feat: add nixarr

2025-08-25 21:09:59 +02:00 · 2025-08-25 21:09:59 +02:00 · 974b872e83
commit 974b872e83
parent e6cae70857
42 changed files with 1161 additions and 4 deletions
--- a/machines/moritz-server/nixarr/transmission.nix
+++ b/machines/moritz-server/nixarr/transmission.nix
@ -0,0 +1,106 @@
+{
+  inputs,
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  transmissionUserName = "admin";
+in {
+  imports = [inputs.nixarr.nixosModules.default];
+
+  clan.core.vars.generators."nixarr-transmission" = {
+    prompts.password = {
+      type = "hidden";
+      persist = true;
+      description = "Leave empty to generate automatically";
+    };
+
+    files.credentialsFile = {};
+    files.password.deploy = false;
+    files.cross-seed-credentialsFile = {};
+
+    runtimeInputs = [
+      pkgs.coreutils
+      pkgs.xkcdpass
+      pkgs.mkpasswd
+      pkgs.openssl
+    ];
+
+    script = ''
+      prompt_value="$(cat "$prompts/password")"
+      if [[ -n "''${prompt_value-}" ]]; then
+        echo "$prompt_value" | tr -d "\n" > "$out"/password
+      else
+        xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/password
+      fi
+
+      PASS="$(cat "$out/password")"
+      SALT="$(openssl rand -hex 4)"
+      HASH="$(echo -n "$PASS$SALT" | sha1sum | cut -d" " -f 1)"
+
+      echo "{\"rpc-password\": \"{$HASH$SALT\", \"rpc-authentication-required\": true, \"rpc-username\": \"${transmissionUserName}\"}" > $out/credentialsFile
+      echo "{\"transmissionRpcUrl\": \"http://admin:$PASS@localhost:9091/transmission/rpc\"}" > $out/cross-seed-credentialsFile
+    '';
+  };
+  nixarr.transmission = {
+    enable = true;
+    vpn.enable = true;
+    peerPort = 39350;
+    credentialsFile = config.clan.core.vars.generators.nixarr-transmission.files.credentialsFile.path;
+  };
+  services.nginx.virtualHosts."torrent.moritz.place" = {
+    forceSSL = true;
+    useACMEHost = "any.moritz.place";
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:${builtins.toString config.nixarr.transmission.uiPort}";
+    };
+  };
+  nixarr.transmission.privateTrackers.cross-seed = {
+    enable = true;
+    extraSettings = {
+      delay = 30;
+      matchMode = "partial";
+      skipRecheck = true;
+      autoResumeMaxDownload = 52428800;
+      ignoreNonRelevantFilesToResume = false;
+      linkDirs = [
+        "${config.nixarr.mediaDir}/torrents/.linking"
+      ];
+      excludeOlder = "2 weeks";
+      excludeRecentSearch = "3 days";
+      searchCadence = "1 day";
+      snatchTimeout = "30 seconds";
+      searchTimeout = "2 minutes";
+    };
+    indexIds = [
+      4
+      1
+    ];
+  };
+  systemd.services.cross-seed = {
+    serviceConfig = {
+      ExecStartPre = let
+        cross-seed-credentialsFile = config.clan.core.vars.generators.nixarr-transmission.files.cross-seed-credentialsFile.path;
+        cfg = config.util-nixarr.services.cross-seed;
+      in
+        lib.mkAfter [
+          (
+            "+"
+            + pkgs.writeShellScript "transmission-prestart-custom" ''
+              tmp="$(mktemp)"
+              ${pkgs.jq}/bin/jq --slurp add '${cfg.dataDir}/config.json' '${cross-seed-credentialsFile}' > "$tmp"
+              install -D -m 600 -o '${cfg.user}' "$tmp" '${cfg.dataDir}/config.json'
+              rm -rf "$tmp"
+            ''
+          )
+        ];
+    };
+  };
+  systemd.tmpfiles.rules = let
+    cfg = config.nixarr;
+  in lib.mkAfter [
+    "d '${cfg.mediaDir}/torrents/.linking'                     0750 cross-seed cross-seed - -"
+    "d '${cfg.mediaDir}/torrents/.cross-seed'                  0750 cross-seed cross-seed - -"
+  ];
+}