65 lines
1.3 KiB
Nix
65 lines
1.3 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with config.krebs.lib;
|
|
|
|
let
|
|
rpc-password = import <secrets/transmission-pw>;
|
|
in {
|
|
|
|
users.extraUsers = {
|
|
download = {
|
|
name = "download";
|
|
home = "/var/download";
|
|
createHome = true;
|
|
useDefaultShell = true;
|
|
extraGroups = [
|
|
"download"
|
|
];
|
|
openssh.authorizedKeys.keys = [
|
|
config.krebs.users.lass.pubkey
|
|
config.krebs.users.lass-uriel.pubkey
|
|
config.krebs.users.lass-shodan.pubkey
|
|
];
|
|
};
|
|
|
|
transmission = {
|
|
extraGroups = [
|
|
"download"
|
|
];
|
|
};
|
|
};
|
|
|
|
users.extraGroups = {
|
|
download = {
|
|
members = [
|
|
"download"
|
|
"transmission"
|
|
];
|
|
};
|
|
};
|
|
|
|
services.transmission = {
|
|
enable = true;
|
|
settings = {
|
|
download-dir = "/var/download/finished";
|
|
incomplete-dir = "/var/download/incoming";
|
|
incomplete-dir-enabled = true;
|
|
|
|
rpc-authentication-required = true;
|
|
rpc-whitelist-enabled = false;
|
|
rpc-username = "download";
|
|
inherit rpc-password;
|
|
peer-port = 51413;
|
|
};
|
|
};
|
|
|
|
krebs.iptables = {
|
|
enable = true;
|
|
tables.filter.INPUT.rules = [
|
|
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }
|
|
{ predicate = "-p tcp --dport 51413"; target = "ACCEPT"; }
|
|
{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; }
|
|
];
|
|
};
|
|
}
|