;
    openFirewall = true;
    extraConfig = ''
      server string = Watchtower
      guest account = nobody
      map to guest = bad user
    '';
    shares.Library = {
      path = "/mnt/library";
      browseable = "yes";
      "read only" = "no";
      "guest ok" = "yes";
    };
  };

  services.nginx.enable = true;
  services.nginx.virtualHosts."watchtower.thorns.home.arpa" = {
    locations."/flood/api" = {
      proxyPass = "http://127.0.0.1:3000";
      proxyWebsockets = true;
      extraConfig = ''
        proxy_buffering off;
        proxy_cache off;
      '';
    };
    locations."/flood/" = {
      alias = "${pkgs.flood}/lib/node_modules/flood/dist/assets/";
      tryFiles = "$uri /flood/index.html";
    };

    extraConfig = ''
      rewrite ^/(flood)$ $1/ permanent;
    '';
  };
}