diff --git a/nixos/configs/robi/configuration.nix b/nixos/configs/robi/configuration.nix index 3a1800e..53d489c 100644 --- a/nixos/configs/robi/configuration.nix +++ b/nixos/configs/robi/configuration.nix @@ -22,6 +22,7 @@ ./taskserver.nix ./tinc.nix ./transmission.nix + ./transmission2.nix ./vaultwarden.nix ./nginx.nix diff --git a/nixos/configs/robi/transmission.nix b/nixos/configs/robi/transmission.nix index 86415e4..4d55cd6 100644 --- a/nixos/configs/robi/transmission.nix +++ b/nixos/configs/robi/transmission.nix @@ -18,7 +18,6 @@ let hostInterface = "enp3s0"; hostAddress = "192.168.100.30"; containerAddress = "192.168.100.31"; - uiPort = 9091; ############################################# @@ -82,7 +81,7 @@ in isReadOnly = false; }; lib = { - hostPath = "/media/torrent/.config"; + hostPath = "/media/torrent/torrent1_config"; mountPoint = "/var/lib/transmission/.config"; isReadOnly = false; }; diff --git a/nixos/configs/robi/transmission2.nix b/nixos/configs/robi/transmission2.nix new file mode 100644 index 0000000..e0dd00c --- /dev/null +++ b/nixos/configs/robi/transmission2.nix @@ -0,0 +1,193 @@ +{ lib, pkgs, config, ... }: +# +# cp -avl (to create hardlinks instead of copy) +# ============================================= +# +#┌──────────────────────────────────┐ ┌──────────────────────────────────────┐ +#│/media/torrent2/downloads/music ├─────►│/media/syncthing/music/incomming │ +#└──────────────────────────────────┘ └──────────────────────────────────────┘ +#┌──────────────────────────────────┐ ┌──────────────────────────────────────┐ +#│/media/torrent2/downloads/movies ├─────►│/media/syncthing/movies/incoming │ +#└──────────────────────────────────┘ └──────────────────────────────────────┘ +#┌──────────────────────────────────┐ ┌──────────────────────────────────────┐ +#│/media/torrent2/downloads ├─────►│/media/torrent/incoming │ +#└──────────────────────────────────┘ └──────────────────────────────────────┘ + +let + + hostInterface = "enp3s0"; + hostAddress = "192.168.100.30"; + containerAddress = "192.168.100.32"; + uiPort = 9091; + + ############################################# + # These are inherited from Transmission. # + # Do not declare these. Just use as needed. # + # # + # TR_APP_VERSION # + # TR_TIME_LOCALTIME # + # TR_TORRENT_DIR # + # TR_TORRENT_HASH # + # TR_TORRENT_ID # + # TR_TORRENT_NAME # + # # + ############################################# + completionScript = + let + copy_map = { + "/media/torrent/downloads/series" = "/media/syncthing/series/incoming"; + "/media/torrent/downloads/music" = "/media/syncthing/music/incoming"; + "/media/torrent/downloads/movies" = "/media/syncthing/movies/incoming"; + "/media/torrent/downloads" = "/media/torrent/incoming"; + }; + copy_script = lib.concatStringsSep "\n" (lib.mapAttrsToList + (source: target: '' + if [[ "$TR_TORRENT_DIR" == "${source}" ]] + then + cp -val "$TR_TORRENT_DIR/$TR_TORRENT_NAME" "${target}/$TR_TORRENT_NAME" + fi + '') + copy_map); + in + pkgs.writers.writeBash "torrent-finished" copy_script; +in +{ + + containers.torrent2 = { + + # mount host folders + bindMounts = { + media = { + hostPath = "/media"; + mountPoint = "/media"; # must be here otherwise transmission can't see the folder + isReadOnly = false; + }; + lib = { + hostPath = "/media/torrent/torrent2_config"; + mountPoint = "/var/lib/transmission/.config"; + isReadOnly = false; + }; + }; + + # container network setup + # see also nating on host system. + privateNetwork = true; + hostAddress = hostAddress; + localAddress = containerAddress; + autoStart = true; + + # needed for openvpn + enableTun = true; + + config = { config, pkgs, lib, ... }: { + + system.stateVersion = "21.05"; + services.journald.extraConfig = "SystemMaxUse=1G"; + + # allow transmission to write in syncthing folders + users.groups.syncthing = { + gid = config.ids.gids.syncthing; + members = [ "transmission" ]; + }; + + services.transmission = { + enable = true; + settings = { + download-dir = "/media/torrent/downloads"; + incomplete-dir = "/media/torrent/incomplete"; + incomplete-dir-enabled = true; + message-level = 1; + umask = 2; + rpc-whitelist-enabled = false; + rpc-host-whitelist-enabled = false; + rpc-port = uiPort; + rpc-enable = true; + rpc-bind-address = "0.0.0.0"; + + # "normal" speed limits + speed-limit-down-enabled = false; + speed-limit-down = 800; + speed-limit-up-enabled = true; + speed-limit-up = 3000; + upload-slots-per-torrent = 8; + # Queuing + # When true, Transmission will only download + # download-queue-size non-stalled torrents at once. + download-queue-enabled = true; + download-queue-size = 3; + + # When true, torrents that have not shared data for + # queue-stalled-minutes are treated as 'stalled' + # and are not counted against the queue-download-size + # and seed-queue-size limits. + queue-stalled-enabled = true; + queue-stalled-minutes = 60; + + # When true. Transmission will only seed seed-queue-size + # non-stalled torrents at once. + seed-queue-enabled = false; + seed-queue-size = 10; + + # Enable UPnP or NAT-PMP. + peer-port = 51413; + port-forwarding-enabled = false; + # Start torrents as soon as they are added + + start-added-torrents = true; + + # notify me when download finished + script-torrent-done-enabled = true; + script-torrent-done-filename = completionScript; + }; + }; + + networking.firewall = { + allowedTCPPorts = [ 51413 ]; + allowedUDPPorts = [ 51413 ]; + # only allow access via nginx (proxy to localhost) + interfaces.eth0 = { + allowedTCPPorts = [ uiPort ]; + allowedUDPPorts = [ uiPort ]; + }; + }; + + # bind transmission to openvpn + systemd.services.transmission = { + serviceConfig = { + Restart = "always"; + BindPaths = lib.mkForce [ + "/media" # this is needed otherwise cp -l is not working + "/var/lib/transmission/.config/transmission-daemon" + ]; + }; + }; + }; + }; + + # give containers internet access + networking.nat.enable = true; + networking.nat.internalInterfaces = [ "ve-torrent" ]; + networking.nat.externalInterface = hostInterface; + + # host nginx setup + # ---------------- + + # curl -H "Host: transmission.robi.private" https://robi.private/ < will work + # curl -H "Host: transmission.robi.private" https://144.76.13.147/ < wont work + services.nginx = { + enable = true; + recommendedProxySettings = true; + virtualHosts = { + "transmission2.${config.networking.hostName}.private" = { + extraConfig = '' + allow ${config.module.cluster.services.tinc.private.networkSubnet}; + deny all; + ''; + locations."/" = { + proxyPass = "http://${containerAddress}:${toString uiPort}"; + }; + }; + }; + }; + +} diff --git a/nixos/system/all/defaults.nix b/nixos/system/all/defaults.nix index 32020f2..3d947ec 100644 --- a/nixos/system/all/defaults.nix +++ b/nixos/system/all/defaults.nix @@ -53,6 +53,7 @@ # /etc/hosts networking.extraHosts = '' ${config.module.cluster.services.tinc.private.hosts.robi.tincIp} transmission.robi.private + ${config.module.cluster.services.tinc.private.hosts.robi.tincIp} transmission2.robi.private '';