diff options
author | tv <tv@krebsco.de> | 2018-09-16 02:11:05 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2018-09-16 02:11:05 +0200 |
commit | 45c39cddad6d8d2d65b3a145648611c1e9c78737 (patch) | |
tree | 66f5ed7d2f09bf422b0e3128fadf449da428858e /makefu/2configs/dcpp | |
parent | 5487d466d0d9b596b054c545b499aecbbe56b5aa (diff) | |
parent | 0b3497384e7e67e734f5f771fcb5aa649ad964d2 (diff) |
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'makefu/2configs/dcpp')
-rw-r--r-- | makefu/2configs/dcpp/client.nix | 9 | ||||
-rw-r--r-- | makefu/2configs/dcpp/hub.nix | 112 |
2 files changed, 121 insertions, 0 deletions
diff --git a/makefu/2configs/dcpp/client.nix b/makefu/2configs/dcpp/client.nix new file mode 100644 index 000000000..3b27778e5 --- /dev/null +++ b/makefu/2configs/dcpp/client.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: +{ # ncdc + environment.systemPackages = [ pkgs.ncdc ]; + networking.firewall = { + allowedUDPPorts = [ 51411 ]; + allowedTCPPorts = [ 51411 ]; + }; +} + diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix new file mode 100644 index 000000000..92977b4c8 --- /dev/null +++ b/makefu/2configs/dcpp/hub.nix @@ -0,0 +1,112 @@ +{ config, lib, pkgs, ... }: + +# search also generates ddclient entries for all other logs + +with import <stockholm/lib>; +let + ddclientUser = "ddclient"; + sec = toString <secrets>; + nsupdate = import "${sec}/nsupdate-hub.nix"; + stateDir = "/var/spool/ddclient"; + cfg = "${stateDir}/cfg"; + ext-if = config.makefu.server.primary-itf; + ddclientPIDFile = "${stateDir}/ddclient.pid"; + + # TODO: correct cert generation requires a `real` internet ip address + + gen-cfg = dict: '' + ssl=yes + cache=${stateDir}/ddclient.cache + pid=${ddclientPIDFile} + ${concatStringsSep "\n" (mapAttrsToList (user: pass: '' + + protocol=dyndns2 + use=web, web=http://ipv4.nsupdate.info/myip + ssl=yes + server=ipv4.nsupdate.info + login=${user} + password='${pass}' + ${user} + + '') dict)} + ''; + uhubDir = "/var/lib/uhub"; + +in { + users.extraUsers = singleton { + name = ddclientUser; + uid = genid "ddclient"; + description = "ddclient daemon user"; + home = stateDir; + createHome = true; + }; + + systemd.services = { + redis.serviceConfig.LimitNOFILE=10032; + ddclient-nsupdate-uhub = { + wantedBy = [ "multi-user.target" ]; + after = [ "ip-up.target" ]; + serviceConfig = { + Type = "forking"; + User = ddclientUser; + PIDFile = ddclientPIDFile; + ExecStartPre = pkgs.writeDash "init-nsupdate" '' + cp -vf ${pkgs.writeText "ddclient-config" (gen-cfg nsupdate)} ${cfg} + chmod 700 ${cfg} + ''; + ExecStart = "${pkgs.ddclient}/bin/ddclient -verbose -daemon 1 -noquiet -file ${cfg}"; + }; + }; + }; + + networking.firewall.extraCommands = '' + iptables -A PREROUTING -t nat -i ${ext-if} -p tcp --dport 411 -j REDIRECT --to-port 1511 + ''; + systemd.services.uhub.serviceConfig = { + PrivateTmp = true; + PermissionsStartOnly = true; + ExecStartPre = pkgs.writeDash "uhub-pre" '' + cp -f ${toString <secrets/wildcard.krebsco.de.crt>} ${uhubDir}/uhub.crt + cp -f ${toString <secrets/wildcard.krebsco.de.key>} ${uhubDir}/uhub.key + if test -d ${uhubDir};then + echo "Directory ${uhubDir} already exists, skipping db init" + else + echo "Copying sql user db" + cp ${toString <secrets/uhub.sql>} ${uhubDir}/uhub.sql + fi + chown -R uhub ${uhubDir} + ''; + + }; + users.users.uhub = { + home = uhubDir; + createHome = true; + }; + services.uhub = { + enable = true; + port = 1511; + enableTLS = true; + hubConfig = '' + hub_name = "krebshub" + tls_certificate = ${uhubDir}/uhub.crt + tls_private_key = ${uhubDir}/uhub.key + registered_users_only = true + ''; + plugins = { + welcome = { + enable = true; + motd = "shareit"; + rules = "1. Don't be an asshole"; + }; + history = { + enable = true; + }; + authSqlite = { + enable = true; + file = "${uhubDir}/uhub.sql"; + }; + + }; + }; + networking.firewall.allowedTCPPorts = [ 411 1511 ]; +} |