diff options
| -rw-r--r-- | modules/foundation/services/networks.nix | 12 | ||||
| -rw-r--r-- | services/transmission.nix | 75 |
2 files changed, 55 insertions, 32 deletions
diff --git a/modules/foundation/services/networks.nix b/modules/foundation/services/networks.nix index d1f1a92..e9adf6b 100644 --- a/modules/foundation/services/networks.nix +++ b/modules/foundation/services/networks.nix @@ -13,6 +13,7 @@ let types assertMsg optional + optionalString getExe concatStringsSep filterAttrs @@ -65,6 +66,16 @@ in description = "Docker network driver to use"; }; + mtu = mkOption { + type = types.nullOr types.int; + default = null; + example = 1400; + description = '' + The MTU for this network. + If null, we use the Docker default. + ''; + }; + options = mkOption { type = types.listOf types.str; default = [ ]; @@ -195,6 +206,7 @@ in --ipv6 \ --subnet=${subnet} \ --driver=${network.driver} \ + ${optionalString (network.mtu != null) "--opt com.docker.network.driver.mtu=${toString network.mtu}"} \ ${options} \ ${name} ''; diff --git a/services/transmission.nix b/services/transmission.nix index 01bd1f6..0939a69 100644 --- a/services/transmission.nix +++ b/services/transmission.nix @@ -41,45 +41,56 @@ in file = ../secrets/pia-login-secrets.age; }; - foundation.services = { - transmission = { - image = transmissionImage; - - volumes = [ - [ "${transmissionDir}/config" "/var/lib/transmission/config" ] - [ "${transmissionDir}/download" "/var/lib/transmission/download" ] - [ "${transmissionDir}/torrents" "/var/lib/transmission/torrents" ] - ]; - - entrypoint = lib.getExe' transmission "transmission-daemon"; - cmd = [ - "--foreground" - "--config-dir" "/var/lib/transmission/config" - ]; - - customNetworkOption = "container:vpn"; + foundation = { + networks.vpn = { + enable = true; + driver = "bridge"; + # lower MTU to prevent packet non-deliverability + mtu = 1280; }; - vpn = { - fullImage = gluetunImage; + services = { + transmission = { + image = transmissionImage; - ports = [ - (common.tailnetPort me [ transmissionLocalPort 9091 ]) - ]; + volumes = [ + [ "${transmissionDir}/config" "/var/lib/transmission/config" ] + [ "${transmissionDir}/download" "/var/lib/transmission/download" ] + [ "${transmissionDir}/torrents" "/var/lib/transmission/torrents" ] + ]; - volumes = [ - [ "${transmissionDir}/gluetun" "/gluetun" ] - ]; + entrypoint = lib.getExe' transmission "transmission-daemon"; + cmd = [ + "--foreground" + "--config-dir" "/var/lib/transmission/config" + ]; - capabilities = [ "NET_ADMIN" ]; - devices = [ "/dev/net/tun" ]; - - environment = { - VPN_SERVICE_PROVIDER = "private internet access"; - SERVER_REGIONS = lib.concatStringsSep "," piaCountries; + customNetworkOption = "container:vpn"; }; - environmentFiles = [ config.age.secrets.pia-login-secrets.path ]; + vpn = { + network = "vpn"; + + fullImage = gluetunImage; + + ports = [ + (common.tailnetPort me [ transmissionLocalPort 9091 ]) + ]; + + volumes = [ + [ "${transmissionDir}/gluetun" "/gluetun" ] + ]; + + capabilities = [ "NET_ADMIN" ]; + devices = [ "/dev/net/tun" ]; + + environment = { + VPN_SERVICE_PROVIDER = "private internet access"; + SERVER_REGIONS = lib.concatStringsSep "," piaCountries; + }; + + environmentFiles = [ config.age.secrets.pia-login-secrets.path ]; + }; }; }; } |