summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlassulus <lass@aidsballs.de>2016-08-24 08:49:16 +0200
committerlassulus <lass@aidsballs.de>2016-08-24 08:49:16 +0200
commit662222f8c422ac8fa3daba8bc26ab5d5cd37fda1 (patch)
tree93d5629203803e06b6f9a60219ac7b0ce315399c
parenta545159c08c6a748299111184ba5a34b40d7af67 (diff)
parent56e8681fd2d5a77fe539e5506b4b8f23bc0f4261 (diff)
Merge remote-tracking branch 'gum/master'
-rw-r--r--krebs/3modules/makefu/default.nix29
-rw-r--r--makefu/1systems/gum.nix1
-rw-r--r--makefu/1systems/omo.nix13
-rw-r--r--makefu/1systems/wbob.nix65
-rw-r--r--makefu/2configs/opentracker.nix16
-rw-r--r--makefu/2configs/rtorrent.nix19
-rw-r--r--makefu/2configs/torrent.nix13
-rw-r--r--makefu/3modules/default.nix2
-rw-r--r--makefu/3modules/opentracker.nix55
-rw-r--r--makefu/3modules/rtorrent.nix367
10 files changed, 550 insertions, 30 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index e45d907d3..de5be964f 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -360,7 +360,6 @@ with config.krebs.lib;
ip6.addr = "42:f9f0::10";
aliases = [
"omo.retiolum"
- "tracker.makefu.r"
"omo.r"
];
tinc.pubkey = ''
@@ -446,6 +445,8 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
"gum.r"
"gum.retiolum"
"cgit.gum.retiolum"
+ "tracker.makefu.r"
+ "tracker.makefu.retiolum"
];
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
@@ -761,6 +762,32 @@ TNs2RYfwDy/r6H/hDeB/BSngPouedEVcPwIDAQAB
};
};
};
+ tcac-0-1 = rec {
+ cores = 1;
+ ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+ ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcX7rlGmGp1zCStrERXZ3XuT/j69FDBXV4ceLn9RXsG tcac-0-1
+ ";
+ nets = {
+ retiolum = {
+ ip4.addr = "10.243.144.142";
+ ip6.addr = "42:4bf8:94b:eec5:69e2:c837:686e:f278";
+ aliases = [
+ "tcac-0-1.retiolum"
+ ];
+ tinc.pubkey = ''
+ -----BEGIN RSA PUBLIC KEY-----
+ MIIBCgKCAQEA+3zuZa8FhFBcUNdNGyTQph6Jes0WDQB4CDcEcnK9okP60Z0ONq8j
+ 7sKmxzQ43WFm04fd992Aa/KLbYBbXmGtYuu68DQwQGwk3HVNksp6ha7uVK1ibgNs
+ zJIKizpFqK4NAYit0OfAy7ugVSvtyIxg9CDhnASDZ5NRq8/OLhvo5M4c3r3lGOlO
+ Hv1nf4Tl2IYRln3c+AJEiw2369K46mRlt28yHeKUw1ur6hrbahnkYW+bjeliROIs
+ QLp8J8Jl6evtPOyZpgyGHLQ/WPsQRK5svVA9ou17R//m4KNL1kBjTfxs7GaJWHLl
+ HpSZTqRKsuK6K9R6kzu7NU81Wz0HXxw/qwIDAQAB
+ -----END RSA PUBLIC KEY-----
+ '';
+ };
+ };
+ };
+
} // { # hosts only maintained in stockholm, not owned by me
muhbaasu = rec {
diff --git a/makefu/1systems/gum.nix b/makefu/1systems/gum.nix
index 0d8ac0053..ab369d192 100644
--- a/makefu/1systems/gum.nix
+++ b/makefu/1systems/gum.nix
@@ -22,6 +22,7 @@ in {
../2configs/tinc/retiolum.nix
../2configs/urlwatch.nix
../2configs/torrent.nix
+ ../2configs/opentracker.nix
];
services.smartd.devices = [ { device = "/dev/sda";} ];
diff --git a/makefu/1systems/omo.nix b/makefu/1systems/omo.nix
index 3aa5e943e..96f7be9fc 100644
--- a/makefu/1systems/omo.nix
+++ b/makefu/1systems/omo.nix
@@ -50,11 +50,24 @@ in {
#../2configs/share-user-sftp.nix
../2configs/omo-share.nix
../2configs/tinc/retiolum.nix
+ ../2configs/torrent.nix
