switch to cap based home configs

2026-01-20 16:57:10 +01:00 · 2026-01-20 16:57:10 +01:00 · 49b6f5bde0
commit 49b6f5bde0
parent 50ee9aac83
64 changed files with 2064 additions and 1779 deletions
--- a/hosts/fili/services/media/torrent.nix
+++ b/hosts/fili/services/media/torrent.nix
@ -0,0 +1,73 @@
+{ pkgs, ... }:
+{
+  vpnNamespaces.mullvad.portMappings = [
+    {
+      from = 9091;
+      to = 9091;
+    } # UI Port.
+    {
+      from = 5432;
+      to = 5432;
+    } # DB Port.
+  ];
+  vpnNamespaces.mullvad.openVPNPorts = [
+    {
+      port = 50909;
+      protocol = "both";
+    }
+  ];
+
+  services.nginx = {
+    virtualHosts."dl.donsz.nl" = {
+      forceSSL = true;
+      http2 = true;
+      enableACME = true;
+
+      locations."/" = {
+        proxyPass = "http://192.168.15.1:9091";
+      };
+    };
+  };
+  services.oauth2-proxy.nginx.virtualHosts."dl.donsz.nl" = {
+    allowed_groups = [ "torrent" ];
+  };
+
+  systemd.services.transmission.vpnConfinement = {
+    enable = true;
+    vpnNamespace = "mullvad";
+  };
+
+  services.transmission = {
+    enable = true;
+    package = pkgs.transmission_4;
+    webHome = pkgs.stdenv.mkDerivation {
+      name = "flood-modified";
+      version = "1.0";
+      src = pkgs.flood-for-transmission;
+      installPhase = ''
+        mkdir -p $out
+        cp -r ./* $out
+        cp ./config.json.defaults $out/config.json
+      '';
+    };
+    home = "/var/lib/transmission";
+    user = "jellyfin";
+    group = "jellyfin";
+
+    settings = {
+      download-dir = "/storage/storage/torrents";
+      incomplete-dir-enabled = false;
+      incomplete-dir = "/storage/storage/torrents";
+
+      rpc-bind-address = "192.168.15.1";
+      rpc-host-whitelist-enabled = false;
+      rpc-whitelist-enabled = false;
+
+      rpc-port = 9091;
+
+      peer-port = 50909;
+      cache-size-mb = 2048;
+      preallocation = 1;
+    };
+  };
+}