summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2022-03-02 16:37:48 +0100
committerlassulus <lassulus@lassul.us>2022-03-02 16:37:48 +0100
commit44a42bb268e163e3fa43fe6ea6c4b979da0f49e9 (patch)
tree0e9475b0a40464b8122ac19ddcc63fe0daab3cd4
parent6002189225e347418f07a99d6a85b033fa0edaf7 (diff)
parent81817007edda4601c95a8f95aa99ce15320e224a (diff)
Merge remote-tracking branch 'gum/master'
-rw-r--r--krebs/3modules/default.nix1
-rw-r--r--krebs/3modules/makefu/default.nix3
-rw-r--r--krebs/3modules/rtorrent.nix348
-rw-r--r--makefu/0tests/data/secrets/hetzner.smb0
-rw-r--r--makefu/1systems/gum/config.nix34
-rw-r--r--makefu/1systems/latte/config.nix28
-rw-r--r--makefu/1systems/omo/config.nix7
-rw-r--r--makefu/1systems/x/config.nix12
-rw-r--r--makefu/2configs/backup/ssh/latte.pub1
-rw-r--r--makefu/2configs/home/ps4srv.nix17
-rw-r--r--makefu/2configs/share/default.nix29
-rw-r--r--makefu/2configs/share/hetzner-client.nix12
-rw-r--r--makefu/2configs/share/omo.nix6
-rw-r--r--makefu/2configs/torrent.nix73
-rw-r--r--makefu/2configs/torrent/rtorrent.nix48
15 files changed, 167 insertions, 452 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index fc57d8188..2d73da884 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -46,7 +46,6 @@ let
./realwallpaper.nix
./repo-sync.nix
./retiolum-bootstrap.nix
- ./rtorrent.nix
./secret.nix
./setuid.nix
./shadow.nix
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 1695db3f5..68484a102 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -153,6 +153,7 @@ in {
extraZones = {
"krebsco.de" = ''
latte.euer IN A ${nets.internet.ip4.addr}
+ rss.euer IN A ${nets.internet.ip4.addr}
'';
};
cores = 4;
@@ -182,6 +183,7 @@ in {
aliases = [
"latte.r"
+ "torrent.latte.r"
];
};
};
@@ -211,7 +213,6 @@ in {
feed.euer IN A ${nets.internet.ip4.addr}
board.euer IN A ${nets.internet.ip4.addr}
etherpad.euer IN A ${nets.internet.ip4.addr}
- rss.euer IN A ${nets.internet.ip4.addr}
mediengewitter IN CNAME over.dose.io.
mon.euer IN A ${nets.internet.ip4.addr}
netdata.euer IN A ${nets.internet.ip4.addr}
diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix
deleted file mode 100644
index 4a96f6203..000000000
--- a/krebs/3modules/rtorrent.nix
+++ /dev/null
@@ -1,348 +0,0 @@
-{ config, lib, pkgs, options, ... }:
-
-with import <stockholm/lib>;
-let
- cfg = config.krebs.rtorrent;
- webcfg = config.krebs.rtorrent.web;
- rucfg = config.krebs.rtorrent.rutorrent;
-
- nginx-user = config.services.nginx.user;
- nginx-group = config.services.nginx.group;
- fpm-socket = config.services.phpfpm.pools.rutorrent.socket;
-
- webdir = rucfg.webdir;
- systemd-logfile = cfg.workDir + "/rtorrent-systemd.log";
-
- # rutorrent requires a couple of binaries to be available to either the
- # rtorrent process or to phpfpm
-
- rutorrent-deps = with pkgs; [ curl php coreutils procps ffmpeg mediainfo ] ++
- (if (config.nixpkgs.config.allowUnfree or false) then
- trace "enabling unfree packages for rutorrent" [ unrar unzip ] else
- trace "not enabling unfree packages for rutorrent because allowUnfree is unset" []);
-
- configFile = pkgs.writeText "rtorrent-config" ''
- # THIS FILE IS AUTOGENERATED
- ${optionalString (cfg.listenPort != null) ''
- port_range = ${toString cfg.listenPort}-${toString cfg.listenPort}
- port_random = no
- ''}
-
- ${optionalString (cfg.watchDir != null) ''
- directory.watch.added = "${cfg.watchDir}", load.start_verbose
- ''}
-
- directory = ${cfg.downloadDir}
- session = ${cfg.sessionDir}
-
- ${optionalString (cfg.enableXMLRPC ) ''