## as long as pyload is not in nixpkgs:
# docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload
];
+ makefu.full-populate = true;
+ makefu.deluge.cfg = {
+ max_active_seeding = 1;
+ stop_seed_ratio = 1;
+ natpmp = true;
+ upnp = true;
+ max_upload_speed = 200;
+ };
+ users.groups.share = {
+ gid = config.krebs.lib.genid "share";
+ members = [ "makefu" "misa" ];
+ };
networking.firewall.trustedInterfaces = [ primaryInterface ];
# udp:137 udp:138 tcp:445 tcp:139 - samba, allowed in local net
# tcp:80 - nginx for sharing files
diff --git a/makefu/1systems/wbob.nix b/makefu/1systems/wbob.nix
index ff593ab35..ff176edd9 100644
--- a/makefu/1systems/wbob.nix
+++ b/makefu/1systems/wbob.nix
@@ -1,32 +1,53 @@
-{ config, pkgs, ... }:
-let rootdisk = "/dev/disk/by-id/ata-TS256GMTS800_C613840115";
+{ config, pkgs, lib, ... }:
+let
+ rootdisk = "/dev/disk/by-id/ata-TS256GMTS800_C613840115";
+ datadisk = "/dev/disk/by-id/ata-HGST_HTS721010A9E630_JR10006PH3A02F";
in {
- makefu.awesome = {
- modkey = "Mod1";
- #TODO: integrate kiosk config into full config by templating the autostart
- baseConfig = pkgs.awesomecfg.kiosk;
- };
imports =
[ # Include the results of the hardware scan.
../.
- ../2configs/main-laptop.nix
+ ../2configs/zsh-user.nix
+ ../2configs/base-gui.nix
+ ../2configs/laptop-utils.nix
../2configs/virtualization.nix
../2configs/tinc/retiolum.nix
];
+
krebs = {
enable = true;
build.host = config.krebs.hosts.wbob;
};
- networking.firewall.allowedUDPPorts = [ 1655 ];
- networking.firewall.allowedTCPPorts = [ 1655 49152 ];
- services.tinc.networks.siem = {
- name = "display";
- extraConfig = ''
- ConnectTo = sjump
+
+ swapDevices = [ { device = "/var/swap"; } ];
+
+ services.xserver = {
+ layout = lib.mkForce "de";
+
+ windowManager = lib.mkForce {
+ awesome.enable = false;
+ default = "none";
+ };
+ desktopManager.xfce.enable = true;
+
+ # xrandrHeads = [ "HDMI1" "HDMI2" ];
+ # prevent screen from turning off, disable dpms
+ displayManager.sessionCommands = ''
+ xset s off -dpms
+ xrandr --output HDMI2 --right-of HDMI1
'';
};
+ networking.firewall.allowedUDPPorts = [ 655 ];
+ networking.firewall.allowedTCPPorts = [ 655 49152 ];
+ #services.tinc.networks.siem = {
+ # name = "display";
+ # extraConfig = ''
+ # ConnectTo = sjump
+ # Port = 1655
+ # '';
+ #};
+
# rt2870.bin wifi card, part of linux-unfree
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
@@ -41,20 +62,18 @@ in {
hardware.cpu.intel.updateMicrocode = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ];
- fileSystems."/" = {
+ fileSystems = {
+ "/" = {
device = rootdisk + "-part1";
fsType = "ext4";
+ };
+ "/data" = {
+ device = datadisk + "-part1";
+ fsType = "ext4";
+ };
};
# DualHead on NUC
- services.xserver = {
- # xrandrHeads = [ "HDMI1" "HDMI2" ];
- # prevent screen from turning off, disable dpms
- displayManager.sessionCommands = ''
- xset s off -dpms
- xrandr --output HDMI2 --right-of HDMI1
- '';
- };
# TODO: update synergy package with these extras (username)
# TODO: add crypto layer
systemd.services."synergy-client" = {
