# Small seedbox setup. # # Inspired by [1] # # [1]: https://github.com/delroth/infra.delroth.net/blob/master/roles/seedbox.nix { config, lib, ... }: let cfg = config.my.services.transmission; domain = config.networking.domain; webuiDomain = "transmission.${domain}"; in { options.my.services.transmission = with lib; { enable = mkEnableOption "Transmission torrent client"; username = mkOption { type = types.str; default = "Ambroisie"; example = "username"; description = "Name of the transmission RPC user"; }; password = mkOption { type = types.str; example = "password"; description = "Password of the transmission RPC user"; }; downloadBase = mkOption { type = types.str; default = "/data/downloads/"; example = "/var/lib/transmission/download"; description = "Download base directory"; }; privatePort = mkOption { type = types.port; default = 9091; example = 8080; description = "Internal port for webui"; }; peerPort = mkOption { type = types.port; default = 30251; example = 32323; description = "Peering port"; }; }; config = lib.mkIf cfg.enable { services.transmission = { enable = true; group = "media"; downloadDirPermissions = "775"; settings = { download-dir = "${cfg.downloadBase}/complete"; incomplete-dir = "${cfg.downloadBase}/incomplete"; peer-port = cfg.peerPort; rpc-enabled = true; rpc-port = cfg.privatePort; rpc-authentication-required = true; rpc-username = cfg.username; rpc-password = cfg.password; # Insecure, but I don't care. # Proxied behind Nginx. rpc-whitelist-enabled = true; rpc-whitelist = "127.0.0.1"; }; }; # Default transmission webui, I prefer combustion but its development # seems to have stalled services.nginx.virtualHosts."${webuiDomain}" = { forceSSL = true; useACMEHost = domain; locations."/".proxyPass = "http://127.0.0.1:${toString cfg.privatePort}"; }; networking.firewall = { allowedTCPPorts = [ cfg.peerPort ]; allowedUDPPorts = [ cfg.peerPort ]; }; }; }