parent
fc4ca1aead
commit
182830f542
@ -0,0 +1,214 @@ |
||||
{ config, lib, pkgs, ... }: |
||||
|
||||
with lib; |
||||
|
||||
let |
||||
cfg = config.services.magnetico; |
||||
|
||||
dataDir = "/var/lib/magnetico"; |
||||
|
||||
credFile = with cfg.web; |
||||
if credentialsFile != null |
||||
then credentialsFile |
||||
else pkgs.writeText "magnetico-credentials" |
||||
(concatStrings (mapAttrsToList |
||||
(user: hash: "${user}:${hash}\n") |
||||
cfg.web.credentials)); |
||||
|
||||
# default options in magneticod/main.go |
||||
dbURI = concatStrings |
||||
[ "sqlite3://${dataDir}/database.sqlite3" |
||||
"?_journal_mode=WAL" |
||||
"&_busy_timeout=3000" |
||||
"&_foreign_keys=true" |
||||
]; |
||||
|
||||
crawlerArgs = with cfg.crawler; escapeShellArgs |
||||
([ "--database=${dbURI}" |
||||
"--indexer-addr=${address}:${toString port}" |
||||
"--indexer-max-neighbors=${toString maxNeighbors}" |
||||
"--leech-max-n=${toString maxLeeches}" |
||||
] ++ extraOptions); |
||||
|
||||
webArgs = with cfg.web; escapeShellArgs |
||||
([ "--database=${dbURI}" |
||||
(if (cfg.web.credentialsFile != null || cfg.web.credentials != { }) |
||||
then "--credentials=${toString credFile}" |
||||
else "--no-auth") |
||||
] ++ extraOptions); |
||||
|
||||
in { |
||||
|
||||
###### interface |
||||
|
||||
options.services.magnetico = { |
||||
enable = mkEnableOption "Magnetico, Bittorrent DHT crawler"; |
||||
|
||||
crawler.address = mkOption { |
||||
type = types.str; |
||||
default = "0.0.0.0"; |
||||
example = "1.2.3.4"; |
||||
description = '' |
||||
Address to be used for indexing DHT nodes. |
||||
''; |
||||
}; |
||||
|
||||
crawler.port = mkOption { |
||||
type = types.port; |
||||
default = 0; |
||||
description = '' |
||||
Port to be used for indexing DHT nodes. |
||||
This port should be added to |
||||
<option>networking.firewall.allowedTCPPorts</option>. |
||||
''; |
||||
}; |
||||
|
||||
crawler.maxNeighbors = mkOption { |
||||
type = types.ints.positive; |
||||
default = 1000; |
||||
description = '' |
||||
Maximum number of simultaneous neighbors of an indexer. |
||||
Be careful changing this number: high values can very |
||||
easily cause your network to be congested or even crash |
||||
your router. |
||||
''; |
||||
}; |
||||
|
||||
crawler.maxLeeches = mkOption { |
||||
type = types.ints.positive; |
||||
default = 200; |
||||
description = '' |
||||
Maximum number of simultaneous leeches. |
||||
''; |
||||
}; |
||||
|
||||
crawler.extraOptions = mkOption { |
||||
type = types.listOf types.str; |
||||
default = []; |
||||
description = '' |
||||
Extra command line arguments to pass to magneticod. |
||||
''; |
||||
}; |
||||
|
||||
web.address = mkOption { |
||||
type = types.str; |
||||
default = "localhost"; |
||||
example = "1.2.3.4"; |
||||
description = '' |
||||
Address the web interface will listen to. |
||||
''; |
||||
}; |
||||
|
||||
web.port = mkOption { |
||||
type = types.port; |
||||
default = 8080; |
||||
description = '' |
||||
Port the web interface will listen to. |
||||
''; |
||||
}; |
||||
|
||||
web.credentials = mkOption { |
||||
type = types.attrsOf types.str; |
||||
default = {}; |
||||
example = lib.literalExample '' |
||||
{ |
||||
myuser = "$2y$12$YE01LZ8jrbQbx6c0s2hdZO71dSjn2p/O9XsYJpz.5968yCysUgiaG"; |