diff --git a/makefu/2configs/opentracker.nix b/makefu/2configs/opentracker.nix
new file mode 100644
index 000000000..f98105625
--- /dev/null
+++ b/makefu/2configs/opentracker.nix
@@ -0,0 +1,16 @@
+{pkgs, ...}:
+
+let
+ daemon-port = 16969;
+ cfgfile = pkgs.writeText "opentracker-cfg" ''
+ '';
+in {
+ # Opentracker does not support local IPs (10.0.0.0/8 )
+ makefu.opentracker = {
+ enable = true;
+ args = "-p ${toString daemon-port} -P ${toString daemon-port}";
+ };
+ networking.firewall.allowedTCPPorts = [ daemon-port ];
+ networking.firewall.allowedUDPPorts = [ daemon-port ];
+
+}
diff --git a/makefu/2configs/rtorrent.nix b/makefu/2configs/rtorrent.nix
new file mode 100644
index 000000000..9e2990cab
--- /dev/null
+++ b/makefu/2configs/rtorrent.nix
@@ -0,0 +1,19 @@
+_:
+let
+ listenPort = 60123;
+ xml-port = 5000;
+ authfile = <torrent-secrets/authfile>;
+in {
+ makefu.rtorrent = {
+ enable = true;
+ web = {
+ enable = true;
+ enableAuth = true;
+ inherit authfile;
+ };
+ rutorrent.enable = true;
+ enableXMLRPC = true;
+ logLevel = "debug";
+ inherit listenPort;
+ };
+}
diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix
index c18db9fa3..09f3ca059 100644
--- a/makefu/2configs/torrent.nix
+++ b/makefu/2configs/torrent.nix
@@ -55,20 +55,21 @@ in {
autoadd_enable = true;
download_location = dl-dir + "/finished";
torrentfiles_location = dl-dir + "/torrents"; copy_torrent_file = true;
- lsd = true;
- dht = true;
- upnp = true;
- natpmp = true;
+ lsd = false;
+ dht = false;
+ upnp = false;
+ natpmp = false;
add_paused = false;
allow_remote = true;
remove_seed_at_ratio = false;
move_completed = false;
daemon_port = daemon-port;
+ random_port = false;
+ random_outgoing_ports = true;
listen_ports = [ peer-port peer-port ];
- outgoing_ports = [ peer-port peer-port ];
# performance tuning
cache_expiry = 3600;
- stop_seed_at_ratio = true;
+ stop_seed_at_ratio = false;
};
};
diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix
index 031ef1bc2..bddd96aa4 100644
--- a/makefu/3modules/default.nix
+++ b/makefu/3modules/default.nix
@@ -6,7 +6,9 @@ _:
./awesome-extra.nix
./deluge.nix
./forward-journal.nix
+ ./opentracker.nix
./ps3netsrv.nix
+ ./rtorrent.nix
./snapraid.nix
./taskserver.nix
./udpt.nix
diff --git a/makefu/3modules/opentracker.nix b/makefu/3modules/opentracker.nix
new file mode 100644
index 000000000..8847fc09a
--- /dev/null
+++ b/makefu/3modules/opentracker.nix
@@ -0,0 +1,55 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+let
+ cfg = config.makefu.opentracker;
+
+ out = {
+ options.makefu.opentracker = api;
+ config = lib.mkIf cfg.enable imp;
+ };
+
+ api = {
+ enable = mkEnableOption "opentracker";
+
+ package = mkOption {
+ type = types.package;
+ default = pkgs.opentracker;
+ };
+
+ args = mkOption {
+ type = types.string;
+ description = ''
+ see https://erdgeist.org/arts/software/opentracker/ for all params
+ '';
+ default = "";
+ };
+
+ user = mkOption {
+ description = ''
+ user which will run opentracker. by default opentracker drops all
+ privileges and runs in chroot after starting up as root.
