services: add transmission

This service makes use of the default webui. I really like combustion more, but am willing to use that one instead given the few amount of time I actually spend looking at it
2021-02-01 14:25:12 +01:00 · 2021-02-01 14:25:12 +01:00 · 27d089afaa
parent 680d82bc3b
commit 27d089afaa
5 changed files with 80 additions and 1 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -80,6 +80,12 @@
    matrix.enable = true;
    # The whole *arr software suite
    pirate.enable = true;
+    # Torrent client and webui
+    transmission = {
+      enable = true;
+      username = "Ambroisie";
+      password = pkgs.lib.removeSuffix "\n" (builtins.readFile ./secrets/transmission/password.txt);
+    };
  };

  programs.gnupg.agent = {
--- a/secrets/transmission/password.txt
+++ b/secrets/transmission/password.txt
--- a/services/default.nix
+++ b/services/default.nix
@ -8,5 +8,6 @@
    ./media.nix
    ./nginx.nix
    ./pirate.nix
+    ./transmission.nix
  ];
 }
--- a/services/media.nix
+++ b/services/media.nix
@ -3,7 +3,7 @@
 { config, lib, ... }:
 let
  needed = with config.my.services;
-    jellyfin.enable || pirate.enable;
+    jellyfin.enable || pirate.enable || transmission.enable;
 in
 {
  config.users.groups.media = lib.mkIf needed { };
--- a/services/transmission.nix
+++ b/services/transmission.nix
@ -0,0 +1,72 @@
+# Small seedbox setup.
+#
+# Inspired by [1]
+#
+# [1]: https://github.com/delroth/infra.delroth.net/blob/master/roles/seedbox.nix
+{ config, lib, ... }:
+let
+  cfg = config.my.services.transmission;
+
+  domain = config.networking.domain;
+  webuiDomain = "transmission.${domain}";
+
+  transmissionRpcPort = 9091;
+  transmissionPeerPort = 30251;
+
+  downloadBase = "/data/downloads/"; # NOTE: to be excluded from backups
+in
+{
+  options.my.services.transmission = with lib; {
+    enable = mkEnableOption "Transmission torrent client";
+    username = mkOption {
+      type = types.str;
+      default = "Ambroisie";
+      example = "username";
+      description = "Name of the transmission RPC user";
+    };
+    password = mkOption {
+      type = types.str;
+      example = "password";
+      description = "Password of the transmission RPC user";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.transmission = {
+      enable = true;
+      group = "media";
+
+      settings = {
+        download-dir = "${downloadBase}/complete";
+        incomplete-dir = "${downloadBase}/incomplete";
+
+        peer-port = transmissionPeerPort;
+
+        rpc-enabled = true;
+        rpc-port = transmissionRpcPort;
+        rpc-authentication-required = true;
+
+        rpc-username = cfg.username;
+        rpc-password = cfg.password; # Insecure, but I don't care.
+
+        # Proxied behind Nginx.
+        rpc-whitelist-enabled = true;
+        rpc-whitelist = "127.0.0.1";
+      };
+    };
+
+    # Default transmission webui, I prefer combustion but its development
+    # seems to have stalled
+    services.nginx.virtualHosts."${webuiDomain}" = {
+      forceSSL = true;
+      useACMEHost = "${domain}";
+
+      locations."/".proxyPass = "http://localhost:${toString transmissionRpcPort}";
+    };
+
+    networking.firewall = {
+      allowedTCPPorts = [ transmissionPeerPort ];
+      allowedUDPPorts = [ transmissionPeerPort ];
+    };
+  };
+}