diff options
author | tv <tv@krebsco.de> | 2022-03-06 10:43:33 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2022-03-06 10:43:33 +0100 |
commit | 5182daaaf4cadaba84331a34b5455bf9dff131b6 (patch) | |
tree | deaa480a8ad3a9aaad6176bc14804f2bb6569c30 /makefu | |
parent | 6bcbb9adae290249988c86da35b2b5236df6ce96 (diff) | |
parent | 87a44dd1573cbdc8f0fc3553b0896b470bcfa44d (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'makefu')
-rw-r--r-- | makefu/0tests/data/secrets/hetzner.smb | 0 | ||||
-rw-r--r-- | makefu/1systems/gum/config.nix | 34 | ||||
-rw-r--r-- | makefu/1systems/latte/1blu/default.nix | 50 | ||||
-rw-r--r-- | makefu/1systems/latte/1blu/network.nix | 32 | ||||
-rw-r--r-- | makefu/1systems/latte/config.nix | 90 | ||||
-rw-r--r-- | makefu/1systems/latte/source.nix | 1 | ||||
-rw-r--r-- | makefu/1systems/omo/config.nix | 7 | ||||
-rw-r--r-- | makefu/1systems/x/config.nix | 12 | ||||
-rw-r--r-- | makefu/2configs/backup/ssh/latte.pub | 1 | ||||
-rw-r--r-- | makefu/2configs/home/ps4srv.nix | 17 | ||||
-rw-r--r-- | makefu/2configs/share/default.nix | 29 | ||||
-rw-r--r-- | makefu/2configs/share/hetzner-client.nix | 12 | ||||
-rw-r--r-- | makefu/2configs/share/omo.nix | 6 | ||||
-rw-r--r-- | makefu/2configs/torrent.nix | 73 | ||||
-rw-r--r-- | makefu/2configs/torrent/rtorrent.nix | 48 |
15 files changed, 279 insertions, 133 deletions
diff --git a/makefu/0tests/data/secrets/hetzner.smb b/makefu/0tests/data/secrets/hetzner.smb new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/makefu/0tests/data/secrets/hetzner.smb diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix index a9d9b661f..089fc8e9f 100644 --- a/makefu/1systems/gum/config.nix +++ b/makefu/1systems/gum/config.nix @@ -23,11 +23,12 @@ in { } <stockholm/makefu/2configs/nur.nix> <stockholm/makefu/2configs/support-nixos.nix> - <stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix> <stockholm/makefu/2configs/nix-community/supervision.nix> <stockholm/makefu/2configs/home-manager> <stockholm/makefu/2configs/home-manager/cli.nix> # <stockholm/makefu/2configs/stats/client.nix> + <stockholm/makefu/2configs/share> + <stockholm/makefu/2configs/share/hetzner-client.nix> # <stockholm/makefu/2configs/stats/netdata-server.nix> <stockholm/makefu/2configs/headless.nix> @@ -56,13 +57,13 @@ in { <stockholm/makefu/2configs/tinc/retiolum.nix> { # bonus retiolum config for connecting more hosts krebs.tinc.retiolum = { - extraConfig = lib.mkForce '' - ListenAddress = ${external-ip} 53 - ListenAddress = ${external-ip} 655 - ListenAddress = ${external-ip} 21031 - StrictSubnets = yes - LocalDiscovery = no - ''; + #extraConfig = lib.mkForce '' + # ListenAddress = ${external-ip} 53 + # ListenAddress = ${external-ip} 655 + # ListenAddress = ${external-ip} 21031 + # StrictSubnets = yes + # LocalDiscovery = no + #''; connectTo = [ "prism" "ni" "enklave" "eve" "dishfire" ]; @@ -106,7 +107,7 @@ in { # sharing <stockholm/makefu/2configs/share/gum.nix> # samba sahre - <stockholm/makefu/2configs/torrent.nix> + <stockholm/makefu/2configs/torrent/rtorrent.nix> # <stockholm/makefu/2configs/sickbeard> <stockholm/makefu/2configs/bitwarden.nix> @@ -114,7 +115,7 @@ in { #<stockholm/makefu/2configs/retroshare.nix> ## <stockholm/makefu/2configs/ipfs.nix> #<stockholm/makefu/2configs/syncthing.nix> - <stockholm/makefu/2configs/sync> + # <stockholm/makefu/2configs/sync> # <stockholm/makefu/2configs/opentracker.nix> @@ -125,9 +126,8 @@ in { { makefu.backup.server.repo = "/var/backup/borg"; } <stockholm/makefu/2configs/backup/server.nix> <stockholm/makefu/2configs/backup/state.nix> - <stockholm/makefu/2configs/bitlbee.nix> <stockholm/makefu/2configs/wireguard/server.nix> - <stockholm/makefu/2configs/wireguard/wiregrill.nix> + # <stockholm/makefu/2configs/wireguard/wiregrill.nix> { # recent changes mediawiki bot networking.firewall.allowedUDPPorts = [ 5005 5006 ]; @@ -150,13 +150,12 @@ in { # <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix> <stockholm/makefu/2configs/deployment/graphs.nix> - <stockholm/makefu/2configs/deployment/owncloud.nix> + #<stockholm/makefu/2configs/deployment/owncloud.nix> <stockholm/makefu/2configs/deployment/board.euer.krebsco.de.nix> - <stockholm/makefu/2configs/deployment/rss.euer.krebsco.de.nix> #<stockholm/makefu/2configs/deployment/feed.euer.krebsco.de> <stockholm/makefu/2configs/deployment/boot-euer.nix> <stockholm/makefu/2configs/deployment/gecloudpad> - <stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix> + #<stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix> <stockholm/makefu/2configs/deployment/mediengewitter.de.nix> <stockholm/makefu/2configs/bgt/etherpad.euer.krebsco.de.nix> # <stockholm/makefu/2configs/deployment/systemdultras-rss.nix> @@ -182,14 +181,15 @@ in { ## Temporary: # <stockholm/makefu/2configs/temp/rst-issue.nix> - <stockholm/makefu/2configs/virtualisation/docker.nix> + # <stockholm/makefu/2configs/virtualisation/docker.nix> #<stockholm/makefu/2configs/virtualisation/libvirt.nix> # krebs infrastructure services # <stockholm/makefu/2configs/stats/server.nix> ]; - makefu.dl-dir = "/var/download"; + # makefu.dl-dir = "/var/download"; + makefu.dl-dir = "/media/cloud/download"; services.openssh.hostKeys = lib.mkForce [ { bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; } diff --git a/makefu/1systems/latte/1blu/default.nix b/makefu/1systems/latte/1blu/default.nix new file mode 100644 index 000000000..50cd9204d --- /dev/null +++ b/makefu/1systems/latte/1blu/default.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, modulesPath, ... }: +{ + + imports = + [ ./network.nix + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + # Disk + boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "tank/root"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "tank/home"; + fsType = "zfs"; + }; + + fileSystems."/nix" = + { device = "tank/nix"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/AEF3-A486"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + boot.loader.grub.device = "/dev/vda"; + + networking.hostId = "3150697c"; # required for zfs use + boot.tmpOnTmpfs = true; + boot.supportedFilesystems = [ "zfs" ]; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.copyKernels = true; + boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues + boot.kernelParams = [ + "boot.shell_on_fail" + "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues + ]; +} diff --git a/makefu/1systems/latte/1blu/network.nix b/makefu/1systems/latte/1blu/network.nix new file mode 100644 index 000000000..0a0eac972 --- /dev/null +++ b/makefu/1systems/latte/1blu/network.nix @@ -0,0 +1,32 @@ +{ config, lib, pkgs, modulesPath, ... }: +let + external-mac = "c4:37:72:55:4e:1c"; + external-gw = "178.254.28.1"; + external-ip = "178.254.30.202"; + external-ip6 = "2a00:6800:3:18c::2"; + external-gw6 = "2a00:6800:3::1"; + external-netmask = 22; + external-netmask6 = 64; + internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr; + ext-if = "et0"; # gets renamed on the fly +in +{ + services.udev.extraRules = '' + SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}" + ''; + networking = { + interfaces."