+ '';
+ type = types.str;
+ default = "root";
+ };
+ };
+
+ imp = {
+ systemd.services.opentracker = {
+ description = "opentracker server";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ restartIfChanged = true;
+ serviceConfig = {
+ Type = "simple";
+ ExecStart = "${cfg.package}/bin/opentracker ${cfg.args}";
+ PrivateTmp = true;
+ WorkingDirectory = "/tmp";
+ User = "${cfg.user}";
+ };
+ };
+ };
+in
+out
+
diff --git a/makefu/3modules/rtorrent.nix b/makefu/3modules/rtorrent.nix
new file mode 100644
index 000000000..441707727
--- /dev/null
+++ b/makefu/3modules/rtorrent.nix
@@ -0,0 +1,367 @@
+{ config, lib, pkgs, ... }:
+
+with config.krebs.lib;
+let
+ cfg = config.makefu.rtorrent;
+ webcfg = config.makefu.rtorrent.web;
+ rucfg = config.makefu.rtorrent.rutorrent;
+
+ nginx-user = config.services.nginx.user;
+ nginx-group = config.services.nginx.group;
+ fpm-socket = "/var/run/php5-fpm-rutorrent.sock";
+
+ webdir = rucfg.webdir;
+ rutorrent-deps = with pkgs; [ curl php coreutils procps ffmpeg mediainfo ] ++
+ (if (config.nixpkgs.config.allowUnfree or false) then
+ trace "enabling unfree packages for rutorrent" [ unrar unzip ] else
+ trace "not enabling unfree packages for rutorrent because allowUnfree is unset" [])
+;
+ rutorrent = pkgs.stdenv.mkDerivation {
+ name = "rutorrent-src-3.7";
+ src = pkgs.fetchFromGitHub {
+ owner = "Novik";
+ repo = "rutorrent";
+ rev = "b727523a153454d4976f04b0c47336ae57cc50d5";
+ sha256 = "0s5wa0jnck781amln9c2p4pc0i5mq3j5693ra151lnwhz63aii4a";
+ };
+ phases = [ "patchPhase" "installPhase" ];
+ patchPhase = ''
+ cp -r $src src/
+ chmod u+w -R src/
+ sed -i -e 's#^\s*$scgi_port.*#$scgi_port = 0;#' \
+ -e 's#^\s*$scgi_host.*#$scgi_host = "unix://${cfg.xmlrpc-socket}";#' \
+ "src/conf/config.php"
+ '';
+ installPhase = ''
+ cp -r src/ $out
+ echo "replacing scgi port and host variable in conf/config.php"
+ '';
+ };
+ systemd-logfile = cfg.workDir + "/rtorrent-systemd.log";
+ configFile = pkgs.writeText "rtorrent-config" ''
+ # THIS FILE IS AUTOGENERATED
+ ${optionalString (cfg.listenPort != null) ''
+ port_range = ${toString cfg.listenPort}-${toString cfg.listenPort}
+ port_random = no
+ ''}
+
+ ${optionalString (cfg.watchDir != null) ''
+ schedule = watch_directory,5,5load_start=${cfg.watchDir}/*.torrent
+ ''}
+
+ directory = ${cfg.downloadDir}
+ session = ${cfg.sessionDir}
+
+ ${optionalString (cfg.enableXMLRPC ) ''
+ # prepare socket and set permissions. rtorrent user is part of group nginx
+ # TODO: configure a shared torrent group
+ execute_nothrow = rm,${cfg.xmlrpc-socket}
+ scgi_local = ${cfg.xmlrpc-socket}
+ schedule = scgi_permission,0,0,"execute.nothrow=chmod,\"ug+w,o=\",${cfg.xmlrpc-socket}"
+ ''}
+
+ system.file_allocate.set = ${if cfg.preAllocate then "yes" else "no"}
+
+ # Prepare systemd logging
+ log.open_file = "rtorrent-systemd", ${systemd-logfile}
+ log.add_output = "warn", "rtorrent-systemd"
+ log.add_output = "notice", "rtorrent-systemd"
+ log.add_output = "info", "rtorrent-systemd"
+ # log.add_output = "debug", "rtorrent-systemd"
+ log.execute = ${systemd-logfile}.execute
+ log.xmlrpc = ${systemd-logfile}.xmlrpc
+ ${cfg.extraConfig}
+ '';
+
+ out = {
+ options.makefu.rtorrent = api;
+ # This only works because none of the attrsets returns the same key
+ config = with lib; mkIf cfg.enable (lib.mkMerge [
+ (lib.mkIf webcfg.enable rpcweb-imp)
+ # only build rutorrent-imp if webcfg is enabled as well
+ (lib.mkIf (webcfg.enable && rucfg.enable) rutorrent-imp)
+ imp
+ ]);
+ };
+
+ api = {
+ enable = mkEnableOption "rtorrent";
+
+ web = {
+ # configure NGINX to provide /RPC2 for listen address
+ # authentication also applies to rtorrent.rutorrent
+ enable = mkEnableOption "rtorrent nginx web RPC";
+
+ listenAddress = mkOption {
+ type = types.str;
+ description =''
+ nginx listen address for rtorrent web
+ '';
+ default = "localhost:8006";
+ };
+
+ enableAuth = mkEnableOption "rutorrent authentication";
+ authfile = mkOption {
+ type = types.path;
+ description = ''
+ basic authentication file to be used.
