working on torrent

nixos/configs/robi/configuration.nix

@@ -22,6 +22,7 @@
     ./taskserver.nix
     ./tinc.nix
     ./transmission.nix
+    ./transmission2.nix
     ./vaultwarden.nix
     ./nginx.nix
 

nixos/configs/robi/transmission.nix

@@ -18,7 +18,6 @@ let
   hostInterface = "enp3s0";
   hostAddress = "192.168.100.30";
   containerAddress = "192.168.100.31";
-
   uiPort = 9091;
 
   #############################################
@@ -82,7 +81,7 @@ in
         isReadOnly = false;
       };
       lib = {
-        hostPath = "/media/torrent/.config";
+        hostPath = "/media/torrent/torrent1_config";
         mountPoint = "/var/lib/transmission/.config";
         isReadOnly = false;
       };

nixos/configs/robi/transmission2.nix

@@ -0,0 +1,193 @@
+{ lib, pkgs, config, ... }:
+#
+# cp -avl (to create hardlinks instead of copy)
+# =============================================
+#
+#┌──────────────────────────────────┐      ┌──────────────────────────────────────┐
+#│/media/torrent2/downloads/music    ├─────►│/media/syncthing/music/incomming      │
+#└──────────────────────────────────┘      └──────────────────────────────────────┘
+#┌──────────────────────────────────┐      ┌──────────────────────────────────────┐
+#│/media/torrent2/downloads/movies   ├─────►│/media/syncthing/movies/incoming      │
+#└──────────────────────────────────┘      └──────────────────────────────────────┘
+#┌──────────────────────────────────┐      ┌──────────────────────────────────────┐
+#│/media/torrent2/downloads          ├─────►│/media/torrent/incoming               │
+#└──────────────────────────────────┘      └──────────────────────────────────────┘
+
+let
+
+  hostInterface = "enp3s0";
+  hostAddress = "192.168.100.30";
+  containerAddress = "192.168.100.32";
+  uiPort = 9091;
+
+  #############################################
+  # These are inherited from Transmission.    #
+  # Do not declare these. Just use as needed. #
+  #                                           #
+  # TR_APP_VERSION                            #
+  # TR_TIME_LOCALTIME                         #
+  # TR_TORRENT_DIR                            #
+  # TR_TORRENT_HASH                           #
+  # TR_TORRENT_ID                             #
+  # TR_TORRENT_NAME                           #
+  #                                           #
+  #############################################
+  completionScript =
+    let
+      copy_map = {
+        "/media/torrent/downloads/series" = "/media/syncthing/series/incoming";
+        "/media/torrent/downloads/music" = "/media/syncthing/music/incoming";
+        "/media/torrent/downloads/movies" = "/media/syncthing/movies/incoming";
+        "/media/torrent/downloads" = "/media/torrent/incoming";
+      };
+      copy_script = lib.concatStringsSep "\n" (lib.mapAttrsToList
+        (source: target: ''
+          if [[ "$TR_TORRENT_DIR" == "${source}" ]]
+          then
+            cp -val "$TR_TORRENT_DIR/$TR_TORRENT_NAME" "${target}/$TR_TORRENT_NAME"
+          fi
+        '')
+        copy_map);
+    in
+    pkgs.writers.writeBash "torrent-finished" copy_script;
+in
+{
+
+  containers.torrent2 = {
+
+    # mount host folders
+    bindMounts = {
+      media = {
+        hostPath = "/media";
+        mountPoint = "/media"; # must be here otherwise transmission can't see the folder
+        isReadOnly = false;
+      };
+      lib = {
+        hostPath = "/media/torrent/torrent2_config";
+        mountPoint = "/var/lib/transmission/.config";
+        isReadOnly = false;
+      };
+    };
+
+    # container network setup
+    # see also nating on host system.
+    privateNetwork = true;
+    hostAddress = hostAddress;
+    localAddress = containerAddress;
+    autoStart = true;
+
+    # needed for openvpn
+    enableTun = true;
+
+    config = { config, pkgs, lib, ... }: {
+
