summary refs log tree commit diff
path: root/nixos/modules/services/torrent
diff options
context:
space:
mode:
authorAustin Seipp <aseipp@pobox.com>2014-04-15 06:50:39 -0500
committerAustin Seipp <aseipp@pobox.com>2014-04-15 06:54:51 -0500
commitda6bc44dd7eb39b68d9b16bc398e64248d7a09c3 (patch)
treec4d1ab80f236142b99a1ec4af75fceff01dd4f78 /nixos/modules/services/torrent
parent253f83ea2d4dbfd0f7eac81ffeadeb80d4863e21 (diff)
downloadnixlib-da6bc44dd7eb39b68d9b16bc398e64248d7a09c3.tar
nixlib-da6bc44dd7eb39b68d9b16bc398e64248d7a09c3.tar.gz
nixlib-da6bc44dd7eb39b68d9b16bc398e64248d7a09c3.tar.bz2
nixlib-da6bc44dd7eb39b68d9b16bc398e64248d7a09c3.tar.lz
nixlib-da6bc44dd7eb39b68d9b16bc398e64248d7a09c3.tar.xz
nixlib-da6bc44dd7eb39b68d9b16bc398e64248d7a09c3.tar.zst
nixlib-da6bc44dd7eb39b68d9b16bc398e64248d7a09c3.zip
nixos: transmission improvements
This mostly upgrades transmission, and does some very minor touchups on
AppArmor support.

In particular, there is now no need to ever specify the umask as part of
the settings, as it will be mixed in by default (which is essentially
always what you want). Also, the default configuration is now more
sensible: Downloads are put in /var/lib/transmission/Downloads, and
incomplete files are put in /var/lib/transmission/.incomplete - this
also allows easy use of file syncing probrams, like BitTorrent Sync.

Finally, this unconditionally enables the AppArmor profiles for the
daemon, if AppArmor is enabled - rather than letting the user specify
profile support, it's best to default to supporting profiles for daemons
transparently in all places.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
Diffstat (limited to 'nixos/modules/services/torrent')
-rw-r--r--nixos/modules/services/torrent/transmission.nix73
1 files changed, 26 insertions, 47 deletions
diff --git a/nixos/modules/services/torrent/transmission.nix b/nixos/modules/services/torrent/transmission.nix
index 14472b49a7c2..5cdecd1eb577 100644
--- a/nixos/modules/services/torrent/transmission.nix
+++ b/nixos/modules/services/torrent/transmission.nix
@@ -1,13 +1,14 @@
-# NixOS module for Transmission BitTorrent daemon
-
 { config, lib, pkgs, ... }:
 
 with lib;
 
 let
-
   cfg = config.services.transmission;
+  apparmor = config.security.apparmor.enable;
+
   homeDir = "/var/lib/transmission";
+  downloadDir = "${homeDir}/Downloads";
+  incompleteDir = "${homeDir}/.incomplete";
   settingsDir = "${homeDir}/.config/transmission-daemon";
   settingsFile = "${settingsDir}/settings.json";
 
@@ -31,16 +32,12 @@ let
         (if isList value then value else [value]))
         as));
 
+  # for users in group "transmission" to have access to torrents
+  fullSettings = cfg.settings // { umask = 2; };
 in
-
 {
-
-  ### configuration
-
   options = {
-
     services.transmission = {
-
       enable = mkOption {
         type = types.uniq types.bool;
         default = false;
@@ -59,65 +56,48 @@ in
         type = types.attrs;
         default =
           {
-            # for users in group "transmission" to have access to torrents
-            umask = 2;
-          }
-        ;
+            download-dir = downloadDir;
+            incomplete-dir = incompleteDir;
+            incomplete-dir-enabled = true;
+          };
         example =
           {
             download-dir = "/srv/torrents/";
             incomplete-dir = "/srv/torrents/.incomplete/";
             incomplete-dir-enabled = true;
             rpc-whitelist = "127.0.0.1,192.168.*.*";
-            # for users in group "transmission" to have access to torrents
-            umask = 2;
-          }
-        ;
+          };
         description = ''
           Attribute set whos fields overwrites fields in settings.json (each
           time the service starts). String values must be quoted, integer and
           boolean values must not.
 
