stockholm/makefu/2configs/torrent.nix

74 lines
1.8 KiB
Nix
Raw Normal View History

{ config, lib, pkgs, ... }:
2016-10-20 18:54:38 +00:00
with import <stockholm/lib>;
let
daemon-user = "tor";
basicAuth = import <torrent-secrets/auth.nix>;
peer-port = 51412;
web-port = 8112;
daemon-port = 58846;
2017-01-09 15:01:46 +00:00
dl-dir = config.makefu.dl-dir;
in {
# prepare secrets
krebs.build.source.torrent-secrets.file =
if getEnv "dummy_secrets" == "true"
then toString <stockholm/makefu/6tests/data/secrets>
2017-01-09 15:01:46 +00:00
else config.makefu.torrent-secrets ;
users.users = {
download = {
name = "download";
home = dl-dir;
2017-04-24 21:22:13 +00:00
uid = mkDefault (genid "download");
createHome = true;
useDefaultShell = true;
group = "download";
openssh.authorizedKeys.keys = [ ];
};
};
2016-08-24 10:16:18 +00:00
# todo: race condition, do this after download user has been created
system.activationScripts."download-dir-chmod" = ''
2016-08-24 10:16:18 +00:00
for i in finished watch torrents; do
mkdir -p "${dl-dir}/$i"
chown download:download "${dl-dir}/$i"
chmod 770 "${dl-dir}/$i"
done
'';
users.extraGroups = {
download = {
2017-04-24 21:22:13 +00:00
gid = lib.mkDefault (genid "download");
members = [
config.krebs.build.user.name
"download"
2016-08-24 10:16:18 +00:00
"rtorrent"
"nginx"
];
};
};
2016-08-24 15:51:22 +00:00
krebs.rtorrent = {
enable = true;
2016-08-24 10:16:18 +00:00
web = {
enable = true;
port = web-port;
inherit basicAuth;
};
2016-08-24 10:16:18 +00:00
rutorrent.enable = true;
enableXMLRPC = true;
listenPort = peer-port;
downloadDir = dl-dir + "/finished";
# dump old torrents into watch folder to have them re-added
watchDir = dl-dir +"/watch";
};
networking.firewall.extraCommands = ''
2016-08-24 10:16:18 +00:00
iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT
'';
networking.firewall.allowedTCPPorts = [ peer-port ];
networking.firewall.allowedUDPPorts = [ peer-port ];
}