diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 58bdee3..e509ac3 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -147,7 +147,6 @@ in transmission = { enable = true; username = "alarsyo"; - secretConfigFile = config.age.secrets."transmission/secret".path; }; }; diff --git a/hosts/poseidon/secrets.nix b/hosts/poseidon/secrets.nix index ada3ee4..f9b390b 100644 --- a/hosts/poseidon/secrets.nix +++ b/hosts/poseidon/secrets.nix @@ -29,10 +29,6 @@ "restic-backup/poseidon-credentials" = {}; "restic-backup/poseidon-password" = {}; - "transmission/secret" = { - owner = "transmission"; - }; - "users/alarsyo-hashed-password" = {}; "users/root-hashed-password" = {}; }; diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 9aa0e53..c8b4056 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -31,8 +31,6 @@ in "restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ]; "restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ]; - "transmission/secret.age".publicKeys = [ poseidon ]; - "users/root-hashed-password.age".publicKeys = machines; "users/alarsyo-hashed-password.age".publicKeys = machines ++ [ alarsyo ]; } diff --git a/modules/secrets/transmission/secret.age b/modules/secrets/transmission/secret.age deleted file mode 100644 index 038526d..0000000 Binary files a/modules/secrets/transmission/secret.age and /dev/null differ diff --git a/services/transmission.nix b/services/transmission.nix index bdc99b5..7fb7f69 100644 --- a/services/transmission.nix +++ b/services/transmission.nix @@ -49,12 +49,13 @@ in rpc-enabled = true; rpc-port = transmissionRpcPort; - rpc-authentication-required = true; - - rpc-username = cfg.username; + rpc-authentication-required = false; rpc-whitelist-enabled = true; rpc-whitelist = "127.0.0.1"; + + rpc-host-whitelist-enabled = true; + rpc-host-whitelist = webuiDomain; }; # automatically allow transmission.settings.peer-port @@ -68,6 +69,20 @@ in useACMEHost = domain; locations."/".proxyPass = "http://127.0.0.1:${toString transmissionRpcPort}"; + + listen = [ + # FIXME: hardcoded tailscale IP + { + addr = "100.80.61.67"; + port = 443; + ssl = true; + } + { + addr = "100.80.61.67"; + port = 80; + ssl = false; + } + ]; }; }; }