From fa7090afba294c1e095d1c6781ed46d776cbba91 Mon Sep 17 00:00:00 2001 From: Craige McWhirter Date: Tue, 1 Jun 2021 08:35:51 +1000 Subject: [PATCH] transmission: production config --- hosts/paidh-dha.nix | 2 ++ profiles/transmission.nix | 14 ++++++++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/hosts/paidh-dha.nix b/hosts/paidh-dha.nix index d65b9e5..4d71770 100644 --- a/hosts/paidh-dha.nix +++ b/hosts/paidh-dha.nix @@ -5,6 +5,8 @@ { imports = [ ../networks/pi3B_rack.nix + ../profiles/transmission.nix + ../secrets/transmission.nix ]; # Comment out deployment when building the SD Image. diff --git a/profiles/transmission.nix b/profiles/transmission.nix index 20863be..5fb8b22 100644 --- a/profiles/transmission.nix +++ b/profiles/transmission.nix @@ -6,10 +6,17 @@ services = { transmission = { - enable = true; # Enable Transmission + enable = true; # Enable Transmission + credentialsFile = "/run/keys/transmission"; # Authentication secrets + settings = { + rpc-authentication-required = true; # Enforce authentication + rpc-bind-address = "0.0.0.0"; # Listen on all interfaces + rpc-whitelist = "127.0.0.1,10.42.0.*"; # Allow hosts on the LAN + }; }; cron = { enable = true; + # Run transmission while everyone's asleep systemCronJobs = [ "55 0 * * * transmission systemctl enable transmission-daemon" "00 1 * * * transmission systemctl start transmission-daemon" @@ -19,6 +26,9 @@ }; }; - networking.firewall.allowedTCPPorts = [ 9091 ]; # Open the required firewall ports + networking.firewall.allowedTCPPorts = [ 9091 ]; # Open the rpc firewall port + + # Allow transmission to read the secrets keys + users.groups.keys.members = [ "transmission" ]; }