jacopo, mikey, andrew wg clients. transmission added

flake.lock

@@ -23,11 +23,11 @@
     },
     "nixos-unstable": {
       "locked": {
-        "lastModified": 1634515797,
+        "lastModified": 1635702959,
-        "narHash": "sha256-elgCUC2khtBkOSpE4gDymNvthTZAI4hGI2iNu3YEUkA=",
+        "narHash": "sha256-ZKxX9DjJJGJqq20pE4dIj1G4ssCLVXXRFerM6lNuF0k=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5f0194220f2402b06f7f79bba6351895facb5acb",
+        "rev": "e544ee88fa4590df75e221e645a03fe157a99e5b",
         "type": "github"
       },
       "original": {
@@ -39,11 +39,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1634661806,
+        "lastModified": 1635719588,
-        "narHash": "sha256-fBuR7EZ67UOdNt3gEwhoyWJ6zJtXh4kuupIALRcx/7I=",
+        "narHash": "sha256-pWjdy0NheM97NsPE6+jUnr5LYyeA0sBGTdw4mfXMGZQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8fe3b97ef4527ac88d03ea33e0789f3512e01adc",
+        "rev": "f0869b1a2c0b150aac26e10bb5c2364ffb2e804f",
         "type": "github"
       },
       "original": {

hosts/architect/default.nix

@@ -26,6 +26,7 @@ in
       ./minecraft.nix
       ./prowlarr.nix
       ./plex.nix
+      ./transmission.nix
     ];
 
     time.timeZone                                  = "Europe/Rome";

hosts/architect/firewall.nix

@@ -9,10 +9,12 @@ let
     443   # https
     8448  # matrix
     10022 # gitea
+    51413 # transmission
   ];
   open_udp_ports = lib.concatMapStringsSep "," (x: toString x) [
     1194  # wireguard
     3478  # turn
+    51413 # transmission
   ];
 in {
   networking = {
@@ -134,6 +136,7 @@ in {
             
             # gdevices talking to everyone in VPN
             ip saddr {${lib.concatStringsSep "," gdevices-wg}} ip daddr ${vpn-net} accept
+            ip saddr {${lib.concatStringsSep "," gamenet-wg}} ip daddr {${lib.concatStringsSep "," gamenet-wg}} accept
             
             # nat to wan
             oifname ${wan-if} ip saddr {${lib.concatStringsSep "," towan-wg}} accept

hosts/architect/network.nix

@@ -41,6 +41,10 @@ rec {
   alain-wg         = "10.3.0.22";
   dima-wg          = "10.3.0.23";
   mikey-wg         = "10.3.0.24";
+  andrew-wg        = "10.3.0.25";
+  mikeylaptop-wg   = "10.3.0.26";
+  andrewdesktop-wg = "10.3.0.27";
+  jacopo-wg        = "10.3.0.28";
   eleonora-wg      = "10.3.0.100";
   angellane-wg     = "10.3.0.200";
   hotpottino-wg    = "10.3.0.201";
@@ -52,6 +56,7 @@ rec {
   routers-wg       = [ hotpottino-wg angellane-wg dodino-wg ];
   c2c-wg           = [ ] ++ gdevices-wg;
   towan-wg         = [ shield-wg parisaphone-wg parisapc-wg ] ++ gdevices-wg ++ routers-wg;
+  gamenet-wg       = [ andrew-wg galuminum-wg gbeast-wg mikey-wg andrewdesktop-wg mikeylaptop-wg ];
 
   # domains
   sonarrdomain = "htson.giugl.io";

hosts/architect/plex.nix

@@ -16,6 +16,10 @@ with import ./network.nix;
       enableACME = true;
       http2 = true;
       extraConfig = ''
+        allow 10.3.0.0/24;
+        allow 10.0.0.0/24;
+        deny all;
+
       #Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause
         send_timeout 100m;
 

hosts/architect/transmission.nix

@@ -0,0 +1,41 @@
+with import ./network.nix;
+
+let
+  domain = "httra.giugl.io";
+in {
+  services = {
+    transmission = {
+      enable = true;
+      settings = {
+        download-dir = "/media/transmission";
+        incomplete-dir = "/media/transmission/.incomplete";
+        rpc-host-whitelist = "${domain}";
+        encryption = 2;
+        speed-limit-up = 10;
+        speed-limit-up-enabled = true;
+        peer-port = 51413;
+      };
+      performanceNetParameters = true;
+    };
+
+    nginx.virtualHosts.${domain} = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://localhost:9091";
+        extraConfig = ''
+          allow 10.0.0.0/24;
+          allow 10.3.0.0/24;
+          deny all;
+        '';
+      };
+    };
+  };
+
+  networking.extraHosts = ''
+    ${architect-lan} ${domain}
+    ${architect-wg} ${domain}
+  '';
+
+  users.groups.media.members = ["transmission"];
+}

hosts/architect/wireguard.nix

@@ -29,6 +29,8 @@ with import ./network.nix;
       ${dima-wg}            dima.devs.giugl.io
       ${boogino-wg}         boogino.devs.giugl.io
       ${mikey-wg}           mikey.devs.giugl.io
+      ${andrew-wg}          andrew.devs.giugl.io
+      ${mikeylaptop-wg}     mikeylaptop.devs.giugl.io
     '';
 
     wireguard = {
@@ -231,6 +233,30 @@ with import ./network.nix;
           allowedIPs = [mikey-wg];
           publicKey = "ewbDdX3z7nxG2aPIf9TogXkhxPlGipLFcy6XfyDC6gI=";
         }
+
+        {
+          # andrew
+          allowedIPs = [andrew-wg];
+          publicKey = "LP/FgST9fmBQSoKQFq9sFGvjRFOtRooMcuEcjuqaoWM=";
+        }
+
+        {
+          # mikey laptop
+          allowedIPs = [mikeylaptop-wg];
+          publicKey = "kz/pY/PgV+dwF1JZ2It4r5B5QfRSQM7HkbFCdvd5Yxk=";
+        }
+
+        {
+          # andrew desktop
+          allowedIPs = [andrewdesktop-wg];
+          publicKey = "rpYr3JNLIzxpxzFuQuaHFEl/XvPEPfwLbDETBP8KYXI=";
+        }
+
+        {
+          # laptop desktop
+          allowedIPs = [jacopo-wg];
+          publicKey = "W/taWI79bPIKOolVVu5xZfiJnPw9K91Xn1zhcM0+4g0=";
+        }
       ];
     };
   };

roles/home/common.nix

@@ -1,7 +1,7 @@
 { config, pkgs, ... }:
 
 {
-  imports = [ ./zsh.nix ];
+  imports = [ ./zsh.nix ./git.nix ];
 
   home = {
     stateVersion     = "21.05";
@@ -19,7 +19,6 @@
 
   programs.neovim = {
     enable      = true;
-    #package = pkgs.unstable.neovim-unwrapped;
 
     extraConfig = ''
       " syntax