{ pkgs, config, ... }: let mountdir = "/var/media/dungflix"; rclone_config = pkgs.writeText "" '' [dungflix] type = b2 [dungflix-vault] type = crypt remote = dungflix:dungflix-bucket ''; in { age.secrets = { dungflix_bucket_account_id.file = ../../secrets/dungflix_bucket_account_id.age; dungflix_bucket_account_key.file = ../../secrets/dungflix_bucket_account_key.age; dungflix_crypt_remote_obscured_pass.file = ../../secrets/dungflix_crypt_remote_obscured_pass.age; }; services = { jellyfin.enable = true; transmission = { enable = true; settings = { rpc-host-whitelist-enable = true; rpc-host-whitelist = "bigding.squirrel-clownfish.ts.net"; }; }; }; users.users."daniel".extraGroups = ["transmission"]; systemd.services.transmission.serviceConfig = { Restart = "always"; RuntimeMaxSec = 28800; MemoryMax = "1G"; }; systemd.services.dungflix-mount = { description = "Mount the Backblaze B2 media store"; wantedBy = ["multi-user.target"]; path = [pkgs.fuse]; preStart = '' mkdir -p -m 777 ${mountdir} ''; script = '' export RCLONE_B2_ACCOUNT=''$(cat ${config.age.secrets.dungflix_bucket_account_id.path}) export RCLONE_B2_KEY=''$(cat ${config.age.secrets.dungflix_bucket_account_key.path}) export RCLONE_CRYPT_PASSWORD=''$(cat ${config.age.secrets.dungflix_crypt_remote_obscured_pass.path}) ${pkgs.rclone}/bin/rclone --config="${rclone_config}" mount dungflix-vault: ${mountdir} \ --transfers 32 \ --vfs-cache-mode full \ --vfs-cache-max-age 336h \ --vfs-cache-max-size 200G \ --allow-other \ --no-modtime \ --rc \ --rc-no-auth \ -vv ''; postStart = '' sleep 5 ${pkgs.rclone}/bin/rclone --config="${rclone_config}" rc vfs/refresh recursive=true _async=true ''; postStop = '' sleep 3 fusermount -u ${mountdir} ''; serviceConfig = { Restart = "on-failure"; }; }; }