{ config, pkgs, ... }: { age.secrets = { transmission-rpc-password = { file = ../../../secrets/transmission-rpc-password.age; mode = "0400"; }; wireguard-key-upload = { file = ../../../secrets/wireguard-key-upload.age; mode = "0400"; }; }; users.groups.mediamanagers = { gid = 646000020; members = [ "transmission" "lidarr" ]; }; services.lidarr.group = "mediamanagers"; services.transmission = { enable = true; group = "mediamanagers"; settings = { download-dir = "/srv/data/download"; incomplete-dir = "/srv/data/download/.incomplete"; incomplete-dir-enabled = false; # being a leech speed-limit-up = 20; ratio-limit = 0.01; idle-seeding-limit = 1; speed-limit-up-enabled = true; ratio-limit-enabled = true; idle-seeding-limit-enabled = true; utp-enabled = false; rpc-bind-address = "0.0.0.0"; rpc-whitelist = "127.0.0.1,::1,10.100.0.1,10.100.0.*,10.100.1.*,10.100.3.*"; rpc-authentication-required = true; }; credentialsFile = config.age.secrets.transmission-rpc-password.path; }; systemd.services.transmission = { after = [ "mnt-media\\x2duploads.mount" ]; unitConfig = { RequiresMountsFor = [ "/mnt/media-uploads" ]; }; serviceConfig = { BindPaths = [ "/mnt/media-uploads" ]; }; }; networking.firewall.interfaces.tungsten.allowedTCPPorts = [ 9091 ]; networking.wireguard = { enable = true; interfaces.wgupload = { ips = [ "10.150.0.2/24" ]; privateKeyFile = config.age.secrets.wireguard-key-upload.path; allowedIPsAsRoutes = true; postSetup = "${pkgs.iproute2}/bin/ip link set mtu 1200 wgupload"; peers = [ { publicKey = "apKXnlMtcOe8WqCVXJAXEjzppN+qTmESlt0NjMTaclQ="; allowedIPs = [ "10.150.0.0/24" ]; endpoint = "116.202.226.86:6969"; } ]; }; }; fileSystems."/mnt/media-uploads" = { device = "10.150.0.254:/mnt/storage/media/media/uploads"; fsType = "nfs4"; noCheck = true; options = [ "rsize=1024" "wsize=1024" "x-systemd.after=wireguard-wgupload.service" "x-systemd.mount-timeout=10s" ]; }; }