# NixOps configuration for the hosts running Transmission

{ config, pkgs, lib, ... }:

{

  services = {
    transmission = {
      enable = true;                              # Enable Transmission
      credentialsFile = "/run/keys/transmission"; # Authentication secrets
      settings = {
        rpc-authentication-required = true;       # Enforce authentication
        rpc-bind-address = "0.0.0.0";             # Listen on all interfaces
        rpc-whitelist = "127.0.0.1,10.42.0.*";    # Allow hosts on the LAN
      };
    };
    cron = {
      enable = true;
      # Run transmission while everyone's asleep
      systemCronJobs = [
        "55 0 * * * transmission systemctl enable transmission-daemon"
        "00 1 * * * transmission systemctl start transmission-daemon"
        "00 7 * * * transmission systemctl stop transmission-daemon"
        "05 7 * * * transmission systemctl disable transmission-daemon"
      ];
    };
  };

  networking.firewall.allowedTCPPorts = [ 9091 ];   # Open the rpc firewall port

  # Allow transmission to read the secrets keys
  users.groups.keys.members = [ "transmission" ];

}