{ config, lib, pkgs, ... }: let cfg = config.my.services.transmission; secrets = config.age.secrets; in { options.my.services.transmission = with lib; { enable = mkEnableOption "transmission torrent server"; vhostName = mkOption { type = types.str; example = "music.fcuny.net"; description = "Name for the virtual host"; }; }; config = lib.mkIf cfg.enable { services.transmission = { enable = true; group = "nas"; performanceNetParameters = true; home = "/data/fast/torrents"; settings = { dht-enabled = false; cache-size-mb = 128; peer-port = 52213; peer-port-random-low = 49152; peer-port-random-high = 65535; message-level = 2; rpc-enabled = true; rpc-host-whitelist-enabled = false; verify-threads = 4; }; }; services.nginx.virtualHosts."${cfg.vhostName}" = { forceSSL = true; useACMEHost = cfg.vhostName; listen = [ { addr = "100.85.232.66"; port = 443; ssl = true; } { addr = "100.85.232.66"; port = 80; ssl = false; } ]; locations."/" = { proxyPass = "http://127.0.0.1:9091"; proxyWebsockets = true; }; }; security.acme.certs."${cfg.vhostName}" = { dnsProvider = "gcloud"; credentialsFile = secrets."acme/credentials".path; }; networking.firewall = { allowedTCPPorts = [ 52213 ]; allowedUDPPorts = [ 52213 ]; }; }; }