-          See https://trac.transmissionbt.com/wiki/EditConfigFiles for documentation
-          and/or look at ${settingsFile}."
+          See https://trac.transmissionbt.com/wiki/EditConfigFiles for
+          documentation and/or look at ${settingsFile}.
         '';
       };
 
-      rpc_port = mkOption {
+      port = mkOption {
         type = types.uniq types.int;
         default = 9091;
         description = "TCP port number to run the RPC/web interface.";
       };
-
-      apparmor = mkOption {
-        type = types.uniq types.bool;
-        default = true;
-        description = "Generate apparmor profile for transmission-daemon.";
-      };
     };
-
   };
 
-  ### implementation
-
   config = mkIf cfg.enable {
-
     systemd.services.transmission = {
-      description = "Transmission BitTorrent Daemon";
-      after = [ "network.target" ] ++ optional (config.security.apparmor.enable && cfg.apparmor) "apparmor.service";
-      requires = mkIf (config.security.apparmor.enable && cfg.apparmor) [ "apparmor.service" ];
+      description = "Transmission BitTorrent Service";
+      after = [ "network.target" ] ++ optional apparmor "apparmor.service";
+      requires = mkIf apparmor [ "apparmor.service" ];
       wantedBy = [ "multi-user.target" ];
 
       # 1) Only the "transmission" user and group have access to torrents.
       # 2) Optionally update/force specific fields into the configuration file.
-      serviceConfig.ExecStartPre =
-        if cfg.settings != {} then ''
-          ${pkgs.stdenv.shell} -c "chmod 770 ${homeDir} && mkdir -p ${settingsDir} && ${pkgs.transmission}/bin/transmission-daemon -d |& sed ${attrsToSedArgs cfg.settings} > ${settingsFile}.tmp && mv ${settingsFile}.tmp ${settingsFile}"
-        ''
-        else ''
-          ${pkgs.stdenv.shell} -c "chmod 770 ${homeDir}"
-        '';
-      serviceConfig.ExecStart = "${pkgs.transmission}/bin/transmission-daemon -f --port ${toString config.services.transmission.rpc_port}";
+      serviceConfig.ExecStartPre = ''
+          ${pkgs.stdenv.shell} -c "chmod 770 ${homeDir} && mkdir -p ${settingsDir} ${downloadDir} ${incompleteDir} && ${pkgs.transmission}/bin/transmission-daemon -d |& sed ${attrsToSedArgs fullSettings} > ${settingsFile}.tmp && mv ${settingsFile}.tmp ${settingsFile}"
+      '';
+      serviceConfig.ExecStart = "${pkgs.transmission}/bin/transmission-daemon -f --port ${toString config.services.transmission.port}";
       serviceConfig.ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
       serviceConfig.User = "transmission";
       # NOTE: transmission has an internal umask that also must be set (in settings.json)
@@ -127,6 +107,7 @@ in
     # It's useful to have transmission in path, e.g. for remote control
     environment.systemPackages = [ pkgs.transmission ];
 
+    users.extraGroups.transmission.gid = config.ids.gids.transmission;
     users.extraUsers.transmission = {
       group = "transmission";
       uid = config.ids.uids.transmission;
@@ -135,10 +116,8 @@ in
       createHome = true;
     };
 
-    users.extraGroups.transmission.gid = config.ids.gids.transmission;
-
     # AppArmor profile
-    security.apparmor.profiles = mkIf (config.security.apparmor.enable && cfg.apparmor) [
+    security.apparmor.profiles = mkIf apparmor [
       (pkgs.writeText "apparmor-transmission-daemon" ''
         #include <tunables/global>
 
@@ -161,9 +140,9 @@ in
 
           owner ${settingsDir}/** rw,
 
-          ${cfg.settings.download-dir}/** rw,
-          ${optionalString cfg.settings.incomplete-dir-enabled ''
-            ${cfg.settings.incomplete-dir}/** rw,
+          ${fullSettings.download-dir}/** rw,
+          ${optionalString fullSettings.incomplete-dir-enabled ''
+            ${fullSettings.incomplete-dir}/** rw,
           ''}
         }
       '')
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-04 06:02:09 +0000