+ Use `${pkgs.apacheHttpd}/bin/htpasswd -c <file> <username>` to create the file.
+ Only in use if authentication is enabled.
+ '';
+ };
+ };
+
+ rutorrent = {
+ enable = mkEnableOption "rutorrent"; # requires rtorrent.web.enable
+
+ package = mkOption {
+ type = types.package;
+ description = ''
+ path to rutorrent package. When using your own ruTorrent package,
+ make sure you patch the scgi_port and scgi_host.
+ '';
+ default = rutorrent;
+ };
+
+
+ webdir = mkOption {
+ type = types.path;
+ description = ''
+ rutorrent php files will be written to this folder.
+ when using nginx, be aware that the the folder should be readable by nginx.
+ because rutorrent does not hold mutable data in a separate folder
+ these files must be writable.
+ '';
+ default = "/var/lib/rutorrent";
+ };
+
+ };
+
+ package = mkOption {
+ type = types.package;
+ default = pkgs.rtorrent;
+ };
+
+ # TODO: enable xmlrpc with web.enable
+ enableXMLRPC = mkEnableOption "rtorrent xmlrpc via socket";
+ xmlrpc-socket = mkOption {
+ type = types.str;
+ description = ''
+ enable xmlrpc at given socket. Required for web-interface.
+
+ for documentation see:
+ https://github.com/rakshasa/rtorrent/wiki/RPC-Setup-XMLRPC
+ '';
+ default = cfg.workDir + "/rtorrent.sock";
+ };
+
+ preAllocate = mkOption {
+ type = types.bool;
+ description = ''
+ Pre-Allocate torrent files
+ '';
+ default = true;
+ };
+
+ logLevel = mkOption {
+ type = types.str;
+ description = ''
+ Log level to be used for systemd log
+ '';
+ default = "warn";
+ };
+
+ downloadDir = mkOption {
+ type = types.path;
+ description = ''
+ directory where torrents are stored
+ '';
+ default = cfg.workDir + "/downloads";
+ };
+
+ sessionDir = mkOption {
+ type = types.path;
+ description = ''
+ directory where torrent progress is stored
+ '';
+ default = cfg.workDir + "/rtorrent-session";
+ };
+
+ watchDir = mkOption {
+ type = with types; nullOr str;
+ description = ''
+ directory to watch for torrent files.
+ If unset, no watch directory will be configured
+ '';
+ default = null;
+ };
+
+ listenPort = mkOption {
+ type = with types; nullOr int;
+ description =''
+ listening port. if you want multiple ports, use extraConfig port_range
+ '';
+ };
+
+ extraConfig = mkOption {
+ type = types.string;
+ description = ''
+ config to be placed into ${cfg.workDir}/.rtorrent.rc
+
+ see ${cfg.package}/share/doc/rtorrent/rtorrent.rc
+ '';
+ default = "";
+ };
+
+ user = mkOption {
+ description = ''
+ user which will run rtorrent. if kept default a new user will be created
+ '';
+ type = types.str;
+ default = "rtorrent";
+ };
+
+ workDir = mkOption {
+ description = ''
+ working directory. rtorrent will search in HOME for `.rtorrent.rc`
+ '';
+ type = types.str;
+ default = "/var/lib/rtorrent";
+ };
+
+ };
+
+ imp = {
+ systemd.services = {
+ rtorrent-daemon = {
+ description = "rtorrent headless";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+ restartIfChanged = true;
+ serviceConfig = {
+ Type = "forking";
+ ExecStartPre = pkgs.writeDash "prepare-folder" ''
+ mkdir -p ${cfg.workDir} ${cfg.sessionDir}
+ chmod 770 ${cfg.workDir} ${cfg.sessionDir}
+ touch ${systemd-logfile}
