diff options
-rw-r--r-- | krebs/3modules/makefu/default.nix | 25 | ||||
-rw-r--r-- | krebs/3modules/rtorrent.nix | 54 | ||||
-rw-r--r-- | krebs/5pkgs/rutorrent/default.nix | 6 | ||||
-rw-r--r-- | makefu/1systems/fileleech.nix | 27 | ||||
-rw-r--r-- | makefu/2configs/elchos/irc-token.nix | 62 | ||||
-rw-r--r-- | makefu/2configs/torrent.nix | 7 | ||||
-rw-r--r-- | makefu/3modules/default.nix | 1 | ||||
-rw-r--r-- | makefu/3modules/server-config.nix | 10 | ||||
-rw-r--r-- | makefu/6tests/data/secrets/auth.nix | 3 | ||||
-rw-r--r-- | makefu/6tests/data/secrets/authfile | 1 |
10 files changed, 157 insertions, 39 deletions
diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix index ff187b878..c85bf1ccd 100644 --- a/krebs/3modules/makefu/default.nix +++ b/krebs/3modules/makefu/default.nix @@ -26,6 +26,31 @@ with import <stockholm/lib>; }; }; }; + fileleech = rec { + cores = 4; + ssh.privkey.path = <secrets/ssh_host_ed25519_key>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+jB5QdPsAJc90alYDhAEP3sPDJb6eIj9bebj+rTBEJ fileleech"; + nets = { + retiolum = { + ip4.addr = "10.243.113.98"; + ip6.addr = "42:5cf1:e7f2:3fd:cd4c:a1ee:ec71:7096"; + aliases = [ + "fileleech.retiolum" + ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIIBCgKCAQEA2W20+jYvuFUjPQ+E+7Xlabf8fW/XSnTTelfo2uRcJ3FMLYQ9H3rF + 8L8StPmxn8Q20FFH/MvRmgW8pU9z4RQ3nAi+utVYqAJQtOYA9FPMxssC08w82r0K + YC6sgc9MeRjnCjQxQrQs4fqA6KpqSLxRf2c6kfNwYRgCxFMns2ncxOiPOoGLZait + nJR3m0cSRm8yCTMbznlGH99+5+3HgvuBE/UYXmmGBs7w8DevaX76butzprZ8fm4z + e5C7R9ofdVW70GGksfSI81y5xODWMbfjTRHKm4OBX7NOCiOTwx1wu8bYDN3EzN6V + UM5PJfU42sViPEZmVuC8cDcP1xemHTkh9QIDAQAB + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; + pnp = { cores = 1; nets = { diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix index bcc52fb6e..0c478aded 100644 --- a/krebs/3modules/rtorrent.nix +++ b/krebs/3modules/rtorrent.nix @@ -73,22 +73,23 @@ let # authentication also applies to rtorrent.rutorrent enable = mkEnableOption "rtorrent nginx web RPC"; - listenAddress = mkOption { - type = types.str; + port = mkOption { + type = types.nullOr types.int; description ='' - nginx listen address for rtorrent web + nginx listen port for rtorrent ''; - default = "localhost:8006"; + default = 8006; }; - enableAuth = mkEnableOption "rutorrent authentication"; - authfile = mkOption { - type = types.path; + basicAuth = mkOption { + type = types.attrsOf types.str ; description = '' - basic authentication file to be used. - Use `${pkgs.apacheHttpd}/bin/htpasswd -c <file> <username>` to create the file. - Only in use if authentication is enabled. + basic authentication to be used. If unset, no authentication will be + enabled. + + Refer to `services.nginx.virtualHosts.