diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index 52141ab..f4baea2 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -109,6 +109,12 @@ in postgresql-backup = { enable = true; }; + + transmission = { + enable = true; + username = "alarsyo"; + password = secrets.transmission-password; + }; }; security.acme.acceptTerms = true; diff --git a/secrets/default.nix b/secrets/default.nix index 80f15dc..19bd7d6 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -11,5 +11,6 @@ with lib; shadow-hashed-password-root = lib.fileContents ./shadow-hashed-password-root.secret; miniflux-admin-credentials = lib.fileContents ./miniflux-admin-credentials.secret; borg-backup-repo = lib.fileContents ./borg-backup-repo.secret; + transmission-password = lib.fileContents ./transmission.secret; }; } diff --git a/secrets/transmission.secret b/secrets/transmission.secret new file mode 100644 index 0000000..c47d591 Binary files /dev/null and b/secrets/transmission.secret differ diff --git a/services/default.nix b/services/default.nix index 8fd2a9b..ab4e763 100644 --- a/services/default.nix +++ b/services/default.nix @@ -12,5 +12,6 @@ ./monitoring.nix ./nginx.nix ./postgresql-backup.nix + ./transmission.nix ]; } diff --git a/services/media.nix b/services/media.nix index 7e1e966..5b6b9ae 100644 --- a/services/media.nix +++ b/services/media.nix @@ -2,6 +2,7 @@ let mediaServices = with config.my.services; [ jellyfin + transmission ]; needed = builtins.any (service: service.enable) mediaServices; in diff --git a/services/transmission.nix b/services/transmission.nix new file mode 100644 index 0000000..de1ad10 --- /dev/null +++ b/services/transmission.nix @@ -0,0 +1,66 @@ +{ config, lib, ... }: +let + cfg = config.my.services.transmission; + + domain = config.networking.domain; + webuiDomain = "transmission.${domain}"; + + transmissionRpcPort = 9091; + transmissionPeerPort = 30251; + + downloadBase = "/media/torrents/"; +in +{ + options.my.services.transmission = with lib; { + enable = mkEnableOption "Transmission torrent client"; + + username = mkOption { + type = types.str; + default = "alarsyo"; + example = "username"; + description = "Name of the transmission RPC user"; + }; + + password = mkOption { + type = types.str; + example = "password"; + description = "Password of the transmission RPC user"; + }; + }; + + config = lib.mkIf cfg.enable { + services.transmission = { + enable = true; + group = "media"; + + settings = { + download-dir = "${downloadBase}/complete"; + incomplete-dir = "${downloadBase}/incomplete"; + + peer-port = transmissionPeerPort; + + rpc-enabled = true; + rpc-port = transmissionRpcPort; + rpc-authentication-required = true; + + rpc-username = cfg.username; + rpc-password = cfg.password; + + rpc-whitelist-enabled = true; + rpc-whitelist = "127.0.0.1"; + }; + }; + + services.nginx.virtualHosts."${webuiDomain}" = { + forceSSL = true; + enableACME = true; + + locations."/".proxyPass = "http://127.0.0.1:${toString transmissionRpcPort}"; + }; + + networking.firewall = { + allowedTCPPorts = [ transmissionPeerPort ]; + allowedUDPPorts = [ transmissionPeerPort ]; + }; + }; +}