summaryrefslogtreecommitdiffstats
path: root/makefu
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2022-03-06 10:43:33 +0100
committertv <tv@krebsco.de>2022-03-06 10:43:33 +0100
commit5182daaaf4cadaba84331a34b5455bf9dff131b6 (patch)
treedeaa480a8ad3a9aaad6176bc14804f2bb6569c30 /makefu
parent6bcbb9adae290249988c86da35b2b5236df6ce96 (diff)
parent87a44dd1573cbdc8f0fc3553b0896b470bcfa44d (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'makefu')
-rw-r--r--makefu/0tests/data/secrets/hetzner.smb0
-rw-r--r--makefu/1systems/gum/config.nix34
-rw-r--r--makefu/1systems/latte/1blu/default.nix50
-rw-r--r--makefu/1systems/latte/1blu/network.nix32
-rw-r--r--makefu/1systems/latte/config.nix90
-rw-r--r--makefu/1systems/latte/source.nix1
-rw-r--r--makefu/1systems/omo/config.nix7
-rw-r--r--makefu/1systems/x/config.nix12
-rw-r--r--makefu/2configs/backup/ssh/latte.pub1
-rw-r--r--makefu/2configs/home/ps4srv.nix17
-rw-r--r--makefu/2configs/share/default.nix29
-rw-r--r--makefu/2configs/share/hetzner-client.nix12
-rw-r--r--makefu/2configs/share/omo.nix6
-rw-r--r--makefu/2configs/torrent.nix73
-rw-r--r--makefu/2configs/torrent/rtorrent.nix48
15 files changed, 279 insertions, 133 deletions
diff --git a/makefu/0tests/data/secrets/hetzner.smb b/makefu/0tests/data/secrets/hetzner.smb
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/makefu/0tests/data/secrets/hetzner.smb
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index a9d9b661f..089fc8e9f 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -23,11 +23,12 @@ in {
}
<stockholm/makefu/2configs/nur.nix>
<stockholm/makefu/2configs/support-nixos.nix>
- <stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix>
<stockholm/makefu/2configs/nix-community/supervision.nix>
<stockholm/makefu/2configs/home-manager>
<stockholm/makefu/2configs/home-manager/cli.nix>
# <stockholm/makefu/2configs/stats/client.nix>
+ <stockholm/makefu/2configs/share>
+ <stockholm/makefu/2configs/share/hetzner-client.nix>
# <stockholm/makefu/2configs/stats/netdata-server.nix>
<stockholm/makefu/2configs/headless.nix>
@@ -56,13 +57,13 @@ in {
<stockholm/makefu/2configs/tinc/retiolum.nix>
{ # bonus retiolum config for connecting more hosts
krebs.tinc.retiolum = {
- extraConfig = lib.mkForce ''
- ListenAddress = ${external-ip} 53
- ListenAddress = ${external-ip} 655
- ListenAddress = ${external-ip} 21031
- StrictSubnets = yes
- LocalDiscovery = no
- '';
+ #extraConfig = lib.mkForce ''
+ # ListenAddress = ${external-ip} 53
+ # ListenAddress = ${external-ip} 655
+ # ListenAddress = ${external-ip} 21031
+ # StrictSubnets = yes
+ # LocalDiscovery = no
+ #'';
connectTo = [
"prism" "ni" "enklave" "eve" "dishfire"
];
@@ -106,7 +107,7 @@ in {
# sharing
<stockholm/makefu/2configs/share/gum.nix> # samba sahre
- <stockholm/makefu/2configs/torrent.nix>
+ <stockholm/makefu/2configs/torrent/rtorrent.nix>
# <stockholm/makefu/2configs/sickbeard>
<stockholm/makefu/2configs/bitwarden.nix>
@@ -114,7 +115,7 @@ in {
#<stockholm/makefu/2configs/retroshare.nix>
## <stockholm/makefu/2configs/ipfs.nix>
#<stockholm/makefu/2configs/syncthing.nix>
- <stockholm/makefu/2configs/sync>
+ # <stockholm/makefu/2configs/sync>
# <stockholm/makefu/2configs/opentracker.nix>
@@ -125,9 +126,8 @@ in {
{ makefu.backup.server.repo = "/var/backup/borg"; }
<stockholm/makefu/2configs/backup/server.nix>
<stockholm/makefu/2configs/backup/state.nix>
