]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/losurdo/transmission.nix
nixos/sourcehut: massive rewrite
[sourcephile-nix.git] / hosts / losurdo / transmission.nix
1 { pkgs, lib, config, hostName, ... }:
2 let
3 inherit (config.services) transmission;
4 inherit (config.users) users;
5 inherit (config.security) gnupg;
6 netns = "riseup";
7 in
8 {
9 users.groups.transmission.members = [
10 users."julm".name
11 ];
12 services.netns.namespaces.${netns}.nftables = ''
13 add rule inet filter input tcp dport ${toString transmission.settings.peer-port} counter accept comment "Transmission"
14 add rule inet filter input udp dport ${toString transmission.settings.peer-port} counter accept comment "Transmission"
15 add rule inet filter output meta skuid ${transmission.user} counter accept comment "Transmission"
16 '';
17 #users.groups.keys.members = [ transmission.user ];
18 security.gnupg.secrets."transmission/settings.json" = {
19 user = transmission.user;
20 systemdConfig.before = [ "transmission.service" ];
21 systemdConfig.wantedBy = [ "transmission.service" ];
22 };
23 fileSystems."/var/lib/transmission" = {
24 device = "${hostName}/var/torrents";
25 fsType = "zfs";
26 };
27 systemd.services.transmission = {
28 after = [
29 "netns-${netns}.service"
30 "zfs.target"
31 ];
32 requires = [
33 "netns-${netns}.service"
34 "zfs.target"
35 ];
36 serviceConfig.NetworkNamespacePath = "/var/run/netns/${netns}";
37 };
38 systemd.timers.transmission = {
39 timerConfig.OnCalendar = ["20:00:00"];
40 timerConfig.Persistent = true;
41 wantedBy = [ "timers.target" ];
42 };
43 systemd.services.stop-transmission = {
44 serviceConfig.Type = "oneshot";
45 unitConfig.Conflicts = ["transmission.service"];
46 script = "true";
47 };
48 systemd.timers.stop-transmission = {
49 timerConfig.OnCalendar = "06..19:0,15,30,45:00";
50 wantedBy = [ "timers.target" ];
51 };
52 services.transmission = {
53 enable = true;
54 performanceNetParameters = true;
55 credentialsFile = gnupg.secrets."transmission/settings.json".path;
56 settings = {
57 message-level = 2;
58 download-dir = "/var/lib/transmission/downloaded";
59 incomplete-dir = "/var/lib/transmission/.incoming";
60 incomplete-dir-enabled = true;
61 watch-dir = "/var/lib/transmission/.torrents";
62 watch-dir-enabled = true;
63 trash-original-torrent-files = false;
64 preallocation = 0;
65 umask = 7; # 007 octal, in decimal!
66 download-queue-enabled = true;
67 download-queue-size = 5;
68 peer-id-ttl-hours = 6;
69 peer-limit-global = 1000;
70 peer-limit-per-torrent = 100;
71
72 peer-port = 6882;
73 peer-port-random-on-start = false;
74 encryption = 1;
75 dht-enabled = true;
76 lpd-enabled = false;
77 pex-enabled = true;
78 port-forwarding-enabled = true;
79 scrape-paused-torrents-enabled = false;
80 peer-socket-tos = "lowcost";
81 queue-stalled-enabled = true;
82 queue-stalled-minutes = 30;
83 speed-limit-down-enabled = false;
84 speed-limit-up = 50;
85 speed-limit-up-enabled = true;
86 alt-speed-enabled = true;
87 alt-speed-time-enabled = true;
88 alt-speed-down = 1000;
89 alt-speed-up = 0;
90 alt-speed-time-day = 127; # all days. 65; # weekend only
91 alt-speed-time-begin = 360; # 06h00 local time
92 alt-speed-time-end = 1260; # 21h00 local time
93 ratio-limit = 4;
94 ratio-limit-enabled = true;
95
96 rpc-enabled = true;
97 rpc-bind-address = "127.0.0.1";
98 rpc-port = 9091;
99 rpc-whitelist = "127.0.0.1";
100 rpc-whitelist-enabled = true;
101 #rpc-authentication-required = true;
102 };
103 };
104 }