1 { pkgs, lib, config, hostName, ... }:
3 inherit (config.services) transmission;
4 inherit (config.users) users;
5 inherit (config.security) gnupg;
9 users.groups.transmission.members = [
12 services.netns.namespaces.${netns}.nftables = ''
13 add rule inet filter input tcp dport ${toString transmission.settings.peer-port} counter accept comment "Transmission"
14 add rule inet filter input udp dport ${toString transmission.settings.peer-port} counter accept comment "Transmission"
15 add rule inet filter output meta skuid ${transmission.user} counter accept comment "Transmission"
17 #users.groups.keys.members = [ transmission.user ];
18 security.gnupg.secrets."transmission/settings.json" = {
19 user = transmission.user;
20 systemdConfig.before = [ "transmission.service" ];
21 systemdConfig.wantedBy = [ "transmission.service" ];
23 fileSystems."/var/lib/transmission" = {
24 device = "${hostName}/var/torrents";
27 systemd.services.transmission = {
29 "netns-${netns}.service"
33 "netns-${netns}.service"
36 serviceConfig.NetworkNamespacePath = "/var/run/netns/${netns}";
38 services.transmission = {
40 performanceNetParameters = true;
41 credentialsFile = gnupg.secrets."transmission/settings.json".path;
44 download-dir = "/home/julm/dl/torrents";
45 incomplete-dir = "/home/julm/dl/torrents/.incoming";
46 incomplete-dir-enabled = true;
47 trash-original-torrent-files = false;
49 umask = 7; # 007 octal, in decimal!
50 download-queue-enabled = true;
51 download-queue-size = 5;
52 peer-id-ttl-hours = 6;
53 peer-limit-global = 1000;
54 peer-limit-per-torrent = 100;
57 peer-port-random-on-start = false;
62 port-forwarding-enabled = true;
63 scrape-paused-torrents-enabled = false;
64 peer-socket-tos = "lowcost";
65 queue-stalled-enabled = true;
66 queue-stalled-minutes = 30;
67 speed-limit-down-enabled = false;
69 speed-limit-up-enabled = true;
70 alt-speed-enabled = true;
71 alt-speed-time-enabled = true;
72 alt-speed-down = 1000;
74 alt-speed-time-day = 127; # all days. 65; # weekend only
75 alt-speed-time-begin = 360; # 06h00 local time
76 alt-speed-time-end = 1320; # 22h00 local time
78 ratio-limit-enabled = true;
81 rpc-bind-address = "127.0.0.1";
83 rpc-whitelist = "127.0.0.1";
84 rpc-whitelist-enabled = true;
85 #rpc-authentication-required = true;