{ config, lib, pkgs, homeyConfig, ... }: # Transmission — BitTorrent client. (Deferred — enable when ready.) # # NOTE: Transmission's web UI also runs on port 9091. To avoid clashing # with Authelia (also 9091), this module binds Transmission to 9092. # # Volume layout: # /transmission/config/ → /config # /media/movies/ → /downloads/movies # /media/tvshows/ → /downloads/tvshows # /media/general/ → /downloads/general # /media/complete/ → /downloads/complete let cfg = config.homey.transmission; dataDir = config.homey.storage.mountPoint; domain = homeyConfig.domain; in { options.homey.transmission = { enable = lib.mkEnableOption "Transmission torrent client" // { default = true; }; image = lib.mkOption { type = lib.types.str; default = "docker.io/linuxserver/transmission:latest"; }; port = lib.mkOption { type = lib.types.port; default = 9092; description = "Host port for Transmission web UI (9092 to avoid clash with authelia@9091)."; }; }; config = lib.mkIf cfg.enable { virtualisation.oci-containers.containers.transmission = { image = cfg.image; # Map host cfg.port (9092) → container 9091 so Caddy can reach it # without conflicting with Authelia's host port (also 9091). ports = [ "127.0.0.1:${toString cfg.port}:9091" ]; environment = { PUID = "1000"; PGID = "1000"; TRANSMISSION_WEB_HOME = "/usr/share/transmission/web"; }; volumes = [ "${dataDir}/transmission/config:/config" "${dataDir}/media/movies:/downloads/movies" "${dataDir}/media/tvshows:/downloads/tvshows" "${dataDir}/media/general:/downloads/general" "${dataDir}/media/complete:/downloads/complete" ]; extraOptions = [ "--network=homey" ]; }; systemd.services."podman-transmission" = { after = lib.mkAfter [ "mnt-data.mount" "podman-homey-network.service" ]; requires = lib.mkAfter [ "mnt-data.mount" "podman-homey-network.service" ]; }; # ----------------------------------------------------------------------- # Authelia access control — admins only, two_factor; all others denied. # ----------------------------------------------------------------------- homey.authelia.accessControlRules = [ { priority = 30; domain = [ "torrent.${domain}" ]; subject = [ "group:admins" ]; policy = "two_factor"; } { priority = 31; domain = [ "torrent.${domain}" ]; policy = "deny"; } ]; # ----------------------------------------------------------------------- # Caddy virtual host — forward_auth, admins only # ----------------------------------------------------------------------- homey.caddy.virtualHosts = [{ subdomain = "torrent"; port = cfg.port; auth = true; }]; # ----------------------------------------------------------------------- # Storage directories # ----------------------------------------------------------------------- homey.storage.extraDirs = [ { path = "transmission"; } { path = "transmission/config"; } ]; # ----------------------------------------------------------------------- # Backup # ----------------------------------------------------------------------- homey.backup.extraPaths = [ "${dataDir}/transmission" ]; }; }