about summary refs log tree commit diff
path: root/modules/services/transmission/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/services/transmission/default.nix')
-rw-r--r--modules/services/transmission/default.nix54
1 files changed, 54 insertions, 0 deletions
diff --git a/modules/services/transmission/default.nix b/modules/services/transmission/default.nix
new file mode 100644
index 0000000..57bea77
--- /dev/null
+++ b/modules/services/transmission/default.nix
@@ -0,0 +1,54 @@
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.my.services.transmission;
+  secrets = config.age.secrets;
+in {
+  options.my.services.transmission = with lib; {
+    enable = mkEnableOption "transmission torrent server";
+    vhostName = mkOption {
+      type = types.str;
+      example = "music.fcuny.net";
+      description = "Name for the virtual host";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.transmission = {
+      enable = true;
+      group = "nas";
+      performanceNetParameters = true;
+      home = "/data/fast/torrents";
+      settings = {
+        dht-enabled = false;
+        cache-size-mb = 128;
+        peer-port = 52213;
+        peer-port-random-low = 49152;
+        peer-port-random-high = 65535;
+        message-level = 2;
+
+        rpc-enabled = true;
+        rpc-host-whitelist-enabled = false;
+        verify-threads = 4;
+      };
+    };
+
+    services.nginx.virtualHosts."${cfg.vhostName}" = {
+      forceSSL = true;
+      useACMEHost = cfg.vhostName;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:9091";
+        proxyWebsockets = true;
+      };
+    };
+
+    security.acme.certs."${cfg.vhostName}" = {
+      dnsProvider = "gcloud";
+      credentialsFile = secrets."acme/credentials".path;
+    };
+
+    networking.firewall = {
+      allowedTCPPorts = [ 52213 ];
+      allowedUDPPorts = [ 52213 ];
+    };
+  };
+}