+      system.stateVersion = "21.05";
+      services.journald.extraConfig = "SystemMaxUse=1G";
+
+      # allow transmission to write in syncthing folders
+      users.groups.syncthing = {
+        gid = config.ids.gids.syncthing;
+        members = [ "transmission" ];
+      };
+
+      services.transmission = {
+        enable = true;
+        settings = {
+          download-dir = "/media/torrent/downloads";
+          incomplete-dir = "/media/torrent/incomplete";
+          incomplete-dir-enabled = true;
+          message-level = 1;
+          umask = 2;
+          rpc-whitelist-enabled = false;
+          rpc-host-whitelist-enabled = false;
+          rpc-port = uiPort;
+          rpc-enable = true;
+          rpc-bind-address = "0.0.0.0";
+
+          # "normal" speed limits
+          speed-limit-down-enabled = false;
+          speed-limit-down = 800;
+          speed-limit-up-enabled = true;
+          speed-limit-up = 3000;
+          upload-slots-per-torrent = 8;
+          # Queuing
+          # When true, Transmission will only download
+          # download-queue-size non-stalled torrents at once.
+          download-queue-enabled = true;
+          download-queue-size = 3;
+
+          # When true, torrents that have not shared data for
+          # queue-stalled-minutes are treated as 'stalled'
+          # and are not counted against the queue-download-size
+          # and seed-queue-size limits.
+          queue-stalled-enabled = true;
+          queue-stalled-minutes = 60;
+
+          # When true. Transmission will only seed seed-queue-size
+          # non-stalled torrents at once.
+          seed-queue-enabled = false;
+          seed-queue-size = 10;
+
+          # Enable UPnP or NAT-PMP.
+          peer-port = 51413;
+          port-forwarding-enabled = false;
+          # Start torrents as soon as they are added
+
+          start-added-torrents = true;
+
+          # notify me when download finished
+          script-torrent-done-enabled = true;
+          script-torrent-done-filename = completionScript;
+        };
+      };
+
+      networking.firewall = {
+        allowedTCPPorts = [ 51413 ];
+        allowedUDPPorts = [ 51413 ];
+        # only allow access via nginx (proxy to localhost)
+        interfaces.eth0 = {
+          allowedTCPPorts = [ uiPort ];
+          allowedUDPPorts = [ uiPort ];
+        };
+      };
+
+      # bind transmission to openvpn
+      systemd.services.transmission = {
+        serviceConfig = {
+          Restart = "always";
+          BindPaths = lib.mkForce [
+            "/media" # this is needed otherwise cp -l is not working
+            "/var/lib/transmission/.config/transmission-daemon"
+          ];
+        };
+      };
+    };
+  };
+
+  # give containers internet access
+  networking.nat.enable = true;
+  networking.nat.internalInterfaces = [ "ve-torrent" ];
+  networking.nat.externalInterface = hostInterface;
+
+  # host nginx setup
+  # ----------------
+
+  # curl -H "Host: transmission.robi.private" https://robi.private/  < will work
+  # curl -H "Host: transmission.robi.private" https://144.76.13.147/ < wont work
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    virtualHosts = {
+      "transmission2.${config.networking.hostName}.private" = {
+        extraConfig = ''
+          allow ${config.module.cluster.services.tinc.private.networkSubnet};
+          deny all;
+        '';
+        locations."/" = {
+          proxyPass = "http://${containerAddress}:${toString uiPort}";
+        };
+      };
+    };
+  };
+
+}

nixos/system/all/defaults.nix

@@ -53,6 +53,7 @@
   # /etc/hosts
   networking.extraHosts = ''
     ${config.module.cluster.services.tinc.private.hosts.robi.tincIp} transmission.robi.private
+    ${config.module.cluster.services.tinc.private.hosts.robi.tincIp} transmission2.robi.private
   '';