2016-08-21 09:55:46 +00:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
2016-10-20 18:54:38 +00:00
|
|
|
with import <stockholm/lib>;
|
2016-08-21 09:55:46 +00:00
|
|
|
|
|
|
|
let
|
|
|
|
daemon-user = "tor";
|
2016-12-22 14:41:49 +00:00
|
|
|
basicAuth = import <torrent-secrets/auth.nix>;
|
2016-08-21 09:55:46 +00:00
|
|
|
peer-port = 51412;
|
|
|
|
web-port = 8112;
|
|
|
|
daemon-port = 58846;
|
2017-01-09 15:01:46 +00:00
|
|
|
dl-dir = config.makefu.dl-dir;
|
2016-08-21 09:55:46 +00:00
|
|
|
in {
|
|
|
|
# prepare secrets
|
|
|
|
krebs.build.source.torrent-secrets.file =
|
|
|
|
if getEnv "dummy_secrets" == "true"
|
|
|
|
then toString <stockholm/makefu/6tests/data/secrets>
|
2017-01-09 15:01:46 +00:00
|
|
|
else config.makefu.torrent-secrets ;
|
2016-08-21 09:55:46 +00:00
|
|
|
|
|
|
|
users.users = {
|
|
|
|
download = {
|
|
|
|
name = "download";
|
|
|
|
home = dl-dir;
|
2017-04-24 21:22:13 +00:00
|
|
|
uid = mkDefault (genid "download");
|
2016-08-21 09:55:46 +00:00
|
|
|
createHome = true;
|
|
|
|
useDefaultShell = true;
|
|
|
|
group = "download";
|
|
|
|
openssh.authorizedKeys.keys = [ ];
|
|
|
|
};
|
|
|
|
};
|
2016-08-24 10:16:18 +00:00
|
|
|
|
2016-08-21 09:55:46 +00:00
|
|
|
# todo: race condition, do this after download user has been created
|
|
|
|
system.activationScripts."download-dir-chmod" = ''
|
2016-08-24 10:16:18 +00:00
|
|
|
for i in finished watch torrents; do
|
2016-08-21 09:55:46 +00:00
|
|
|
mkdir -p "${dl-dir}/$i"
|
|
|
|
chown download:download "${dl-dir}/$i"
|
|
|
|
chmod 770 "${dl-dir}/$i"
|
|
|
|
done
|
|
|
|
'';
|
|
|
|
|
|
|
|
users.extraGroups = {
|
|
|
|
download = {
|
2017-04-24 21:22:13 +00:00
|
|
|
gid = lib.mkDefault (genid "download");
|
2016-08-21 09:55:46 +00:00
|
|
|
members = [
|
|
|
|
config.krebs.build.user.name
|
|
|
|
"download"
|
2016-08-24 10:16:18 +00:00
|
|
|
"rtorrent"
|
|
|
|
"nginx"
|
2016-08-21 09:55:46 +00:00
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2016-08-24 15:51:22 +00:00
|
|
|
krebs.rtorrent = {
|
2016-08-21 09:55:46 +00:00
|
|
|
enable = true;
|
2016-08-24 10:16:18 +00:00
|
|
|
web = {
|
|
|
|
enable = true;
|
2016-12-22 14:41:49 +00:00
|
|
|
port = web-port;
|
|
|
|
inherit basicAuth;
|
2016-08-21 09:55:46 +00:00
|
|
|
};
|
2016-08-24 10:16:18 +00:00
|
|
|
rutorrent.enable = true;
|
|
|
|
enableXMLRPC = true;
|
|
|
|
listenPort = peer-port;
|
|
|
|
downloadDir = dl-dir + "/finished";
|
|
|
|
# dump old torrents into watch folder to have them re-added
|
|
|
|
watchDir = dl-dir +"/watch";
|
2016-08-21 09:55:46 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
networking.firewall.extraCommands = ''
|
2016-08-24 10:16:18 +00:00
|
|
|
iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT
|
2016-08-21 09:55:46 +00:00
|
|
|
'';
|
|
|
|
|
|
|
|
networking.firewall.allowedTCPPorts = [ peer-port ];
|
|
|
|
networking.firewall.allowedUDPPorts = [ peer-port ];
|
|
|
|
}
|