{ config, pkgs, ... }: { sops.secrets.mullvad = { sopsFile = ../../../secrets/mullvad.yaml; owner = "root"; format = "yaml"; }; vpnNamespaces.mullvad = { enable = true; wireguardConfigFile = config.sops.secrets.mullvad.path; accessibleFrom = [ "192.168.0.0/16" ]; portMappings = [ { from = 9091; to = 9091; } # UI Port. { from = 5432; to = 5432; } # DB Port. ]; openVPNPorts = [ { port = 50901; protocol = "both"; } { port = 50902; protocol = "both"; } { port = 50903; protocol = "both"; } { port = 50904; protocol = "both"; } { port = 50905; protocol = "both"; } { port = 50906; protocol = "both"; } { port = 50907; protocol = "both"; } { port = 50908; protocol = "both"; } { port = 50909; protocol = "both"; } ]; }; services.nginx = { virtualHosts."dl.donsz.nl" = { forceSSL = true; http2 = true; enableACME = true; locations."/" = { proxyPass = "http://192.168.15.1:9091"; }; }; }; services.oauth2-proxy.nginx.virtualHosts."dl.donsz.nl" = { }; systemd.services.transmission.vpnConfinement = { enable = true; vpnNamespace = "mullvad"; }; services.transmission = { enable = true; package = pkgs.transmission_4; webHome = pkgs.stdenv.mkDerivation { name = "flood-modified"; version = "1.0"; src = pkgs.flood-for-transmission; installPhase = '' mkdir -p $out cp -r ./* $out cp ./config.json.defaults $out/config.json ''; }; home = "/var/lib/transmission"; user = "jellyfin"; group = "jellyfin"; settings = { download-dir = "/storage/storage/torrents"; incomplete-dir-enabled = false; # incomplete-dir = "/storage/storage/torrents"; rpc-bind-address = "192.168.15.1"; rpc-host-whitelist-enabled = false; rpc-whitelist-enabled = false; rpc-port = 9091; peer-port = 50909; cache-size-mb = 2048; preallocation = 1; }; }; }