# Small seedbox setup.
#
# Inspired by [1]
#
# [1]: https://github.com/delroth/infra.delroth.net/blob/master/roles/seedbox.nix
{ config, lib, pkgs, ... }:
let
  cfg = config.my.services.transmission;
in
{
  options.my.services.transmission = with lib; {
    enable = mkEnableOption "Transmission torrent client";

    credentialsFile = mkOption {
      type = types.str;
      example = "/var/lib/transmission/creds.json";
      description = ''
        Credential file as an json configuration file to be merged with
        the main one.
      '';
    };

    downloadBase = mkOption {
      type = types.str;
      default = "/data/downloads";
      example = "/var/lib/transmission/download";
      description = "Download base directory";
    };

    port = mkOption {
      type = types.port;
      default = 9091;
      example = 8080;
      description = "Internal port for webui";
    };

    peerPort = mkOption {
      type = types.port;
      default = 30251;
      example = 32323;
      description = "Peering port";
    };
  };

  config = lib.mkIf cfg.enable {
    services.transmission = {
      enable = true;
      package = pkgs.transmission_4;
      group = "media";

      downloadDirPermissions = "775";

      inherit (cfg) credentialsFile;

      settings = {
        download-dir = "${cfg.downloadBase}/complete";
        incomplete-dir = "${cfg.downloadBase}/incomplete";

        peer-port = cfg.peerPort;

        rpc-enabled = true;
        rpc-port = cfg.port;
        rpc-authentication-required = true;

        # Proxied behind Nginx.
        rpc-whitelist-enabled = true;
        rpc-whitelist = "127.0.0.1";
      };
    };

    # Transmission wants to eat *all* my RAM if left to its own devices
    systemd.services.transmission = {
      serviceConfig = {
        MemoryMax = "33%";
      };
    };

    # Set-up media group
    users.groups.media = { };

    # Default transmission webui, I prefer combustion but its development
    # seems to have stalled
    my.services.nginx.virtualHosts = {
      transmission = {
        inherit (cfg) port;
      };
    };

    networking.firewall = {
      allowedTCPPorts = [ cfg.peerPort ];
      allowedUDPPorts = [ cfg.peerPort ];
    };
  };
}