added transmission torrent client, will evaluate both it and deluge.

2025-05-03 00:32:02 +02:00 · 2025-05-03 00:32:02 +02:00 · fe87cf397e
commit fe87cf397e
parent c3a46b1737
3 changed files with 67 additions and 8 deletions
--- a/hosts/cirrostratus/default.nix
+++ b/hosts/cirrostratus/default.nix
@ -17,7 +17,7 @@ inputs.nixpkgs.lib.nixosSystem {
    ./restic.nix
    ./nginx.nix
    ./copyparty.nix
-    ./deluge.nix
+    ./torrent.nix
    ../../configs/nixos/common.nix
    ../../configs/nixos/tailscale.nix
    ../../configs/nixos/sshd.nix
--- a/hosts/cirrostratus/torrent.nix
+++ b/hosts/cirrostratus/torrent.nix
@ -5,12 +5,12 @@
  lib,
  ...
 }: let
-  webUiPort = "8100";
  namespace = "pvpn";
  interface-name = "pvpn0";
  dnsIP = "DNS = 10.2.0.1";
  privateIP = "10.2.0.2/32";
-  port = 8112;
+  delugeWebPort = 8112;
+  transmissionWebPort = 9091;
  user = config.host.details.user;
  group = "users";
 in {
@ -71,13 +71,15 @@ in {
    group = group;
    web = {
      enable = true;
-      port = port;
+      port = delugeWebPort;
    };
  };
-  # binding deluged to network namespace
-  systemd.services.deluged.bindsTo = ["netns@${namespace}.service"];
-  systemd.services.deluged.requires = ["network-online.target" "${namespace}.service"];
-  systemd.services.deluged.serviceConfig.NetworkNamespacePath = ["/var/run/netns/${namespace}"];
+  systemd.services.deluged = {
+    # binding deluged to network namespace
+    bindsTo = ["netns@${namespace}.service"];
+    requires = ["network-online.target" "${namespace}.service"];
+    serviceConfig.NetworkNamespacePath = ["/var/run/netns/${namespace}"];
+  };

  # allowing delugeweb to access deluged in network namespace, a socket is necesarry
  systemd.sockets."proxy-to-deluged" = {
@ -101,4 +103,53 @@ in {
      PrivateNetwork = "yes";
    };
  };
+  #transmission, another torrent client.
+  services.transmission = {
+    enable = true;
+    package = pkgs.transmission_4;
+    user = user;
+    group = group;
+    openPeerPorts = true;
+    openRPCPort = true;
+    webHome = pkgs.flood-for-transmission;
+    settings = {
+      utp-enabled = true;
+      watch-dir = "/storage/torrent/watch";
+      watch-dir-enabled = true;
+      incomplete-dir = "/storage/torrent/incomplete";
+      incomplete-dir-enabled = true;
+      download-dir = "/storage/torrent/complete";
+      rpc-bind-address = "100.0.0.0";
+      rpc-port = transmissionWebPort;
+      rpc-whitelist-enabled = false;
+      rpc-host-whitelist-enabled = false;
+    };
+  };
+  systemd.services.transmission = {
+    # binding transmission to network namespace
+    bindsTo = ["netns@${namespace}.service"];
+    requires = ["network-online.target" "${namespace}.service"];
+    serviceConfig.NetworkNamespacePath = ["/var/run/netns/${namespace}"];
+  };
+  # allowing transmissionweb to access transmission in network namespace, a socket is necesarry
+  systemd.sockets."proxy-to-transmission" = {
+    enable = true;
+    description = "Socket for Proxy to Transmission Daemon";
+    listenStreams = ["${toString transmissionWebPort}"];
+    wantedBy = ["sockets.target"];
+  };
+  # creating proxy service on socket, which forwards the same port from the root namespace to the isolated namespace
+  systemd.services."proxy-to-transmission" = {
+    enable = true;
+    description = "Proxy to Transmission Web UI in Network Namespace";
+    requires = ["transmission.service" "proxy-to-transmission.socket"];
+    after = ["transmission.service" "proxy-to-transmission.socket"];
+    unitConfig = {JoinsNamespaceOf = "transmission.service";};
+    serviceConfig = {
+      User = user;
+      Group = group;
+      ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd --exit-idle-time=5min 0.0.0.0:${toString transmissionWebPort}";
+      PrivateNetwork = "yes";
+    };
+  };
 }