summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/torrent.nix
blob: c18db9fa33dcf5efd4a341949f57000d77d02447 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

{ config, lib, pkgs, ... }:

with config.krebs.lib;

let
  daemon-user = "tor";
  daemon-pw = (import <torrent-secrets/daemon-pw>);
  peer-port = 51412;
  web-port = 8112;
  daemon-port = 58846;
  dl-dir = "/var/download";
in {
  # prepare secrets
  krebs.build.source.torrent-secrets.file =
    if getEnv "dummy_secrets" == "true"
    then toString <stockholm/makefu/6tests/data/secrets>
    else "/home/makefu/secrets/torrent";

  users.users = {
    download = {
      name = "download";
      home = dl-dir;
      uid = genid "download";
      createHome = true;
      useDefaultShell = true;
      group = "download";
      openssh.authorizedKeys.keys = [ ];
    };
  };
  # todo: race condition, do this after download user has been created
  system.activationScripts."download-dir-chmod" = ''
    for i in finished torrents; do
      mkdir -p "${dl-dir}/$i"
      chown download:download "${dl-dir}/$i"
      chmod 770 "${dl-dir}/$i"
    done
  '';

  users.extraGroups = {
    download = {
      gid = genid "download";
      members = [
        config.krebs.build.user.name
        "download"
        "deluge"
      ];
    };
  };

  makefu.deluge = {
    enable = true;
    auth = "${daemon-user}:${daemon-pw}:10";
    # web.enable = true;
    cfg = {
      autoadd_enable = true;
      download_location = dl-dir + "/finished";
      torrentfiles_location = dl-dir + "/torrents"; copy_torrent_file = true;
      lsd = true;
      dht = true;
      upnp = true;
      natpmp = true;
      add_paused = false;
      allow_remote = true;
      remove_seed_at_ratio = false;
      move_completed = false;
      daemon_port = daemon-port;
      listen_ports = [ peer-port peer-port ];
      outgoing_ports = [ peer-port peer-port ];
      # performance tuning
      cache_expiry = 3600;
      stop_seed_at_ratio = true;
    };
  };

  networking.firewall.extraCommands = ''
    iptables -A INPUT -i retiolum -p tcp --dport ${toString daemon-port} -j ACCEPT
  '';

  networking.firewall.allowedTCPPorts = [ peer-port ];
  networking.firewall.allowedUDPPorts = [ peer-port ];
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-01 12:42:07 +0000