${ext-if}" = { + ipv4.addresses = [{ + address = external-ip; + prefixLength = external-netmask; + }]; + ipv6.addresses = [{ + address = external-ip6; + prefixLength = external-netmask6; + }]; + }; + defaultGateway6 = { address = external-gw6; interface = ext-if; }; + defaultGateway = external-gw; + nameservers = [ "1.1.1.1" ]; + }; +} diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix index bec778abc..2828aea08 100644 --- a/makefu/1systems/latte/config.nix +++ b/makefu/1systems/latte/config.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: let # external-ip = config.krebs.build.host.nets.internet.ip4.addr; @@ -10,44 +10,66 @@ let in { imports = [ - <stockholm/makefu> - # configure your hw: - <stockholm/makefu/2configs/hw/CAC.nix> - <stockholm/makefu/2configs/tinc/retiolum.nix> - <stockholm/makefu/2configs/save-diskspace.nix> - - # Security - <stockholm/makefu/2configs/sshd-totp.nix> - # <stockholm/makefu/2configs/stats/client.nix> - - # Tools - <stockholm/makefu/2configs/tools/core.nix> - <stockholm/makefu/2configs/zsh-user.nix> - # Services - <stockholm/makefu/2configs/remote-build/slave.nix> - <stockholm/makefu/2configs/torrent.nix> + ./1blu + <stockholm/makefu> + + # common + <stockholm/makefu/2configs/nur.nix> + <stockholm/makefu/2configs/home-manager> + <stockholm/makefu/2configs/home-manager/cli.nix> + + # Security + <stockholm/makefu/2configs/sshd-totp.nix> + + # Tools + <stockholm/makefu/2configs/tools/core.nix> + <stockholm/makefu/2configs/zsh-user.nix> + + # NixOS Build + <stockholm/makefu/2configs/remote-build/slave.nix> + + # Storage + <stockholm/makefu/2configs/share> + <stockholm/makefu/2configs/share/hetzner-client.nix> + + # Services: + <stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix> + <stockholm/makefu/2configs/torrent/rtorrent.nix> + ## Web + <stockholm/makefu/2configs/deployment/rss.euer.krebsco.de.nix> + <stockholm/makefu/2configs/deployment/owncloud.nix> + ### Moving owncloud data dir to /media/cloud/nextcloud-data + { + users.users.nextcloud.extraGroups = [ "download" ]; + # nextcloud-setup fails as it cannot set permissions for nextcloud + systemd.services.nextcloud-setup.serviceConfig.SuccessExitStatus = "0 1"; + fileSystems."/var/lib/nextcloud/data" = { + device = "/media/cloud/nextcloud-data"; + options = [ "bind" ]; + }; + } + + # local usage: + <stockholm/makefu/2configs/mosh.nix> + <stockholm/makefu/2configs/bitlbee.nix> + + # Supervision + <stockholm/makefu/2configs/nix-community/supervision.nix> + + # Krebs + <stockholm/makefu/2configs/tinc/retiolum.nix> + + # backup + <stockholm/makefu/2configs/backup/state.nix> + ]; krebs = { enable = true; build.host = config.krebs.hosts.latte; }; - boot.initrd.availableKernelModules = [ "ata_piix" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ]; - boot.loader.grub.device = "/dev/vda"; - boot.loader.grub.copyKernels = true; - fileSystems."