]> Git — Sourcephile - sourcephile-nix.git/blob - machines/losurdo/transmission.nix
nix: use nixpkgs/patches/wip.diff instead of nixpkgs/overlays.nix and nixos/modules.nix
[sourcephile-nix.git] / machines / losurdo / transmission.nix
1 { pkgs, lib, config, ... }:
2 let
3 inherit (config.services) transmission;
4 inherit (config.users) users;
5 inherit (config.security) pass;
6 in
7 {
8 users.groups.transmission.members = [
9 users."julm".name
10 ];
11 networking.nftables.ruleset = ''
12 add rule inet filter net2fw tcp dport ${toString transmission.settings.peer-port} counter accept comment "Transmission"
13 add rule inet filter net2fw udp dport ${toString transmission.settings.peer-port} counter accept comment "Transmission"
14 add rule inet filter fw2net meta skuid ${transmission.user} counter accept comment "Transmission"
15 '';
16 security.pass.secrets."transmission/settings.json" = {};
17 systemd.services.transmission = {
18 after = [ pass.secrets."transmission/settings.json".service ];
19 requires = [ pass.secrets."transmission/settings.json".service ];
20 };
21 services.transmission = {
22 enable = true;
23 credentialsFile = pass.secrets."transmission/settings.json".path;
24 settings = {
25 message-level = 3;
26 download-dir = "Downloads";
27 incomplete-dir-enabled = false;
28 trash-original-torrent-files = false;
29 preallocation = 0;
30 umask = 63;
31
32 peer-port = 6882;
33 peer-port-random-on-start = false;
34 encryption = 1;
35 dht-enabled = true;
36 lpd-enabled = false;
37 pex-enabled = true;
38 port-forwarding-enabled = true;
39 scrape-paused-torrents-enabled = false;
40 peer-socket-tos = "lowcost";
41 queue-stalled-enabled = true;
42 queue-stalled-minutes = 30;
43
44 speed-limit-up = 500;
45 speed-limit-up-enabled = true;
46 alt-speed-enabled = true;
47 alt-speed-time-enabled = true;
48 alt-speed-down = 0;
49 alt-speed-up = 50;
50 alt-speed-time-day = 127; # all days. 65; # weekend only
51 alt-speed-time-begin = 360; # 06h00 local time
52 alt-speed-time-end = 1320; # 22h00 local time
53 ratio-limit = 4;
54 ratio-limit-enabled = true;
55
56 rpc-enabled = true;
57 rpc-bind-address = "127.0.0.1";
58 rpc-port = 9091;
59 rpc-whitelist = "127.0.0.1";
60 rpc-whitelist-enabled = true;
61 #rpc-authentication-required = true;
62 };
63 };
64 }