summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/dcpp
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2023-07-28 22:24:15 +0200
committermakefu <github@syntax-fehler.de>2023-07-28 22:24:15 +0200
commit060a8f28fa1fc648bdf66afb31a5d1efac868837 (patch)
tree2b354eacc7897365ee45244fe7a51720e0d0333f /makefu/2configs/dcpp
parentcbfcc890e3b76d942b927809bf981a5fa7289e6a (diff)
makefu: move out to own repo, add vacation-note
Diffstat (limited to 'makefu/2configs/dcpp')
-rw-r--r--makefu/2configs/dcpp/airdcpp.nix49
-rw-r--r--makefu/2configs/dcpp/client.nix9
-rw-r--r--makefu/2configs/dcpp/hub.nix121
3 files changed, 0 insertions, 179 deletions
diff --git a/makefu/2configs/dcpp/airdcpp.nix b/makefu/2configs/dcpp/airdcpp.nix
deleted file mode 100644
index 60ed6826d..000000000
--- a/makefu/2configs/dcpp/airdcpp.nix
+++ /dev/null
@@ -1,49 +0,0 @@
-{ config, ... }:
-{
- krebs.airdcpp = {
- enable = true;
- extraGroups = [ "download" ];
- web.port = 5600;
- web.users.makefu.password = builtins.readFile <secrets/airdcpp-makefu.pw>; # watch out for newline!
- hubs."krebshub" =
- { Nick = "makefu-${config.krebs.build.host.name}";
- Password = builtins.readFile <secrets/krebshub.pw>;
- Server = "adcs://hub.nsupdate.info:1511";
- AutoConnect = true;
- };
- dcpp = {
- shares = {
- # Incoming must be writeable!
- incoming = { path = config.makefu.dl-dir + "/finished/dcpp"; incoming = true; };
- audiobooks.path = config.makefu.dl-dir + "/finished/audiobooks";
- };
- Nick = "makefu";
- DownloadSpeed = "1000";
- UploadSpeed = "1000";
- };
- };
- networking.firewall.allowedTCPPorts =
- [ config.krebs.airdcpp.dcpp.InPort
- config.krebs.airdcpp.dcpp.TLSPort
- ];
- networking.firewall.allowedUDPPorts = [ config.krebs.airdcpp.dcpp.UDPPort ];
-
- services.nginx.virtualHosts."dcpp.${config.krebs.build.host.name}.r".locations."/" =
- { proxyPass = "http://localhost:${toString config.krebs.airdcpp.web.port}/";
-
- extraConfig = ''
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- gzip_types text/plain application/javascript;
-
- # Proxy websockets
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
-
- '';
- };
- state = map (f: "${config.krebs.airdcpp.stateDir}/${f}")
- [ "Favorites.xml" "DCPlusPlus.xml" "WebServer.xml" "Recents.xml" "IgnoredUsers.xml" ];
-}
diff --git a/makefu/2configs/dcpp/client.nix b/makefu/2configs/dcpp/client.nix
deleted file mode 100644
index 3b27778e5..000000000
--- a/makefu/2configs/dcpp/client.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ pkgs, ... }:
-{ # ncdc
- environment.systemPackages = [ pkgs.ncdc ];
- networking.firewall = {
- allowedUDPPorts = [ 51411 ];
- allowedTCPPorts = [ 51411 ];
- };
-}
-
diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix
deleted file mode 100644
index f0aac3f32..000000000
--- a/makefu/2configs/dcpp/hub.nix
+++ /dev/null
@@ -1,121 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-# search also generates ddclient entries for all other logs
-
-with import <stockholm/lib>;
-let
- ddclientUser = "ddclient";
- sec = toString <secrets>;
- nsupdate = import "${sec}/nsupdate-hub.nix";
- stateDir = "/var/spool/ddclient";
- cfg = "${stateDir}/cfg";
- ext-if = config.makefu.server.primary-itf;
- ddclientPIDFile = "${stateDir}/ddclient.pid";
-
- # TODO: correct cert generation requires a `real` internet ip address
-
- gen-cfg = dict: ''
- ssl=yes
- cache=${stateDir}/ddclient.cache
- pid=${ddclientPIDFile}
- ${concatStringsSep "\n" (mapAttrsToList (user: pass: ''
-
- protocol=dyndns2
- use=web, web=http://ipv4.nsupdate.info/myip
- ssl=yes
- server=ipv4.nsupdate.info
- login=${user}
- password='${pass}'
- ${user}
-
- '') dict)}
- '';
- uhubDir = "/var/lib/uhub";
-
-in {
- users.users."${ddclientUser}" = {
- uid = genid "ddclient";
- description = "ddclient daemon user";
- home = stateDir;
- isSystemUser = true;
- createHome = true;
- group = ddclientUser;
- };
- users.groups.${ddclientUser} = {};
-
- systemd.services = {
- ddclient-nsupdate-uhub = {
- wantedBy = [ "multi-user.target" ];
- after = [ "ip-up.target" ];
- serviceConfig = {
- Type = "forking";
- User = ddclientUser;
- PIDFile = ddclientPIDFile;
- ExecStartPre = pkgs.writeDash "init-nsupdate" ''
- cp -vf ${pkgs.writeText "ddclient-config" (gen-cfg nsupdate)} ${cfg}
- chmod 700 ${cfg}
- '';
- ExecStart = "${pkgs.ddclient}/bin/ddclient -verbose -daemon 1 -noquiet -file ${cfg}";
- };
- };
- };
-
- networking.firewall.extraCommands = ''
- iptables -A PREROUTING -t nat -i ${ext-if} -p tcp --dport 411 -j REDIRECT --to-port 1511
- '';
- systemd.services.uhub-home.serviceConfig = {
- PrivateTmp = true;
- DynamicUser = lib.mkForce false;
- User = "uhub";
- WorkingDirectory = uhubDir;
- PermissionsStartOnly = true;
- ExecStartPre = pkgs.writeDash "uhub-pre" ''
- cp -f ${toString <secrets/wildcard.krebsco.de.crt>} ${uhubDir}/uhub.crt
- cp -f ${toString <secrets/wildcard.krebsco.de.key>} ${uhubDir}/uhub.key
- if test -d ${uhubDir};then
- echo "Directory ${uhubDir} already exists, skipping db init"
- else
- echo "Copying sql user db"
- cp ${toString <secrets/uhub.sql>} ${uhubDir}/uhub.sql
- fi
- chown -R uhub ${uhubDir}
- '';
-
- };
- users.users.uhub = {
- home = uhubDir;
- createHome = true;
- isSystemUser = true;
- group = "uhub";
- };
- users.groups.uhub = {};
-
- services.uhub.home = {
- enable = true;
- enableTLS = true;
- settings = {
- server_port = 1511;
- server_bind_addr = "any";
- hub_name = "krebshub";
- tls_certificate = "${uhubDir}/uhub.crt";
- tls_private_key = "${uhubDir}/uhub.key";
- registered_users_only = true;
- };
- plugins = [
- {
- plugin = "${pkgs.uhub}/plugins/mod_auth_sqlite.so";
- settings.file = "${uhubDir}/uhub.sql";
- }
- {
- plugin = "${pkgs.uhub}/plugins/mod_welcome.so";
- settings.motd = toString (pkgs.writeText "motd" "shareit");
- settings.rules = toString (pkgs.writeText "rules" "1. Don't be an asshole");
- }
- {
- plugin = "${pkgs.uhub}/plugins/mod_chat_history.so";
- settings = {};
- }
- ];
- };
- networking.firewall.allowedTCPPorts = [ 411 1511 ];
-}