- # prepare socket and set permissions. rtorrent user is part of group nginx
- # TODO: configure a shared torrent group
- execute.nothrow = rm,${cfg.xmlrpc-socket}
- scgi_local = ${cfg.xmlrpc-socket}
- schedule = scgi_permission,0,0,"execute.nothrow=chmod,\"ug+w,o=\",${cfg.xmlrpc-socket}"
- ''}
-
- system.file.allocate.set = ${if cfg.preAllocate then "yes" else "no"}
-
- # Prepare systemd logging
- log.open_file = "rtorrent-systemd", ${systemd-logfile}
- log.add_output = "warn", "rtorrent-systemd"
- log.add_output = "notice", "rtorrent-systemd"
- log.add_output = "info", "rtorrent-systemd"
- # log.add_output = "debug", "rtorrent-systemd"
- ${cfg.extraConfig}
- '';
-
- out = {
- options.krebs.rtorrent = api;
- # This only works because none of the attrsets returns the same key
- config = with lib; mkIf cfg.enable (lib.mkMerge [
- (lib.mkIf webcfg.enable rpcweb-imp)
- # only build rutorrent-imp if webcfg is enabled as well
- (lib.mkIf (webcfg.enable && rucfg.enable) rutorrent-imp)
- imp
- ]);
- };
-
- api = {
- enable = mkEnableOption "rtorrent";
-
- web = {
- # configure NGINX to provide /RPC2 for listen address
- # authentication also applies to rtorrent.rutorrent
- enable = mkEnableOption "rtorrent nginx web RPC";
-
- addr = mkOption {
- type = types.addr4;
- default = "0.0.0.0";
- description = ''
- the address to listen on
- default is 0.0.0.0
- '';
- };
-
- port = mkOption {
- type = types.nullOr types.int;
- description =''
- nginx listen port for rtorrent
- '';
- default = 8006;
- };
-
- basicAuth = mkOption {
- type = types.attrsOf types.str ;
- description = ''
- basic authentication to be used. If unset, no authentication will be
- enabled.
-
- Refer to `services.nginx.virtualHosts.‹name›.basicAuth`
- '';
- default = {};
- };
- };
-
- rutorrent = {
- enable = mkEnableOption "rutorrent"; # requires rtorrent.web.enable
-
- package = mkOption {
- type = types.package;
- description = ''
- path to rutorrent package. When using your own ruTorrent package,
- scgi_port and scgi_host will be patched on startup.
- '';
- default = pkgs.rutorrent;
- };
-
- webdir = mkOption {
- type = types.path;
- description = ''
- rutorrent php files will be written to this folder.
- when using nginx, be aware that the the folder should be readable by nginx.
- because rutorrent does not hold mutable data in a separate folder
- these files must be writable.
- '';
- default = "/var/lib/rutorrent";
- };
-
- };
-
- package = mkOption {
- type = types.package;
- default = pkgs.rtorrent;
- };
-
- # TODO: enable xmlrpc with web.enable
- enableXMLRPC = mkEnableOption "rtorrent xmlrpc via socket";
- xmlrpc-socket = mkOption {
- type = types.str;
- description = ''
- enable xmlrpc at given socket. Required for web-interface.
-
- for documentation see:
- https://github.com/rakshasa/rtorrent/wiki/RPC-Setup-XMLRPC
- '';
- default = cfg.workDir + "/rtorrent.sock";
- };
-
- preAllocate = mkOption {
- type = types.bool;
- description = ''
- Pre-Allocate torrent files
- '';
- default = true;
- };
-
- downloadDir = mkOption {
- type = types.path;
- description = ''
- directory where torrents are stored
- '';
- default = cfg.workDir + "/downloads";
- };
-
- sessionDir = mkOption {
- type = types.path;
- description = ''
- directory where torrent progress is stored
- '';
- default = cfg.workDir + "/rtorrent-session";
- };
-
- watchDir = mkOption {
- type = with types; nullOr str;
- description = ''
- directory to watch for torrent files.
