diff options
author | makefu <github@syntax-fehler.de> | 2016-08-21 11:55:46 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2016-08-21 11:55:46 +0200 |
commit | 90afbfa31af036f4475005cd80dbf6b1722c4de4 (patch) | |
tree | 0d3e3555339868fa05c5597d76b358023566317f /makefu/2configs/torrent.nix | |
parent | 79e3a3dad36f67296001f269e6716a1bd21c983c (diff) |
m 5 torrent: implement shared torrent secret
Diffstat (limited to 'makefu/2configs/torrent.nix')
-rw-r--r-- | makefu/2configs/torrent.nix | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix new file mode 100644 index 000000000..c18db9fa3 --- /dev/null +++ b/makefu/2configs/torrent.nix @@ -0,0 +1,81 @@ +{ config, lib, pkgs, ... }: + +with config.krebs.lib; + +let + daemon-user = "tor"; + daemon-pw = (import <torrent-secrets/daemon-pw>); + peer-port = 51412; + web-port = 8112; + daemon-port = 58846; + dl-dir = "/var/download"; +in { + # prepare secrets + krebs.build.source.torrent-secrets.file = + if getEnv "dummy_secrets" == "true" + then toString <stockholm/makefu/6tests/data/secrets> + else "/home/makefu/secrets/torrent"; + + users.users = { + download = { + name = "download"; + home = dl-dir; + uid = genid "download"; + createHome = true; + useDefaultShell = true; + group = "download"; + openssh.authorizedKeys.keys = [ ]; + }; + }; + # todo: race condition, do this after download user has been created + system.activationScripts."download-dir-chmod" = '' + for i in finished torrents; do + mkdir -p "${dl-dir}/$i" + chown download:download "${dl-dir}/$i" + chmod 770 "${dl-dir}/$i" + done + ''; + + users.extraGroups = { + download = { + gid = genid "download"; + members = [ + config.krebs.build.user.name + "download" + "deluge" + ]; + }; + }; + + makefu.deluge = { + enable = true; + auth = "${daemon-user}:${daemon-pw}:10"; + # web.enable = true; + cfg = { + autoadd_enable = true; + download_location = dl-dir + "/finished"; + torrentfiles_location = dl-dir + "/torrents"; copy_torrent_file = true; + lsd = true; + dht = true; + upnp = true; + natpmp = true; + add_paused = false; + allow_remote = true; + remove_seed_at_ratio = false; + move_completed = false; + daemon_port = daemon-port; + listen_ports = [ peer-port peer-port ]; + outgoing_ports = [ peer-port peer-port ]; + # performance tuning + cache_expiry = 3600; + stop_seed_at_ratio = true; + }; + }; + + networking.firewall.extraCommands = '' + iptables -A INPUT -i retiolum -p tcp --dport ${toString daemon-port} -j ACCEPT + ''; + + networking.firewall.allowedTCPPorts = [ peer-port ]; + networking.firewall.allowedUDPPorts = [ peer-port ]; +} |