summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/dcpp
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2018-09-16 02:11:05 +0200
committertv <tv@krebsco.de>2018-09-16 02:11:05 +0200
commit45c39cddad6d8d2d65b3a145648611c1e9c78737 (patch)
tree66f5ed7d2f09bf422b0e3128fadf449da428858e /makefu/2configs/dcpp
parent5487d466d0d9b596b054c545b499aecbbe56b5aa (diff)
parent0b3497384e7e67e734f5f771fcb5aa649ad964d2 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'makefu/2configs/dcpp')
-rw-r--r--makefu/2configs/dcpp/client.nix9
-rw-r--r--makefu/2configs/dcpp/hub.nix112
2 files changed, 121 insertions, 0 deletions
diff --git a/makefu/2configs/dcpp/client.nix b/makefu/2configs/dcpp/client.nix
new file mode 100644
index 000000000..3b27778e5
--- /dev/null
+++ b/makefu/2configs/dcpp/client.nix
@@ -0,0 +1,9 @@
+{ pkgs, ... }:
+{ # ncdc
+ environment.systemPackages = [ pkgs.ncdc ];
+ networking.firewall = {
+ allowedUDPPorts = [ 51411 ];
+ allowedTCPPorts = [ 51411 ];
+ };
+}
+
diff --git a/makefu/2configs/dcpp/hub.nix b/makefu/2configs/dcpp/hub.nix
new file mode 100644
index 000000000..92977b4c8
--- /dev/null
+++ b/makefu/2configs/dcpp/hub.nix
@@ -0,0 +1,112 @@
+{ config, lib, pkgs, ... }:
+
+# search also generates ddclient entries for all other logs
+
+with import <stockholm/lib>;
+let
+ ddclientUser = "ddclient";
+ sec = toString <secrets>;
+ nsupdate = import "${sec}/nsupdate-hub.nix";
+ stateDir = "/var/spool/ddclient";
+ cfg = "${stateDir}/cfg";
+ ext-if = config.makefu.server.primary-itf;
+ ddclientPIDFile = "${stateDir}/ddclient.pid";
+
+ # TODO: correct cert generation requires a `real` internet ip address
+
+ gen-cfg = dict: ''
+ ssl=yes
+ cache=${stateDir}/ddclient.cache
+ pid=${ddclientPIDFile}
+ ${concatStringsSep "\n" (mapAttrsToList (user: pass: ''
+
+ protocol=dyndns2
+ use=web, web=http://ipv4.nsupdate.info/myip
+ ssl=yes
+ server=ipv4.nsupdate.info
+ login=${user}
+ password='${pass}'
+ ${user}
+
+ '') dict)}
+ '';
+ uhubDir = "/var/lib/uhub";
+
+in {
+ users.extraUsers = singleton {
+ name = ddclientUser;
+ uid = genid "ddclient";
+ description = "ddclient daemon user";
+ home = stateDir;
+ createHome = true;
+ };
+
+ systemd.services = {
+ redis.serviceConfig.LimitNOFILE=10032;
+ ddclient-nsupdate-uhub = {
+ wantedBy = [ "multi-user.target" ];
+ after = [ "ip-up.target" ];
+ serviceConfig = {
+ Type = "forking";
+ User = ddclientUser;
+ PIDFile = ddclientPIDFile;
+ ExecStartPre = pkgs.writeDash "init-nsupdate" ''
+ cp -vf ${pkgs.writeText "ddclient-config" (gen-cfg nsupdate)} ${cfg}
+ chmod 700 ${cfg}
+ '';
+ ExecStart = "${pkgs.ddclient}/bin/ddclient -verbose -daemon 1 -noquiet -file ${cfg}";
+ };
+ };
+ };
+
+ networking.firewall.extraCommands = ''
+ iptables -A PREROUTING -t nat -i ${ext-if} -p tcp --dport 411 -j REDIRECT --to-port 1511
+ '';
+ systemd.services.uhub.serviceConfig = {
+ PrivateTmp = true;
+ PermissionsStartOnly = true;
+ ExecStartPre = pkgs.writeDash "uhub-pre" ''
+ cp -f ${toString <secrets/wildcard.krebsco.de.crt>} ${uhubDir}/uhub.crt
+ cp -f ${toString <secrets/wildcard.krebsco.de.key>} ${uhubDir}/uhub.key
+ if test -d ${uhubDir};then
+ echo "Directory ${uhubDir} already exists, skipping db init"
+ else
+ echo "Copying sql user db"
+ cp ${toString <secrets/uhub.sql>} ${uhubDir}/uhub.sql
+ fi
+ chown -R uhub ${uhubDir}
+ '';
+
+ };
+ users.users.uhub = {
+ home = uhubDir;
+ createHome = true;
+ };
+ services.uhub = {
+ enable = true;
+ port = 1511;
+ enableTLS = true;
+ hubConfig = ''
+ hub_name = "krebshub"
+ tls_certificate = ${uhubDir}/uhub.crt
+ tls_private_key = ${uhubDir}/uhub.key
+ registered_users_only = true
+ '';
+ plugins = {
+ welcome = {
+ enable = true;
+ motd = "shareit";
+ rules = "1. Don't be an asshole";
+ };
+ history = {
+ enable = true;
+ };
+ authSqlite = {
+ enable = true;
+ file = "${uhubDir}/uhub.sql";
+ };
+
+ };
+ };
+ networking.firewall.allowedTCPPorts = [ 411 1511 ];
+}