- If unset, no watch directory will be configured
- '';
- default = null;
- };
-
- listenPort = mkOption {
- type = with types; nullOr int;
- description =''
- listening port. if you want multiple ports, use extraConfig port_range
- '';
- };
-
- extraConfig = mkOption {
- type = types.lines;
- description = ''
- config to be placed into ${cfg.workDir}/.rtorrent.rc
-
- see ${cfg.package}/share/doc/rtorrent/rtorrent.rc
- '';
- example = literalExample ''
- log.execute = ${cfg.workDir}/execute.log
- log.xmlrpc = ${cfg.workDir}/xmlrpc.log
- '';
- default = "";
- };
-
- user = mkOption {
- description = ''
- user which will run rtorrent. if kept default a new user will be created
- '';
- type = types.str;
- default = "rtorrent";
- };
-
- workDir = mkOption {
- description = ''
- working directory. rtorrent will search in HOME for `.rtorrent.rc`
- '';
- type = types.str;
- default = "/var/lib/rtorrent";
- };
-
- };
-
- imp = {
- systemd.services = {
- rtorrent-daemon = {
- description = "rtorrent headless";
- after = [ "network.target" ];
- wantedBy = [ "multi-user.target" ];
- restartIfChanged = true;
- serviceConfig = {
- Type = "forking";
- ExecStartPre = pkgs.writeDash "prepare-folder" ''
- mkdir -p ${cfg.workDir} ${cfg.sessionDir}
- chmod 770 ${cfg.workDir} ${cfg.sessionDir}
- touch ${systemd-logfile}
- cp -f ${configFile} ${cfg.workDir}/.rtorrent.rc
- '';
- ExecStart = "${pkgs.tmux}/bin/tmux new-session -s rt -n rtorrent -d 'PATH=/bin:/usr/bin:${makeBinPath rutorrent-deps} ${cfg.package}/bin/rtorrent'";
- Restart = "always";
- RestartSec = "10";
-
- ## you can simply sudo -u rtorrent tmux a if privateTmp is set to false
- ## otherwise the tmux session is stored in some private folder in /tmp
- PrivateTmp = false;
-
- WorkingDirectory = cfg.workDir;
- User = "${cfg.user}";
- };
- };
- rtorrent-log = {
- after = [ "rtorrent-daemon.service" ];
- bindsTo = [ "rtorrent-daemon.service" ];
- wantedBy = [ "rtorrent-daemon.service" ];
- serviceConfig = {
- ExecStart = "${pkgs.coreutils}/bin/tail -f ${systemd-logfile}";
- User = "${cfg.user}";
- };
- };
- } // (optionalAttrs webcfg.enable {
- rutorrent-prepare = {
- after = [ "rtorrent-daemon.service" ];
- wantedBy = [ "rtorrent-daemon.service" ];
- serviceConfig = {
- Type = "oneshot";
- # we create the folder and set the permissions to allow nginx
- # TODO: update files if the version of rutorrent changed
- ExecStart = pkgs.writeDash "create-webconfig-dir" ''
- if [ ! -e ${webdir} ];then
- echo "creating webconfiguration directory for rutorrent: ${webdir}"
- cp -vr ${rucfg.package} ${webdir}
- echo "setting permissions for webdir to ${cfg.user}:${nginx-group}"
- chown -R ${cfg.user}:${nginx-group} ${webdir}
- chmod -R 770 ${webdir}
- else
- echo "not overwriting ${webdir}"
-
- fi
- echo "updating xmlrpc-socket with unix://${cfg.xmlrpc-socket}"
- sed -i -e 's#^\s*$scgi_port.*#$scgi_port = 0;#' \
- -e 's#^\s*$scgi_host.*#$scgi_host = "unix://${cfg.xmlrpc-socket}";#' \
- "${webdir}/conf/config.php"
- '';
- };
- };
- })
- // (optionalAttrs rucfg.enable { });
-
- users = lib.mkIf (cfg.user == "rtorrent") {
- users.rtorrent = {
- uid = genid "rtorrent";
- home = cfg.workDir;
- group = nginx-group; # required for rutorrent to work
