# Small seedbox setup. # # Inspired by [1] # # [1]: https://github.com/delroth/infra.delroth.net/blob/master/roles/seedbox.nix { config, lib, pkgs, ... }: let cfg = config.my.services.transmission; in { options.my.services.transmission = with lib; { enable = mkEnableOption "Transmission torrent client"; credentialsFile = mkOption { type = types.str; example = "/var/lib/transmission/creds.json"; description = '' Credential file as an json configuration file to be merged with the main one. ''; }; downloadBase = mkOption { type = types.str; default = "/data/downloads"; example = "/var/lib/transmission/download"; description = "Download base directory"; }; port = mkOption { type = types.port; default = 9091; example = 8080; description = "Internal port for webui"; }; peerPort = mkOption { type = types.port; default = 30251; example = 32323; description = "Peering port"; }; }; config = lib.mkIf cfg.enable { services.transmission = { enable = true; package = pkgs.transmission_4; group = "media"; downloadDirPermissions = "775"; inherit (cfg) credentialsFile; settings = { download-dir = "${cfg.downloadBase}/complete"; incomplete-dir = "${cfg.downloadBase}/incomplete"; peer-port = cfg.peerPort; rpc-enabled = true; rpc-port = cfg.port; rpc-authentication-required = true; # Proxied behind Nginx. rpc-whitelist-enabled = true; rpc-whitelist = "127.0.0.1"; }; }; # Transmission wants to eat *all* my RAM if left to its own devices systemd.services.transmission = { serviceConfig = { MemoryMax = "33%"; }; }; # Set-up media group users.groups.media = { }; # Default transmission webui, I prefer combustion but its development # seems to have stalled my.services.nginx.virtualHosts = { transmission = { inherit (cfg) port; }; }; networking.firewall = { allowedTCPPorts = [ cfg.peerPort ]; allowedUDPPorts = [ cfg.peerPort ]; }; # NOTE: unfortunately transmission does not log connection failures for fail2ban }; }