diff --git a/nixos/configs/robi/transmission2.nix b/nixos/configs/robi/transmission2.nix index e6ced92..5d8eca4 100644 --- a/nixos/configs/robi/transmission2.nix +++ b/nixos/configs/robi/transmission2.nix @@ -14,10 +14,6 @@ #└──────────────────────────────────┘ └──────────────────────────────────────┘ let - - hostInterface = "enp3s0"; - hostAddress = "192.168.100.30"; - containerAddress = "192.168.100.32"; uiPort = 9091; ############################################# @@ -71,14 +67,8 @@ in # container network setup # see also nating on host system. - privateNetwork = true; - hostAddress = hostAddress; - localAddress = containerAddress; autoStart = true; - # needed for openvpn - enableTun = true; - config = { config, pkgs, lib, ... }: { system.stateVersion = "21.05"; @@ -102,7 +92,7 @@ in rpc-host-whitelist-enabled = false; rpc-port = uiPort; rpc-enable = true; - rpc-bind-address = "0.0.0.0"; + rpc-bind-address = "127.0.0.1"; # "normal" speed limits speed-limit-down-enabled = false; @@ -153,11 +143,6 @@ in networking.firewall = { allowedTCPPorts = [ 51413 ]; allowedUDPPorts = [ 51413 ]; - # only allow access via nginx (proxy to localhost) - interfaces.eth0 = { - allowedTCPPorts = [ uiPort ]; - allowedUDPPorts = [ uiPort ]; - }; }; # bind transmission to openvpn @@ -173,13 +158,6 @@ in }; }; - # give containers internet access - networking.nat.enable = true; - networking.nat.internalInterfaces = [ "ve-torrent" ]; - networking.nat.externalInterface = hostInterface; - networking.nat.forwardPorts = [ - { destination = "${containerAddress}:51413"; proto = "tcp"; sourcePort = 51413; } - ]; networking.firewall = { allowedTCPPorts = [ 51413 ]; allowedUDPPorts = [ 51413 ]; @@ -200,7 +178,7 @@ in deny all; ''; locations."/" = { - proxyPass = "http://${containerAddress}:${toString uiPort}"; + proxyPass = "http://127.0.0.1:${toString uiPort}"; }; }; };