noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2024-11-22 19:15:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

decouple wireguard and transmission

Browse Source
This commit is contained in:
Noah Masur 2023-06-05 23:49:41 -04:00
parent 18154b6579
commit e3d4b36613
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
modules/nixos/services/transmission.nix
View File

@ -2,7 +2,7 @@
options = { options = {
transmissionServer = lib.mkOption { transmissionServer = lib.mkOption {
type = lib.types.str; type = lib.types.nullOr lib.types.str;
description = "Hostname for Transmission"; description = "Hostname for Transmission";
default = null; default = null;
}; };
@ -12,7 +12,7 @@
namespace = config.networking.wireguard.interfaces.wg0.interfaceNamespace; namespace = config.networking.wireguard.interfaces.wg0.interfaceNamespace;
vpnIp = lib.strings.removeSuffix "/32" vpnIp = lib.strings.removeSuffix "/32"
(builtins.head config.networking.wireguard.interfaces.wg0.ips); (builtins.head config.networking.wireguard.interfaces.wg0.ips);
in lib.mkIf (config.wireguard.enable && config.transmissionServer != null) { in lib.mkIf (config.transmissionServer != null) {
# Setup transmission # Setup transmission
services.transmission = { services.transmission = {
@ -26,13 +26,13 @@
rpc-host-whitelist = config.transmissionServer; rpc-host-whitelist = config.transmissionServer;
rpc-host-whitelist-enabled = true; rpc-host-whitelist-enabled = true;
rpc-whitelist = "127.0.0.1,${vpnIp}"; rpc-whitelist = "127.0.0.1,${vpnIp}";
rpc-whitelist-enabled = true; rpc-whitelist-enabled = config.wireguard.enable;
}; };
credentialsFile = config.secrets.transmission.dest; credentialsFile = config.secrets.transmission.dest;
}; };
# Bind transmission to wireguard namespace # Bind transmission to wireguard namespace
systemd.services.transmission = { systemd.services.transmission = lib.mkIf config.wireguard.enable {
bindsTo = [ "netns@${namespace}.service" ]; bindsTo = [ "netns@${namespace}.service" ];
requires = [ "network-online.target" "transmission-secret.service" ]; requires = [ "network-online.target" "transmission-secret.service" ];
after = [ "wireguard-wg0.service" "transmission-secret.service" ]; after = [ "wireguard-wg0.service" "transmission-secret.service" ];
@ -59,7 +59,7 @@
boot.kernel.sysctl."net.core.rmem_max" = 4194304; boot.kernel.sysctl."net.core.rmem_max" = 4194304;
# Allow inbound connections to reach namespace # Allow inbound connections to reach namespace
systemd.services.transmission-web-netns = { systemd.services.transmission-web-netns = lib.mkIf config.wireguard.enable {
description = "Forward to transmission in wireguard namespace"; description = "Forward to transmission in wireguard namespace";
requires = [ "transmission.service" ]; requires = [ "transmission.service" ];
after = [ "transmission.service" ]; after = [ "transmission.service" ];