||||
} |
||||
''; |
||||
description = '' |
||||
The credentials to access the web interface, in case authentication is |
||||
enabled, in the format <literal>username:hash</literal>. If unset no |
||||
authentication will be required. |
||||
|
||||
Usernames must start with a lowercase ([a-z]) ASCII character, might |
||||
contain non-consecutive underscores except at the end, and consists of |
||||
small-case a-z characters and digits 0-9. The |
||||
<command>htpasswd</command> tool from the <package>apacheHttpd |
||||
</package> package may be used to generate the hash: <command>htpasswd |
||||
-bnBC 12 username password</command> |
||||
|
||||
<warning> |
||||
<para> |
||||
The hashes will be stored world-readable in the nix store. |
||||
Consider using the <literal>credentialsFile</literal> option if you |
||||
don't want this. |
||||
</para> |
||||
</warning> |
||||
''; |
||||
}; |
||||
|
||||
web.credentialsFile = mkOption { |
||||
type = types.nullOr types.path; |
||||
default = null; |
||||
description = '' |
||||
The path to the file holding the credentials to access the web |
||||
interface. If unset no authentication will be required. |
||||
|
||||
The file must constain user names and password hashes in the format |
||||
<literal>username:hash </literal>, one for each line. Usernames must |
||||
start with a lowecase ([a-z]) ASCII character, might contain |
||||
non-consecutive underscores except at the end, and consists of |
||||
small-case a-z characters and digits 0-9. |
||||
The <command>htpasswd</command> tool from the <package>apacheHttpd |
||||
</package> package may be used to generate the hash: |
||||
<command>htpasswd -bnBC 12 username password</command> |
||||
''; |
||||
}; |
||||
|
||||
web.extraOptions = mkOption { |
||||
type = types.listOf types.str; |
||||
default = []; |
||||
description = '' |
||||
Extra command line arguments to pass to magneticow. |
||||
''; |
||||
}; |
||||
|
||||
}; |
||||
|
||||
###### implementation |
||||
|
||||
config = mkIf cfg.enable { |
||||
|
||||
users.users.magnetico = { |
||||
description = "Magnetico daemons user"; |
||||
}; |
||||
|
||||
systemd.services.magneticod = { |
||||
description = "Magnetico DHT crawler"; |
||||
wantedBy = [ "multi-user.target" ]; |
||||
after = [ "network-online.target" ]; |
||||
|
||||
serviceConfig = { |
||||
User = "magnetico"; |
||||
Restart = "on-failure"; |
||||
ExecStart = "${pkgs.magnetico}/bin/magneticod ${crawlerArgs}"; |
||||
}; |
||||
}; |
||||
|
||||
systemd.services.magneticow = { |
||||
description = "Magnetico web interface"; |
||||
wantedBy = [ "multi-user.target" ]; |
||||
after = [ "network-online.target" "magneticod.service"]; |
||||
|
||||
serviceConfig = { |
||||
User = "magnetico"; |
||||
StateDirectory = "magnetico"; |
||||
Restart = "on-failure"; |
||||
ExecStart = "${pkgs.magnetico}/bin/magneticow ${webArgs}"; |
||||
}; |
||||
}; |
||||
|
||||
assertions = |
||||
[ |
||||
{ |
||||
assertion = cfg.web.credentialsFile != null || cfg.web.credentials != { }; |
||||
message = '' |
||||
The options services.magnetico.web.credentialsFile and |
||||
services.magnetico.web.credentials are mutually exclusives. |
||||
''; |
||||
} |
||||
]; |
||||
|
||||
}; |
||||
|
||||
} |
Loading…
Reference in new issue