summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/torrent.nix
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2016-08-21 11:55:46 +0200
committermakefu <github@syntax-fehler.de>2016-08-21 11:55:46 +0200
commit90afbfa31af036f4475005cd80dbf6b1722c4de4 (patch)
tree0d3e3555339868fa05c5597d76b358023566317f /makefu/2configs/torrent.nix
parent79e3a3dad36f67296001f269e6716a1bd21c983c (diff)
m 5 torrent: implement shared torrent secret
Diffstat (limited to 'makefu/2configs/torrent.nix')
-rw-r--r--makefu/2configs/torrent.nix81
1 files changed, 81 insertions, 0 deletions
diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix
new file mode 100644
index 000000000..c18db9fa3
--- /dev/null
+++ b/makefu/2configs/torrent.nix
@@ -0,0 +1,81 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+
+let
+ daemon-user = "tor";
+ daemon-pw = (import <torrent-secrets/daemon-pw>);
+ peer-port = 51412;
+ web-port = 8112;
+ daemon-port = 58846;
+ dl-dir = "/var/download";
+in {
+ # prepare secrets
+ krebs.build.source.torrent-secrets.file =
+ if getEnv "dummy_secrets" == "true"
+ then toString <stockholm/makefu/6tests/data/secrets>
+ else "/home/makefu/secrets/torrent";
+
+ users.users = {
+ download = {
+ name = "download";
+ home = dl-dir;
+ uid = genid "download";
+ createHome = true;
+ useDefaultShell = true;
+ group = "download";
+ openssh.authorizedKeys.keys = [ ];
+ };
+ };
+ # todo: race condition, do this after download user has been created
+ system.activationScripts."download-dir-chmod" = ''
+ for i in finished torrents; do
+ mkdir -p "${dl-dir}/$i"
+ chown download:download "${dl-dir}/$i"
+ chmod 770 "${dl-dir}/$i"
+ done
+ '';
+
+ users.extraGroups = {
+ download = {
+ gid = genid "download";
+ members = [
+ config.krebs.build.user.name
+ "download"
+ "deluge"
+ ];
+ };
+ };
+
+ makefu.deluge = {
+ enable = true;
+ auth = "${daemon-user}:${daemon-pw}:10";
+ # web.enable = true;
+ cfg = {
+ autoadd_enable = true;
+ download_location = dl-dir + "/finished";
+ torrentfiles_location = dl-dir + "/torrents"; copy_torrent_file = true;
+ lsd = true;
+ dht = true;
+ upnp = true;
+ natpmp = true;
+ add_paused = false;
+ allow_remote = true;
+ remove_seed_at_ratio = false;
+ move_completed = false;
+ daemon_port = daemon-port;
+ listen_ports = [ peer-port peer-port ];
+ outgoing_ports = [ peer-port peer-port ];
+ # performance tuning
+ cache_expiry = 3600;
+ stop_seed_at_ratio = true;
+ };
+ };
+
+ networking.firewall.extraCommands = ''
+ iptables -A INPUT -i retiolum -p tcp --dport ${toString daemon-port} -j ACCEPT
+ '';
+
+ networking.firewall.allowedTCPPorts = [ peer-port ];
+ networking.firewall.allowedUDPPorts = [ peer-port ];
+}