diff options
author | makefu <github@syntax-fehler.de> | 2022-02-28 21:31:52 +0100 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2022-02-28 21:31:52 +0100 |
commit | 036289a0a119159901e20c272b97c00412e41676 (patch) | |
tree | 427103fe394878ecd3890f5d486e92d32616cc5d /makefu/2configs/torrent/rtorrent.nix | |
parent | 12ba7d6aeb6a28a94713c5965a22f987f989b5f4 (diff) |
ma omo.r: enable more services
Diffstat (limited to 'makefu/2configs/torrent/rtorrent.nix')
-rw-r--r-- | makefu/2configs/torrent/rtorrent.nix | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/makefu/2configs/torrent/rtorrent.nix b/makefu/2configs/torrent/rtorrent.nix new file mode 100644 index 000000000..74f1e5fe8 --- /dev/null +++ b/makefu/2configs/torrent/rtorrent.nix @@ -0,0 +1,73 @@ +{ config, lib, pkgs, ... }: + +with import <stockholm/lib>; + +let + basicAuth = import <torrent-secrets/auth.nix>; + peer-port = 51412; + web-port = 8112; + daemon-port = 58846; + base-dir = config.krebs.rtorrent.workDir; +in { + + users.users = { + download = { + name = "download"; + home = base-dir; + uid = mkDefault (genid "download"); + createHome = true; + useDefaultShell = true; + group = "download"; + openssh.authorizedKeys.keys = [ ]; + }; + }; + + users.extraGroups = { + download = { + gid = lib.mkDefault (genid "download"); + members = [ + config.krebs.build.user.name + "download" + "rtorrent" + "nginx" + ]; + }; + rtorrent.members = [ "download" ]; + }; + + krebs.rtorrent = let + d = config.makefu.dl-dir; + in { + enable = true; + web = { + enable = true; + port = web-port; + inherit basicAuth; + }; + rutorrent.enable = true; + enableXMLRPC = true; + listenPort = peer-port; + downloadDir = d + "/finished/incoming"; + watchDir = d + "/watch"; + # TODO: maybe test out multiple watch dirs with tags: https://github.com/rakshasa/rtorrent/wiki/TORRENT-Watch-directories + extraConfig = '' + # log.add_output = "debug", "rtorrent-systemd" + # log.add_output = "dht_debug", "rtorrent-systemd" + # log.add_output = "tracker_debug", "rtorrent-systemd" + log.add_output = "rpc_events", "rtorrent-systemd" + # log.add_output = "rpc_dump", "rtorrent-systemd" + system.daemon.set = true + ''; + # dump old torrents into watch folder to have them re-added + }; + + services.nginx.virtualHosts."torrent.${config.krebs.build.host.name}.r".locations."/" = { proxyPass = "http://localhost:${toString web-port}/"; }; + + networking.firewall.extraCommands = '' + iptables -A INPUT -i retiolum -p tcp --dport ${toString web-port} -j ACCEPT + ''; + + networking.firewall.allowedTCPPorts = [ peer-port ]; + networking.firewall.allowedUDPPorts = [ peer-port ]; + state = [ config.krebs.rtorrent.sessionDir ]; # state which torrents were loaded +} |