39 lines
987 B
Nix
39 lines
987 B
Nix
|
{
|
||
|
|
lib,
|
||
|
|
config,
|
||
|
|
pkgs,
|
||
|
|
...
|
||
|
|
}:
|
||
|
|
with lib;
|
||
|
|
with lib.custom; let
|
||
|
|
cfg = config.services.torrent;
|
||
|
|
in {
|
||
|
|
options.services.torrent = with types; {
|
||
|
|
enable = mkBoolOpt false "Enable Transmission Service (for Linux ISOs)";
|
||
|
|
};
|
||
|
|
config = mkIf cfg.enable {
|
||
|
|
services.wg-container.enable = true;
|
||
|
|
|
||
|
|
systemd.services.transmission.vpnConfinement = {
|
||
|
|
enable = true;
|
||
|
|
vpnNamespace = "wg";
|
||
|
|
};
|
||
|
|
|
||
|
|
services.transmission = {
|
||
|
|
enable = true;
|
||
|
|
package = pkgs.transmission_4;
|
||
|
|
settings = {
|
||
|
|
incomplete-dir-enabled = true;
|
||
|
|
rpc-bind-address = "192.168.15.1"; # Bind RPC/WebUI to VPN network namespace address
|
||
|
|
rpc-whitelist-enabled = false;
|
||
|
|
rpc-whitelist = [
|
||
|
|
"192.168.15.1"
|
||
|
|
"192.168.15.5" # Access from default network namespace
|
||
|
|
"192.168.1.*" # Access from other machines on specific subnet
|
||
|
|
"127.0.0.1" # Access through loopback within VPN network namespace
|
||
|
|
];
|
||
|
|
};
|
||
|
|
};
|
||
|
|
};
|
||
|
|
}
|