aplysia: first version of transmission container

2019-10-15 21:45:01 +02:00 · 2019-10-15 21:45:01 +02:00 · f866389c28
commit f866389c28
parent 20353dde3f
1 changed files with 81 additions and 11 deletions
--- a/aplysia.nix
+++ b/aplysia.nix
@ -1,5 +1,8 @@
 { config, pkgs, ... }:
 let
  trnsmssnIface = "wg-trnsmssn";
 in
 {
  imports =
    [
@ -59,25 +62,92 @@
    };
  };
-  services.transmission = {
+  containers.trnsmssn =
-    # enable = true;
+  let
-    settings = {
+    homeDir = "/mnt/aplysia/torrents";
-      download-dir = "/mnt/aplysia/torrents";
+  in rec {
-      incomplete-dir = "/mnt/aplysia/torrents";
+    config = {
      services.transmission = {
        # enable = true;
        settings = {
          download-dir = homeDir;
          incomplete-dir = homeDir;
-      speed-limit-down = 5000;
+          speed-limit-down = 5000;
-      speed-limit-down-enabled = true;
+          speed-limit-down-enabled = true;
-      speed-limit-up = 800;
+          speed-limit-up = 800;
-      speed-limit-up-enabled = true;
+          speed-limit-up-enabled = true;
-      peer-port = 51415;
+          peer-port = 51415;
        };
      };
      networking.firewall = {
        enable = true;
        allowedTCPPorts = [
          config.services.transmission.settings.peer-port
        ];
      };
      networking.nameservers = [ "193.138.218.74" ];
      networking.interfaces.${trnsmssnIface} = {
        ipv4.addresses = [ { address = "10.64.157.93"; prefixLength = 32; } ];
        ipv6.addresses = [ { address = "fc00:bbbb:bbbb:bb01::1:9d5c"; prefixLength = 128; } ];
        ipv4.routes = [ { address = "0.0.0.0"; prefixLength = 0; } ];
        ipv6.routes = [ { address = "::"; prefixLength = 0; } ];
      };
      environment.systemPackages = with pkgs; [ wireguard ];
    };
    privateNetwork = true;
    interfaces = [ trnsmssnIface ];
    autoStart = true;
    bindMounts.${homeDir} = {
      hostPath = homeDir;
      isReadOnly = false;
    };
  };
  networking.wireguard = {
    enable = true;
    interfaces.${trnsmssnIface} = {
      privateKeyFile = "/etc/wgkeys/mullvad";
      peers = [
        {
          allowedIPs = ["0.0.0.0/0" "::/0"];
          publicKey = "pKcMMeC4jMUxSU5pH1orvp4//GrY8is+y9JRfVP3+BY=";
          endpoint = "se6-wireguard.mullvad.net:51820";
        }
      ];
      allowedIPsAsRoutes = false;
    };
  };
  systemd.services."container@trnsmssn" = {
    requires = [ "wireguard-${trnsmssnIface}.service" ];
    after = [ "wireguard-${trnsmssnIface}.service" ];
  };
  users.users = [
    { name = "transmission";
      group = "transmission";
      uid = config.ids.uids.transmission;
    }
  ];
  users.groups = [
    { name = "transmission";
      gid = config.ids.gids.transmission;
    }
  ];
  networking.firewall = {
    allowedTCPPorts = [
      445 139 # samba
      config.services.transmission.settings.peer-port
    ];
    allowedUDPPorts = [
      137 138 # samba