2023-12-09 17:15:50 +01:00
|
|
|
{ lib, pkgs, config, ... }:
|
|
|
|
let
|
|
|
|
uiPort = 9091;
|
|
|
|
in
|
|
|
|
{
|
|
|
|
|
|
|
|
containers.torrent2 = {
|
|
|
|
|
2024-04-07 10:18:13 +02:00
|
|
|
autoStart = true;
|
|
|
|
privateNetwork = false;
|
|
|
|
|
2023-12-09 17:15:50 +01:00
|
|
|
# mount host folders
|
|
|
|
bindMounts = {
|
|
|
|
media = {
|
|
|
|
hostPath = "/media";
|
|
|
|
mountPoint = "/media"; # must be here otherwise transmission can't see the folder
|
|
|
|
isReadOnly = false;
|
|
|
|
};
|
|
|
|
lib = {
|
|
|
|
hostPath = "/media/torrent/torrent2_config";
|
|
|
|
mountPoint = "/var/lib/transmission/.config";
|
|
|
|
isReadOnly = false;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-05-18 19:05:32 +02:00
|
|
|
config = { config, lib, ... }: {
|
|
|
|
nixpkgs.pkgs = pkgs;
|
|
|
|
imports = [ ./container-monitoring.nix ];
|
|
|
|
promtail.port = 3505;
|
2023-12-09 17:15:50 +01:00
|
|
|
system.stateVersion = "21.05";
|
|
|
|
services.journald.extraConfig = "SystemMaxUse=1G";
|
|
|
|
|
|
|
|
# allow transmission to write in syncthing folders
|
|
|
|
users.groups.syncthing = {
|
|
|
|
gid = config.ids.gids.syncthing;
|
|
|
|
members = [ "transmission" ];
|
|
|
|
};
|
|
|
|
|
|
|
|
services.transmission = {
|
|
|
|
enable = true;
|
|
|
|
settings = {
|
|
|
|
download-dir = "/media/torrent/downloads";
|
|
|
|
incomplete-dir = "/media/torrent/incomplete";
|
|
|
|
incomplete-dir-enabled = true;
|
|
|
|
message-level = 1;
|
|
|
|
umask = 2;
|
|
|
|
rpc-whitelist-enabled = false;
|
|
|
|
rpc-host-whitelist-enabled = false;
|
|
|
|
rpc-port = uiPort;
|
|
|
|
rpc-enable = true;
|
|
|
|
rpc-bind-address = "127.0.0.1";
|
|
|
|
|
|
|
|
# "normal" speed limits
|
|
|
|
speed-limit-down-enabled = false;
|
|
|
|
speed-limit-down = 800;
|
|
|
|
speed-limit-up-enabled = true;
|
|
|
|
speed-limit-up = 3000;
|
|
|
|
upload-slots-per-torrent = 8;
|
|
|
|
# Queuing
|
|
|
|
# When true, Transmission will only download
|
|
|
|
# download-queue-size non-stalled torrents at once.
|
|
|
|
download-queue-enabled = true;
|
|
|
|
download-queue-size = 3;
|
|
|
|
|
|
|
|
# When true, torrents that have not shared data for
|
|
|
|
# queue-stalled-minutes are treated as 'stalled'
|
|
|
|
# and are not counted against the queue-download-size
|
|
|
|
# and seed-queue-size limits.
|
|
|
|
queue-stalled-enabled = true;
|
|
|
|
queue-stalled-minutes = 60;
|
|
|
|
|
|
|
|
# When true. Transmission will only seed seed-queue-size
|
|
|
|
# non-stalled torrents at once.
|
|
|
|
seed-queue-enabled = false;
|
|
|
|
seed-queue-size = 10;
|
|
|
|
|
|
|
|
# Enable UPnP or NAT-PMP.
|
|
|
|
peer-port = 51413;
|
|
|
|
port-forwarding-enabled = false;
|
|
|
|
|
|
|
|
# Start torrents as soon as they are added
|
|
|
|
start-added-torrents = true;
|
|
|
|
|
|
|
|
# Encryption preference.
|
|
|
|
# 0 = Prefer unencrypted connections,
|
|
|
|
# 1 = Prefer encrypted connections,
|
|
|
|
# 2 = Require encrypted connections;
|
|
|
|
# default = 1
|
|
|
|
# Encryption may help get around some ISP filtering, but at the cost of slightly
|
|
|
|
# higher CPU use
|
|
|
|
encryption = 2;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
systemd.services.transmission = {
|
|
|
|
serviceConfig = {
|
|
|
|
Restart = "always";
|
|
|
|
BindPaths = lib.mkForce [
|
|
|
|
"/media" # this is needed otherwise cp -l is not working
|
|
|
|
"/var/lib/transmission/.config/transmission-daemon"
|
|
|
|
];
|
2024-04-07 10:18:13 +02:00
|
|
|
BindReadOnlyPaths = lib.mkForce [ builtins.storeDir "/etc" ];
|
|
|
|
PrivateMounts = lib.mkForce false;
|
|
|
|
PrivateUsers = lib.mkForce false;
|
|
|
|
RootDirectoryStartOnly = lib.mkForce false;
|
|
|
|
RootDirectory = lib.mkForce "/var/lib";
|
|
|
|
ExecStartPre = lib.mkForce [ ]; # this prevents configuration creation, but fixes startup problems
|
2023-12-09 17:15:50 +01:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
networking.firewall = {
|
|
|
|
allowedTCPPorts = [ 51413 ];
|
|
|
|
allowedUDPPorts = [ 51413 ];
|
|
|
|
};
|
|
|
|
|
|
|
|
# host nginx setup
|
|
|
|
# ----------------
|
|
|
|
|
|
|
|
# curl -H "Host: transmission.robi.private" https://robi.private/ < will work
|
|
|
|
# curl -H "Host: transmission.robi.private" https://144.76.13.147/ < wont work
|
|
|
|
services.nginx = {
|
|
|
|
enable = true;
|
|
|
|
recommendedProxySettings = true;
|
|
|
|
virtualHosts = {
|
|
|
|
"transmission2.${config.networking.hostName}.private" = {
|
|
|
|
extraConfig = ''
|
|
|
|
allow ${config.tinc.private.subnet};
|
|
|
|
deny all;
|
|
|
|
'';
|
|
|
|
locations."/" = {
|
|
|
|
proxyPass = "http://127.0.0.1:${toString uiPort}";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
}
|