From 10c53704c80a0f8543f78684d9a32f43f395171c Mon Sep 17 00:00:00 2001 From: Mel Date: Mon, 1 Sep 2025 23:13:12 +0200 Subject: Force MTU for VPN container and disable IPv6 Signed-off-by: Mel --- services/transmission.nix | 102 +++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 91 insertions(+), 11 deletions(-) (limited to 'services') diff --git a/services/transmission.nix b/services/transmission.nix index 0939a69..d761bc1 100644 --- a/services/transmission.nix +++ b/services/transmission.nix @@ -16,6 +16,41 @@ let transmissionLocalPort = 2018; transmissionDir = "/srv/transmission"; + mtu = 1280; + + # gluetun openvpn likes to ignore my mtu settings, + # so we set it forcefully every 15 seconds. + vpn-force-mtu = pkgs.writeTextFile { + name = "vpn-force-mtu"; + destination = "/scripts/vpn-force-mtu.sh"; + executable = true; + text = '' + #!/bin/ash + while true; do + /bin/sleep 15 + /sbin/ip link set dev tun0 mtu ${toString mtu} 2>/dev/null || true + done + ''; + }; + vpn-entry = pkgs.writeTextFile { + name = "vpn-entry"; + destination = "/scripts/vpn-entry.sh"; + executable = true; + text = '' + #!/bin/ash + /scripts/vpn-force-mtu.sh & + /gluetun-entrypoint + ''; + }; + + vpn-scripts = pkgs.symlinkJoin { + name = "vpn-scripts"; + paths = [ + vpn-entry + vpn-force-mtu + ]; + }; + transmissionImage = dockerTools.streamLayeredImage { name = "transmission"; tag = transmission.version; @@ -30,10 +65,33 @@ let x86.sha256 = "1cg43lmp3ql64zsfwp2f52kigijs30n3hnja12msr9npbgq8a8ga"; }; + vpnImage = dockerTools.streamLayeredImage { + name = "vpn"; + tag = "3.39.0-renard"; + fromImage = gluetunImage.base; + contents = [ vpn-scripts ]; + }; + piaCountries = [ - "Albania" "Austria" "Belgium" "Bosnia and Herzegovina" "Bulgaria" - "Czech Republic" "ES Madrid" "ES Valencia" "Estonia" "Georgia" "Greece" - "Hungary" "IT Milano" "Poland" "Portugal" "Romania" "Serbia" "Turkey" "Ukraine" + "Albania" + "Austria" + "Belgium" + "Bosnia and Herzegovina" + "Bulgaria" + "Czech Republic" + "ES Madrid" + "ES Valencia" + "Estonia" + "Georgia" + "Greece" + "Hungary" + "IT Milano" + "Poland" + "Portugal" + "Romania" + "Serbia" + "Turkey" + "Ukraine" ]; in { @@ -45,8 +103,10 @@ in networks.vpn = { enable = true; driver = "bridge"; + # current vpn does not support ipv6! + ipv6.enable = false; # lower MTU to prevent packet non-deliverability - mtu = 1280; + inherit mtu; }; services = { @@ -54,15 +114,25 @@ in image = transmissionImage; volumes = [ - [ "${transmissionDir}/config" "/var/lib/transmission/config" ] - [ "${transmissionDir}/download" "/var/lib/transmission/download" ] - [ "${transmissionDir}/torrents" "/var/lib/transmission/torrents" ] + [ + "${transmissionDir}/config" + "/var/lib/transmission/config" + ] + [ + "${transmissionDir}/download" + "/var/lib/transmission/download" + ] + [ + "${transmissionDir}/torrents" + "/var/lib/transmission/torrents" + ] ]; entrypoint = lib.getExe' transmission "transmission-daemon"; cmd = [ "--foreground" - "--config-dir" "/var/lib/transmission/config" + "--config-dir" + "/var/lib/transmission/config" ]; customNetworkOption = "container:vpn"; @@ -71,21 +141,31 @@ in vpn = { network = "vpn"; - fullImage = gluetunImage; + image = vpnImage; ports = [ - (common.tailnetPort me [ transmissionLocalPort 9091 ]) + (common.tailnetPort me [ + transmissionLocalPort + 9091 + ]) ]; volumes = [ - [ "${transmissionDir}/gluetun" "/gluetun" ] + [ + "${transmissionDir}/gluetun" + "/gluetun" + ] ]; + entrypoint = "/scripts/vpn-entry.sh"; + capabilities = [ "NET_ADMIN" ]; devices = [ "/dev/net/tun" ]; environment = { VPN_SERVICE_PROVIDER = "private internet access"; + VPN_TYPE = "openvpn"; + OPENVPN_MSSFIX = toString mtu; SERVER_REGIONS = lib.concatStringsSep "," piaCountries; }; -- cgit 1.4.1