- shell = "/bin/sh"; #required for tmux
- isSystemUser = true;
- createHome = true;
- };
- groups.rtorrent.gid = genid "rtorrent";
- };
- };
-
- rpcweb-imp = {
- services.nginx.enable = mkDefault true;
- services.nginx.virtualHosts.rtorrent = {
- default = mkDefault true;
- inherit (webcfg) basicAuth;
- root = optionalString rucfg.enable webdir;
- listen = [ { inherit (webcfg) addr port; } ];
-
- locations = {
- "/RPC2".extraConfig = ''
- include ${pkgs.nginx}/conf/scgi_params;
- scgi_param SCRIPT_NAME /RPC2;
- scgi_pass unix:${cfg.xmlrpc-socket};
- '';
- } // (optionalAttrs rucfg.enable {
- "~ \.php$".extraConfig = ''
- client_max_body_size 200M;
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:${fpm-socket};
- try_files $uri =404;
- fastcgi_index index.php;
- include ${pkgs.nginx}/conf/fastcgi_params;
- include ${pkgs.nginx}/conf/fastcgi.conf;
- ''; }
- );
- };
- };
-
- rutorrent-imp = {
- services.phpfpm = {
- pools.rutorrent = {
- user = nginx-user;
- group = nginx-group;
- phpEnv.PATH = makeBinPath rutorrent-deps;
-
- settings = {
- "listen.owner" = nginx-user;
- "pm" = "dynamic";
- "pm.max_children" = 5;
- "pm.start_servers" = 2;
- "pm.min_spare_servers" = 1;
- "pm.max_spare_servers" = 3;
- "chdir" = "/";
- "php_admin_value[error_log]" = "stderr";
- "php_admin_flag[log_errors]" = "on";
- "catch_workers_output" = "yes";
- };
- };
- };
- };
-in out
diff --git a/makefu/0tests/data/secrets/hetzner.smb b/makefu/0tests/data/secrets/hetzner.smb
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/makefu/0tests/data/secrets/hetzner.smb
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index a9d9b661f..089fc8e9f 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -23,11 +23,12 @@ in {
}
<stockholm/makefu/2configs/nur.nix>
<stockholm/makefu/2configs/support-nixos.nix>
- <stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix>
<stockholm/makefu/2configs/nix-community/supervision.nix>
<stockholm/makefu/2configs/home-manager>
<stockholm/makefu/2configs/home-manager/cli.nix>
# <stockholm/makefu/2configs/stats/client.nix>
+ <stockholm/makefu/2configs/share>
+ <stockholm/makefu/2configs/share/hetzner-client.nix>
# <stockholm/makefu/2configs/stats/netdata-server.nix>
<stockholm/makefu/2configs/headless.nix>
@@ -56,13 +57,13 @@ in {
<stockholm/makefu/2configs/tinc/retiolum.nix>
{ # bonus retiolum config for connecting more hosts
krebs.tinc.retiolum = {
- extraConfig = lib.mkForce ''
- ListenAddress = ${external-ip} 53
- ListenAddress = ${external-ip} 655
- ListenAddress = ${external-ip} 21031
- StrictSubnets = yes
- LocalDiscovery = no
- '';
+ #extraConfig = lib.mkForce ''
+ # ListenAddress = ${external-ip} 53
+ # ListenAddress = ${external-ip} 655
+ # ListenAddress = ${external-ip} 21031
+ # StrictSubnets = yes
+ # LocalDiscovery = no
+ #'';
connectTo = [
"prism" "ni" "enklave" "eve" "dishfire"
];
@@ -106,7 +107,7 @@ in {
# sharing
<stockholm/makefu/2configs/share/gum.nix> # samba sahre
- <stockholm/makefu/2configs/torrent.nix>
+ <stockholm/makefu/2configs/torrent/rtorrent.nix>
# <stockholm/makefu/2configs/sickbeard>
<stockholm/makefu/2configs/bitwarden.nix>
@@ -114,7 +115,7 @@ in {
#<stockholm/makefu/2configs/retroshare.nix>
## <stockholm/makefu/2configs/ipfs.nix>
#<stockholm/makefu/2configs/syncthing.nix>
