stockholm/lass/2configs/downloading.nix
2016-07-21 21:26:16 +02:00

65 lines
1.3 KiB
Nix

{ config, lib, pkgs, ... }:
with config.krebs.lib;
let
rpc-password = import <secrets/transmission-pw>;
in {
users.extraUsers = {
download = {
name = "download";
home = "/var/download";
createHome = true;
useDefaultShell = true;
extraGroups = [
"download"
];
openssh.authorizedKeys.keys = [
config.krebs.users.lass.pubkey
config.krebs.users.lass-uriel.pubkey
config.krebs.users.lass-shodan.pubkey
];
};
transmission = {
extraGroups = [
"download"
];
};
};
users.extraGroups = {
download = {
members = [
"download"
"transmission"
];
};
};
services.transmission = {
enable = true;
settings = {
download-dir = "/var/download/finished";
incomplete-dir = "/var/download/incoming";
incomplete-dir-enabled = true;
rpc-authentication-required = true;
rpc-whitelist-enabled = false;
rpc-username = "download";
inherit rpc-password;
peer-port = 51413;
};
};
krebs.iptables = {
enable = true;
tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }
{ predicate = "-p tcp --dport 51413"; target = "ACCEPT"; }
{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; }
];
};
}