From 77931ab71a0522a58deec81de94c7d7fb4b0bc8c Mon Sep 17 00:00:00 2001
From: Giulio De Pasquale <depasquale+git@giugl.io>
Date: Fri, 5 Nov 2021 20:16:08 +0100
Subject: [PATCH] jacopo, mikey, andrew wg clients. transmission added

---
 flake.lock                       | 12 +++++-----
 hosts/architect/default.nix      |  1 +
 hosts/architect/firewall.nix     |  3 +++
 hosts/architect/network.nix      |  5 ++++
 hosts/architect/plex.nix         |  4 ++++
 hosts/architect/transmission.nix | 41 ++++++++++++++++++++++++++++++++
 hosts/architect/wireguard.nix    | 26 ++++++++++++++++++++
 roles/home/common.nix            |  3 +--
 8 files changed, 87 insertions(+), 8 deletions(-)
 create mode 100644 hosts/architect/transmission.nix

diff --git a/flake.lock b/flake.lock
index e766bb8..d0d9a71 100644
--- a/flake.lock
+++ b/flake.lock
@@ -23,11 +23,11 @@
     },
     "nixos-unstable": {
       "locked": {
-        "lastModified": 1634515797,
-        "narHash": "sha256-elgCUC2khtBkOSpE4gDymNvthTZAI4hGI2iNu3YEUkA=",
+        "lastModified": 1635702959,
+        "narHash": "sha256-ZKxX9DjJJGJqq20pE4dIj1G4ssCLVXXRFerM6lNuF0k=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5f0194220f2402b06f7f79bba6351895facb5acb",
+        "rev": "e544ee88fa4590df75e221e645a03fe157a99e5b",
         "type": "github"
       },
       "original": {
@@ -39,11 +39,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1634661806,
-        "narHash": "sha256-fBuR7EZ67UOdNt3gEwhoyWJ6zJtXh4kuupIALRcx/7I=",
+        "lastModified": 1635719588,
+        "narHash": "sha256-pWjdy0NheM97NsPE6+jUnr5LYyeA0sBGTdw4mfXMGZQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8fe3b97ef4527ac88d03ea33e0789f3512e01adc",
+        "rev": "f0869b1a2c0b150aac26e10bb5c2364ffb2e804f",
         "type": "github"
       },
       "original": {
diff --git a/hosts/architect/default.nix b/hosts/architect/default.nix
index 62b1b77..300cd86 100644
--- a/hosts/architect/default.nix
+++ b/hosts/architect/default.nix
@@ -26,6 +26,7 @@ in
       ./minecraft.nix
       ./prowlarr.nix
       ./plex.nix
+      ./transmission.nix
     ];
 
     time.timeZone                                  = "Europe/Rome";
diff --git a/hosts/architect/firewall.nix b/hosts/architect/firewall.nix
index 5062a37..bfc0e9d 100644
--- a/hosts/architect/firewall.nix
+++ b/hosts/architect/firewall.nix
@@ -9,10 +9,12 @@ let
     443   # https
     8448  # matrix
     10022 # gitea
+    51413 # transmission
   ];
   open_udp_ports = lib.concatMapStringsSep "," (x: toString x) [
     1194  # wireguard
     3478  # turn
+    51413 # transmission
   ];
 in {
   networking = {
@@ -134,6 +136,7 @@ in {
             
             # gdevices talking to everyone in VPN
             ip saddr {${lib.concatStringsSep "," gdevices-wg}} ip daddr ${vpn-net} accept
+            ip saddr {${lib.concatStringsSep "," gamenet-wg}} ip daddr {${lib.concatStringsSep "," gamenet-wg}} accept
             
             # nat to wan
             oifname ${wan-if} ip saddr {${lib.concatStringsSep "," towan-wg}} accept
diff --git a/hosts/architect/network.nix b/hosts/architect/network.nix
index 69459d0..bac9952 100644
--- a/hosts/architect/network.nix
+++ b/hosts/architect/network.nix
@@ -41,6 +41,10 @@ rec {
   alain-wg         = "10.3.0.22";
   dima-wg          = "10.3.0.23";
   mikey-wg         = "10.3.0.24";
+  andrew-wg        = "10.3.0.25";
+  mikeylaptop-wg   = "10.3.0.26";
+  andrewdesktop-wg = "10.3.0.27";
+  jacopo-wg        = "10.3.0.28";
   eleonora-wg      = "10.3.0.100";
   angellane-wg     = "10.3.0.200";
   hotpottino-wg    = "10.3.0.201";
@@ -52,6 +56,7 @@ rec {
   routers-wg       = [ hotpottino-wg angellane-wg dodino-wg ];
   c2c-wg           = [ ] ++ gdevices-wg;
   towan-wg         = [ shield-wg parisaphone-wg parisapc-wg ] ++ gdevices-wg ++ routers-wg;
+  gamenet-wg       = [ andrew-wg galuminum-wg gbeast-wg mikey-wg andrewdesktop-wg mikeylaptop-wg ];
 
