-{ pkgs, config, inputs, hostName, ... }:
+{ pkgs, lib, config, inputs, hostName, ... }:
let
inherit (config.services) transmission;
inherit (config.users) users;
- netns = "calyx";
- wg-intra-peers = import (inputs.julm-nix + "/nixos/profiles/wireguard/wg-intra/peers.nix");
+ netns = "riseup";
in
{
users.groups.transmission.members = [
users."julm".name
users."sevy".name
];
- networking.nftables.ruleset = ''
+ networking.nftables.ruleset = lib.mkIf config.services.nebula.networks."sourcephile.fr".enable ''
table inet filter {
- chain input-intra {
+ chain input-neb-sourcephile {
tcp dport ${toString transmission.settings.rpc-port} \
counter accept comment "transmission: rpc"
}
};
systemd.sockets.proxy-to-transmission = {
wantedBy = [ "sockets.target" ];
- listenStreams = [ "${wg-intra-peers.${hostName}.ipv4}:9091" ];
+ listenStreams = [ "10.0.0.2:9091" ];
socketConfig.FreeBind = true;
};
systemd.services.proxy-to-transmission = {
startAt = "06..19:0,15,30,45:00";
script = "true";
};
- systemd.services.transmission.serviceConfig.LoadCredentialEncrypted =
- [ "settings.json:${inputs.self}/hosts/${hostName}/transmission/settings.json.cred" ];
+ systemd.services.transmission.serviceConfig.LoadCredentialEncrypted = [
+ "settings.json:${transmission/settings.json.cred}"
+ ];
services.transmission = {
enable = true;
performanceNetParameters = true;
rpc-enabled = true;
rpc-bind-address = "127.0.0.1";
rpc-port = 9091;
- rpc-whitelist = "127.0.0.1,${wg-intra-peers.${hostName}.ipv4}/24";
+ rpc-whitelist = "127.0.0.1,${hostName}.sp,oignon.sp";
rpc-whitelist-enabled = true;
- rpc-host-whitelist = "localhost,${hostName}.wg";
+ rpc-host-whitelist = "localhost,${hostName}.sp";
rpc-host-whitelist-enabled = true;
rpc-authentication-required = true;
};
sourcephile / git / sourcephile-nix.git / blobdiff