transmission reaches internet through vpn

modules/services/transmission.nix

@@ -37,7 +37,7 @@ in {
       requires = [ "network-online.target" ];
       after = [ "wireguard-wg0.service" ];
       unitConfig.JoinsNamespaceOf = "netns@wg.service";
-      serviceConfig = { PrivateNetwork = true; };
+      serviceConfig.NetworkNamespacePath = "/var/run/netns/wg";
     };
 
     # Create reverse proxy for web UI
@@ -51,12 +51,10 @@ in {
 
     # Allow inbound connections to reach namespace
     systemd.services.transmission-web-netns = {
-      description = "Forward to transmission in netns";
+      description = "Forward to transmission in wireguard namespace";
       requires = [ "transmission.service" ];
       after = [ "transmission.service" ];
       serviceConfig = {
-        User = "transmission";
-        Group = "transmission";
         Restart = "on-failure";
         TimeoutStopSec = 300;
       };

modules/services/wireguard.nix

@@ -33,15 +33,15 @@ in {
 
         }];
 
-        # Namespaces
+        # Move to network namespace for isolating programs
         interfaceNamespace = "wg";
-        # socketNamespace = "wg";
 
       };
     };
   };
 
   # Create namespace for Wireguard
+  # This allows us to isolate specific programs to Wireguard
   systemd.services."netns@" = {
     description = "%I network namespace";
     before = [ "network.target" ];
@@ -53,7 +53,7 @@ in {
     };
   };
 
-  # Private key file for wireguard
+  # Create private key file for wireguard
   systemd.services.wireguard-private-key = {
     wantedBy = [ "wireguard-wg0.service" ];
     requiredBy = [ "wireguard-wg0.service" ];