diff --git a/configs/nixos/homepage.nix b/configs/nixos/homepage.nix index 34f9834..076a9d9 100644 --- a/configs/nixos/homepage.nix +++ b/configs/nixos/homepage.nix @@ -116,6 +116,14 @@ in { description = "Torrent webUI"; }; } + { + Transmission = { + icon = "sh-transmission.svg"; + href = "http:cirrostratus:9090"; + siteMonitor = "http:cirrostratus:9091"; + description = "Torrent webUI"; + }; + } { Syncthing = { icon = "sh-syncthing.svg"; diff --git a/hosts/cirrostratus/default.nix b/hosts/cirrostratus/default.nix index 867bb48..3473b5f 100644 --- a/hosts/cirrostratus/default.nix +++ b/hosts/cirrostratus/default.nix @@ -17,7 +17,7 @@ inputs.nixpkgs.lib.nixosSystem { ./restic.nix ./nginx.nix ./copyparty.nix - ./deluge.nix + ./torrent.nix ../../configs/nixos/common.nix ../../configs/nixos/tailscale.nix ../../configs/nixos/sshd.nix diff --git a/hosts/cirrostratus/deluge.nix b/hosts/cirrostratus/torrent.nix similarity index 59% rename from hosts/cirrostratus/deluge.nix rename to hosts/cirrostratus/torrent.nix index 62bd074..7120b45 100644 --- a/hosts/cirrostratus/deluge.nix +++ b/hosts/cirrostratus/torrent.nix @@ -5,12 +5,12 @@ lib, ... }: let - webUiPort = "8100"; namespace = "pvpn"; interface-name = "pvpn0"; dnsIP = "DNS = 10.2.0.1"; privateIP = "10.2.0.2/32"; - port = 8112; + delugeWebPort = 8112; + transmissionWebPort = 9091; user = config.host.details.user; group = "users"; in { @@ -71,13 +71,15 @@ in { group = group; web = { enable = true; - port = port; + port = delugeWebPort; }; }; - # binding deluged to network namespace - systemd.services.deluged.bindsTo = ["netns@${namespace}.service"]; - systemd.services.deluged.requires = ["network-online.target" "${namespace}.service"]; - systemd.services.deluged.serviceConfig.NetworkNamespacePath = ["/var/run/netns/${namespace}"]; + systemd.services.deluged = { + # binding deluged to network namespace + bindsTo = ["netns@${namespace}.service"]; + requires = ["network-online.target" "${namespace}.service"]; + serviceConfig.NetworkNamespacePath = ["/var/run/netns/${namespace}"]; + }; # allowing delugeweb to access deluged in network namespace, a socket is necesarry systemd.sockets."proxy-to-deluged" = { @@ -101,4 +103,53 @@ in { PrivateNetwork = "yes"; }; }; + #transmission, another torrent client. + services.transmission = { + enable = true; + package = pkgs.transmission_4; + user = user; + group = group; + openPeerPorts = true; + openRPCPort = true; + webHome = pkgs.flood-for-transmission; + settings = { + utp-enabled = true; + watch-dir = "/storage/torrent/watch"; + watch-dir-enabled = true; + incomplete-dir = "/storage/torrent/incomplete"; + incomplete-dir-enabled = true; + download-dir = "/storage/torrent/complete"; + rpc-bind-address = "100.0.0.0"; + rpc-port = transmissionWebPort; + rpc-whitelist-enabled = false; + rpc-host-whitelist-enabled = false; + }; + }; + systemd.services.transmission = { + # binding transmission to network namespace + bindsTo = ["netns@${namespace}.service"]; + requires = ["network-online.target" "${namespace}.service"]; + serviceConfig.NetworkNamespacePath = ["/var/run/netns/${namespace}"]; + }; + # allowing transmissionweb to access transmission in network namespace, a socket is necesarry + systemd.sockets."proxy-to-transmission" = { + enable = true; + description = "Socket for Proxy to Transmission Daemon"; + listenStreams = ["${toString transmissionWebPort}"]; + wantedBy = ["sockets.target"]; + }; + # creating proxy service on socket, which forwards the same port from the root namespace to the isolated namespace + systemd.services."proxy-to-transmission" = { + enable = true; + description = "Proxy to Transmission Web UI in Network Namespace"; + requires = ["transmission.service" "proxy-to-transmission.socket"]; + after = ["transmission.service" "proxy-to-transmission.socket"]; + unitConfig = {JoinsNamespaceOf = "transmission.service";}; + serviceConfig = { + User = user; + Group = group; + ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd --exit-idle-time=5min 0.0.0.0:${toString transmissionWebPort}"; + PrivateNetwork = "yes"; + }; + }; }