- <stockholm/makefu/2configs/sync>
+ # <stockholm/makefu/2configs/sync>
# <stockholm/makefu/2configs/opentracker.nix>
@@ -125,9 +126,8 @@ in {
{ makefu.backup.server.repo = "/var/backup/borg"; }
<stockholm/makefu/2configs/backup/server.nix>
<stockholm/makefu/2configs/backup/state.nix>
- <stockholm/makefu/2configs/bitlbee.nix>
<stockholm/makefu/2configs/wireguard/server.nix>
- <stockholm/makefu/2configs/wireguard/wiregrill.nix>
+ # <stockholm/makefu/2configs/wireguard/wiregrill.nix>
{ # recent changes mediawiki bot
networking.firewall.allowedUDPPorts = [ 5005 5006 ];
@@ -150,13 +150,12 @@ in {
# <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
<stockholm/makefu/2configs/deployment/graphs.nix>
- <stockholm/makefu/2configs/deployment/owncloud.nix>
+ #<stockholm/makefu/2configs/deployment/owncloud.nix>
<stockholm/makefu/2configs/deployment/board.euer.krebsco.de.nix>
- <stockholm/makefu/2configs/deployment/rss.euer.krebsco.de.nix>
#<stockholm/makefu/2configs/deployment/feed.euer.krebsco.de>
<stockholm/makefu/2configs/deployment/boot-euer.nix>
<stockholm/makefu/2configs/deployment/gecloudpad>
- <stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix>
+ #<stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix>
<stockholm/makefu/2configs/deployment/mediengewitter.de.nix>
<stockholm/makefu/2configs/bgt/etherpad.euer.krebsco.de.nix>
# <stockholm/makefu/2configs/deployment/systemdultras-rss.nix>
@@ -182,14 +181,15 @@ in {
## Temporary:
# <stockholm/makefu/2configs/temp/rst-issue.nix>
- <stockholm/makefu/2configs/virtualisation/docker.nix>
+ # <stockholm/makefu/2configs/virtualisation/docker.nix>
#<stockholm/makefu/2configs/virtualisation/libvirt.nix>
# krebs infrastructure services
# <stockholm/makefu/2configs/stats/server.nix>
];
- makefu.dl-dir = "/var/download";
+ # makefu.dl-dir = "/var/download";
+ makefu.dl-dir = "/media/cloud/download";
services.openssh.hostKeys = lib.mkForce [
{ bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix
index fdd3df192..2828aea08 100644
--- a/makefu/1systems/latte/config.nix
+++ b/makefu/1systems/latte/config.nix
@@ -29,10 +29,29 @@ in {
<stockholm/makefu/2configs/remote-build/slave.nix>
# Storage
+ <stockholm/makefu/2configs/share>
<stockholm/makefu/2configs/share/hetzner-client.nix>
# Services:
<stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix>
+ <stockholm/makefu/2configs/torrent/rtorrent.nix>
+ ## Web
+ <stockholm/makefu/2configs/deployment/rss.euer.krebsco.de.nix>
+ <stockholm/makefu/2configs/deployment/owncloud.nix>
+ ### Moving owncloud data dir to /media/cloud/nextcloud-data
+ {
+ users.users.nextcloud.extraGroups = [ "download" ];
+ # nextcloud-setup fails as it cannot set permissions for nextcloud
+ systemd.services.nextcloud-setup.serviceConfig.SuccessExitStatus = "0 1";
+ fileSystems."/var/lib/nextcloud/data" = {
+ device = "/media/cloud/nextcloud-data";
+ options = [ "bind" ];
+ };
+ }
+
+ # local usage:
+ <stockholm/makefu/2configs/mosh.nix>
+ <stockholm/makefu/2configs/bitlbee.nix>
# Supervision
<stockholm/makefu/2configs/nix-community/supervision.nix>
@@ -40,9 +59,9 @@ in {
# Krebs
<stockholm/makefu/2configs/tinc/retiolum.nix>
- #<stockholm/makefu/2configs/home-manager>
