Merge remote-tracking branch 'gum/master'
This commit is contained in:
commit
acb2f0b042
@ -26,6 +26,31 @@ with import <stockholm/lib>;
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
fileleech = rec {
|
||||||
|
cores = 4;
|
||||||
|
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
|
||||||
|
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech";
|
||||||
|
nets = {
|
||||||
|
retiolum = {
|
||||||
|
ip4.addr = "10.243.113.98";
|
||||||
|
ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096";
|
||||||
|
aliases = [
|
||||||
|
"fileleech.retiolum"
|
||||||
|
];
|
||||||
|
tinc.pubkey = ''
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF
|
||||||
|
8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K
|
||||||
|
YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait
|
||||||
|
nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z
|
||||||
|
e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V
|
||||||
|
UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB
|
||||||
|
-----END RSA PUBLIC KEY-----
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
pnp = {
|
pnp = {
|
||||||
cores = 1;
|
cores = 1;
|
||||||
nets = {
|
nets = {
|
||||||
|
@ -73,22 +73,23 @@ let
|
|||||||
# authentication also applies to rtorrent.rutorrent
|
# authentication also applies to rtorrent.rutorrent
|
||||||
enable = mkEnableOption "rtorrent nginx web RPC";
|
enable = mkEnableOption "rtorrent nginx web RPC";
|
||||||
|
|
||||||
listenAddress = mkOption {
|
port = mkOption {
|
||||||
type = types.str;
|
type = types.nullOr types.int;
|
||||||
description =''
|
description =''
|
||||||
nginx listen address for rtorrent web
|
nginx listen port for rtorrent
|
||||||
'';
|
'';
|
||||||
default = "localhost:8006";
|
default = 8006;
|
||||||
};
|
};
|
||||||
|
|
||||||
enableAuth = mkEnableOption "rutorrent authentication";
|
basicAuth = mkOption {
|
||||||
authfile = mkOption {
|
type = types.attrsOf types.str ;
|
||||||
type = types.path;
|
|
||||||
description = ''
|
description = ''
|
||||||
basic authentication file to be used.
|
basic authentication to be used. If unset, no authentication will be
|
||||||
Use `${pkgs.apacheHttpd}/bin/htpasswd -c <file> <username>` to create the file.
|
enabled.
|
||||||
Only in use if authentication is enabled.
|
|
||||||
|
Refer to `services.nginx.virtualHosts.<name>.basicAuth`
|
||||||
'';
|
'';
|
||||||
|
default = {};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -104,7 +105,6 @@ let
|
|||||||
default = pkgs.rutorrent;
|
default = pkgs.rutorrent;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
webdir = mkOption {
|
webdir = mkOption {
|
||||||
type = types.path;
|
type = types.path;
|
||||||
description = ''
|
description = ''
|
||||||
@ -286,36 +286,28 @@ let
|
|||||||
};
|
};
|
||||||
|
|
||||||
rpcweb-imp = {
|
rpcweb-imp = {
|
||||||
krebs.nginx.enable = mkDefault true;
|
services.nginx.enable = mkDefault true;
|
||||||
krebs.nginx.servers.rtorrent = {
|
services.nginx.virtualHosts.rtorrent = {
|
||||||
listen = [ webcfg.listenAddress ];
|
default = mkDefault true;
|
||||||
server-names = [ "default" ];
|
inherit (webcfg) basicAuth port;
|
||||||
extraConfig = ''
|
root = optionalString rucfg.enable webdir;
|
||||||
${optionalString webcfg.enableAuth ''
|
|
||||||
auth_basic "rtorrent";
|
locations = {
|
||||||
auth_basic_user_file ${webcfg.authfile};
|
"/RPC2".extraConfig = ''
|
||||||
''}
|
|
||||||
${optionalString rucfg.enable ''
|
|
||||||
root ${webdir};
|
|
||||||
''}
|
|
||||||
'';
|
|
||||||
locations = [
|
|
||||||
(nameValuePair "/RPC2" ''
|
|
||||||
include ${pkgs.nginx}/conf/scgi_params;
|
include ${pkgs.nginx}/conf/scgi_params;
|
||||||
scgi_param SCRIPT_NAME /RPC2;
|
scgi_param SCRIPT_NAME /RPC2;
|
||||||
scgi_pass unix:${cfg.xmlrpc-socket};
|
scgi_pass unix:${cfg.xmlrpc-socket};
|
||||||
'')
|
'';
|
||||||
] ++ (optional rucfg.enable
|
} // (optionalAttrs rucfg.enable {
|
||||||
(nameValuePair "~ \.php$" ''
|
"~ \.php$".extraConfig = ''
|
||||||
client_max_body_size 200M;
|
client_max_body_size 200M;
|
||||||
root ${webdir};
|
|
||||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
fastcgi_pass unix:${fpm-socket};
|
fastcgi_pass unix:${fpm-socket};
|
||||||
try_files $uri =404;
|
try_files $uri =404;
|
||||||
fastcgi_index index.php;
|
fastcgi_index index.php;
|
||||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||||
include ${pkgs.nginx}/conf/fastcgi.conf;
|
include ${pkgs.nginx}/conf/fastcgi.conf;
|
||||||
'')
|
''; }
|
||||||
);
|
);
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -1,11 +1,11 @@
|
|||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
pkgs.stdenv.mkDerivation {
|
pkgs.stdenv.mkDerivation {
|
||||||
name = "rutorrent-src-3.7";
|
name = "rutorrent-src_2016-12-09";
|
||||||
src = pkgs.fetchFromGitHub {
|
src = pkgs.fetchFromGitHub {
|
||||||
owner = "Novik";
|
owner = "Novik";
|
||||||
repo = "rutorrent";
|
repo = "rutorrent";
|
||||||
rev = "b727523a153454d4976f04b0c47336ae57cc50d5";
|
rev = "580bba8c538b55c1f75f3ad65310ff4ff2a153f7";
|
||||||
sha256 = "0s5wa0jnck781amln9c2p4pc0i5mq3j5693ra151lnwhz63aii4a";
|
sha256 = "1d9lgrzipy58dnx88z393p152kx6lki0x4aw40k8w9awsci4cx7p";
|
||||||
};
|
};
|
||||||
|
|
||||||
phases = [ "installPhase" ];
|
phases = [ "installPhase" ];
|
||||||
|
27
makefu/1systems/fileleech.nix
Normal file
27
makefu/1systems/fileleech.nix
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
{ config, pkgs, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
../.
|
||||||
|
# configure your hw:
|
||||||
|
# ../2configs/hw/CAC.nix
|
||||||
|
# ../2configs/fs/CAC-CentOS-7-64bit.nix
|
||||||
|
../2configs/save-diskspace.nix
|
||||||
|
../2configs/tinc/retiolum.nix
|
||||||
|
|
||||||
|
];
|
||||||
|
krebs = {
|
||||||
|
enable = true;
|
||||||
|
build.host = config.krebs.hosts.fileleech;
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.loader.grub.enable = true;
|
||||||
|
boot.loader.grub.version = 2;
|
||||||
|
boot.loader.grub.device = "/dev/disk/by-id/ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN";
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/disk/by-id/ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN";
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "aacraid" "usb_storage" "usbhid" ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
}
|
62
makefu/2configs/elchos/irc-token.nix
Normal file
62
makefu/2configs/elchos/irc-token.nix
Normal file
@ -0,0 +1,62 @@
|
|||||||
|
{pkgs, ...}:
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
let
|
||||||
|
secret = (import <secrets/elchos-token.nix>);
|
||||||
|
in {
|
||||||
|
systemd.services.elchos-irctoken = {
|
||||||
|
startAt = "*:0/30";
|
||||||
|
serviceConfig = {
|
||||||
|
RuntimeMaxSec = "20";
|
||||||
|
};
|
||||||
|
script = ''
|
||||||
|
set -euf
|
||||||
|
now=$(date -u +%Y-%m-%dT%H:%M)
|
||||||
|
sec=$(echo -n "${secret}$now" | md5sum | cut -d\ -f1)
|
||||||
|
message="The secret valid for 30 minutes is $sec"
|
||||||
|
echo "token for $now (UTC) is $sec"
|
||||||
|
LOGNAME=sec-announcer
|
||||||
|
HOSTNAME=$(${pkgs.systemd}/bin/hostnamectl --static)
|
||||||
|
IRC_SERVER=irc.freenode.net
|
||||||
|
IRC_PORT=6667
|
||||||
|
IRC_NICK=$HOSTNAME-$$
|
||||||
|
IRC_CHANNEL='#eloop'
|
||||||
|
|
||||||
|
export IRC_CHANNEL # for privmsg_cat
|
||||||
|
|
||||||
|
echo2() { echo "$*"; echo "$*" >&2; }
|
||||||
|
|
||||||
|
privmsg_cat() { ${pkgs.gawk}/bin/awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; }
|
||||||
|
|
||||||
|
tmpdir="$(mktemp -d irc-announce_XXXXXXXX)"
|
||||||
|
cd "$tmpdir"
|
||||||
|
mkfifo ircin
|
||||||
|
trap "
|
||||||
|
rm ircin
|
||||||
|
cd '$OLDPWD'
|
||||||
|
rmdir '$tmpdir'
|
||||||
|
trap - EXIT INT QUIT
|
||||||
|
" EXIT INT QUIT
|
||||||
|
|
||||||
|
{
|
||||||
|
echo2 "USER $LOGNAME 0 * :$LOGNAME@$HOSTNAME"
|
||||||
|
echo2 "NICK $IRC_NICK"
|
||||||
|
|
||||||
|
# wait for MODE message
|
||||||
|
${pkgs.gnused}/bin/sed -un '/^:[^ ]* MODE /q'
|
||||||
|
|
||||||
|
echo2 "JOIN $IRC_CHANNEL"
|
||||||
|
|
||||||
|
printf '%s' "$message" \
|
||||||
|
| privmsg_cat
|
||||||
|
|
||||||
|
echo2 "PART $IRC_CHANNEL"
|
||||||
|
|
||||||
|
# wait for PART confirmation
|
||||||
|
sed -un '/:'"$IRC_NICK"'![^ ]* PART /q'
|
||||||
|
|
||||||
|
echo2 'QUIT :Gone to have lunch'
|
||||||
|
} < ircin \
|
||||||
|
| ${pkgs.netcat}/bin/netcat "$IRC_SERVER" "$IRC_PORT" |tee -a ircin
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
@ -4,7 +4,7 @@ with import <stockholm/lib>;
|
|||||||
|
|
||||||
let
|
let
|
||||||
daemon-user = "tor";
|
daemon-user = "tor";
|
||||||
authfile = <torrent-secrets/authfile>;
|
basicAuth = import <torrent-secrets/auth.nix>;
|
||||||
peer-port = 51412;
|
peer-port = 51412;
|
||||||
web-port = 8112;
|
web-port = 8112;
|
||||||
daemon-port = 58846;
|
daemon-port = 58846;
|
||||||
@ -53,9 +53,8 @@ in {
|
|||||||
enable = true;
|
enable = true;
|
||||||
web = {
|
web = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableAuth = true;
|
port = web-port;
|
||||||
listenAddress = toString web-port;
|
inherit basicAuth;
|
||||||
inherit authfile;
|
|
||||||
};
|
};
|
||||||
rutorrent.enable = true;
|
rutorrent.enable = true;
|
||||||
enableXMLRPC = true;
|
enableXMLRPC = true;
|
||||||
|
@ -8,6 +8,7 @@ _:
|
|||||||
./forward-journal.nix
|
./forward-journal.nix
|
||||||
./opentracker.nix
|
./opentracker.nix
|
||||||
./ps3netsrv.nix
|
./ps3netsrv.nix
|
||||||
|
./server-config.nix
|
||||||
./snapraid.nix
|
./snapraid.nix
|
||||||
./taskserver.nix
|
./taskserver.nix
|
||||||
./udpt.nix
|
./udpt.nix
|
||||||
|
10
makefu/3modules/server-config.nix
Normal file
10
makefu/3modules/server-config.nix
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
{config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with import <stockholm/lib>;
|
||||||
|
{
|
||||||
|
options.makefu.server.primary-itf = lib.mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = "Primary interface of the server";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
3
makefu/6tests/data/secrets/auth.nix
Normal file
3
makefu/6tests/data/secrets/auth.nix
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
{
|
||||||
|
user = "password";
|
||||||
|
}
|
@ -1 +0,0 @@
|
|||||||
"derp"
|
|
Loading…
Reference in New Issue
Block a user