<name>.basicAuth` ''; + default = {}; }; }; @@ -104,7 +105,6 @@ let default = pkgs.rutorrent; }; - webdir = mkOption { type = types.path; description = '' @@ -286,36 +286,28 @@ let }; rpcweb-imp = { - krebs.nginx.enable = mkDefault true; - krebs.nginx.servers.rtorrent = { - listen = [ webcfg.listenAddress ]; - server-names = [ "default" ]; - extraConfig = '' - ${optionalString webcfg.enableAuth '' - auth_basic "rtorrent"; - auth_basic_user_file ${webcfg.authfile}; - ''} - ${optionalString rucfg.enable '' - root ${webdir}; - ''} - ''; - locations = [ - (nameValuePair "/RPC2" '' + services.nginx.enable = mkDefault true; + services.nginx.virtualHosts.rtorrent = { + default = mkDefault true; + inherit (webcfg) basicAuth port; + root = optionalString rucfg.enable webdir; + + locations = { + "/RPC2".extraConfig = '' include ${pkgs.nginx}/conf/scgi_params; scgi_param SCRIPT_NAME /RPC2; scgi_pass unix:${cfg.xmlrpc-socket}; - '') - ] ++ (optional rucfg.enable - (nameValuePair "~ \.php$" '' + ''; + } // (optionalAttrs rucfg.enable { + "~ \.php$".extraConfig = '' client_max_body_size 200M; - root ${webdir}; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:${fpm-socket}; try_files $uri =404; fastcgi_index index.php; include ${pkgs.nginx}/conf/fastcgi_params; include ${pkgs.nginx}/conf/fastcgi.conf; - '') + ''; } ); }; }; diff --git a/krebs/5pkgs/rutorrent/default.nix b/krebs/5pkgs/rutorrent/default.nix index 5a2259552..1084e7ce7 100644 --- a/krebs/5pkgs/rutorrent/default.nix +++ b/krebs/5pkgs/rutorrent/default.nix @@ -1,11 +1,11 @@ { pkgs, ... }: pkgs.stdenv.mkDerivation { - name = "rutorrent-src-3.7"; + name = "rutorrent-src_2016-12-09"; src = pkgs.fetchFromGitHub { owner = "Novik"; repo = "rutorrent"; - rev = "b727523a153454d4976f04b0c47336ae57cc50d5"; - sha256 = "0s5wa0jnck781amln9c2p4pc0i5mq3j5693ra151lnwhz63aii4a"; + rev = "580bba8c538b55c1f75f3ad65310ff4ff2a153f7"; + sha256 = "1d9lgrzipy58dnx88z393p152kx6lki0x4aw40k8w9awsci4cx7p"; }; phases = [ "installPhase" ]; diff --git a/makefu/1systems/fileleech.nix b/makefu/1systems/fileleech.nix new file mode 100644 index 000000000..4d9b37cea --- /dev/null +++ b/makefu/1systems/fileleech.nix @@ -0,0 +1,27 @@ +{ config, pkgs, ... }: +{ + imports = [ + ../. + # configure your hw: + # ../2configs/hw/CAC.nix + # ../2configs/fs/CAC-CentOS-7-64bit.nix + ../2configs/save-diskspace.nix + ../2configs/tinc/retiolum.nix + + ]; + krebs = { + enable = true; + build.host = config.krebs.hosts.fileleech; + }; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/disk/by-id/ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN"; + fileSystems."/" = { + device = "/dev/disk/by-id/ata-INTEL_SSDSA2M080G2GC_CVPO003402PB080BGN"; + }; + + boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "aacraid" "usb_storage" "usbhid" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; +} diff --git a/makefu/2configs/elchos/irc-token.nix b/makefu/2configs/elchos/irc-token.nix new file mode 100644 index 000000000..3f3c4ffc3 --- /dev/null +++ b/makefu/2configs/elchos/irc-token.nix @@ -0,0 +1,62 @@ +{pkgs, ...