{ config, lib, libNginx, pkgs, ... }: let cfg = config.nixfiles.modules.piracy; in { imports = lib.attrValues (lib.modulesIn ./.); options.nixfiles.modules.piracy = { enable = lib.mkEnableOption "tools for working with the BitTorrent protocol"; group = lib.mkOption { type = lib.types.str; default = "piracy"; }; gid = lib.mkOption { type = lib.types.int; default = 210; # Unused UID from Nixpkgs. }; flood = { enable = lib.mkEnableOption "Flood" // { default = cfg.enable; }; domain = lib.mkOption { description = "Domain name sans protocol scheme."; type = lib.types.str; default = "flood.${config.networking.domain}"; }; }; }; config = let files = "/export/rtorrent"; socket = "/run/rtorrent/rpc.sock"; in lib.mkIf cfg.enable ( lib.mkMerge [ { ark.directories = [ config.services.rtorrent.dataDir files ]; services.rtorrent = { enable = true; user = "rtorrent"; inherit (cfg) group; rpcSocket = socket; configText = with config.services.rtorrent; lib.mkForce '' directory.default.set = ${files} session.path.set = ${dataDir}/session network.port_range.set = ${toString port}-${toString port} network.port_random.set = no dht.mode.set = disable protocol.pex.set = no trackers.use_udp.set = no protocol.encryption.set = allow_incoming,try_outgoing,enable_retry pieces.memory.max.set = ${toString (lib.pow 2 11)}M pieces.preload.type.set = 2 network.max_open_files.set = ${toString (lib.pow 2 13)} network.max_open_sockets.set = ${toString (lib.pow 2 13)} network.http.max_open.set = ${toString (lib.pow 2 10)} throttle.global_down.max_rate.set_kb = 0 throttle.global_up.max_rate.set_kb = 0 network.scgi.open_local = ${socket} network.xmlrpc.size_limit.set = ${toString (lib.pow 2 17)} encoding.add = utf8 system.umask.set = 0007 log.open_file = "log", "/var/log/rtorrent/log" log.add_output = "info", "log" ''; }; systemd = { sockets.rtorrent = { socketConfig.ListenStream = socket; wantedBy = [ "sockets.target" ]; }; services.rtorrent = { serviceConfig = { UMask = "0007"; RuntimeDirectory = "rtorrent"; LogsDirectory = "rtorrent"; ReadWritePaths = [ files ]; }; after = [ "rtorrent.socket" ]; requires = [ "rtorrent.socket" ]; }; tmpfiles.rules = with config.services.rtorrent; [ "d '${files}' 0750 ${user} ${cfg.group} -" ]; }; users = { users.${config.services.rtorrent.user}.uid = cfg.gid; groups.${config.services.rtorrent.group}.gid = cfg.gid; }; my.extraGroups = [ cfg.group ]; boot.kernel.sysctl = { "net.core.rmem_max" = lib.mkOverride 500 (lib.pow 2 24); "net.core.wmem_max" = lib.mkOverride 500 (lib.pow 2 24); "net.ipv4.tcp_fin_timeout" = lib.mkOverride 500 30; "net.ipv4.tcp_rmem" = lib.mkOverride 500 (lib.mkTcpMem 12 23 24); "net.ipv4.tcp_slow_start_after_idle" = 0; "net.ipv4.tcp_tw_recycle" = lib.mkOverride 500 1; "net.ipv4.tcp_tw_reuse" = lib.mkOverride 500 1; "net.ipv4.tcp_wmem" = lib.mkOverride 500 (lib.mkTcpMem 12 23 24); }; } (lib.mkIf cfg.flood.enable { ark.directories = [ "/var/lib/private/flood" ]; nixfiles.modules.nginx = with config.services.flood; { enable = true; upstreams.flood.servers."${host}:${toString port}" = { }; virtualHosts.${cfg.flood.domain} = { root = "${package}/lib/node_modules/flood/dist/assets"; locations = { "/".tryFiles = "$uri /index.html"; "/api" = { proxyPass = "http://flood"; extraConfig = libNginx.config.noProxyBuffering; }; }; extraConfig = libNginx.config.internalOnly; }; }; services.flood = { enable = true; extraArgs = [ "--auth=none" "--assets=false" "--allowedpath=${files}" "--rtsocket=${socket}" ]; }; systemd.services.flood = { path = [ pkgs.mediainfo ]; serviceConfig = { Group = cfg.group; ReadOnlyPaths = [ files ]; }; after = [ "rtorrent.socket" ]; requires = [ "rtorrent.socket" ]; }; }) ] ); }