diff --git a/machines/weilite/default.nix b/machines/weilite/default.nix
index c151e1b..c3a70d0 100644
--- a/machines/weilite/default.nix
+++ b/machines/weilite/default.nix
@@ -101,12 +101,7 @@
         type = "virtiofs";
         options = "rw,nodev,nosuid";
       }
-      {
-        what = "media";
-        where = "/var/lib/jellyfin/media";
-        type = "virtiofs";
-        options = "rw,nodev,nosuid";
-      }
+
       {
         what = "/mnt/nixos/ocis";
         where = "/var/lib/ocis";
@@ -128,6 +123,13 @@
         after = [ "mnt-nixos.mount" ];
         wantedBy = [ "immich-server.service" ];
       }
+      {
+        what = "/mnt/nixos/media";
+        where = "/var/lib/jellyfin/media";
+        options = "bind";
+        after = [ "mnt-nixos.mount" ];
+        wantedBy = [ "jellyfin.service" ];
+      }
     ];
 
     hardware.graphics = {
diff --git a/machines/weilite/secrets.yaml b/machines/weilite/secrets.yaml
index 0394a80..b5c3aa5 100644
--- a/machines/weilite/secrets.yaml
+++ b/machines/weilite/secrets.yaml
@@ -4,6 +4,8 @@ immich:
     oauth_client_secret: ENC[AES256_GCM,data:EFs2hPjGMj0idwY3oQVIDTOIWkdwoAoAVjDQE9Z2eAKzUDH3grmYpYE+33V8d/Ux,iv:A9cjwFr/ZqltG62/N8MQ1LhdDbSIVVAqIPVB492zYJw=,tag:VTTtE697BZTVsI32UF53/w==,type:str]
 restic:
     localpass: ENC[AES256_GCM,data:GIQAmkpDmGu4+sSG5/b5yQ==,iv:dcu6F8NnVjeQzEG2vM3fOV5owI0PWc86ts20UP3vN18=,tag:vsG8x062FG1pH5YNcAajeg==,type:str]
+transmission:
+    rpc-password: ENC[AES256_GCM,data:4dumy0hygGOuwU3ANky3xEKRDRBAJWE=,iv:HVV2J+F8HndHZNsMD2YmkWrJOzk5JIapGd0SuQP8VqU=,tag:xqp5pxh5cYYogA4alrmIfg==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -28,8 +30,8 @@ sops:
             V0thRjU4WGpQRGFpcnoxSjZTZHhTTkUKzNMHh9p7GUY3hL5XZ9S4x20CwaItsXFV
             RKujsFVVBd8Kuq/jyOCBTRCscuHI4LW/wYeZYHFEZFSTK2liAqspgw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-12-03T05:59:51Z"
-    mac: ENC[AES256_GCM,data:0dLbfkm7fJvH5Mmct0/qHulg2AtDCeeeOgWMXfeGRUaX3GlLDiLga0zW4uNPDuahVecdh6ofvYfBOxFaGUdBCHk9vq5GzrwrzBNhqObWQ3AqVuq5rjqSxEKoFM4Eb5qoqaOefFzT/9qC94NDETTsHhjiEeIgd4fgSr2dazNiFPE=,iv:Ggw0FHzkrhKh5Uzo3seHGwwHsWW/tTAgAl0iIq9PVk4=,tag:rJvUI5/wsLJ01XyKmkRghw==,type:str]
+    lastmodified: "2024-12-25T00:35:15Z"
+    mac: ENC[AES256_GCM,data:sk4DL+w740RD9A3sPvcGD4fc90Nfw9C8dH11ScGRgt6gS3v4V16pD0Q/bHHZiUCll76phZKjp+sGcZaPw0X7RDlK582WY3uw0pLtqLlm0gejjmvBJYKg47nA0dCD+vDvbMkJlvJG6N3sRuXDBa/7bAe452eXZNS8Xnm7ceDscVc=,iv:Nx4yCfG9rNk0q8akuI1aZr6Wj4GIAxASE8Tc7TH4Vj8=,tag:GodvlMbhIPpPu062spKFxA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.1
+    version: 3.9.2
diff --git a/machines/weilite/services/default.nix b/machines/weilite/services/default.nix
index 5a5cc25..ca5ee33 100644
--- a/machines/weilite/services/default.nix
+++ b/machines/weilite/services/default.nix
@@ -5,5 +5,6 @@
     ./media-download.nix
     ./immich.nix
     ./jellyfin.nix
+    ./transmission.nix
   ];
 }
diff --git a/machines/weilite/services/transmission.nix b/machines/weilite/services/transmission.nix
new file mode 100644
index 0000000..be7bb39
--- /dev/null
+++ b/machines/weilite/services/transmission.nix
@@ -0,0 +1,67 @@
+{ config, ... }:
+let
+  cfg = config.services.transmission;
+in
+{
+  sops.secrets = {
+    "transmission/rpc-password" = { };
+  };
+
+  sops.templates."transmission-cred.json" = {
+    content = builtins.toJSON {
+      rpc-password = config.sops.placeholder."transmission/rpc-password";
+    };
+  };
+
+  services.transmission = {
+    enable = true;
+    openPeerPorts = true;
+    credentialsFile = config.sops.templates."transmission-cred.json".path;
+    settings = {
+      download-dir = "/mnt/nixos/media";
+      incomplete-dir = "/mnt/nixos/transmission/incomplete";
+      alt-speed-down = 40960;
+      alt-speed-enabled = false;
+      alt-speed-time-begin = 60;
+      alt-speed-time-day = 127;
+      alt-speed-time-enabled = true;
+      alt-speed-time-end = 420;
+      alt-speed-up = 4096;
+      bind-address-ipv4 = "0.0.0.0";
+      bind-address-ipv6 = "::";
+      download-queue-enabled = true;
+      download-queue-size = 5;
+      incomplete-dir-enabled = true;
+      lpd-enabled = false;
+      message-level = 2;
+      peer-congestion-algorithm = "";
+      peer-id-ttl-hours = 6;
+      peer-limit-global = 200;
+      peer-limit-per-torrent = 50;
+      peer-port = 51413;
+      peer-socket-tos = "cs2";
+      pex-enabled = true;
+      preallocation = 1;
+      prefetch-enabled = true;
+      queue-stalled-enabled = true;
+      queue-stalled-minutes = 30;
+      rename-partial-files = true;
+      rpc-bind-address = "127.0.0.1";
+      rpc-enabled = true;
+      rpc-authentication-required = true;
+      rpc-port = 9092;
+      rpc-username = "xin";
+      rpc-whitelist = "127.0.0.1";
+      speed-limit-down = 20480;
+      speed-limit-down-enabled = true;
+      speed-limit-up = 3072;
+      speed-limit-up-enabled = true;
+      start-added-torrents = true;
+      watch-dir-enabled = false;
+    };
+  };
+  services.caddy.virtualHosts."https://weilite.coho-tet.ts.net:9091".extraConfig = ''
+    reverse_proxy 127.0.0.1:${toString cfg.settings.rpc-port}
+  '';
+  networking.firewall.allowedTCPPorts = [ 9091 ]; # allow on lan
+}