- <stockholm/makefu/2configs/bitlbee.nix>
<stockholm/makefu/2configs/wireguard/server.nix>
- <stockholm/makefu/2configs/wireguard/wiregrill.nix>
+ # <stockholm/makefu/2configs/wireguard/wiregrill.nix>
{ # recent changes mediawiki bot
networking.firewall.allowedUDPPorts = [ 5005 5006 ];
@@ -150,13 +150,12 @@ in {
# <stockholm/makefu/2configs/deployment/photostore.krebsco.de.nix>
<stockholm/makefu/2configs/deployment/graphs.nix>
- <stockholm/makefu/2configs/deployment/owncloud.nix>
+ #<stockholm/makefu/2configs/deployment/owncloud.nix>
<stockholm/makefu/2configs/deployment/board.euer.krebsco.de.nix>
- <stockholm/makefu/2configs/deployment/rss.euer.krebsco.de.nix>
#<stockholm/makefu/2configs/deployment/feed.euer.krebsco.de>
<stockholm/makefu/2configs/deployment/boot-euer.nix>
<stockholm/makefu/2configs/deployment/gecloudpad>
- <stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix>
+ #<stockholm/makefu/2configs/deployment/docker/archiveteam-warrior.nix>
<stockholm/makefu/2configs/deployment/mediengewitter.de.nix>
<stockholm/makefu/2configs/bgt/etherpad.euer.krebsco.de.nix>
# <stockholm/makefu/2configs/deployment/systemdultras-rss.nix>
@@ -182,14 +181,15 @@ in {
## Temporary:
# <stockholm/makefu/2configs/temp/rst-issue.nix>
- <stockholm/makefu/2configs/virtualisation/docker.nix>
+ # <stockholm/makefu/2configs/virtualisation/docker.nix>
#<stockholm/makefu/2configs/virtualisation/libvirt.nix>
# krebs infrastructure services
# <stockholm/makefu/2configs/stats/server.nix>
];
- makefu.dl-dir = "/var/download";
+ # makefu.dl-dir = "/var/download";
+ makefu.dl-dir = "/media/cloud/download";
services.openssh.hostKeys = lib.mkForce [
{ bits = 4096; path = (toString <secrets/ssh_host_rsa_key>); type = "rsa"; }
diff --git a/makefu/1systems/latte/1blu/default.nix b/makefu/1systems/latte/1blu/default.nix
new file mode 100644
index 000000000..50cd9204d
--- /dev/null
+++ b/makefu/1systems/latte/1blu/default.nix
@@ -0,0 +1,50 @@
+{ config, lib, pkgs, modulesPath, ... }:
+{
+
+ imports =
+ [ ./network.nix
+ (modulesPath + "/profiles/qemu-guest.nix")
+ ];
+
+ # Disk
+ boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "tank/root";
+ fsType = "zfs";
+ };
+
+ fileSystems."/home" =
+ { device = "tank/home";
+ fsType = "zfs";
+ };
+
+ fileSystems."/nix" =
+ { device = "tank/nix";
+ fsType = "zfs";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/AEF3-A486";
+ fsType = "vfat";
+ };
+
+ swapDevices = [ ];
+ boot.loader.grub.device = "/dev/vda";
+
+ networking.hostId = "3150697c"; # required for zfs use
+ boot.tmpOnTmpfs = true;
+ boot.supportedFilesystems = [ "zfs" ];
+
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.copyKernels = true;
+ boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
+ boot.kernelParams = [
+ "boot.shell_on_fail"
+ "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
+ ];
+}
diff --git a/makefu/1systems/latte/1blu/network.nix b/makefu/1systems/latte/1blu/network.nix
new file mode 100644
index 000000000..0a0eac972
--- /dev/null
+++ b/makefu/1systems/latte/1blu/network.nix
@@ -0,0 +1,32 @@
+{ config, lib, pkgs, modulesPath, ... }:
+let
+ external-mac = "c4:37:72:55:4e:1c";
+ external-gw = "178.254.28.1";
+ external-ip = "178.254.30.202";
+ external-ip6 = "2a00:6800:3:18c::2";
+ external-gw6 = "2a00:6800:3::1";
+ external-netmask = 22;
+ external-netmask6 = 64;
