with import ./network.nix;

let
  domain = "httra.giugl.io";
in {
  services = {
    transmission = {
      enable = true;
      settings = {
        download-dir = "/media/transmission";
        incomplete-dir = "/media/transmission/.incomplete";
        rpc-host-whitelist = "${domain}";
        encryption = 2;
        speed-limit-up = 10;
        speed-limit-up-enabled = true;
        peer-port = 51413;
      };
      performanceNetParameters = true;
    };

    nginx.virtualHosts.${domain} = {
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://localhost:9091";
        extraConfig = ''
          allow 10.0.0.0/24;
          allow 10.3.0.0/24;
          deny all;
        '';
      };
    };
  };

  networking.extraHosts = ''
    ${architect-lan} ${domain}
    ${architect-wg} ${domain}
  '';

  users.groups.media.members = ["transmission"];
}