}: +with import <stockholm/lib>; +let + secret = (import <secrets/elchos-token.nix>); +in { + systemd.services.elchos-irctoken = { + startAt = "*:0/30"; + serviceConfig = { + RuntimeMaxSec = "20"; + }; + script = '' + set -euf + now=$(date -u +%Y-%m-%dT%H:%M) + sec=$(echo -n "${secret}$now" | md5sum | cut -d\ -f1) + message="The secret valid for 30 minutes is $sec" + echo "token for $now (UTC) is $sec" + LOGNAME=sec-announcer + HOSTNAME=$(${pkgs.systemd}/bin/hostnamectl --static) + IRC_SERVER=irc.freenode.net + IRC_PORT=6667 + IRC_NICK=$HOSTNAME-$$ + IRC_CHANNEL='#eloop' + + export IRC_CHANNEL # for privmsg_cat + + echo2() { echo "$*"; echo "$*" >&2; } + + privmsg_cat() { ${pkgs.gawk}/bin/awk '{ print "PRIVMSG "ENVIRON["IRC_CHANNEL"]" :"$0 }'; } + + tmpdir="$(mktemp -d irc-announce_XXXXXXXX)" + cd "$tmpdir" + mkfifo ircin + trap " + rm ircin + cd '$OLDPWD' + rmdir '$tmpdir' + trap - EXIT INT QUIT + " EXIT INT QUIT + + { + echo2 "USER $LOGNAME 0 * :$LOGNAME@$HOSTNAME" + echo2 "NICK $IRC_NICK" + + # wait for MODE message + ${pkgs.gnused}/bin/sed -un '/^:[^ ]* MODE /q' + + echo2 "JOIN $IRC_CHANNEL" + + printf '%s' "$message" \ + | privmsg_cat + + echo2 "PART $IRC_CHANNEL" + + # wait for PART confirmation + sed -un '/:'"$IRC_NICK"'![^ ]* PART /q' + + echo2 'QUIT :Gone to have lunch' + } < ircin \ + | ${pkgs.netcat}/bin/netcat "$IRC_SERVER" "$IRC_PORT" |tee -a ircin + ''; + }; +} diff --git a/makefu/2configs/torrent.nix b/makefu/2configs/torrent.nix index 5b9ce6178..f3bc9091b 100644 --- a/makefu/2configs/torrent.nix +++ b/makefu/2configs/torrent.nix @@ -4,7 +4,7 @@ with import <stockholm/lib>; let daemon-user = "tor"; - authfile = <torrent-secrets/authfile>; + basicAuth = import <torrent-secrets/auth.nix>; peer-port = 51412; web-port = 8112; daemon-port = 58846; @@ -53,9 +53,8 @@ in { enable = true; web = { enable = true; - enableAuth = true; - listenAddress = toString web-port; - inherit authfile; + port = web-port; + inherit basicAuth; }; rutorrent.enable = true; enableXMLRPC = true; diff --git a/makefu/3modules/default.nix b/makefu/3modules/default.nix index 855e134ab..16215b27a 100644 --- a/makefu/3modules/default.nix +++ b/makefu/3modules/default.nix @@ -8,6 +8,7 @@ _: ./forward-journal.nix ./opentracker.nix ./ps3netsrv.nix + ./server-config.nix ./snapraid.nix ./taskserver.nix ./udpt.nix diff --git a/makefu/3modules/server-config.nix b/makefu/3modules/server-config.nix new file mode 100644 index 000000000..dbd29d748 --- /dev/null +++ b/makefu/3modules/server-config.nix @@ -0,0 +1,10 @@ +{config, lib, pkgs, ... }: + +with import <stockholm/lib>; +{ + options.makefu.server.primary-itf = lib.mkOption { + type = types.str; + description = "Primary interface of the server"; + }; +} + diff --git a/makefu/6tests/data/secrets/auth.nix b/makefu/6tests/data/secrets/auth.nix new file mode 100644 index 000000000..92d5c34a8 --- /dev/null +++ b/makefu/6tests/data/secrets/auth.nix @@ -0,0 +1,3 @@ +{ + user = "password"; +} diff --git a/makefu/6tests/data/secrets/authfile b/makefu/6tests/data/secrets/authfile deleted file mode 100644 index f5e704702..000000000 --- a/makefu/6tests/data/secrets/authfile +++ /dev/null @@ -1 +0,0 @@ -"derp" |