+ internal-ip = config.krebs.build.host.nets.retiolum.ip4.addr;
+ ext-if = "et0"; # gets renamed on the fly
+in
+{
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ATTR{address}=="${external-mac}", NAME="${ext-if}"
+ '';
+ networking = {
+ interfaces."${ext-if}" = {
+ ipv4.addresses = [{
+ address = external-ip;
+ prefixLength = external-netmask;
+ }];
+ ipv6.addresses = [{
+ address = external-ip6;
+ prefixLength = external-netmask6;
+ }];
+ };
+ defaultGateway6 = { address = external-gw6; interface = ext-if; };
+ defaultGateway = external-gw;
+ nameservers = [ "1.1.1.1" ];
+ };
+}
diff --git a/makefu/1systems/latte/config.nix b/makefu/1systems/latte/config.nix
index bec778abc..2828aea08 100644
--- a/makefu/1systems/latte/config.nix
+++ b/makefu/1systems/latte/config.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
let
# external-ip = config.krebs.build.host.nets.internet.ip4.addr;
@@ -10,44 +10,66 @@ let
in {
imports = [
- <stockholm/makefu>
- # configure your hw:
- <stockholm/makefu/2configs/hw/CAC.nix>
- <stockholm/makefu/2configs/tinc/retiolum.nix>
- <stockholm/makefu/2configs/save-diskspace.nix>
-
- # Security
- <stockholm/makefu/2configs/sshd-totp.nix>
- # <stockholm/makefu/2configs/stats/client.nix>
-
- # Tools
- <stockholm/makefu/2configs/tools/core.nix>
- <stockholm/makefu/2configs/zsh-user.nix>
- # Services
- <stockholm/makefu/2configs/remote-build/slave.nix>
- <stockholm/makefu/2configs/torrent.nix>
+ ./1blu
+ <stockholm/makefu>
+
+ # common
+ <stockholm/makefu/2configs/nur.nix>
+ <stockholm/makefu/2configs/home-manager>
+ <stockholm/makefu/2configs/home-manager/cli.nix>
+
+ # Security
+ <stockholm/makefu/2configs/sshd-totp.nix>
+
+ # Tools
+ <stockholm/makefu/2configs/tools/core.nix>
+ <stockholm/makefu/2configs/zsh-user.nix>
+
+ # NixOS Build
+ <stockholm/makefu/2configs/remote-build/slave.nix>
+
+ # Storage
+ <stockholm/makefu/2configs/share>
+ <stockholm/makefu/2configs/share/hetzner-client.nix>
+
+ # Services:
+ <stockholm/makefu/2configs/nix-community/mediawiki-matrix-bot.nix>
+ <stockholm/makefu/2configs/torrent/rtorrent.nix>
+ ## Web
+ <stockholm/makefu/2configs/deployment/rss.euer.krebsco.de.nix>
+ <stockholm/makefu/2configs/deployment/owncloud.nix>
+ ### Moving owncloud data dir to /media/cloud/nextcloud-data
+ {
+ users.users.nextcloud.extraGroups = [ "download" ];
+ # nextcloud-setup fails as it cannot set permissions for nextcloud
+ systemd.services.nextcloud-setup.serviceConfig.SuccessExitStatus = "0 1";
+ fileSystems."/var/lib/nextcloud/data" = {
+ device = "/media/cloud/nextcloud-data";
+ options = [ "bind" ];
+ };
+ }
+
+ # local usage:
+ <stockholm/makefu/2configs/mosh.nix>
+ <stockholm/makefu/2configs/bitlbee.nix>
+
+ # Supervision
+ <stockholm/makefu/2configs/nix-community/supervision.nix>
+
+ # Krebs
+ <stockholm/makefu/2configs/tinc/retiolum.nix>
+
+ # backup
+ <stockholm/makefu/2configs/backup/state.nix>
+
];
krebs = {
enable = true;
build.host = config.krebs.hosts.latte;
};
- boot.initrd.availableKernelModules = [ "ata_piix" "ehci_pci" "virtio_pci" "virtio_blk" "virtio_net" "virtio_scsi" ];
- boot.loader.grub.device = "/dev/vda";
- boot.loader.grub.copyKernels = true;
- fileSystems."/" = {
- device = "/dev/vda1";
- fsType = "ext4";
- };
- networking = {
- firewall = {
- allowPing = true;
- logRefusedConnections = false;
- allowedTCPPorts = [ ];
