diff options
author | makefu <github@syntax-fehler.de> | 2023-07-28 22:24:15 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2023-07-28 22:24:15 +0200 |
commit | 060a8f28fa1fc648bdf66afb31a5d1efac868837 (patch) | |
tree | 2b354eacc7897365ee45244fe7a51720e0d0333f /makefu/2configs/dcpp | |
parent | cbfcc890e3b76d942b927809bf981a5fa7289e6a (diff) |
makefu: move out to own repo, add vacation-note
Diffstat (limited to 'makefu/2configs/dcpp')
-rw-r--r-- | makefu/2configs/dcpp/airdcpp.nix | 49 | ||||
-rw-r--r-- | makefu/2configs/dcpp/client.nix | 9 | ||||
-rw-r--r-- | makefu/2configs/dcpp/hub.nix | 121 |
3 files changed, 0 insertions, 179 deletions
diff --git a/makefu/2configs/dcpp/airdcpp.nix b/makefu/2configs/dcpp/airdcpp.nix deleted file mode 100644 index 60ed6826d..000000000 --- a/makefu/2configs/dcpp/airdcpp.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ config, ... }: -{ - krebs.airdcpp = { - enable = true; - extraGroups = [ "download" ]; - web.port = 5600; - web.users.makefu.password = builtins.readFile <secrets/airdcpp-makefu.pw>; # watch out for newline! - hubs."krebshub" = - { Nick = "makefu-${config.krebs.build.host.name}"; - Password = builtins.readFile <secrets/krebshub.pw>; - Server = "adcs://hub.nsupdate.info:1511"; - AutoConnect = true; - }; - dcpp = { - shares = { - # Incoming must be writeable! - incoming = { path = config.makefu.dl-dir + "/finished/dcpp"; incoming = true; }; - audiobooks.path = config.makefu.dl-dir + "/finished/audiobooks"; - }; - Nick = "makefu"; - DownloadSpeed = "1000"; - UploadSpeed = "1000"; - }; - }; - networking.firewall.allowedTCPPorts = - [ config.krebs.airdcpp.dcpp.InPort - config.krebs.airdcpp.dcpp.TLSPort - ]; - networking.firewall.allowedUDPPorts = [ config.krebs.airdcpp.dcpp.UDPPort ]; - - services.nginx.virtualHosts."dcpp.${config.krebs.build.host.name}.r".locations."/" = - { proxyPass = "http://localhost:${toString config.krebs.airdcpp.web.port}/"; - - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - gzip_types text/plain application/javascript; - - # Proxy websockets - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - ''; - }; - state = map (f: "${config.krebs.airdcpp.stateDir}/${f}") - [ "Favorites.xml" "DCPlusPlus.xml" "WebServer.xml" "Recents.xml" "IgnoredUsers.xml" ]; -} diff --git a/makefu/2configs/dcpp/client.nix b/makefu/2configs/dcpp/client.nix deleted file mode 100644 index 3b27778e5..000000000 --- a/makefu/2configs/dcpp/client.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ pkgs, ... }: -{ # ncdc - environment.systemPackages = [ pkgs.ncdc ]; - networking.firewall = { - allowedUDPPorts = [ 51411 ]; - allowedTCPPorts = [ 51411 ]; - }; -} - diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix deleted file mode 100644 index f0aac3f32..000000000 --- a/makefu/2configs/dcpp/hub.nix +++ /dev/null @@ -1,121 +0,0 @@ -{ config, lib, pkgs, ... }: - -# search also generates ddclient entries for all other logs - -with import <stockholm/lib>; -let - ddclientUser = "ddclient"; - sec = toString <secrets>; - nsupdate = import "${sec}/nsupdate-hub.nix"; - stateDir = "/var/spool/ddclient"; - cfg = "${stateDir}/cfg"; - ext-if = config.makefu.server.primary-itf; - ddclientPIDFile = "${stateDir}/ddclient.pid"; - - # TODO: correct cert generation requires a `real` internet ip address - - gen-cfg = dict: '' - ssl=yes - cache=${stateDir}/ddclient.cache - pid=${ddclientPIDFile} - ${concatStringsSep "\n" (mapAttrsToList (user: pass: '' - - protocol=dyndns2 - use=web, web=http://ipv4.nsupdate.info/myip - ssl=yes - server=ipv4.nsupdate.info - login=${user} - password='${pass}' - ${user} - - '') dict)} - ''; - uhubDir = "/var/lib/uhub"; - -in { - users.users."${ddclientUser}" = { - uid = genid "ddclient"; - description = "ddclient daemon user"; - home = stateDir; - isSystemUser = true; - createHome = true; - group = ddclientUser; - }; - users.groups.${ddclientUser} = {}; - - systemd.services = { - ddclient-nsupdate-uhub = { - wantedBy = [ "multi-user.target" ]; - after = [ "ip-up.target" ]; - serviceConfig = { - Type = "forking"; - User = ddclientUser; - PIDFile = ddclientPIDFile; - ExecStartPre = pkgs.writeDash "init-nsupdate" '' - cp -vf ${pkgs.writeText "ddclient-config" (gen-cfg nsupdate)} ${cfg} - chmod 700 ${cfg} - ''; - ExecStart = "${pkgs.ddclient}/bin/ddclient -verbose -daemon 1 -noquiet -file ${cfg}"; - }; - }; - }; - - networking.firewall.extraCommands = '' - iptables -A PREROUTING -t nat -i ${ext-if} -p tcp --dport 411 -j REDIRECT --to-port 1511 - ''; - systemd.services.uhub-home.serviceConfig = { - PrivateTmp = true; - DynamicUser = lib.mkForce false; - User = "uhub"; - WorkingDirectory = uhubDir; - PermissionsStartOnly = true; - ExecStartPre = pkgs.writeDash "uhub-pre" '' - cp -f ${toString <secrets/wildcard.krebsco.de.crt>} ${uhubDir}/uhub.crt - cp -f ${toString <secrets/wildcard.krebsco.de.key>} ${uhubDir}/uhub.key - if test -d ${uhubDir};then - echo "Directory ${uhubDir} already exists, skipping db init" - else - echo "Copying sql user db" - cp ${toString <secrets/uhub.sql>} ${uhubDir}/uhub.sql - fi - chown -R uhub ${uhubDir} - ''; - - }; - users.users.uhub = { - home = uhubDir; - createHome = true; - isSystemUser = true; - group = "uhub"; - }; - users.groups.uhub = {}; - - services.uhub.home = { - enable = true; - enableTLS = true; - settings = { - server_port = 1511; - server_bind_addr = "any"; - hub_name = "krebshub"; - tls_certificate = "${uhubDir}/uhub.crt"; - tls_private_key = "${uhubDir}/uhub.key"; - registered_users_only = true; - }; - plugins = [ - { - plugin = "${pkgs.uhub}/plugins/mod_auth_sqlite.so"; - settings.file = "${uhubDir}/uhub.sql"; - } - { - plugin = "${pkgs.uhub}/plugins/mod_welcome.so"; - settings.motd = toString (pkgs.writeText "motd" "shareit"); - settings.rules = toString (pkgs.writeText "rules" "1. Don't be an asshole"); - } - { - plugin = "${pkgs.uhub}/plugins/mod_chat_history.so"; - settings = {}; - } - ]; - }; - networking.firewall.allowedTCPPorts = [ 411 1511 ]; -} |