/" = { - device = "/dev/vda1"; - fsType = "ext4"; - }; - networking = { - firewall = { - allowPing = true; - logRefusedConnections = false; - allowedTCPPorts = [ ]; - allowedUDPPorts = [ 655 ]; - }; - # network interface receives dhcp address - nameservers = [ "8.8.8.8" ]; - }; + makefu.dl-dir = "/media/cloud/download"; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + } diff --git a/makefu/1systems/latte/source.nix b/makefu/1systems/latte/source.nix index ab0a454c0..41abecf36 100644 --- a/makefu/1systems/latte/source.nix +++ b/makefu/1systems/latte/source.nix @@ -1,4 +1,5 @@ { name = "latte"; torrent = true; + home-manager = true; } diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix index 3a216ea76..42f335264 100644 --- a/makefu/1systems/omo/config.nix +++ b/makefu/1systems/omo/config.nix @@ -43,14 +43,18 @@ in { <stockholm/makefu/2configs/tools/dev.nix> <stockholm/makefu/2configs/tools/desktop.nix> <stockholm/makefu/2configs/tools/mobility.nix> + <stockholm/makefu/2configs/tools/consoles.nix> #<stockholm/makefu/2configs/graphite-standalone.nix> #<stockholm/makefu/2configs/share-user-sftp.nix> <stockholm/makefu/2configs/urlwatch> # <stockholm/makefu/2configs/legacy_only.nix> + <stockholm/makefu/2configs/share> <stockholm/makefu/2configs/share/omo.nix> <stockholm/makefu/2configs/share/gum-client.nix> + <stockholm/makefu/2configs/share/hetzner-client.nix> + <stockholm/makefu/2configs/sync> <stockholm/makefu/2configs/dcpp/airdcpp.nix> { krebs.airdcpp.dcpp.shares = let d = path: "/media/cryptX/${path}"; @@ -96,6 +100,8 @@ in { <stockholm/makefu/2configs/home/music.nix> <stockholm/makefu/2configs/home/photoprism.nix> + <stockholm/makefu/2configs/home/tonie.nix> + <stockholm/makefu/2configs/home/ps4srv.nix> # <stockholm/makefu/2configs/home/metube.nix> <stockholm/makefu/2configs/home/ham> <stockholm/makefu/2configs/home/zigbee2mqtt> @@ -104,6 +110,7 @@ in { enable = true; servedir = "/media/cryptX/emu/ps3"; }; + users.users.makefu.packages = [ pkgs.pkgrename ]; } diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix index 224277861..3edfcecc1 100644 --- a/makefu/1systems/x/config.nix +++ b/makefu/1systems/x/config.nix @@ -137,6 +137,8 @@ # <stockholm/makefu/2configs/share/anon-ftp.nix> # <stockholm/makefu/2configs/share/anon-sftp.nix> <stockholm/makefu/2configs/share/gum-client.nix> + <stockholm/makefu/2configs/share/hetzner-client.nix> + <stockholm/makefu/2configs/share> # <stockholm/makefu/2configs/share/temp-share-samba.nix> @@ -145,6 +147,7 @@ <stockholm/makefu/2configs/mail-client.nix> <stockholm/makefu/2configs/printer.nix> # <stockholm/makefu/2configs/syncthing.nix> + <stockholm/makefu/2configs/sync> # Virtualization # <stockholm/makefu/2configs/virtualisation/libvirt.nix> @@ -167,7 +170,7 @@ # <stockholm/makefu/2configs/remote-build/gum.nix> # { nixpkgs.overlays = [ (self: super: super.prefer-remote-fetch self super) ]; } - <stockholm/makefu/2configs/binary-cache/gum.nix> + # <stockholm/makefu/2configs/binary-cache/gum.nix> <stockholm/makefu/2configs/binary-cache/lass.nix> @@ -223,7 +226,8 @@ krebs.build.host = config.krebs.hosts.x; - krebs.tinc.retiolum.connectTo = [ "omo" "prism" "nextgum" "wbob" ]; + #krebs.tinc.retiolum.connectTo = lib.mkForce [ "gum" ]; + #krebs.tinc.retiolum.extraConfig = "AutoConnect = no"; environment.systemPackages = [ pkgs.passwdqc-utils ]; @@ -245,6 +249,6 @@ "/home/makefu/.config/syncthing" ]; - services.syncthing.user = lib.mkForce "makefu"; - services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/"; + # services.syncthing.user = lib.mkForce "makefu"; + # services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/"; } diff --git a/makefu/2configs/backup/ssh/latte.pub b/makefu/2configs/backup/ssh/latte.pub new file mode 100644 index 000000000..52d56d956 --- /dev/null +++ b/makefu/2configs/backup/ssh/latte.