nixos-config/nixos/machines/robi/transmission2.nix

188 lines
7.1 KiB
Nix

{ lib, pkgs, config, ... }:
#
# cp -avl (to create hardlinks instead of copy)
# =============================================
#
#┌──────────────────────────────────┐ ┌──────────────────────────────────────┐
#│/media/torrent2/downloads/music ├─────►│/media/syncthing/music/incomming │
#└──────────────────────────────────┘ └──────────────────────────────────────┘
#┌──────────────────────────────────┐ ┌──────────────────────────────────────┐
#│/media/torrent2/downloads/movies ├─────►│/media/syncthing/movies/incoming │
#└──────────────────────────────────┘ └──────────────────────────────────────┘
#┌──────────────────────────────────┐ ┌──────────────────────────────────────┐
#│/media/torrent2/downloads ├─────►│/media/torrent/incoming │
#└──────────────────────────────────┘ └──────────────────────────────────────┘
let
uiPort = 9091;
#############################################
# These are inherited from Transmission. #
# Do not declare these. Just use as needed. #
# #
# TR_APP_VERSION #
# TR_TIME_LOCALTIME #
# TR_TORRENT_DIR #
# TR_TORRENT_HASH #
# TR_TORRENT_ID #
# TR_TORRENT_NAME #
# #
#############################################
completionScript =
let
copy_map = {
"/media/torrent/downloads/series" = "/media/syncthing/series/incoming";
"/media/torrent/downloads/music" = "/media/syncthing/music/incoming";
"/media/torrent/downloads/movies" = "/media/syncthing/movies/incoming";
"/media/torrent/downloads" = "/media/torrent/incoming";
};
copy_script = lib.concatStringsSep "\n" (lib.mapAttrsToList
(source: target: ''
if [[ "$TR_TORRENT_DIR" == "${source}" ]]
then
cp -val "$TR_TORRENT_DIR/$TR_TORRENT_NAME" "${target}/$TR_TORRENT_NAME"
fi
'')
copy_map);
in
pkgs.writers.writeBash "torrent-finished" copy_script;
in
{
containers.torrent2 = {
# mount host folders
bindMounts = {
media = {
hostPath = "/media";
mountPoint = "/media"; # must be here otherwise transmission can't see the folder
isReadOnly = false;
};
lib = {
hostPath = "/media/torrent/torrent2_config";
mountPoint = "/var/lib/transmission/.config";
isReadOnly = false;
};
};
# container network setup
# see also nating on host system.
autoStart = true;
config = { config, pkgs, lib, ... }: {
system.stateVersion = "21.05";
services.journald.extraConfig = "SystemMaxUse=1G";
# allow transmission to write in syncthing folders
users.groups.syncthing = {
gid = config.ids.gids.syncthing;
members = [ "transmission" ];
};
services.transmission = {
enable = true;
settings = {
download-dir = "/media/torrent/downloads";
incomplete-dir = "/media/torrent/incomplete";
incomplete-dir-enabled = true;
message-level = 1;
umask = 2;
rpc-whitelist-enabled = false;
rpc-host-whitelist-enabled = false;
rpc-port = uiPort;
rpc-enable = true;
rpc-bind-address = "127.0.0.1";
# "normal" speed limits
speed-limit-down-enabled = false;
speed-limit-down = 800;
speed-limit-up-enabled = true;
speed-limit-up = 3000;
upload-slots-per-torrent = 8;
# Queuing
# When true, Transmission will only download
# download-queue-size non-stalled torrents at once.
download-queue-enabled = true;
download-queue-size = 3;
# When true, torrents that have not shared data for
# queue-stalled-minutes are treated as 'stalled'
# and are not counted against the queue-download-size
# and seed-queue-size limits.
queue-stalled-enabled = true;
queue-stalled-minutes = 60;
# When true. Transmission will only seed seed-queue-size
# non-stalled torrents at once.
seed-queue-enabled = false;
seed-queue-size = 10;
# Enable UPnP or NAT-PMP.
peer-port = 51413;
port-forwarding-enabled = false;
# Start torrents as soon as they are added
start-added-torrents = true;
# notify me when download finished
script-torrent-done-enabled = true;
script-torrent-done-filename = completionScript;
# Encryption preference.
# 0 = Prefer unencrypted connections,
# 1 = Prefer encrypted connections,
# 2 = Require encrypted connections;
# default = 1
# Encryption may help get around some ISP filtering, but at the cost of slightly
# higher CPU use
encryption = 2;
};
};
networking.firewall = {
allowedTCPPorts = [ 51413 ];
allowedUDPPorts = [ 51413 ];
};
# bind transmission to openvpn
systemd.services.transmission = {
serviceConfig = {
Restart = "always";
BindPaths = lib.mkForce [
"/media" # this is needed otherwise cp -l is not working
"/var/lib/transmission/.config/transmission-daemon"
];
};
};
};
};
networking.firewall = {
allowedTCPPorts = [ 51413 ];
allowedUDPPorts = [ 51413 ];
};
# host nginx setup
# ----------------
# curl -H "Host: transmission.robi.private" https://robi.private/ < will work
# curl -H "Host: transmission.robi.private" https://144.76.13.147/ < wont work
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"transmission2.${config.networking.hostName}.private" = {
extraConfig = ''
allow ${config.tinc.private.subnet};
deny all;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:${toString uiPort}";
};
};
};
};
}