summary refs log tree commit diff
path: root/services/transmission.nix
blob: 0939a695bad6f3acfdb09ac8b59b204ec96210ad (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96

{
  me,
  config,
  lib,
  pkgs,
  auxiliaryPkgs,
  ...
}:

let
  inherit (pkgs) dockerTools;
  inherit (auxiliaryPkgs) common;

  transmission = pkgs.transmission_4;

  transmissionLocalPort = 2018;
  transmissionDir = "/srv/transmission";

  transmissionImage = dockerTools.streamLayeredImage {
    name = "transmission";
    tag = transmission.version;
    fromImage = common.alpine.base;
    contents = [ transmission ];
  };

  gluetunImage = common.pullImage {
    name = "qmcgaw/gluetun";
    tag = "v3.39";
    digest = "sha256:6a8058e626763cbf735ac2f78c774dbb24fec2490bd9d9f7d67e22592cb4a991";
    x86.sha256 = "1cg43lmp3ql64zsfwp2f52kigijs30n3hnja12msr9npbgq8a8ga";
  };

  piaCountries = [
    "Albania" "Austria" "Belgium" "Bosnia and Herzegovina" "Bulgaria"
    "Czech Republic" "ES Madrid" "ES Valencia" "Estonia" "Georgia" "Greece"
    "Hungary" "IT Milano" "Poland" "Portugal" "Romania" "Serbia" "Turkey" "Ukraine"
  ];
in
{
  age.secrets.pia-login-secrets = {
    file = ../secrets/pia-login-secrets.age;
  };

  foundation = {
    networks.vpn = {
      enable = true;
      driver = "bridge";
      # lower MTU to prevent packet non-deliverability
      mtu = 1280;
    };

    services = {
      transmission = {
        image = transmissionImage;

        volumes = [
          [ "${transmissionDir}/config" "/var/lib/transmission/config" ]
          [ "${transmissionDir}/download" "/var/lib/transmission/download" ]
          [ "${transmissionDir}/torrents" "/var/lib/transmission/torrents" ]
        ];

        entrypoint = lib.getExe' transmission "transmission-daemon";
        cmd = [
          "--foreground"
          "--config-dir" "/var/lib/transmission/config"
        ];

        customNetworkOption = "container:vpn";
      };

      vpn = {
        network = "vpn";

        fullImage = gluetunImage;

        ports = [
          (common.tailnetPort me [ transmissionLocalPort 9091 ])
        ];

        volumes = [
          [ "${transmissionDir}/gluetun" "/gluetun" ]
        ];

        capabilities = [ "NET_ADMIN" ];
        devices = [ "/dev/net/tun" ];

        environment = {
          VPN_SERVICE_PROVIDER = "private internet access";
          SERVER_REGIONS = lib.concatStringsSep "," piaCountries;
        };

        environmentFiles = [ config.age.secrets.pia-login-secrets.path ];
      };
    };
  };
}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-04-25 11:24:11 +0000