Merge remote-tracking branch 'gum/master'

This commit is contained in:
lassulus 2016-12-23 18:38:37 +01:00
commit acb2f0b042
10 changed files with 157 additions and 39 deletions

View File

@ -26,6 +26,31 @@ with import <stockholm/lib>;
}; };
}; };
}; };
fileleech = rec {
cores = 4;
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech";
nets = {
retiolum = {
ip4.addr = "10.243.113.98";
ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096";
aliases = [
"fileleech.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF
8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K
YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait
nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z
e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V
UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB
-----END RSA PUBLIC KEY-----
'';
};
};
};
pnp = { pnp = {
cores = 1; cores = 1;
nets = { nets = {

View File

@ -73,22 +73,23 @@ let
# authentication also applies to rtorrent.rutorrent # authentication also applies to rtorrent.rutorrent
enable = mkEnableOption "rtorrent nginx web RPC"; enable = mkEnableOption "rtorrent nginx web RPC";
listenAddress = mkOption { port = mkOption {
type = types.str; type = types.nullOr types.int;
description ='' description =''
nginx listen address for rtorrent web nginx listen port for rtorrent
''; '';
default = "localhost:8006"; default = 8006;
}; };
enableAuth = mkEnableOption "rutorrent authentication"; basicAuth = mkOption {
authfile = mkOption { type = types.attrsOf types.str ;
type = types.path;
description = '' description = ''
basic authentication file to be used. basic authentication to be used. If unset, no authentication will be
Use `${pkgs.apacheHttpd}/bin/htpasswd -c <file> <username>` to create the file. enabled.
Only in use if authentication is enabled.
Refer to `services.nginx.virtualHosts.<name>.basicAuth`
''; '';
default = {};
}; };
}; };
@ -104,7 +105,6 @@ let
default = pkgs.rutorrent; default = pkgs.rutorrent;
}; };
webdir = mkOption { webdir = mkOption {
type = types.path; type = types.path;
description = '' description = ''
@ -286,36 +286,28 @@ let
}; };
rpcweb-imp = { rpcweb-imp = {
krebs.nginx.enable = mkDefault true; services.nginx.enable = mkDefault true;
krebs.nginx.servers.rtorrent = { services.nginx.virtualHosts.rtorrent = {
listen = [ webcfg.listenAddress ]; default = mkDefault true;
server-names = [ "default" ]; inherit (webcfg) basicAuth port;
extraConfig = '' root = optionalString rucfg.enable webdir;
${optionalString webcfg.enableAuth ''
auth_basic "rtorrent"; locations = {
auth_basic_user_file ${webcfg.authfile}; "/RPC2".extraConfig = ''
''}
${optionalString rucfg.enable ''
root ${webdir};
''}
'';
locations = [
(nameValuePair "/RPC2" ''
include ${pkgs.nginx}/conf/scgi_params; include ${pkgs.nginx}/conf/scgi_params;
scgi_param SCRIPT_NAME /RPC2; scgi_param SCRIPT_NAME /RPC2;
scgi_pass unix:${cfg.xmlrpc-socket}; scgi_pass unix:${cfg.xmlrpc-socket};
'') '';
] ++ (optional rucfg.enable } // (optionalAttrs rucfg.enable {
(nameValuePair "~ \.php$" '' "~ \.php$".extraConfig = ''
client_max_body_size 200M; client_max_body_size 200M;
root ${webdir};
fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${fpm-socket}; fastcgi_pass unix:${fpm-socket};
try_files $uri =404; try_files $uri =404;
fastcgi_index index.php; fastcgi_index index.php;
include ${pkgs.nginx}/conf/fastcgi_params; include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf; include ${pkgs.nginx}/conf/fastcgi.conf;
'') ''; }
); );
}; };
}; };

View File

@ -1,11 +1,11 @@
{ pkgs, ... }: { pkgs, ... }:
pkgs.stdenv.mkDerivation { pkgs.stdenv.mkDerivation {
name = "rutorrent-src-3.7"; name = "rutorrent-src_2016-12-09";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "Novik"; owner = "Novik";
repo = "rutorrent"; repo = "rutorrent";
rev = "b727523a153454d4976f04b0c47336ae57cc50d5"; rev = "580bba8c538b55c1f75f3ad65310ff4ff2a153f7";
sha256 = "0s5wa0jnck781amln9c2p4pc0i5mq3j5693ra151lnwhz63aii4a"; sha256 = "1d9lgrzipy58dnx88z393p152kx6lki0x4aw40k8w9awsci4cx7p";
}; };
phases = [ "installPhase" ]; phases = [ "installPhase" ];

