nixpkgs/nixos/modules/services/torrent/magnetico.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

219 lines
6.1 KiB
Nix
Raw Normal View History

2019-08-26 09:33:44 +00:00
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.magnetico;
dataDir = "/var/lib/magnetico";
credFile = with cfg.web;
if credentialsFile != null
then credentialsFile
else pkgs.writeText "magnetico-credentials"
(concatStrings (mapAttrsToList
(user: hash: "${user}:${hash}\n")
cfg.web.credentials));
# default options in magneticod/main.go
dbURI = concatStrings
[ "sqlite3://${dataDir}/database.sqlite3"
"?_journal_mode=WAL"
"&_busy_timeout=3000"
"&_foreign_keys=true"
];
crawlerArgs = with cfg.crawler; escapeShellArgs
([ "--database=${dbURI}"
"--indexer-addr=${address}:${toString port}"
"--indexer-max-neighbors=${toString maxNeighbors}"
"--leech-max-n=${toString maxLeeches}"
] ++ extraOptions);
webArgs = with cfg.web; escapeShellArgs
([ "--database=${dbURI}"
(if (cfg.web.credentialsFile != null || cfg.web.credentials != { })
then "--credentials=${toString credFile}"
else "--no-auth")
2019-10-26 08:56:17 +00:00
"--addr=${address}:${toString port}"
2019-08-26 09:33:44 +00:00
] ++ extraOptions);
in {
###### interface
options.services.magnetico = {
enable = mkEnableOption (lib.mdDoc "Magnetico, Bittorrent DHT crawler");
2019-08-26 09:33:44 +00:00
crawler.address = mkOption {
type = types.str;
default = "0.0.0.0";
example = "1.2.3.4";
description = lib.mdDoc ''
2019-08-26 09:33:44 +00:00
Address to be used for indexing DHT nodes.
'';
};
crawler.port = mkOption {
type = types.port;
default = 0;
description = lib.mdDoc ''
2019-08-26 09:33:44 +00:00
Port to be used for indexing DHT nodes.
This port should be added to
{option}`networking.firewall.allowedTCPPorts`.
2019-08-26 09:33:44 +00:00
'';
};
crawler.maxNeighbors = mkOption {
type = types.ints.positive;
default = 1000;
description = lib.mdDoc ''
2019-08-26 09:33:44 +00:00
Maximum number of simultaneous neighbors of an indexer.
Be careful changing this number: high values can very
easily cause your network to be congested or even crash
your router.
'';
};
crawler.maxLeeches = mkOption {
type = types.ints.positive;
default = 200;
description = lib.mdDoc ''
2019-08-26 09:33:44 +00:00
Maximum number of simultaneous leeches.
'';
};
crawler.extraOptions = mkOption {
type = types.listOf types.str;
default = [];
description = lib.mdDoc ''
2019-08-26 09:33:44 +00:00
Extra command line arguments to pass to magneticod.
'';
};
web.address = mkOption {
type = types.str;
default = "localhost";
example = "1.2.3.4";
description = lib.mdDoc ''
2019-08-26 09:33:44 +00:00
Address the web interface will listen to.
'';
};
web.port = mkOption {
type = types.port;
default = 8080;
description = lib.mdDoc ''
2019-08-26 09:33:44 +00:00
Port the web interface will listen to.
'';
};
web.credentials = mkOption {
type = types.attrsOf types.str;
default = {};
example = lib.literalExpression ''
2019-08-26 09:33:44 +00:00
{
myuser = "$2y$12$YE01LZ8jrbQbx6c0s2hdZO71dSjn2p/O9XsYJpz.5968yCysUgiaG";
}
'';
description = lib.mdDoc ''
2019-08-26 09:33:44 +00:00
The credentials to access the web interface, in case authentication is
enabled, in the format `username:hash`. If unset no
2019-08-26 09:33:44 +00:00
authentication will be required.
Usernames must start with a lowercase ([a-z]) ASCII character, might
contain non-consecutive underscores except at the end, and consists of
small-case a-z characters and digits 0-9. The
{command}`htpasswd` tool from the `apacheHttpd`
package may be used to generate the hash:
{command}`htpasswd -bnBC 12 username password`
::: {.warning}
The hashes will be stored world-readable in the nix store.
Consider using the `credentialsFile` option if you
don't want this.
:::
2019-08-26 09:33:44 +00:00
'';
};
web.credentialsFile = mkOption {
type = types.nullOr types.path;
default = null;
description = lib.mdDoc ''
2019-08-26 09:33:44 +00:00
The path to the file holding the credentials to access the web
interface. If unset no authentication will be required.
2022-12-18 00:31:14 +00:00
The file must contain user names and password hashes in the format
2023-01-21 20:46:53 +00:00
`username:hash`, one for each line. Usernames must
2019-08-26 09:33:44 +00:00
start with a lowecase ([a-z]) ASCII character, might contain
non-consecutive underscores except at the end, and consists of
small-case a-z characters and digits 0-9.
The {command}`htpasswd` tool from the `apacheHttpd`
package may be used to generate the hash:
{command}`htpasswd -bnBC 12 username password`
2019-08-26 09:33:44 +00:00
'';
};
web.extraOptions = mkOption {
type = types.listOf types.str;
default = [];
description = lib.mdDoc ''
2019-08-26 09:33:44 +00:00
Extra command line arguments to pass to magneticow.
'';
};
};
###### implementation
config = mkIf cfg.enable {
users.users.magnetico = {
description = "Magnetico daemons user";
group = "magnetico";
2019-10-12 20:25:28 +00:00
isSystemUser = true;
2019-08-26 09:33:44 +00:00
};
users.groups.magnetico = {};
2019-08-26 09:33:44 +00:00
systemd.services.magneticod = {
description = "Magnetico DHT crawler";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
2019-08-26 09:33:44 +00:00
serviceConfig = {
User = "magnetico";
Restart = "on-failure";
ExecStart = "${pkgs.magnetico}/bin/magneticod ${crawlerArgs}";
};
};
systemd.services.magneticow = {
description = "Magnetico web interface";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "magneticod.service"];
2019-08-26 09:33:44 +00:00
serviceConfig = {
User = "magnetico";
StateDirectory = "magnetico";
Restart = "on-failure";
ExecStart = "${pkgs.magnetico}/bin/magneticow ${webArgs}";
};
};
assertions =
[
{
2019-10-26 08:56:17 +00:00
assertion = cfg.web.credentialsFile == null || cfg.web.credentials == { };
2019-08-26 09:33:44 +00:00
message = ''
The options services.magnetico.web.credentialsFile and
services.magnetico.web.credentials are mutually exclusives.
'';
}
];
};
2019-12-04 16:07:45 +00:00
meta.maintainers = with lib.maintainers; [ rnhmjoj ];
2019-08-26 09:33:44 +00:00
}