+ cp -f ${configFile} ${cfg.workDir}/.rtorrent.rc
+ '';
+ ExecStart = "${pkgs.tmux.bin}/bin/tmux new-session -s rt -n rtorrent -d 'PATH=/bin:/usr/bin:${makeBinPath rutorrent-deps} ${cfg.package}/bin/rtorrent'";
+
+ # PrivateTmp = true;
+ ## now you can simply sudo -u rtorrent tmux a
+ ## otherwise the tmux session is stored in some private folder in /tmp
+ WorkingDirectory = cfg.workDir;
+ Restart = "on-failure";
+ User = "${cfg.user}";
+ };
+ };
+ rtorrent-log = {
+ after = [ "rtorrent-daemon.service" ];
+ bindsTo = [ "rtorrent-daemon.service" ];
+ wantedBy = [ "rtorrent-daemon.service" ];
+ serviceConfig = {
+ ExecStart = "${pkgs.coreutils}/bin/tail -f ${systemd-logfile}";
+ User = "${cfg.user}";
+ };
+ };
+ } // (optionalAttrs webcfg.enable {
+ rutorrent-prepare = {
+ after = [ "rtorrent-daemon.service" ];
+ bindsTo = [ "rtorrent-daemon.service" ];
+ wantedBy = [ "rtorrent-daemon.service" ];
+ serviceConfig = {
+ Type = "oneshot";
+ # we create the folder and set the permissions to allow nginx
+ # TODO: update files if the version of rutorrent changed
+ ExecStart = pkgs.writeDash "create-webconfig-dir" ''
+ if [ ! -e ${webdir} ];then
+ echo "creating webconfiguration directory for rutorrent: ${webdir}"
+ cp -r ${rucfg.package} ${webdir}
+ chown -R ${cfg.user}:${nginx-group} ${webdir}
+ chmod -R 770 ${webdir}
+ else
+ echo "not overwriting ${webdir}"
+ fi
+ '';
+ };
+ };
+ })
+ // (optionalAttrs rucfg.enable { });
+
+ users = lib.mkIf (cfg.user == "rtorrent") {
+ users.rtorrent = {
+ uid = genid "rtorrent";
+ home = cfg.workDir;
+ group = nginx-group;
+ shell = "/bin/sh"; #required for tmux
+ isSystemUser = true;
+ createHome = true;
+ };
+ groups.rtorrent.gid = genid "rtorrent";
+ };
+ };
+
+ rpcweb-imp = {
+ krebs.nginx.enable = mkDefault true;
+ krebs.nginx.servers.rtorrent = {
+ listen = [ webcfg.listenAddress ];
+ server-names = [ "default" ];
+ extraConfig = ''
+ ${optionalString webcfg.enableAuth ''
+ auth_basic "rtorrent";
+ auth_basic_user_file ${webcfg.authfile};
+ ''}
+ ${optionalString rucfg.enable ''
+ root ${webdir};
+ ''}
+ '';
+ locations = [
+ (nameValuePair "/RPC2" ''
+ include ${pkgs.nginx}/conf/scgi_params;
+ scgi_param SCRIPT_NAME /RPC2;
+ scgi_pass unix:${cfg.xmlrpc-socket};
+ '')
+ ] ++ (optional rucfg.enable
+ (nameValuePair "~ \.php$" ''
+ client_max_body_size 200M;
+ root ${webdir};
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ fastcgi_pass unix:${fpm-socket};
+ try_files $uri =404;
+ fastcgi_index index.php;
+ include ${pkgs.nginx}/conf/fastcgi_params;
+ include ${pkgs.nginx}/conf/fastcgi.conf;
+ '')
+ );
+ };
+ };
+
+ rutorrent-imp = {
+ services.phpfpm = {
+ # phpfpm does not have an enable option
+ poolConfigs = {
+ rutorrent = ''
+ user = ${nginx-user}
+ group = ${nginx-group}
+ listen = ${fpm-socket}
+ listen.owner = ${nginx-user}
+ listen.group = ${nginx-group}
+ pm = dynamic
+ pm.max_children = 5
+ pm.start_servers = 2
+ pm.min_spare_servers = 1
+ pm.max_spare_servers = 3
+ chdir = /
+ # errors to journal
+ php_admin_value[error_log] = 'stderr'
+ php_admin_flag[log_errors] = on
+ catch_workers_output = yes
+ env[PATH] = ${makeBinPath rutorrent-deps}
+ '';
+ };
+ };
+ };
+in
+out
+