2 files changed, 9 insertions, 5 deletions

diff --git a/machines/dragon.nix b/machines/dragon.nix
index 16ae1cf..317d1b6 100644
--- a/machines/dragon.nix
+++ b/machines/dragon.nix
@@ -50,12 +50,13 @@ in {
 
   services.transmission = {
     enable = true;
-    settings.download-dir = "/storage/upload";
-    settings.peer-port = 55324;
+    home = "/storage/upload";
+    settings.peer-port = 56732;
     settings.rpc-bind-address = "0.0.0.0";
     settings.rpc-whitelist = "172.20.*.*";
   };
   systemd.services.transmission.serviceConfig.NetworkNamespacePath = "/var/run/netns/vpn";
+  users.users.transmission.extraGroups = ["readonly"];
   # services.tailscale.enable = true;
 
   # virtualisation.lxd.enable = true;
@@ -82,6 +83,7 @@ in {
   networking = { hostName = lib.mkForce "dragon"; };
   networking.firewall.enable = false;
   networking.interfaces.router-vport.useDHCP = true;
+  networking.resolvconf.useLocalResolver = false;
   networking.dhcpcd.enable = true;
   networking.dhcpcd.extraConfig = ''
     clientid dragon
diff --git a/modules/router.nix b/modules/router.nix
index 9251229..ff893df 100644
--- a/modules/router.nix
+++ b/modules/router.nix
@@ -158,6 +158,7 @@ let
       extraConfig = ''
         noipv6rs
         noipv6
+        nohook resolv.conf
         interface wan-vport
         dhcp
       '';
@@ -210,9 +211,10 @@ let
             oifname wan-vport counter accept
             oifname mullvad counter accept
 
-            ip daddr 172.20.30.2 th dport 9091 counter accept;
+            ip daddr 172.20.30.2 th dport {9091, 56732} counter accept;
             oifname servers-vport meta l4proto {tcp, udp} th dport $SERVER_WAN_PORTS counter accept
             iifname lan-vport oifname servers-vport meta l4proto {tcp, udp} th dport $SERVER_LAN_PORTS counter accept
+            iifname vpn-vport oifname servers-vport meta l4proto {tcp, udp} th dport $SERVER_LAN_PORTS counter accept
             iifname servers-vport counter accept
 
             counter drop
@@ -232,8 +234,8 @@ let
         table inet nat {
           chain prerouting {
             type nat hook prerouting priority -100; policy accept
-            meta nfproto ipv4 iifname wan-vport tcp dport $SERVER_WAN_PORTS dnat to 172.20.20.2
-            meta nfproto ipv4 iifname vpn-vport tcp dport 55324 dnat to 172.20.30.2
+            meta nfproto ipv4 iifname wan-vport tcp dport $SERVER_WAN_PORTS dnat to 172.20.30.2
+            meta nfproto ipv4 iifname mullvad tcp dport 56732 dnat to 172.20.30.2
           }
           chain postrouting {
             type nat hook postrouting priority 100; policy accept