{ pkgs, lib, config, ... }: let inherit (config.services) transmission; inherit (config.users) users; inherit (config.security) gnupg; netns = "riseup"; in { users.groups.transmission.members = [ users."julm".name ]; services.netns.namespaces.${netns}.nftables = '' add rule inet filter input tcp dport ${toString transmission.settings.peer-port} counter accept comment "Transmission" add rule inet filter input udp dport ${toString transmission.settings.peer-port} counter accept comment "Transmission" add rule inet filter output meta skuid ${transmission.user} counter accept comment "Transmission" ''; #users.groups.keys.members = [ transmission.user ]; security.gnupg.secrets."transmission/settings.json" = { user = transmission.user; }; systemd.services.transmission = { after = [ gnupg.secrets."transmission/settings.json".service "netns-${netns}.service" ]; requires = [ gnupg.secrets."transmission/settings.json".service "netns-${netns}.service" ]; serviceConfig.NetworkNamespacePath = "/var/run/netns/${netns}"; }; services.transmission = { enable = true; performanceNetParameters = true; credentialsFile = gnupg.secrets."transmission/settings.json".path; settings = { message-level = 2; download-dir = "/home/julm/dl/torrents"; incomplete-dir = "/home/julm/dl/torrents/.incoming"; incomplete-dir-enabled = true; trash-original-torrent-files = false; preallocation = 0; umask = 7; # 007 octal, in decimal! download-queue-enabled = true; download-queue-size = 5; peer-id-ttl-hours = 6; peer-limit-global = 1000; peer-limit-per-torrent = 100; peer-port = 6882; peer-port-random-on-start = false; encryption = 1; dht-enabled = true; lpd-enabled = false; pex-enabled = true; port-forwarding-enabled = true; scrape-paused-torrents-enabled = false; peer-socket-tos = "lowcost"; queue-stalled-enabled = true; queue-stalled-minutes = 30; speed-limit-down-enabled = false; speed-limit-up = 50; speed-limit-up-enabled = true; alt-speed-enabled = true; alt-speed-time-enabled = true; alt-speed-down = 1000; alt-speed-up = 0; alt-speed-time-day = 127; # all days. 65; # weekend only alt-speed-time-begin = 360; # 06h00 local time alt-speed-time-end = 1320; # 22h00 local time ratio-limit = 4; ratio-limit-enabled = true; rpc-enabled = true; rpc-bind-address = "127.0.0.1"; rpc-port = 9091; rpc-whitelist = "127.0.0.1"; rpc-whitelist-enabled = true; #rpc-authentication-required = true; }; }; }