   # domains
   sonarrdomain = "htson.giugl.io";
diff --git a/hosts/architect/plex.nix b/hosts/architect/plex.nix
index aae9147..b570b35 100644
--- a/hosts/architect/plex.nix
+++ b/hosts/architect/plex.nix
@@ -16,6 +16,10 @@ with import ./network.nix;
       enableACME = true;
       http2 = true;
       extraConfig = ''
+        allow 10.3.0.0/24;
+        allow 10.0.0.0/24;
+        deny all;
+
       #Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause
         send_timeout 100m;
 
diff --git a/hosts/architect/transmission.nix b/hosts/architect/transmission.nix
new file mode 100644
index 0000000..024378f
--- /dev/null
+++ b/hosts/architect/transmission.nix
@@ -0,0 +1,41 @@
+with import ./network.nix;
+
+let
+  domain = "httra.giugl.io";
+in {
+  services = {
+    transmission = {
+      enable = true;
+      settings = {
+        download-dir = "/media/transmission";
+        incomplete-dir = "/media/transmission/.incomplete";
+        rpc-host-whitelist = "${domain}";
+        encryption = 2;
+        speed-limit-up = 10;
+        speed-limit-up-enabled = true;
+        peer-port = 51413;
+      };
+      performanceNetParameters = true;
+    };
+
+    nginx.virtualHosts.${domain} = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://localhost:9091";
+        extraConfig = ''
+          allow 10.0.0.0/24;
+          allow 10.3.0.0/24;
+          deny all;
+        '';
+      };
+    };
+  };
+
+  networking.extraHosts = ''
+    ${architect-lan} ${domain}
+    ${architect-wg} ${domain}
+  '';
+
+  users.groups.media.members = ["transmission"];
+}
diff --git a/hosts/architect/wireguard.nix b/hosts/architect/wireguard.nix
index 77fe8d7..89a31f2 100644
--- a/hosts/architect/wireguard.nix
+++ b/hosts/architect/wireguard.nix
@@ -29,6 +29,8 @@ with import ./network.nix;
       ${dima-wg}            dima.devs.giugl.io
       ${boogino-wg}         boogino.devs.giugl.io
       ${mikey-wg}           mikey.devs.giugl.io
+      ${andrew-wg}          andrew.devs.giugl.io
+      ${mikeylaptop-wg}     mikeylaptop.devs.giugl.io
     '';
 
     wireguard = {
@@ -231,6 +233,30 @@ with import ./network.nix;
           allowedIPs = [mikey-wg];
           publicKey = "ewbDdX3z7nxG2aPIf9TogXkhxPlGipLFcy6XfyDC6gI=";
         }
+
+        {
+          # andrew
+          allowedIPs = [andrew-wg];
+          publicKey = "LP/FgST9fmBQSoKQFq9sFGvjRFOtRooMcuEcjuqaoWM=";
+        }
+
+        {
+          # mikey laptop
+          allowedIPs = [mikeylaptop-wg];
+          publicKey = "kz/pY/PgV+dwF1JZ2It4r5B5QfRSQM7HkbFCdvd5Yxk=";
+        }
+
+        {
+          # andrew desktop
+          allowedIPs = [andrewdesktop-wg];
+          publicKey = "rpYr3JNLIzxpxzFuQuaHFEl/XvPEPfwLbDETBP8KYXI=";
+        }
+
+        {
+          # laptop desktop
+          allowedIPs = [jacopo-wg];
+          publicKey = "W/taWI79bPIKOolVVu5xZfiJnPw9K91Xn1zhcM0+4g0=";
+        }
       ];
     };
   };
diff --git a/roles/home/common.nix b/roles/home/common.nix
index fe1b6a2..b76bac7 100644
--- a/roles/home/common.nix
+++ b/roles/home/common.nix
@@ -1,7 +1,7 @@
 { config, pkgs, ... }:
 
 {
-  imports = [ ./zsh.nix ];
+  imports = [ ./zsh.nix ./git.nix ];
 
   home = {
     stateVersion     = "21.05";
@@ -19,7 +19,6 @@
 
   programs.neovim = {
     enable      = true;
-    #package = pkgs.unstable.neovim-unwrapped;
 
     extraConfig = ''
       " syntax