- allowedUDPPorts = [ 655 ];
- };
- # network interface receives dhcp address
- nameservers = [ "8.8.8.8" ];
- };
+ makefu.dl-dir = "/media/cloud/download";
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+
}
diff --git a/makefu/1systems/latte/source.nix b/makefu/1systems/latte/source.nix
index ab0a454c0..41abecf36 100644
--- a/makefu/1systems/latte/source.nix
+++ b/makefu/1systems/latte/source.nix
@@ -1,4 +1,5 @@
{
name = "latte";
torrent = true;
+ home-manager = true;
}
diff --git a/makefu/1systems/omo/config.nix b/makefu/1systems/omo/config.nix
index 3a216ea76..42f335264 100644
--- a/makefu/1systems/omo/config.nix
+++ b/makefu/1systems/omo/config.nix
@@ -43,14 +43,18 @@ in {
<stockholm/makefu/2configs/tools/dev.nix>
<stockholm/makefu/2configs/tools/desktop.nix>
<stockholm/makefu/2configs/tools/mobility.nix>
+ <stockholm/makefu/2configs/tools/consoles.nix>
#<stockholm/makefu/2configs/graphite-standalone.nix>
#<stockholm/makefu/2configs/share-user-sftp.nix>
<stockholm/makefu/2configs/urlwatch>
# <stockholm/makefu/2configs/legacy_only.nix>
+ <stockholm/makefu/2configs/share>
<stockholm/makefu/2configs/share/omo.nix>
<stockholm/makefu/2configs/share/gum-client.nix>
+ <stockholm/makefu/2configs/share/hetzner-client.nix>
+ <stockholm/makefu/2configs/sync>
<stockholm/makefu/2configs/dcpp/airdcpp.nix>
{ krebs.airdcpp.dcpp.shares = let
d = path: "/media/cryptX/${path}";
@@ -96,6 +100,8 @@ in {
<stockholm/makefu/2configs/home/music.nix>
<stockholm/makefu/2configs/home/photoprism.nix>
+ <stockholm/makefu/2configs/home/tonie.nix>
+ <stockholm/makefu/2configs/home/ps4srv.nix>
# <stockholm/makefu/2configs/home/metube.nix>
<stockholm/makefu/2configs/home/ham>
<stockholm/makefu/2configs/home/zigbee2mqtt>
@@ -104,6 +110,7 @@ in {
enable = true;
servedir = "/media/cryptX/emu/ps3";
};
+ users.users.makefu.packages = [ pkgs.pkgrename ];
}
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index 224277861..3edfcecc1 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -137,6 +137,8 @@
# <stockholm/makefu/2configs/share/anon-ftp.nix>
# <stockholm/makefu/2configs/share/anon-sftp.nix>
<stockholm/makefu/2configs/share/gum-client.nix>
+ <stockholm/makefu/2configs/share/hetzner-client.nix>
+ <stockholm/makefu/2configs/share>
# <stockholm/makefu/2configs/share/temp-share-samba.nix>
@@ -145,6 +147,7 @@
<stockholm/makefu/2configs/mail-client.nix>
<stockholm/makefu/2configs/printer.nix>
# <stockholm/makefu/2configs/syncthing.nix>
+ <stockholm/makefu/2configs/sync>
# Virtualization
# <stockholm/makefu/2configs/virtualisation/libvirt.nix>
@@ -167,7 +170,7 @@
# <stockholm/makefu/2configs/remote-build/gum.nix>
# { nixpkgs.overlays = [ (self: super: super.prefer-remote-fetch self super) ]; }
- <stockholm/makefu/2configs/binary-cache/gum.nix>
+ # <stockholm/makefu/2configs/binary-cache/gum.nix>
<stockholm/makefu/2configs/binary-cache/lass.nix>
@@ -223,7 +226,8 @@
krebs.build.host = config.krebs.hosts.x;
- krebs.tinc.retiolum.connectTo = [ "omo" "prism" "nextgum" "wbob" ];
+ #krebs.tinc.retiolum.connectTo = lib.mkForce [ "gum" ];
+ #krebs.tinc.retiolum.extraConfig = "AutoConnect = no";
environment.systemPackages = [ pkgs.passwdqc-utils ];
@@ -245,6 +249,6 @@
"/home/makefu/.config/syncthing"
];
- services.syncthing.user = lib.mkForce "makefu";
- services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
