services: transmission: only expose over Wireguard
This commit is contained in:
parent
8c21d60d8c
commit
2644c71aa8
|
@ -147,7 +147,6 @@ in
|
||||||
transmission = {
|
transmission = {
|
||||||
enable = true;
|
enable = true;
|
||||||
username = "alarsyo";
|
username = "alarsyo";
|
||||||
secretConfigFile = config.age.secrets."transmission/secret".path;
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -29,10 +29,6 @@
|
||||||
"restic-backup/poseidon-credentials" = {};
|
"restic-backup/poseidon-credentials" = {};
|
||||||
"restic-backup/poseidon-password" = {};
|
"restic-backup/poseidon-password" = {};
|
||||||
|
|
||||||
"transmission/secret" = {
|
|
||||||
owner = "transmission";
|
|
||||||
};
|
|
||||||
|
|
||||||
"users/alarsyo-hashed-password" = {};
|
"users/alarsyo-hashed-password" = {};
|
||||||
"users/root-hashed-password" = {};
|
"users/root-hashed-password" = {};
|
||||||
};
|
};
|
||||||
|
|
|
@ -31,8 +31,6 @@ in
|
||||||
"restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];
|
"restic-backup/zephyrus-password.age".publicKeys = [ alarsyo zephyrus ];
|
||||||
"restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ];
|
"restic-backup/zephyrus-credentials.age".publicKeys = [ alarsyo zephyrus ];
|
||||||
|
|
||||||
"transmission/secret.age".publicKeys = [ poseidon ];
|
|
||||||
|
|
||||||
"users/root-hashed-password.age".publicKeys = machines;
|
"users/root-hashed-password.age".publicKeys = machines;
|
||||||
"users/alarsyo-hashed-password.age".publicKeys = machines ++ [ alarsyo ];
|
"users/alarsyo-hashed-password.age".publicKeys = machines ++ [ alarsyo ];
|
||||||
}
|
}
|
||||||
|
|
Binary file not shown.
|
@ -49,12 +49,13 @@ in
|
||||||
|
|
||||||
rpc-enabled = true;
|
rpc-enabled = true;
|
||||||
rpc-port = transmissionRpcPort;
|
rpc-port = transmissionRpcPort;
|
||||||
rpc-authentication-required = true;
|
rpc-authentication-required = false;
|
||||||
|
|
||||||
rpc-username = cfg.username;
|
|
||||||
|
|
||||||
rpc-whitelist-enabled = true;
|
rpc-whitelist-enabled = true;
|
||||||
rpc-whitelist = "127.0.0.1";
|
rpc-whitelist = "127.0.0.1";
|
||||||
|
|
||||||
|
rpc-host-whitelist-enabled = true;
|
||||||
|
rpc-host-whitelist = webuiDomain;
|
||||||
};
|
};
|
||||||
|
|
||||||
# automatically allow transmission.settings.peer-port
|
# automatically allow transmission.settings.peer-port
|
||||||
|
@ -68,6 +69,20 @@ in
|
||||||
useACMEHost = domain;
|
useACMEHost = domain;
|
||||||
|
|
||||||
locations."/".proxyPass = "http://127.0.0.1:${toString transmissionRpcPort}";
|
locations."/".proxyPass = "http://127.0.0.1:${toString transmissionRpcPort}";
|
||||||
|
|
||||||
|
listen = [
|
||||||
|
# FIXME: hardcoded tailscale IP
|
||||||
|
{
|
||||||
|
addr = "100.80.61.67";
|
||||||
|
port = 443;
|
||||||
|
ssl = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
addr = "100.80.61.67";
|
||||||
|
port = 80;
|
||||||
|
ssl = false;
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue