75 lines
1.7 KiB
Nix
75 lines
1.7 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with config.krebs.lib;
|
|
|
|
let
|
|
daemon-user = "tor";
|
|
authfile = <torrent-secrets/authfile>;
|
|
peer-port = 51412;
|
|
web-port = 8112;
|
|
daemon-port = 58846;
|
|
dl-dir = "/var/download";
|
|
in {
|
|
# prepare secrets
|
|
krebs.build.source.torrent-secrets.file =
|
|
if getEnv "dummy_secrets" == "true"
|
|
then toString <stockholm/makefu/6tests/data/secrets>
|
|
else "/home/makefu/secrets/torrent";
|
|
|
|
users.users = {
|
|
download = {
|
|
name = "download";
|
|
home = dl-dir;
|
|
uid = genid "download";
|
|
createHome = true;
|
|
useDefaultShell = true;
|
|
group = "download";
|
|
openssh.authorizedKeys.keys = [ ];
|
|
};
|
|
};
|
|
|
|
# todo: race condition, do this after download user has been created
|
|
system.activationScripts."download-dir-chmod" = ''
|
|
for i in finished watch torrents; do
|
|
mkdir -p "${dl-dir}/$i"
|
|
chown download:download "${dl-dir}/$i"
|
|
chmod 770 "${dl-dir}/$i"
|
|
done
|
|
'';
|
|
|
|
users.extraGroups = {
|
|
download = {
|
|
gid = genid "download";
|
|
members = [
|
|
config.krebs.build.user.name
|
|
"download"
|
|
"rtorrent"
|
|
"nginx"
|
|
];
|
|
};
|
|
};
|
|
|
|
makefu.rtorrent = {
|
|
enable = true;
|
|
web = {
|
|
enable = true;
|
|
enableAuth = true;
|
|
listenAddress = toString web-port;
|
|
inherit authfile;
|
|
};
|
|
rutorrent.enable = true;
|
|
enableXMLRPC = true;
|
|
listenPort = peer-port;
|
|
downloadDir = dl-dir + "/finished";
|
|
# dump old torrents into watch folder to have them re-added
|
|
watchDir = dl-dir +"/watch";
|
|
};
|
|
|
|
networking.firewall.extraCommands = ''
|
|
iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT
|
|
'';
|
|
|
|
networking.firewall.allowedTCPPorts = [ peer-port ];
|
|
networking.firewall.allowedUDPPorts = [ peer-port ];
|
|
}
|