diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index ff187b878..c85bf1ccd 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -26,6 +26,31 @@ with import <stockholm/lib>;
};
};
};
+ fileleech = rec {
+ cores = 4;
+ ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech";
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.113.98";
+ ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096";
+ aliases = [
+ "fileleech.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF
+ 8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K
+ YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait
+ nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z
+ e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V
+ UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+
pnp = {
cores = 1;
nets = {
diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix
index bcc52fb6e..0c478aded 100644
--- a/krebs/3modules/rtorrent.nix
+++ b/krebs/3modules/rtorrent.nix
@@ -73,22 +73,23 @@ let
# authentication also applies to rtorrent.rutorrent
enable = mkEnableOption "rtorrent nginx web RPC";
- listenAddress = mkOption {
- type = types.str;
+ port = mkOption {
+ type = types.nullOr types.int;
description =''
- nginx listen address for rtorrent web
+ nginx listen port for rtorrent
'';
- default = "localhost:8006";
+ default = 8006;
};
- enableAuth = mkEnableOption "rutorrent authentication";
- authfile = mkOption {
- type = types.path;
+ basicAuth = mkOption {
+ type = types.attrsOf types.str ;
description = ''
- basic authentication file to be used.
- Use `${pkgs.apacheHttpd}/bin/htpasswd -c <file> <username>` to create the file.
- Only in use if authentication is enabled.
+ basic authentication to be used. If unset, no authentication will be
+ enabled.
+
+ Refer to `services.nginx.virtualHosts.<name>.basicAuth`
'';
+ default = {};
};
};
@@ -104,7 +105,6 @@ let
default = pkgs.rutorrent;
};
-
webdir = mkOption {
type = types.path;
description = ''
@@ -286,36 +286,28 @@ let
};
rpcweb-imp = {
- krebs.nginx.enable = mkDefault true;
- krebs.nginx.servers.rtorrent = {
- listen = [ webcfg.listenAddress ];
- server-names = [ "default" ];
- extraConfig = ''
- ${optionalString webcfg.enableAuth ''
- auth_basic "rtorrent";
- auth_basic_user_file ${webcfg.authfile};
- ''}
- ${optionalString rucfg.enable ''
- root ${webdir};
- ''}
- '';
- locations = [
- (nameValuePair "/RPC2" ''
+ services.nginx.enable = mkDefault true;
+ services.nginx.virtualHosts.rtorrent = {
+ default = mkDefault true;
+ inherit (webcfg) basicAuth port;
+ root = optionalString rucfg.enable webdir;
+
+ locations = {
+ "/RPC2".extraConfig = ''
include ${pkgs.nginx}/conf/scgi_params;
scgi_param SCRIPT_NAME /RPC2;
scgi_pass unix:${cfg.xmlrpc-socket};
- '')
- ] ++ (optional rucfg.enable
- (nameValuePair "~ \.php$" ''
+ '';
+ } // (optionalAttrs rucfg.enable {
+ "~ \.php$".extraConfig = ''
client_max_body_size 200M;
- root ${webdir};
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${fpm-socket};
try_files $uri =404;
fastcgi_index index.php;
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
- '')
+ ''; }
);
};
};
diff --git a/krebs/5pkgs/rutorrent/default.nix b/krebs/5pkgs/rutorrent/default.nix
index 5a2259552..1084e7ce7 100644
--- a/krebs/5pkgs/rutorrent/default.nix
+++ b/krebs/5pkgs/rutorrent/default.nix
@@ -1,11 +1,11 @@
{ pkgs, ... }:
pkgs.stdenv.mkDerivation {
- name = "rutorrent-src-3.7";
+ name = "rutorrent-src_2016-12-09";
src = pkgs.fetchFromGitHub {
owner = "Novik";
repo = "rutorrent";
- rev = "b727523a153454d4976f04b0c47336ae57cc50d5";
- sha256 = "0s5wa0jnck781amln9c2p4pc0i5mq3j5693ra151lnwhz63aii4a";
+ rev = "580bba8c538b55c1f75f3ad65310ff4ff2a153f7";
+ sha256 = "1d9lgrzipy58dnx88z393p152kx6lki0x4aw40k8w9awsci4cx7p";
};
phases = [ "installPhase" ];
diff --git a/makefu/1systems/fileleech.nix b/makefu/1systems/fileleech.nix
new file mode 100644
index 000000000..4d9b37cea
--- /dev/null
+++ b/makefu/1systems/fileleech.nix
@@ -0,0 +1,27 @@
+{ config, pkgs, ... }:
+{
+ imports = [
+ ../.