- # configure your hw:
- # <stockholm/makefu/2configs/torrent.nix>
+ # backup
+ <stockholm/makefu/2configs/backup/state.nix>
+
];
krebs = {
@@ -50,4 +69,7 @@ in {
build.host = config.krebs.hosts.latte;
};
+ makefu.dl-dir = "/media/cloud/download";
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+
}
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index 3a216ea76..42f335264 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -43,14 +43,18 @@ in {
<stockholm/makefu/2configs/tools/dev.nix>
<stockholm/makefu/2configs/tools/desktop.nix>
<stockholm/makefu/2configs/tools/mobility.nix>
+ <stockholm/makefu/2configs/tools/consoles.nix>
#<stockholm/makefu/2configs/graphite-standalone.nix>
#<stockholm/makefu/2configs/share-user-sftp.nix>
<stockholm/makefu/2configs/urlwatch>
# <stockholm/makefu/2configs/legacy_only.nix>
+ <stockholm/makefu/2configs/share>
<stockholm/makefu/2configs/share/omo.nix>
<stockholm/makefu/2configs/share/gum-client.nix>
+ <stockholm/makefu/2configs/share/hetzner-client.nix>
+ <stockholm/makefu/2configs/sync>
<stockholm/makefu/2configs/dcpp/airdcpp.nix>
{ krebs.airdcpp.dcpp.shares = let
d = path: "/media/cryptX/${path}";
@@ -96,6 +100,8 @@ in {
<stockholm/makefu/2configs/home/music.nix>
<stockholm/makefu/2configs/home/photoprism.nix>
+ <stockholm/makefu/2configs/home/tonie.nix>
+ <stockholm/makefu/2configs/home/ps4srv.nix>
# <stockholm/makefu/2configs/home/metube.nix>
<stockholm/makefu/2configs/home/ham>
<stockholm/makefu/2configs/home/zigbee2mqtt>
@@ -104,6 +110,7 @@ in {
enable = true;
servedir = "/media/cryptX/emu/ps3";
};
+ users.users.makefu.packages = [ pkgs.pkgrename ];
}
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 224277861..3edfcecc1 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -137,6 +137,8 @@
# <stockholm/makefu/2configs/share/anon-ftp.nix>
# <stockholm/makefu/2configs/share/anon-sftp.nix>
<stockholm/makefu/2configs/share/gum-client.nix>
+ <stockholm/makefu/2configs/share/hetzner-client.nix>
+ <stockholm/makefu/2configs/share>
# <stockholm/makefu/2configs/share/temp-share-samba.nix>
@@ -145,6 +147,7 @@
<stockholm/makefu/2configs/mail-client.nix>
<stockholm/makefu/2configs/printer.nix>
# <stockholm/makefu/2configs/syncthing.nix>
+ <stockholm/makefu/2configs/sync>
# Virtualization
# <stockholm/makefu/2configs/virtualisation/libvirt.nix>
@@ -167,7 +170,7 @@
# <stockholm/makefu/2configs/remote-build/gum.nix>
# { nixpkgs.overlays = [ (self: super: super.prefer-remote-fetch self super) ]; }
- <stockholm/makefu/2configs/binary-cache/gum.nix>
+ # <stockholm/makefu/2configs/binary-cache/gum.nix>
<stockholm/makefu/2configs/binary-cache/lass.nix>
@@ -223,7 +226,8 @@
krebs.build.host = config.krebs.hosts.x;
- krebs.tinc.retiolum.connectTo = [ "omo" "prism" "nextgum" "wbob" ];
+ #krebs.tinc.retiolum.connectTo = lib.mkForce [ "gum" ];
+ #krebs.tinc.retiolum.extraConfig = "AutoConnect = no";
environment.systemPackages = [ pkgs.passwdqc-utils ];
@@ -245,6 +249,6 @@
"/home/makefu/.config/syncthing"
];
- services.syncthing.user = lib.mkForce "makefu";
- services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
+ # services.syncthing.user = lib.mkForce "makefu";
+ # services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
}
