stockholm/lass/2configs/downloading.nix

{ config, lib, pkgs, ... }:

with import <stockholm/lib>;

{
  users.extraUsers = {
    download = {
      name = "download";
      home = "/var/download";
      createHome = true;
      useDefaultShell = true;
      extraGroups = [
        "download"
      ];
      openssh.authorizedKeys.keys = with config.krebs.users; [
        lass.pubkey
        lass-shodan.pubkey
        lass-icarus.pubkey
        lass-daedalus.pubkey
        lass-helios.pubkey
        makefu.pubkey
        wine-mors.pubkey
      ];
    };

    transmission = {
      extraGroups = [
        "download"
      ];
    };
  };

  users.extraGroups = {
    download = {
      members = [
        "download"
        "transmission"
      ];
    };
  };

  krebs.rtorrent = {
    enable = true;
    web = {
      enable = true;
      port = 9091;
      basicAuth = import <secrets/torrent-auth>;
    };
    rutorrent.enable = true;
    enableXMLRPC = true;
    listenPort = 51413;
    downloadDir = "/var/download/finished";
    # dump old torrents into watch folder to have them re-added
    watchDir = "/var/download/watch";
  };

  krebs.iptables = {
    enable = true;
    tables.filter.INPUT.rules = [
      { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }
      { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; }
      { predicate = "-p udp --dport 51413"; target = "ACCEPT"; }
    ];
  };
}
l 2 downloading: allow login via ssh 2015-10-30 23:10:43 +00:00			`{ config, lib, pkgs, ... }:`
lass 2: add downloading.nix 2015-08-13 20:26:07 +00:00
drop config.krebs.lib 2016-10-20 18:54:38 +00:00			`with import <stockholm/lib>;`
l 2 downloading: get rpc-password from secrets 2015-10-31 14:11:15 +00:00
l 2 downloading: transmission -> rtorrent 2016-08-24 16:45:19 +00:00			`{`
lass 2: add downloading.nix 2015-08-13 20:26:07 +00:00			`users.extraUsers = {`
			`download = {`
			`name = "download";`
			`home = "/var/download";`
			`createHome = true;`
l 2 downloading: allow login via ssh 2015-10-30 23:10:43 +00:00			`useDefaultShell = true;`
lass 2: add downloading.nix 2015-08-13 20:26:07 +00:00			`extraGroups = [`
			`"download"`
			`];`
l 2 downloading: add makefu to authorizedKeys 2016-08-09 15:14:15 +00:00			`openssh.authorizedKeys.keys = with config.krebs.users; [`
			`lass.pubkey`
			`lass-shodan.pubkey`
l 2 downloading: add icarus to authorized_keys 2017-02-02 23:22:10 +00:00			`lass-icarus.pubkey`
l downloading: add daedalus & helios 2018-02-13 16:31:25 +00:00			`lass-daedalus.pubkey`
			`lass-helios.pubkey`
l 2 downloading: add makefu to authorizedKeys 2016-08-09 15:14:15 +00:00			`makefu.pubkey`
lass downloading: add wine-mors to authorized_keys 2017-07-16 19:35:04 +00:00			`wine-mors.pubkey`
l 2 downloading: allow login via ssh 2015-10-30 23:10:43 +00:00			`];`
lass 2: add downloading.nix 2015-08-13 20:26:07 +00:00			`};`

			`transmission = {`
			`extraGroups = [`
			`"download"`
			`];`
			`};`
			`};`

			`users.extraGroups = {`
			`download = {`
			`members = [`
			`"download"`
			`"transmission"`
			`];`
			`};`
			`};`

l 2 downloading: transmission -> rtorrent 2016-08-24 16:45:19 +00:00			`krebs.rtorrent = {`
lass 2: add downloading.nix 2015-08-13 20:26:07 +00:00			`enable = true;`
l 2 downloading: transmission -> rtorrent 2016-08-24 16:45:19 +00:00			`web = {`
			`enable = true;`
l 2 downloading: adapt to new api 2016-12-26 13:18:43 +00:00			`port = 9091;`
			`basicAuth = import <secrets/torrent-auth>;`
lass 2: add downloading.nix 2015-08-13 20:26:07 +00:00			`};`
l 2 downloading: transmission -> rtorrent 2016-08-24 16:45:19 +00:00			`rutorrent.enable = true;`
			`enableXMLRPC = true;`
			`listenPort = 51413;`
			`downloadDir = "/var/download/finished";`
			`# dump old torrents into watch folder to have them re-added`
			`watchDir = "/var/download/watch";`
lass 2: add downloading.nix 2015-08-13 20:26:07 +00:00			`};`

lass: lass.iptables -> krebs.iptables 2015-10-01 20:13:40 +00:00			`krebs.iptables = {`
lass 2: add downloading.nix 2015-08-13 20:26:07 +00:00			`enable = true;`
			`tables.filter.INPUT.rules = [`
			`{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; }`
l 2 downloading: open ports for transmission 2015-10-30 23:11:45 +00:00			`{ predicate = "-p tcp --dport 51413"; target = "ACCEPT"; }`
			`{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; }`
lass 2: add downloading.nix 2015-08-13 20:26:07 +00:00			`];`
			`};`
			`}`