nixos-config/services/transmission.nix

100 lines
2.2 KiB
Nix
Raw Normal View History

2022-04-10 11:54:58 +02:00
{
config,
lib,
...
}: let
inherit
(lib)
2022-01-11 16:08:21 +01:00
mkEnableOption
mkIf
mkOption
optionalAttrs
2022-04-10 11:54:58 +02:00
;
2022-01-11 16:08:21 +01:00
2021-02-19 22:29:04 +01:00
cfg = config.my.services.transmission;
domain = config.networking.domain;
hostname = config.networking.hostName;
fqdn = "${hostname}.${domain}";
2021-02-19 22:29:04 +01:00
webuiDomain = "transmission.${domain}";
transmissionRpcPort = 9091;
transmissionPeerPort = 30251;
downloadBase = "/media/torrents/";
2022-04-10 11:54:58 +02:00
in {
options.my.services.transmission = let
inherit (lib) types;
in {
2021-02-19 22:29:04 +01:00
enable = mkEnableOption "Transmission torrent client";
username = mkOption {
type = types.str;
default = "alarsyo";
example = "username";
description = "Name of the transmission RPC user";
};
secretConfigFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/var/run/secrets/transmission-secrets";
description = "Path to secrets file to append to configuration";
2021-02-19 22:29:04 +01:00
};
};
2022-01-11 16:08:21 +01:00
config = mkIf cfg.enable {
2022-04-10 11:54:58 +02:00
services.transmission =
{
enable = true;
group = "media";
settings = {
download-dir = "${downloadBase}/complete";
incomplete-dir = "${downloadBase}/incomplete";
peer-port = transmissionPeerPort;
rpc-enabled = true;
rpc-port = transmissionRpcPort;
rpc-authentication-required = false;
rpc-whitelist-enabled = true;
rpc-whitelist = "127.0.0.1";
rpc-host-whitelist-enabled = true;
rpc-host-whitelist = webuiDomain;
};
# automatically allow transmission.settings.peer-port
openFirewall = true;
}
// (optionalAttrs (cfg.secretConfigFile != null) {
credentialsFile = cfg.secretConfigFile;
});
2021-02-19 22:29:04 +01:00
services.nginx.virtualHosts."${webuiDomain}" = {
forceSSL = true;
useACMEHost = fqdn;
2021-02-19 22:29:04 +01:00
locations."/".proxyPass = "http://127.0.0.1:${toString transmissionRpcPort}";
listen = [
# FIXME: hardcoded tailscale IP
{
2022-10-27 17:29:13 +02:00
addr = "100.115.172.44";
port = 443;
ssl = true;
}
{
2022-10-27 17:29:13 +02:00
addr = "100.115.172.44";
port = 80;
ssl = false;
}
];
2021-02-19 22:29:04 +01:00
};
security.acme.certs.${fqdn}.extraDomainNames = [webuiDomain];
2021-02-19 22:29:04 +01:00
};
}