+ # services.syncthing.user = lib.mkForce "makefu";
+ # services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
}
diff --git a/makefu/2configs/backup/ssh/latte.pub b/makefu/2configs/backup/ssh/latte.pub
new file mode 100644
index 000000000..52d56d956
--- /dev/null
+++ b/makefu/2configs/backup/ssh/latte.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOUZcfi2SXxCo1if0oU3x9qPK8/O5FmiXy2HFZyTp/P1 makefu@x
diff --git a/makefu/2configs/home/ps4srv.nix b/makefu/2configs/home/ps4srv.nix
new file mode 100644
index 000000000..cb1864fae
--- /dev/null
+++ b/makefu/2configs/home/ps4srv.nix
@@ -0,0 +1,17 @@
+let
+ internal-ip = "192.168.111.11";
+in
+{
+ services.nginx.virtualHosts."ps4srv" = {
+ serverAliases = [
+ "ps4srv.lan"
+ ];
+
+ locations."/".root = "/media/cryptX/emu/ps4";
+ extraConfig = ''
+ if ( $server_addr != "${internal-ip}" ) {
+ return 403;
+ }
+ '';
+ };
+}
diff --git a/makefu/2configs/share/default.nix b/makefu/2configs/share/default.nix
new file mode 100644
index 000000000..a1ad349b9
--- /dev/null
+++ b/makefu/2configs/share/default.nix
@@ -0,0 +1,29 @@
+{ config, lib, ... }:
+with import <stockholm/lib>;
+let
+ base-dir = config.services.rtorrent.downloadDir;
+in {
+ users.users = {
+ download = {
+ name = "download";
+ home = base-dir;
+ isNormalUser = true;
+ uid = mkDefault (genid "download");
+ createHome = false;
+ useDefaultShell = true;
+ group = "download";
+ openssh.authorizedKeys.keys = [ ];
+ };
+ };
+
+ users.groups = {
+ download = {
+ gid = lib.mkDefault (genid "download");
+ members = [
+ config.krebs.build.user.name
+ "download"
+ ];
+ };
+ };
+
+}
diff --git a/makefu/2configs/share/hetzner-client.nix b/makefu/2configs/share/hetzner-client.nix
index e59698063..90bc32deb 100644
--- a/makefu/2configs/share/hetzner-client.nix
+++ b/makefu/2configs/share/hetzner-client.nix
@@ -1,5 +1,6 @@
{ config, lib, pkgs, ... }:
+with <stockholm/lib>;
let
automount_opts =
[ "x-systemd.automount"
@@ -10,14 +11,16 @@ let
host = "u288834.your-storagebox.de";
in {
boot.kernel.sysctl."net.ipv6.route.max_size" = 2147483647;
+
fileSystems."/media/cloud" = {
device = "//${host}/backup";
fsType = "cifs";
options = automount_opts ++
- [ "credentials=/var/src/secrets/hetzner.smb"
- "file_mode=0775"
- "dir_mode=0775"
- "uid=9001"
+ [ "credentials=${toString <secrets/hetzner.smb>}"
+ "file_mode=0770"
+ "dir_mode=0770"
+ "uid=${toString config.users.users.download.uid}"
+ "gid=${toString config.users.groups.download.gid}"
#"vers=3"
"vers=2.1"
"rsize=65536"
@@ -25,5 +28,4 @@ in {
"iocharset=utf8"
];
};
-
}
diff --git a/makefu/2configs/share/omo.nix b/makefu/2configs/share/omo.nix
index 93536b63d..e53158b8f 100644
--- a/makefu/2configs/share/omo.nix
+++ b/makefu/2configs/share/omo.nix
@@ -32,6 +32,12 @@ in {
browseable = "yes";
"guest ok" = "yes";
};
+ movies = {
+ path = "/media/cryptX/movies";
+ "read only" = "yes";
+ browseable = "yes";
+ "guest ok" = "yes";
+ };
audiobook = {
path = "/media/crypt1/audiobooks";
"read only" = "yes";
diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix
deleted file mode 100644
index 74f1e5fe8..000000000
--- a/makefu/2configs/torrent.nix
+++ /dev/null
@@ -1,73 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with import <stockholm/lib>;
-
-let
- basicAuth = import <torrent-secrets/auth.nix>;
- peer-port = 51412;
- web-port = 8112;
- daemon-port = 58846;
