update transmission2

nixos/configs/robi/transmission2.nix

@@ -14,10 +14,6 @@
 #└──────────────────────────────────┘      └──────────────────────────────────────┘
 
 let
-
-  hostInterface = "enp3s0";
-  hostAddress = "192.168.100.30";
-  containerAddress = "192.168.100.32";
   uiPort = 9091;
 
   #############################################
@@ -71,14 +67,8 @@ in
 
     # container network setup
     # see also nating on host system.
-    privateNetwork = true;
-    hostAddress = hostAddress;
-    localAddress = containerAddress;
     autoStart = true;
 
-    # needed for openvpn
-    enableTun = true;
-
     config = { config, pkgs, lib, ... }: {
 
       system.stateVersion = "21.05";
@@ -102,7 +92,7 @@ in
           rpc-host-whitelist-enabled = false;
           rpc-port = uiPort;
           rpc-enable = true;
-          rpc-bind-address = "0.0.0.0";
+          rpc-bind-address = "127.0.0.1";
 
           # "normal" speed limits
           speed-limit-down-enabled = false;
@@ -153,11 +143,6 @@ in
       networking.firewall = {
         allowedTCPPorts = [ 51413 ];
         allowedUDPPorts = [ 51413 ];
-        # only allow access via nginx (proxy to localhost)
-        interfaces.eth0 = {
-          allowedTCPPorts = [ uiPort ];
-          allowedUDPPorts = [ uiPort ];
-        };
       };
 
       # bind transmission to openvpn
@@ -173,13 +158,6 @@ in
     };
   };
 
-  # give containers internet access
-  networking.nat.enable = true;
-  networking.nat.internalInterfaces = [ "ve-torrent" ];
-  networking.nat.externalInterface = hostInterface;
-  networking.nat.forwardPorts = [
-    { destination = "${containerAddress}:51413"; proto = "tcp"; sourcePort = 51413; }
-  ];
   networking.firewall = {
     allowedTCPPorts = [ 51413 ];
     allowedUDPPorts = [ 51413 ];
@@ -200,7 +178,7 @@ in
           deny all;
         '';
         locations."/" = {
-          proxyPass = "http://${containerAddress}:${toString uiPort}";
+          proxyPass = "http://127.0.0.1:${toString uiPort}";
         };
       };
     };