View File

@ -0,0 +1,27 @@
{ config, pkgs, ... }:
{
imports = [
../.
# configure your hw:
# ../2configs/hw/CAC.nix
# ../2configs/fs/CAC-CentOS-7-64bit.nix
../2configs/save-diskspace.nix
../2configs/tinc/retiolum.nix
];
krebs = {
enable = true;
build.host = config.krebs.hosts.fileleech;
};
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/disk/by-id/ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN";
fileSystems."/" = {
device = "/dev/disk/by-id/ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN";
};
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "aacraid" "usb_storage" "usbhid" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
}

View File

@ -0,0 +1,62 @@
{pkgs, ...}:
with import <stockholm/lib>;
let
secret = (import <secrets/elchos-token.nix>);
in {
systemd.services.elchos-irctoken = {
startAt = "*:0/30";
serviceConfig = {
RuntimeMaxSec = "20";
};
script = ''
set -euf
now=$(date -u +%Y-%m-%dT%H:%M)
sec=$(echo -n "${secret}$now" | md5sum | cut -d\ -f1)
message="The secret valid for 30 minutes is $sec"
echo "token for $now (UTC) is $sec"
LOGNAME=sec-announcer
HOSTNAME=$(${pkgs.systemd}/bin/hostnamectl --static)
IRC_SERVER=irc.freenode.net
IRC_PORT=6667
IRC_NICK=$HOSTNAME-$$
IRC_CHANNEL='#eloop'
export IRC_CHANNEL # for privmsg_cat
echo2() { echo "$*"; echo "$*" >&2; }
privmsg_cat() { ${pkgs.gawk}/bin/awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; }
tmpdir="$(mktemp -d irc-announce_XXXXXXXX)"
cd "$tmpdir"
mkfifo ircin
trap "
rm ircin
cd '$OLDPWD'
rmdir '$tmpdir'
trap - EXIT INT QUIT
" EXIT INT QUIT
{
echo2 "USER $LOGNAME 0 * :$LOGNAME@$HOSTNAME"
echo2 "NICK $IRC_NICK"
# wait for MODE message
${pkgs.gnused}/bin/sed -un '/^:[^ ]* MODE /q'
echo2 "JOIN $IRC_CHANNEL"
printf '%s' "$message" \
| privmsg_cat
echo2 "PART $IRC_CHANNEL"
# wait for PART confirmation
sed -un '/:'"$IRC_NICK"'![^ ]* PART /q'
echo2 'QUIT :Gone to have lunch'
} < ircin \
| ${pkgs.netcat}/bin/netcat "$IRC_SERVER" "$IRC_PORT" |tee -a ircin
'';
};
}

View File

@ -4,7 +4,7 @@ with import <stockholm/lib>;
let let
daemon-user = "tor"; daemon-user = "tor";
authfile = <torrent-secrets/authfile>; basicAuth = import <torrent-secrets/auth.nix>;
peer-port = 51412; peer-port = 51412;
web-port = 8112; web-port = 8112;
daemon-port = 58846; daemon-port = 58846;
@ -53,9 +53,8 @@ in {
enable = true; enable = true;
web = { web = {
enable = true; enable = true;
enableAuth = true; port = web-port;
listenAddress = toString web-port; inherit basicAuth;
inherit authfile;
}; };
rutorrent.enable = true; rutorrent.enable = true;
enableXMLRPC = true; enableXMLRPC = true;

View File

@ -8,6 +8,7 @@ _:
./forward-journal.nix ./forward-journal.nix
./opentracker.nix ./opentracker.nix
./ps3netsrv.nix ./ps3netsrv.nix
./server-config.nix
./snapraid.nix ./snapraid.nix
./taskserver.nix ./taskserver.nix
./udpt.nix ./udpt.nix

View File

@ -0,0 +1,10 @@
{config, lib, pkgs, ... }:
with import <stockholm/lib>;
{
options.makefu.server.primary-itf = lib.mkOption {
type = types.str;
description = "Primary interface of the server";
};
}

View File

@ -0,0 +1,3 @@
{
user = "password";
}

View File

@ -1 +0,0 @@
"derp"