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x diff --git a/makefu/2configs/home/ps4srv.nix b/makefu/2configs/home/ps4srv.nix new file mode 100644 index 000000000..cb1864fae --- /dev/null +++ b/makefu/2configs/home/ps4srv.nix @@ -0,0 +1,17 @@ +let + internal-ip = "192.168.111.11"; +in +{ + services.nginx.virtualHosts."ps4srv" = { + serverAliases = [ + "ps4srv.lan" + ]; + + locations."/".root = "/media/cryptX/emu/ps4"; + extraConfig = '' + if ( $server_addr != "${internal-ip}" ) { + return 403; + } + ''; + }; +} diff --git a/makefu/2configs/share/default.nix b/makefu/2configs/share/default.nix new file mode 100644 index 000000000..a1ad349b9 --- /dev/null +++ b/makefu/2configs/share/default.nix @@ -0,0 +1,29 @@ +{ config, lib, ... }: +with import <stockholm/lib>; +let + base-dir = config.services.rtorrent.downloadDir; +in { + users.users = { + download = { + name = "download"; + home = base-dir; + isNormalUser = true; + uid = mkDefault (genid "download"); + createHome = false; + useDefaultShell = true; + group = "download"; + openssh.authorizedKeys.keys = [ ]; + }; + }; + + users.groups = { + download = { + gid = lib.mkDefault (genid "download"); + members = [ + config.krebs.build.user.name + "download" + ]; + }; + }; + +} diff --git a/makefu/2configs/share/hetzner-client.nix b/makefu/2configs/share/hetzner-client.nix index e59698063..90bc32deb 100644 --- a/makefu/2configs/share/hetzner-client.nix +++ b/makefu/2configs/share/hetzner-client.nix @@ -1,5 +1,6 @@ { config, lib, pkgs, ... }: +with <stockholm/lib>; let automount_opts = [ "x-systemd.automount" @@ -10,14 +11,16 @@ let host = "u288834.your-storagebox.de"; in { boot.kernel.sysctl."net.ipv6.route.max_size" = 2147483647; + fileSystems."/media/cloud" = { device = "//${host}/backup"; fsType = "cifs"; options = automount_opts ++ - [ "credentials=/var/src/secrets/hetzner.smb" - "file_mode=0775" - "dir_mode=0775" - "uid=9001" + [ "credentials=${toString <secrets/hetzner.smb>}" + "file_mode=0770" + "dir_mode=0770" + "uid=${toString config.users.users.download.uid}" + "gid=${toString config.users.groups.download.gid}" #"vers=3" "vers=2.1" "rsize=65536" @@ -25,5 +28,4 @@ in { "iocharset=utf8" ]; }; - } diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix index 93536b63d..e53158b8f 100644 --- a/makefu/2configs/share/omo.nix +++ b/makefu/2configs/share/omo.nix @@ -32,6 +32,12 @@ in { browseable = "yes"; "guest ok" = "yes"; }; + movies = { + path = "/media/cryptX/movies"; + "read only" = "yes"; + browseable = "yes"; + "guest ok" = "yes"; + }; audiobook = { path = "/media/crypt1/audiobooks"; "read only" = "yes"; diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix deleted file mode 100644 index 74f1e5fe8..000000000 --- a/makefu/2configs/torrent.