{ config, pkgs, lib, ... }: { networking.firewall.allowedTCPPorts = [ ]; services.transfer-sh = { enable = true; settings = { LISTENER = "192.168.99.201:6080"; HTTP_AUTH_HTPASSWD = "/run/secrets/services/nginx/transfersh.htpasswd"; TEMP_PATH = "/mnt/data/transfer-sh/temp"; BASEDIR = "/mnt/data/transfer-sh/store"; EMAIL_CONTACT = "abuse@lewd.wtf"; PURGE_DAYS = "90"; }; }; systemd.services.transfer-sh.serviceConfig.ReadWritePaths = lib.mkForce [ "/mnt/data/transfer-sh/temp" "/mnt/data/transfer-sh/store" ]; }