diff --git a/makefu/2configs/backup/ssh/latte.pub b/makefu/2configs/backup/ssh/latte.pub
new file mode 100644
index 000000000..52d56d956
--- /dev/null
+++ b/makefu/2configs/backup/ssh/latte.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x
diff --git a/makefu/2configs/home/ps4srv.nix b/makefu/2configs/home/ps4srv.nix
new file mode 100644
index 000000000..cb1864fae
--- /dev/null
+++ b/makefu/2configs/home/ps4srv.nix
@@ -0,0 +1,17 @@
+let
+ internal-ip = "192.168.111.11";
+in
+{
+ services.nginx.virtualHosts."ps4srv" = {
+ serverAliases = [
+ "ps4srv.lan"
+ ];
+
+ locations."/".root = "/media/cryptX/emu/ps4";
+ extraConfig = ''
+ if ( $server_addr != "${internal-ip}" ) {
+ return 403;
+ }
+ '';
+ };
+}
diff --git a/makefu/2configs/share/default.nix b/makefu/2configs/share/default.nix
new file mode 100644
index 000000000..a1ad349b9
--- /dev/null
+++ b/makefu/2configs/share/default.nix
@@ -0,0 +1,29 @@
+{ config, lib, ... }:
+with import <stockholm/lib>;
+let
+ base-dir = config.services.rtorrent.downloadDir;
+in {
+ users.users = {
+ download = {
+ name = "download";
+ home = base-dir;
+ isNormalUser = true;
+ uid = mkDefault (genid "download");
+ createHome = false;
+ useDefaultShell = true;
+ group = "download";
+ openssh.authorizedKeys.keys = [ ];
+ };
+ };
+
+ users.groups = {
+ download = {
+ gid = lib.mkDefault (genid "download");
+ members = [
+ config.krebs.build.user.name
+ "download"
+ ];
+ };
+ };
+
+}
diff --git a/makefu/2configs/share/hetzner-client.nix b/makefu/2configs/share/hetzner-client.nix
index e59698063..90bc32deb 100644
--- a/makefu/2configs/share/hetzner-client.nix
+++ b/makefu/2configs/share/hetzner-client.nix
@@ -1,5 +1,6 @@
{ config, lib, pkgs, ... }:
+with <stockholm/lib>;
let
automount_opts =
[ "x-systemd.automount"
@@ -10,14 +11,16 @@ let
host = "u288834.your-storagebox.de";
in {
boot.kernel.sysctl."net.ipv6.route.max_size" = 2147483647;
+
fileSystems."/media/cloud" = {
device = "//${host}/backup";
fsType = "cifs";
options = automount_opts ++
- [ "credentials=/var/src/secrets/hetzner.smb"
- "file_mode=0775"
- "dir_mode=0775"
- "uid=9001"
+ [ "credentials=${toString <secrets/hetzner.smb>}"
+ "file_mode=0770"
+ "dir_mode=0770"
+ "uid=${toString config.users.users.download.uid}"
+ "gid=${toString config.users.groups.download.gid}"
#"vers=3"
"vers=2.1"
"rsize=65536"
@@ -25,5 +28,4 @@ in {
"iocharset=utf8"
];
};
-
}
diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix
index 93536b63d..e53158b8f 100644
--- a/makefu/2configs/share/omo.nix
+++ b/makefu/2configs/share/omo.nix
@@ -32,6 +32,12 @@ in {
browseable = "yes";
"guest ok" = "yes";
};
+ movies = {
+ path = "/media/cryptX/movies";
+ "read only" = "yes";
+ browseable = "yes";
+ "guest ok" = "yes";
+ };
audiobook = {
path = "/media/crypt1/audiobooks";
"read only" = "yes";
diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix
deleted file mode 100644
index 74f1e5fe8..000000000
--- a/makefu/2configs/torrent.nix
+++ /dev/null
@@ -1,73 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-let
- basicAuth = import <torrent-secrets/auth.nix>;
- peer-port = 51412;
- web-port = 8112;
- daemon-port = 58846;
- base-dir = config.krebs.rtorrent.workDir;
-in {
-
- users.users = {
- download = {
- name = "download";