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ config, lib, pkgs, ... }: - -with import <stockholm/lib>; - -let - basicAuth = import <torrent-secrets/auth.nix>; - peer-port = 51412; - web-port = 8112; - daemon-port = 58846; - base-dir = config.krebs.rtorrent.workDir; -in { - - users.users = { - download = { - name = "download"; - home = base-dir; - uid = mkDefault (genid "download"); - createHome = true; - useDefaultShell = true; - group = "download"; - openssh.authorizedKeys.keys = [ ]; - }; - }; - - users.extraGroups = { - download = { - gid = lib.mkDefault (genid "download"); - members = [ - config.krebs.build.user.name - "download" - "rtorrent" - "nginx" - ]; - }; - rtorrent.members = [ "download" ]; - }; - - krebs.rtorrent = let - d = config.makefu.dl-dir; - in { - enable = true; - web = { - enable = true; - port = web-port; - inherit basicAuth; - }; - rutorrent.enable = true; - enableXMLRPC = true; - listenPort = peer-port; - downloadDir = d + "/finished/incoming"; - watchDir = d + "/watch"; - # TODO: maybe test out multiple watch dirs with tags: https://github.com/rakshasa/rtorrent/wiki/TORRENT-Watch-directories - extraConfig = '' - # log.add_output = "debug", "rtorrent-systemd" - # log.add_output = "dht_debug", "rtorrent-systemd" - # log.add_output = "tracker_debug", "rtorrent-systemd" - log.add_output = "rpc_events", "rtorrent-systemd" - # log.add_output = "rpc_dump", "rtorrent-systemd" - system.daemon.set = true - ''; - # dump old torrents into watch folder to have them re-added - }; - - services.nginx.virtualHosts."torrent.${config.krebs.build.host.name}.r".locations."/" = { proxyPass = "http://localhost:${toString web-port}/"; }; - - networking.firewall.extraCommands = '' - iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT - ''; - - networking.firewall.allowedTCPPorts = [ peer-port ]; - networking.firewall.allowedUDPPorts = [ peer-port ]; - state = [ config.krebs.rtorrent.sessionDir ]; # state which torrents were loaded -} diff --git a/makefu/2configs/torrent/rtorrent.nix b/makefu/2configs/torrent/rtorrent.nix new file mode 100644 index 000000000..79325bfc7 --- /dev/null +++ b/makefu/2configs/torrent/rtorrent.nix @@ -0,0 +1,48 @@ +{ config, lib, pkgs, ... }: + +let + basicAuth = import <torrent-secrets/auth.nix>; + peer-port = 51412; + web-port = 8112; + daemon-port = 58846; + dldir = config.makefu.dl-dir; +in { + services.rtorrent.enable = true; + services.rtorrent.user = "rtorrent"; + services.rtorrent.group = "download"; + services.rtorrent.downloadDir = dldir; + services.rtorrent.configText = '' + schedule2 = watch_start, 10, 10, ((load.start, (cat, (cfg.watch), "/media/cloud/watch/*.torrent"))) + ''; + + services.rtorrent.openFirewall = true; + + systemd.services.flood = { + wantedBy = [ "multi-user.target" ]; + wants = [ "rtorrent.service" ]; + after = [ "rtorrent.service" ]; + serviceConfig = { + User = "rtorrent"; + ExecStart = "${pkgs.nodePackages.flood}/bin/flood --auth none --port ${toString web-port} --rtsocket ${config.services.rtorrent.rpcSocket}"; + }; + }; + + #security.acme.certs."torrent.${config.krebs.build.host.name}.r".server = config.krebs.ssl.acmeURL; + + services.nginx = { + enable = true; + virtualHosts."torrent.${config.krebs.build.host.name}.r" = { + # TODO + inherit basicAuth; + #enableACME = true; + #addSSL = true; + root = "${pkgs.nodePackages.flood}/lib/node_modules/flood/dist/assets"; + locations."/api".extraConfig = '' + proxy_pass http://localhost:${toString web-port}; + ''; + locations."/".extraConfig = '' + try_files $uri /index.html; + ''; + }; + }; +} |