+ # configure your hw:
+ # ../2configs/hw/CAC.nix
+ # ../2configs/fs/CAC-CentOS-7-64bit.nix
+ ../2configs/save-diskspace.nix
+ ../2configs/tinc/retiolum.nix
+
+ ];
+ krebs = {
+ enable = true;
+ build.host = config.krebs.hosts.fileleech;
+ };
+
+ boot.loader.grub.enable = true;
+ boot.loader.grub.version = 2;
+ boot.loader.grub.device = "/dev/disk/by-id/ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN";
+ fileSystems."/" = {
+ device = "/dev/disk/by-id/ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN";
+ };
+
+ boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "aacraid" "usb_storage" "usbhid" ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+}
diff --git a/makefu/2configs/elchos/irc-token.nix b/makefu/2configs/elchos/irc-token.nix
new file mode 100644
index 000000000..3f3c4ffc3
--- /dev/null
+++ b/makefu/2configs/elchos/irc-token.nix
@@ -0,0 +1,62 @@
+{pkgs, ...}:
+with import <stockholm/lib>;
+let
+ secret = (import <secrets/elchos-token.nix>);
+in {
+ systemd.services.elchos-irctoken = {
+ startAt = "*:0/30";
+ serviceConfig = {
+ RuntimeMaxSec = "20";
+ };
+ script = ''
+ set -euf
+ now=$(date -u +%Y-%m-%dT%H:%M)
+ sec=$(echo -n "${secret}$now" | md5sum | cut -d\ -f1)
+ message="The secret valid for 30 minutes is $sec"
+ echo "token for $now (UTC) is $sec"
+ LOGNAME=sec-announcer
+ HOSTNAME=$(${pkgs.systemd}/bin/hostnamectl --static)
+ IRC_SERVER=irc.freenode.net
+ IRC_PORT=6667
+ IRC_NICK=$HOSTNAME-$$
+ IRC_CHANNEL='#eloop'
+
+ export IRC_CHANNEL # for privmsg_cat
+
+ echo2() { echo "$*"; echo "$*" >&2; }
+
+ privmsg_cat() { ${pkgs.gawk}/bin/awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; }
+
+ tmpdir="$(mktemp -d irc-announce_XXXXXXXX)"
+ cd "$tmpdir"
+ mkfifo ircin
+ trap "
+ rm ircin
+ cd '$OLDPWD'
+ rmdir '$tmpdir'
+ trap - EXIT INT QUIT
+ " EXIT INT QUIT
+
+ {
+ echo2 "USER $LOGNAME 0 * :$LOGNAME@$HOSTNAME"
+ echo2 "NICK $IRC_NICK"
+
+ # wait for MODE message
+ ${pkgs.gnused}/bin/sed -un '/^:[^ ]* MODE /q'
+
+ echo2 "JOIN $IRC_CHANNEL"
+
+ printf '%s' "$message" \
+ | privmsg_cat
+
+ echo2 "PART $IRC_CHANNEL"
+
+ # wait for PART confirmation
+ sed -un '/:'"$IRC_NICK"'![^ ]* PART /q'
+
+ echo2 'QUIT :Gone to have lunch'
+ } < ircin \
+ | ${pkgs.netcat}/bin/netcat "$IRC_SERVER" "$IRC_PORT" |tee -a ircin
+ '';
+ };
+}
diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix
index 5b9ce6178..f3bc9091b 100644
--- a/makefu/2configs/torrent.nix
+++ b/makefu/2configs/torrent.nix
@@ -4,7 +4,7 @@ with import <stockholm/lib>;
let
daemon-user = "tor";
- authfile = <torrent-secrets/authfile>;
+ basicAuth = import <torrent-secrets/auth.nix>;
peer-port = 51412;
web-port = 8112;
daemon-port = 58846;
@@ -53,9 +53,8 @@ in {
enable = true;
web = {
enable = true;
- enableAuth = true;
- listenAddress = toString web-port;
- inherit authfile;
+ port = web-port;
+ inherit basicAuth;
};
rutorrent.enable = true;
enableXMLRPC = true;
diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix
index 855e134ab..16215b27a 100644
--- a/makefu/3modules/default.nix
+++ b/makefu/3modules/default.nix
@@ -8,6 +8,7 @@ _:
./forward-journal.nix
./opentracker.nix
./ps3netsrv.nix
+ ./server-config.nix
./snapraid.nix
./taskserver.nix
./udpt.nix
diff --git a/makefu/3modules/server-config.nix b/makefu/3modules/server-config.nix
new file mode 100644
index 000000000..dbd29d748
--- /dev/null
+++ b/makefu/3modules/server-config.nix
@@ -0,0 +1,10 @@
+{config, lib, pkgs, ... }:
+
+with import <stockholm/lib>;
+{
+ options.makefu.server.primary-itf = lib.mkOption {
+ type = types.str;
+ description = "Primary interface of the server";
+ };
+}
+
diff --git a/makefu/6tests/data/secrets/auth.nix b/makefu/6tests/data/secrets/auth.nix
new file mode 100644
index 000000000..92d5c34a8
--- /dev/null
+++ b/makefu/6tests/data/secrets/auth.nix
@@ -0,0 +1,3 @@
+{
+ user = "password";
+}
diff --git a/makefu/6tests/data/secrets/authfile b/makefu/6tests/data/secrets/authfile
deleted file mode 100644
index f5e704702..000000000
--- a/makefu/6tests/data/secrets/authfile
+++ /dev/null
@@ -1 +0,0 @@
-"derp"