- home = base-dir;
- uid = mkDefault (genid "download");
- createHome = true;
- useDefaultShell = true;
- group = "download";
- openssh.authorizedKeys.keys = [ ];
- };
- };
-
- users.extraGroups = {
- download = {
- gid = lib.mkDefault (genid "download");
- members = [
- config.krebs.build.user.name
- "download"
- "rtorrent"
- "nginx"
- ];
- };
- rtorrent.members = [ "download" ];
- };
-
- krebs.rtorrent = let
- d = config.makefu.dl-dir;
- in {
- enable = true;
- web = {
- enable = true;
- port = web-port;
- inherit basicAuth;
- };
- rutorrent.enable = true;
- enableXMLRPC = true;
- listenPort = peer-port;
- downloadDir = d + "/finished/incoming";
- watchDir = d + "/watch";
- # TODO: maybe test out multiple watch dirs with tags: https://github.com/rakshasa/rtorrent/wiki/TORRENT-Watch-directories
- extraConfig = ''
- # log.add_output = "debug", "rtorrent-systemd"
- # log.add_output = "dht_debug", "rtorrent-systemd"
- # log.add_output = "tracker_debug", "rtorrent-systemd"
- log.add_output = "rpc_events", "rtorrent-systemd"
- # log.add_output = "rpc_dump", "rtorrent-systemd"
- system.daemon.set = true
- '';
- # dump old torrents into watch folder to have them re-added
- };
-
- services.nginx.virtualHosts."torrent.${config.krebs.build.host.name}.r".locations."/" = { proxyPass = "http://localhost:${toString web-port}/"; };
-
- networking.firewall.extraCommands = ''
- iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT
- '';
-
- networking.firewall.allowedTCPPorts = [ peer-port ];
- networking.firewall.allowedUDPPorts = [ peer-port ];
- state = [ config.krebs.rtorrent.sessionDir ]; # state which torrents were loaded
-}
diff --git a/makefu/2configs/torrent/rtorrent.nix b/makefu/2configs/torrent/rtorrent.nix
new file mode 100644
index 000000000..79325bfc7
--- /dev/null
+++ b/makefu/2configs/torrent/rtorrent.nix
@@ -0,0 +1,48 @@
+{ config, lib, pkgs, ... }:
+
+let
+ basicAuth = import <torrent-secrets/auth.nix>;
+ peer-port = 51412;
+ web-port = 8112;
+ daemon-port = 58846;
+ dldir = config.makefu.dl-dir;
+in {
+ services.rtorrent.enable = true;
+ services.rtorrent.user = "rtorrent";
+ services.rtorrent.group = "download";
+ services.rtorrent.downloadDir = dldir;
+ services.rtorrent.configText = ''
+ schedule2 = watch_start, 10, 10, ((load.start, (cat, (cfg.watch), "/media/cloud/watch/*.torrent")))
+ '';
+
+ services.rtorrent.openFirewall = true;
+
+ systemd.services.flood = {
+ wantedBy = [ "multi-user.target" ];
+ wants = [ "rtorrent.service" ];
+ after = [ "rtorrent.service" ];
+ serviceConfig = {
+ User = "rtorrent";
+ ExecStart = "${pkgs.nodePackages.flood}/bin/flood --auth none --port ${toString web-port} --rtsocket ${config.services.rtorrent.rpcSocket}";
+ };
+ };
+
+ #security.acme.certs."torrent.${config.krebs.build.host.name}.r".server = config.krebs.ssl.acmeURL;
+
+ services.nginx = {
+ enable = true;
+ virtualHosts."torrent.${config.krebs.build.host.name}.r" = {
+ # TODO
+ inherit basicAuth;
+ #enableACME = true;
+ #addSSL = true;
+ root = "${pkgs.nodePackages.flood}/lib/node_modules/flood/dist/assets";
+ locations."/api".extraConfig = ''
+ proxy_pass http://localhost:${toString web-port};
+ '';
+ locations."/".extraConfig = ''
+ try_files $uri /index.html;
+ '';
+ };
+ };