diff options
Diffstat (limited to 'makefu/2configs/torrent/rtorrent.nix')
-rw-r--r-- | makefu/2configs/torrent/rtorrent.nix | 85 |
1 files changed, 30 insertions, 55 deletions
diff --git a/makefu/2configs/torrent/rtorrent.nix b/makefu/2configs/torrent/rtorrent.nix index 74f1e5fe8..79325bfc7 100644 --- a/makefu/2configs/torrent/rtorrent.nix +++ b/makefu/2configs/torrent/rtorrent.nix @@ -1,73 +1,48 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; - let basicAuth = import <torrent-secrets/auth.nix>; peer-port = 51412; web-port = 8112; daemon-port = 58846; - base-dir = config.krebs.rtorrent.workDir; + dldir = config.makefu.dl-dir; in { + services.rtorrent.enable = true; + services.rtorrent.user = "rtorrent"; + services.rtorrent.group = "download"; + services.rtorrent.downloadDir = dldir; + services.rtorrent.configText = '' + schedule2 = watch_start, 10, 10, ((load.start, (cat, (cfg.watch), "/media/cloud/watch/*.torrent"))) + ''; - users.users = { - download = { - name = "download"; - home = base-dir; - uid = mkDefault (genid "download"); - createHome = true; - useDefaultShell = true; - group = "download"; - openssh.authorizedKeys.keys = [ ]; - }; - }; + services.rtorrent.openFirewall = true; - users.extraGroups = { - download = { - gid = lib.mkDefault (genid "download"); - members = [ - config.krebs.build.user.name - "download" - "rtorrent" - "nginx" - ]; + systemd.services.flood = { + wantedBy = [ "multi-user.target" ]; + wants = [ "rtorrent.service" ]; + after = [ "rtorrent.service" ]; + serviceConfig = { + User = "rtorrent"; + ExecStart = "${pkgs.nodePackages.flood}/bin/flood --auth none --port ${toString web-port} --rtsocket ${config.services.rtorrent.rpcSocket}"; }; - rtorrent.members = [ "download" ]; }; - krebs.rtorrent = let - d = config.makefu.dl-dir; - in { + #security.acme.certs."torrent.${config.krebs.build.host.name}.r".server = config.krebs.ssl.acmeURL; + + services.nginx = { enable = true; - web = { - enable = true; - port = web-port; + virtualHosts."torrent.${config.krebs.build.host.name}.r" = { + # TODO inherit basicAuth; + #enableACME = true; + #addSSL = true; + root = "${pkgs.nodePackages.flood}/lib/node_modules/flood/dist/assets"; + locations."/api".extraConfig = '' + proxy_pass http://localhost:${toString web-port}; + ''; + locations."/".extraConfig = '' + try_files $uri /index.html; + ''; }; - rutorrent.enable = true; - enableXMLRPC = true; - listenPort = peer-port; - downloadDir = d + "/finished/incoming"; - watchDir = d + "/watch"; - # TODO: maybe test out multiple watch dirs with tags: https://github.com/rakshasa/rtorrent/wiki/TORRENT-Watch-directories - extraConfig = '' - # log.add_output = "debug", "rtorrent-systemd" - # log.add_output = "dht_debug", "rtorrent-systemd" - # log.add_output = "tracker_debug", "rtorrent-systemd" - log.add_output = "rpc_events", "rtorrent-systemd" - # log.add_output = "rpc_dump", "rtorrent-systemd" - system.daemon.set = true - ''; - # dump old torrents into watch folder to have them re-added }; - - services.nginx.virtualHosts."torrent.${config.krebs.build.host.name}.r".locations."/" = { proxyPass = "http://localhost:${toString web-port}/"; }; - - networking.firewall.extraCommands = '' - iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT - ''; - - networking.firewall.allowedTCPPorts = [ peer-port ]; - networking.firewall.allowedUDPPorts = [ peer-port ]; - state = [ config.krebs.rtorrent.sessionDir ]; # state which torrents were loaded } |