215 lines
6 KiB
Nix
215 lines
6 KiB
Nix
|
{ config, lib, pkgs, ... }:
|
||
|
|
||
|
with lib;
|
||
|
|
||
|
let
|
||
|
cfg = config.services.magnetico;
|
||
|
|
||
|
dataDir = "/var/lib/magnetico";
|
||
|
|
||
|
credFile = with cfg.web;
|
||
|
if credentialsFile != null
|
||
|
then credentialsFile
|
||
|
else pkgs.writeText "magnetico-credentials"
|
||
|
(concatStrings (mapAttrsToList
|
||
|
(user: hash: "${user}:${hash}\n")
|
||
|
cfg.web.credentials));
|
||
|
|
||
|
# default options in magneticod/main.go
|
||
|
dbURI = concatStrings
|
||
|
[ "sqlite3://${dataDir}/database.sqlite3"
|
||
|
"?_journal_mode=WAL"
|
||
|
"&_busy_timeout=3000"
|
||
|
"&_foreign_keys=true"
|
||
|
];
|
||
|
|
||
|
crawlerArgs = with cfg.crawler; escapeShellArgs
|
||
|
([ "--database=${dbURI}"
|
||
|
"--indexer-addr=${address}:${toString port}"
|
||
|
"--indexer-max-neighbors=${toString maxNeighbors}"
|
||
|
"--leech-max-n=${toString maxLeeches}"
|
||
|
] ++ extraOptions);
|
||
|
|
||
|
webArgs = with cfg.web; escapeShellArgs
|
||
|
([ "--database=${dbURI}"
|
||
|
(if (cfg.web.credentialsFile != null || cfg.web.credentials != { })
|
||
|
then "--credentials=${toString credFile}"
|
||
|
else "--no-auth")
|
||
|
] ++ extraOptions);
|
||
|
|
||
|
in {
|
||
|
|
||
|
###### interface
|
||
|
|
||
|
options.services.magnetico = {
|
||
|
enable = mkEnableOption "Magnetico, Bittorrent DHT crawler";
|
||
|
|
||
|
crawler.address = mkOption {
|
||
|
type = types.str;
|
||
|
default = "0.0.0.0";
|
||
|
example = "1.2.3.4";
|
||
|
description = ''
|
||
|
Address to be used for indexing DHT nodes.
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
crawler.port = mkOption {
|
||
|
type = types.port;
|
||
|
default = 0;
|
||
|
description = ''
|
||
|
Port to be used for indexing DHT nodes.
|
||
|
This port should be added to
|
||
|
<option>networking.firewall.allowedTCPPorts</option>.
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
crawler.maxNeighbors = mkOption {
|
||
|
type = types.ints.positive;
|
||
|
default = 1000;
|
||
|
description = ''
|
||
|
Maximum number of simultaneous neighbors of an indexer.
|
||
|
Be careful changing this number: high values can very
|
||
|
easily cause your network to be congested or even crash
|
||
|
your router.
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
crawler.maxLeeches = mkOption {
|
||
|
type = types.ints.positive;
|
||
|
default = 200;
|
||
|
description = ''
|
||
|
Maximum number of simultaneous leeches.
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
crawler.extraOptions = mkOption {
|
||
|
type = types.listOf types.str;
|
||
|
default = [];
|
||
|
description = ''
|
||
|
Extra command line arguments to pass to magneticod.
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
web.address = mkOption {
|
||
|
type = types.str;
|
||
|
default = "localhost";
|
||
|
example = "1.2.3.4";
|
||
|
description = ''
|
||
|
Address the web interface will listen to.
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
web.port = mkOption {
|
||
|
type = types.port;
|
||
|
default = 8080;
|
||
|
description = ''
|
||
|
Port the web interface will listen to.
