diff options
author | Frederik Rietdijk <fridh@fridh.nl> | 2019-08-31 10:04:20 +0200 |
---|---|---|
committer | Frederik Rietdijk <fridh@fridh.nl> | 2019-08-31 10:04:20 +0200 |
commit | ad1d58c6227abf2a9c80311eb09166a532384ed2 (patch) | |
tree | 852498ff298f9b01c0d2c8b4c883da1a00912260 /nixos/modules/services/torrent | |
parent | ebe4fd146b29c92fb59f243f75e46afc9f1a9048 (diff) | |
parent | fc74ba8291a8a93cba428de6bc2e7c8c7f9330f4 (diff) |
Merge staging-next into staging
Diffstat (limited to 'nixos/modules/services/torrent')
-rw-r--r-- | nixos/modules/services/torrent/magnetico.nix | 214 |
1 files changed, 214 insertions, 0 deletions
diff --git a/nixos/modules/services/torrent/magnetico.nix b/nixos/modules/services/torrent/magnetico.nix new file mode 100644 index 000000000000..02fa2ac0750a --- /dev/null +++ b/nixos/modules/services/torrent/magnetico.nix @@ -0,0 +1,214 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.magnetico; + + dataDir = "/var/lib/magnetico"; + + credFile = with cfg.web; + if credentialsFile != null + then credentialsFile + else pkgs.writeText "magnetico-credentials" + (concatStrings (mapAttrsToList + (user: hash: "${user}:${hash}\n") + cfg.web.credentials)); + + # default options in magneticod/main.go + dbURI = concatStrings + [ "sqlite3://${dataDir}/database.sqlite3" + "?_journal_mode=WAL" + "&_busy_timeout=3000" + "&_foreign_keys=true" + ]; + + crawlerArgs = with cfg.crawler; escapeShellArgs + ([ "--database=${dbURI}" + "--indexer-addr=${address}:${toString port}" + "--indexer-max-neighbors=${toString maxNeighbors}" + "--leech-max-n=${toString maxLeeches}" + ] ++ extraOptions); + + webArgs = with cfg.web; escapeShellArgs + ([ "--database=${dbURI}" + (if (cfg.web.credentialsFile != null || cfg.web.credentials != { }) + then "--credentials=${toString credFile}" + else "--no-auth") + ] ++ extraOptions); + +in { + + ###### interface + + options.services.magnetico = { + enable = mkEnableOption "Magnetico, Bittorrent DHT crawler"; + + crawler.address = mkOption { + type = types.str; + default = "0.0.0.0"; + example = "1.2.3.4"; + description = '' + Address to be used for indexing DHT nodes. + ''; + }; + + crawler.port = mkOption { + type = types.port; + default = 0; + description = '' + Port to be used for indexing DHT nodes. + This port should be added to + <option>networking.firewall.allowedTCPPorts</option>. + ''; + }; + + crawler.maxNeighbors = mkOption { + type = types.ints.positive; + default = 1000; + description = '' + Maximum number of simultaneous neighbors of an indexer. + Be careful changing this number: high values can very + easily cause your network to be congested or even crash + your router. + ''; + }; + + crawler.maxLeeches = mkOption { + type = types.ints.positive; + default = 200; + description = '' + Maximum number of simultaneous leeches. + ''; + }; + + crawler.extraOptions = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Extra command line arguments to pass to magneticod. + ''; + }; + + web.address = mkOption { + type = types.str; + default = "localhost"; + example = "1.2.3.4"; + description = '' + Address the web interface will listen to. + ''; + }; + + web.port = mkOption { + type = types.port; + default = 8080; + description = '' + Port the web interface will listen to. + ''; + }; + + web.credentials = mkOption { + type = types.attrsOf types.str; + default = {}; + example = lib.literalExample '' + { + myuser = "$2y$12$YE01LZ8jrbQbx6c0s2hdZO71dSjn2p/O9XsYJpz.5968yCysUgiaG"; + } + ''; + description = '' + The credentials to access the web interface, in case authentication is + enabled, in the format <literal>username:hash</literal>. If unset no + authentication will be required. + + Usernames must start with a lowercase ([a-z]) ASCII character, might + contain non-consecutive underscores except at the end, and consists of + small-case a-z characters and digits 0-9. The + <command>htpasswd</command> tool from the <package>apacheHttpd + </package> package may be used to generate the hash: <command>htpasswd + -bnBC 12 username password</command> + + <warning> + <para> + The hashes will be stored world-readable in the nix store. + Consider using the <literal>credentialsFile</literal> option if you + don't want this. + </para> + </warning> + ''; + }; + + web.credentialsFile = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + The path to the file holding the credentials to access the web + interface. If unset no authentication will be required. + + The file must constain user names and password hashes in the format + <literal>username:hash </literal>, one for each line. Usernames must + start with a lowecase ([a-z]) ASCII character, might contain + non-consecutive underscores except at the end, and consists of + small-case a-z characters and digits 0-9. + The <command>htpasswd</command> tool from the <package>apacheHttpd + </package> package may be used to generate the hash: + <command>htpasswd -bnBC 12 username password</command> + ''; + }; + + web.extraOptions = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Extra command line arguments to pass to magneticow. + ''; + }; + + }; + + ###### implementation + + config = mkIf cfg.enable { + + users.users.magnetico = { + description = "Magnetico daemons user"; + }; + + systemd.services.magneticod = { + description = "Magnetico DHT crawler"; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + + serviceConfig = { + User = "magnetico"; + Restart = "on-failure"; + ExecStart = "${pkgs.magnetico}/bin/magneticod ${crawlerArgs}"; + }; + }; + + systemd.services.magneticow = { + description = "Magnetico web interface"; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" "magneticod.service"]; + + serviceConfig = { + User = "magnetico"; + StateDirectory = "magnetico"; + Restart = "on-failure"; + ExecStart = "${pkgs.magnetico}/bin/magneticow ${webArgs}"; + }; + }; + + assertions = + [ + { + assertion = cfg.web.credentialsFile != null || cfg.web.credentials != { }; + message = '' + The options services.magnetico.web.credentialsFile and + services.magnetico.web.credentials are mutually exclusives. + ''; + } + ]; + + }; + +} |