diff options
Diffstat (limited to 'modules/services/transmission/default.nix')
-rw-r--r-- | modules/services/transmission/default.nix | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/modules/services/transmission/default.nix b/modules/services/transmission/default.nix new file mode 100644 index 0000000..57bea77 --- /dev/null +++ b/modules/services/transmission/default.nix @@ -0,0 +1,54 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.my.services.transmission; + secrets = config.age.secrets; +in { + options.my.services.transmission = with lib; { + enable = mkEnableOption "transmission torrent server"; + vhostName = mkOption { + type = types.str; + example = "music.fcuny.net"; + description = "Name for the virtual host"; + }; + }; + + config = lib.mkIf cfg.enable { + services.transmission = { + enable = true; + group = "nas"; + performanceNetParameters = true; + home = "/data/fast/torrents"; + settings = { + dht-enabled = false; + cache-size-mb = 128; + peer-port = 52213; + peer-port-random-low = 49152; + peer-port-random-high = 65535; + message-level = 2; + + rpc-enabled = true; + rpc-host-whitelist-enabled = false; + verify-threads = 4; + }; + }; + + services.nginx.virtualHosts."${cfg.vhostName}" = { + forceSSL = true; + useACMEHost = cfg.vhostName; + locations."/" = { + proxyPass = "http://127.0.0.1:9091"; + proxyWebsockets = true; + }; + }; + + security.acme.certs."${cfg.vhostName}" = { + dnsProvider = "gcloud"; + credentialsFile = secrets."acme/credentials".path; + }; + + networking.firewall = { + allowedTCPPorts = [ 52213 ]; + allowedUDPPorts = [ 52213 ]; + }; + }; +} |