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
web.credentials = mkOption {
|
||
|
type = types.attrsOf types.str;
|
||
|
default = {};
|
||
|
example = lib.literalExample ''
|
||
|
{
|
||
|
myuser = "$2y$12$YE01LZ8jrbQbx6c0s2hdZO71dSjn2p/O9XsYJpz.5968yCysUgiaG";
|
||
|
}
|
||
|
'';
|
||
|
description = ''
|
||
|
The credentials to access the web interface, in case authentication is
|
||
|
enabled, in the format <literal>username:hash</literal>. If unset no
|
||
|
authentication will be required.
|
||
|
|
||
|
Usernames must start with a lowercase ([a-z]) ASCII character, might
|
||
|
contain non-consecutive underscores except at the end, and consists of
|
||
|
small-case a-z characters and digits 0-9. The
|
||
|
<command>htpasswd</command> tool from the <package>apacheHttpd
|
||
|
</package> package may be used to generate the hash: <command>htpasswd
|
||
|
-bnBC 12 username password</command>
|
||
|
|
||
|
<warning>
|
||
|
<para>
|
||
|
The hashes will be stored world-readable in the nix store.
|
||
|
Consider using the <literal>credentialsFile</literal> option if you
|
||
|
don't want this.
|
||
|
</para>
|
||
|
</warning>
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
web.credentialsFile = mkOption {
|
||
|
type = types.nullOr types.path;
|
||
|
default = null;
|
||
|
description = ''
|
||
|
The path to the file holding the credentials to access the web
|
||
|
interface. If unset no authentication will be required.
|
||
|
|
||
|
The file must constain user names and password hashes in the format
|
||
|
<literal>username:hash </literal>, one for each line. Usernames must
|
||
|
start with a lowecase ([a-z]) ASCII character, might contain
|
||
|
non-consecutive underscores except at the end, and consists of
|
||
|
small-case a-z characters and digits 0-9.
|
||
|
The <command>htpasswd</command> tool from the <package>apacheHttpd
|
||
|
</package> package may be used to generate the hash:
|
||
|
<command>htpasswd -bnBC 12 username password</command>
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
web.extraOptions = mkOption {
|
||
|
type = types.listOf types.str;
|
||
|
default = [];
|
||
|
description = ''
|
||
|
Extra command line arguments to pass to magneticow.
|
||
|
'';
|
||
|
};
|
||
|
|
||
|
};
|
||
|
|
||
|
###### implementation
|
||
|
|
||
|
config = mkIf cfg.enable {
|
||
|
|
||
|
users.users.magnetico = {
|
||
|
description = "Magnetico daemons user";
|
||
|
};
|
||
|
|
||
|
systemd.services.magneticod = {
|
||
|
description = "Magnetico DHT crawler";
|
||
|
wantedBy = [ "multi-user.target" ];
|
||
|
after = [ "network-online.target" ];
|
||
|
|
||
|
serviceConfig = {
|
||
|
User = "magnetico";
|
||
|
Restart = "on-failure";
|
||
|
ExecStart = "${pkgs.magnetico}/bin/magneticod ${crawlerArgs}";
|
||
|
};
|
||
|
};
|
||
|
|
||
|
systemd.services.magneticow = {
|
||
|
description = "Magnetico web interface";
|
||
|
wantedBy = [ "multi-user.target" ];
|
||
|
after = [ "network-online.target" "magneticod.service"];
|
||
|
|
||
|
serviceConfig = {
|
||
|
User = "magnetico";
|
||
|
StateDirectory = "magnetico";
|
||
|
Restart = "on-failure";
|
||
|
ExecStart = "${pkgs.magnetico}/bin/magneticow ${webArgs}";
|
||
|
};
|
||
|
};
|
||
|
|
||
|
assertions =
|
||
|
[
|
||
|
{
|
||
|
assertion = cfg.web.credentialsFile != null || cfg.web.credentials != { };
|
||
|
message = ''
|
||
|
The options services.magnetico.web.credentialsFile and
|
||
|
services.magnetico.web.credentials are mutually exclusives.
|
||
|
'';
|
||
|
}
|
||
|
];
|
||
|
|
||
|
};
|
||
|
|
||
|
}
|