transmission: production config

2021-06-01 08:35:51 +10:00 · 2021-06-01 08:35:51 +10:00 · fa7090afba
parent 18a5dca1c5
commit fa7090afba
2 changed files with 14 additions and 2 deletions
--- a/hosts/paidh-dha.nix
+++ b/hosts/paidh-dha.nix
@ -5,6 +5,8 @@
 {
  imports = [
    ../networks/pi3B_rack.nix
+    ../profiles/transmission.nix
+    ../secrets/transmission.nix
  ];

  # Comment out deployment when building the SD Image.
--- a/profiles/transmission.nix
+++ b/profiles/transmission.nix
@ -7,9 +7,16 @@
  services = {
    transmission = {
      enable = true;                              # Enable Transmission
+      credentialsFile = "/run/keys/transmission"; # Authentication secrets
+      settings = {
+        rpc-authentication-required = true;       # Enforce authentication
+        rpc-bind-address = "0.0.0.0";             # Listen on all interfaces
+        rpc-whitelist = "127.0.0.1,10.42.0.*";    # Allow hosts on the LAN
+      };
    };
    cron = {
      enable = true;
+      # Run transmission while everyone's asleep
      systemCronJobs = [
        "55 0 * * * transmission systemctl enable transmission-daemon"
        "00 1 * * * transmission systemctl start transmission-daemon"
@ -19,6 +26,9 @@
    };
  };

-  networking.firewall.allowedTCPPorts = [ 9091 ];   # Open the required firewall ports
+  networking.firewall.allowedTCPPorts = [ 9091 ];   # Open the rpc firewall port
+
+  # Allow transmission to read the secrets keys
+  users.groups.keys.members = [ "transmission" ];

 }