dotfiles/modules/nixos/services/transmission.nix

90 lines
3.1 KiB
Nix
Raw Permalink Normal View History

2022-10-16 01:32:39 +00:00
{ config, pkgs, lib, ... }: {
2022-10-09 14:12:31 +00:00
options = {
transmissionServer = lib.mkOption {
2023-06-06 03:49:41 +00:00
type = lib.types.nullOr lib.types.str;
2022-10-09 14:12:31 +00:00
description = "Hostname for Transmission";
2022-12-21 21:18:03 +00:00
default = null;
2022-10-09 14:12:31 +00:00
};
};
config = let
namespace = config.networking.wireguard.interfaces.wg0.interfaceNamespace;
2022-10-10 03:25:28 +00:00
vpnIp = lib.strings.removeSuffix "/32"
(builtins.head config.networking.wireguard.interfaces.wg0.ips);
2023-06-06 03:49:41 +00:00
in lib.mkIf (config.transmissionServer != null) {
2022-10-09 14:12:31 +00:00
# Setup transmission
services.transmission = {
enable = true;
settings = {
port-forwarding-enabled = false;
rpc-authentication-required = true;
rpc-port = 9091;
rpc-bind-address = "0.0.0.0";
rpc-username = config.user;
rpc-host-whitelist = config.transmissionServer;
rpc-host-whitelist-enabled = true;
2022-10-10 03:25:28 +00:00
rpc-whitelist = "127.0.0.1,${vpnIp}";
2023-06-06 03:49:41 +00:00
rpc-whitelist-enabled = config.wireguard.enable;
2022-10-09 14:12:31 +00:00
};
2022-10-16 01:32:39 +00:00
credentialsFile = config.secrets.transmission.dest;
2022-10-09 14:12:31 +00:00
};
# Bind transmission to wireguard namespace
2023-06-06 03:49:41 +00:00
systemd.services.transmission = lib.mkIf config.wireguard.enable {
bindsTo = [ "netns@${namespace}.service" ];
2022-10-16 01:32:39 +00:00
requires = [ "network-online.target" "transmission-secret.service" ];
after = [ "wireguard-wg0.service" "transmission-secret.service" ];
unitConfig.JoinsNamespaceOf = "netns@${namespace}.service";
serviceConfig.NetworkNamespacePath = "/var/run/netns/${namespace}";
2022-10-09 14:12:31 +00:00
};
# Create reverse proxy for web UI
2023-03-12 13:24:16 +00:00
caddy.routes = lib.mkAfter [{
2023-07-07 16:16:07 +00:00
group = if (config.hostnames.download == config.transmissionServer) then
"download"
else
"transmission";
2023-06-04 01:10:23 +00:00
match = [{
host = [ config.transmissionServer ];
path = [ "/transmission*" ];
}];
2022-10-09 14:12:31 +00:00
handle = [{
handler = "reverse_proxy";
upstreams = [{ dial = "localhost:9091"; }];
}];
}];
# Caddy and Transmission both try to set rmem_max for larger UDP packets.
# We will choose Transmission's recommendation (4 MB).
boot.kernel.sysctl."net.core.rmem_max" = 4194304;
2022-10-09 14:12:31 +00:00
# Allow inbound connections to reach namespace
2023-06-06 03:49:41 +00:00
systemd.services.transmission-web-netns = lib.mkIf config.wireguard.enable {
description = "Forward to transmission in wireguard namespace";
2022-10-09 14:12:31 +00:00
requires = [ "transmission.service" ];
after = [ "transmission.service" ];
serviceConfig = {
Restart = "on-failure";
TimeoutStopSec = 300;
};
wantedBy = [ "multi-user.target" ];
script = ''
${pkgs.iproute2}/bin/ip netns exec ${namespace} ${pkgs.iproute2}/bin/ip link set dev lo up
2022-10-10 03:25:28 +00:00
${pkgs.socat}/bin/socat tcp-listen:9091,fork,reuseaddr exec:'${pkgs.iproute2}/bin/ip netns exec ${namespace} ${pkgs.socat}/bin/socat STDIO "tcp-connect:${vpnIp}:9091"',nofork
2022-10-09 14:12:31 +00:00
'';
};
# Create credentials file for transmission
2022-10-16 01:32:39 +00:00
secrets.transmission = {
source = ../../../private/transmission.json.age;
dest = "${config.secretsDirectory}/transmission.json";
2022-10-16 01:32:39 +00:00
owner = "transmission";
group = "transmission";
2022-10-09 14:12:31 +00:00
};
};
}