- base-dir = config.krebs.rtorrent.workDir;
-in {
-
- users.users = {
- download = {
- name = "download";
- home = base-dir;
- uid = mkDefault (genid "download");
- createHome = true;
- useDefaultShell = true;
- group = "download";
- openssh.authorizedKeys.keys = [ ];
- };
- };
-
- users.extraGroups = {
- download = {
- gid = lib.mkDefault (genid "download");
- members = [
- config.krebs.build.user.name
- "download"
- "rtorrent"
- "nginx"
- ];
- };
- rtorrent.members = [ "download" ];
- };
-
- krebs.rtorrent = let
- d = config.makefu.dl-dir;
- in {
- enable = true;
- web = {
- enable = true;
- port = web-port;
- inherit basicAuth;
- };
- rutorrent.enable = true;
- enableXMLRPC = true;
- listenPort = peer-port;
- downloadDir = d + "/finished/incoming";
- watchDir = d + "/watch";
- # TODO: maybe test out multiple watch dirs with tags: https://github.com/rakshasa/rtorrent/wiki/TORRENT-Watch-directories
- extraConfig = ''
- # log.add_output = "debug", "rtorrent-systemd"
- # log.add_output = "dht_debug", "rtorrent-systemd"
- # log.add_output = "tracker_debug", "rtorrent-systemd"
- log.add_output = "rpc_events", "rtorrent-systemd"
- # log.add_output = "rpc_dump", "rtorrent-systemd"
- system.daemon.set = true
- '';
- # dump old torrents into watch folder to have them re-added
- };
-
- services.nginx.virtualHosts."torrent.${config.krebs.build.host.name}.r".locations."/" = { proxyPass = "http://localhost:${toString web-port}/"; };
-
- networking.firewall.extraCommands = ''
- iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT
- '';
-
- networking.firewall.allowedTCPPorts = [ peer-port ];
- networking.firewall.allowedUDPPorts = [ peer-port ];
- state = [ config.krebs.rtorrent.sessionDir ]; # state which torrents were loaded
-}
diff --git a/makefu/2configs/torrent/rtorrent.nix b/makefu/2configs/torrent/rtorrent.nix
new file mode 100644
index 000000000..79325bfc7
--- /dev/null
+++ b/makefu/2configs/torrent/rtorrent.nix
@@ -0,0 +1,48 @@
+{ config, lib, pkgs, ... }:
+
+let
+ basicAuth = import <torrent-secrets/auth.nix>;
+ peer-port = 51412;
+ web-port = 8112;
+ daemon-port = 58846;
+ dldir = config.makefu.dl-dir;
+in {
+ services.rtorrent.enable = true;
+ services.rtorrent.user = "rtorrent";
+ services.rtorrent.group = "download";
+ services.rtorrent.downloadDir = dldir;
+ services.rtorrent.configText = ''
+ schedule2 = watch_start, 10, 10, ((load.start, (cat, (cfg.watch), "/media/cloud/watch/*.torrent")))
+ '';
+
+ services.rtorrent.openFirewall = true;
+
+ systemd.services.flood = {
+ wantedBy = [ "multi-user.target" ];
+ wants = [ "rtorrent.service" ];
+ after = [ "rtorrent.service" ];
+ serviceConfig = {
+ User = "rtorrent";
+ ExecStart = "${pkgs.nodePackages.flood}/bin/flood --auth none --port ${toString web-port} --rtsocket ${config.services.rtorrent.rpcSocket}";
+ };
+ };
+
+ #security.acme.certs."torrent.${config.krebs.build.host.name}.r".server = config.krebs.ssl.acmeURL;
+
+ services.nginx = {
+ enable = true;
+ virtualHosts."torrent.${config.krebs.build.host.name}.r" = {
+ # TODO
+ inherit basicAuth;
+ #enableACME = true;
+ #addSSL = true;
+ root = "${pkgs.nodePackages.flood}/lib/node_modules/flood/dist/assets";
+ locations."/api".extraConfig = ''
+ proxy_pass http://localhost:${toString web-port};
+ '';
+ locations."/".extraConfig = ''
+ try_files $uri /index.html;
+ '';
+ };
+ };
+}