v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Projects Releases Packages Activity Actions

fixed linting

Browse source
This commit is contained in:
Vivian 2023-09-25 11:56:02 +02:00
parent 6105d8bc05
commit 0933b2b504
59 changed files with 2843 additions and 2638 deletions
Download patch file Download diff file Expand all files Collapse all files

3
nixos/hosts/hades/immich/configuration.nix
View file

@ -7,7 +7,8 @@ let
# https://github.com/immich-app/immich/releases
# version = "1.55.1";
dataDir = "/var/lib/immich";
in {
in
{
imports = [ ];
# This value determines the NixOS release from which the default

11
nixos/hosts/hades/lucy/configuration.nix
View file

@ -24,7 +24,8 @@ let
doCheck = false;
};
in {
in
{
imports = [ ./hardware-configuration.nix ];
# This value determines the NixOS release from which the default
@ -46,10 +47,12 @@ in {
trivy
wapiti
];
boot.loader = {
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot";
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot";
};
virtualisation.docker.enable = true;

26
nixos/hosts/hades/lucy/hardware-configuration.nix
View file

@ -5,19 +5,21 @@
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
boot.initrd.availableKernelModules = [
"uhci_hcd"
"ehci_pci"
"ahci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
initrd.availableKernelModules = [
"uhci_hcd"
"ehci_pci"
"ahci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
initrd.kernelModules = [ ];
kernelModules = [ ];
extraModulePackages = [ ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/749c02fd-209d-4974-917e-38b749d10ec2";

8
nixos/hosts/hades/mastodon/configuration.nix
View file

@ -2,7 +2,8 @@
let
vs = config.vault-secrets.secrets;
cfg = config.services.mastodon;
in {
in
{
system.stateVersion = "21.05";
# Use DHCP with static leases
networking.interfaces.eth0.useDHCP = true;
@ -100,6 +101,7 @@ in {
};
};
networking.firewall = let cfg = config.services.mastodon;
in { allowedTCPPorts = [ cfg.streamingPort cfg.webPort ]; };
networking.firewall =
let cfg = config.services.mastodon;
in { allowedTCPPorts = [ cfg.streamingPort cfg.webPort ]; };
}

223
nixos/hosts/hades/nginx/configuration.nix
View file

@ -12,7 +12,8 @@ let
proxyWebsockets = true;
};
};
in {
in
{
imports = [ ];
nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1t" ];
@ -25,10 +26,12 @@ in {
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
networking.firewall.allowedTCPPorts = [ 80 443 ];
security.acme = {
security.acme.defaults.email = "victorheld12@gmail.com";
security.acme.acceptTerms = true;
security.acme.preliminarySelfsigned = true;
defaults.email = "victorheld12@gmail.com";
acceptTerms = true;
preliminarySelfsigned = true;
};
services.nginx = {
enable = true;
@ -39,38 +42,39 @@ in {
clientMaxBodySize = "1024m";
package = pkgs.nginxMainline;
virtualHosts = {
virtualHosts."cshub.nl" = proxy "http://192.168.0.113";
virtualHosts."api.cshub.nl" = proxy "http://192.168.0.113";
"cshub.nl" = proxy "http://192.168.0.113";
"api.cshub.nl" = proxy "http://192.168.0.113";
virtualHosts."ha.xirion.net" = proxy "http://192.168.0.129:8123";
virtualHosts."xirion.net" = {
enableACME = true;
forceSSL = true;
locations."/".extraConfig = ''
add_header Content-Type 'text/html; charset=UTF-8';
return 200 'Hello, World!';
'';
locations."= /.well-known/host-meta".extraConfig = ''
return 301 https://fedi.xirion.net$request_uri;
'';
};
# virtualHosts."blog.xirion.net" = proxy "http://10.10.10.12";
virtualHosts."git.xirion.net" = proxy "http://10.10.10.12";
# virtualHosts."mail.xirion.net" = proxy "http://192.168.0.118";
virtualHosts."o.xirion.net" = proxy "http://192.168.0.112:9000";
virtualHosts."g.xirion.net" = proxy "http://garage.hades:3900";
virtualHosts."requests.xirion.net" = proxy "http://overseerr.hades:5055";
virtualHosts."pass.xirion.net" = proxy "http://bitwarden_rs";
virtualHosts."repo.xirion.net" = proxy "http://archlinux";
virtualHosts."thelounge.xirion.net" = proxy "http://thelounge:9000";
virtualHosts."attic.xirion.net" = proxy "http://attic.hades:8080";
"ha.xirion.net" = proxy "http://192.168.0.129:8123";
"xirion.net" = {
enableACME = true;
forceSSL = true;
locations."/".extraConfig = ''
add_header Content-Type 'text/html; charset=UTF-8';
return 200 'Hello, World!';
'';
locations."= /.well-known/host-meta".extraConfig = ''
return 301 https://fedi.xirion.net$request_uri;
'';
};
# virtualHosts."blog.xirion.net" = proxy "http://10.10.10.12";
"git.xirion.net" = proxy "http://10.10.10.12";
# virtualHosts."mail.xirion.net" = proxy "http://192.168.0.118";
"o.xirion.net" = proxy "http://192.168.0.112:9000";
"g.xirion.net" = proxy "http://garage.hades:3900";
"requests.xirion.net" = proxy "http://overseerr.hades:5055";
"pass.xirion.net" = proxy "http://bitwarden_rs";
"repo.xirion.net" = proxy "http://archlinux";
"thelounge.xirion.net" = proxy "http://thelounge:9000";
"attic.xirion.net" = proxy "http://attic.hades:8080";
virtualHosts."tautulli.xirion.net" = proxy "http://tautulli.hades:8080";
virtualHosts."peepeepoopoo.xirion.net" = proxy "http://tautulli.hades:8080"; # Deprecated but Ricardo has it bookmarked already!
"tautulli.xirion.net" = proxy "http://tautulli.hades:8080";
"peepeepoopoo.xirion.net" = proxy "http://tautulli.hades:8080"; # Deprecated but Ricardo has it bookmarked already!
virtualHosts."registry.xirion.net" = proxy "http://docker-registry:5000"
// {
"registry.xirion.net" = proxy "http://docker-registry:5000"
// {
locations."/".extraConfig = ''
allow 127.0.0.1;
allow 10.42.42.0/23;
@ -83,91 +87,94 @@ in {
'';
};
virtualHosts."plex.xirion.net" = {
# Since we want a secure connection, we force SSL
forceSSL = true;
enableACME = true;
"plex.xirion.net" = {
# Since we want a secure connection, we force SSL
forceSSL = true;
enableACME = true;
extraConfig = ''
#Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause
send_timeout 100m;
extraConfig = ''
#Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause
send_timeout 100m;
# Why this is important: https://blog.cloudflare.com/ocsp-stapling-how-cloudflare-just-made-ssl-30/
ssl_stapling on;
ssl_stapling_verify on;
# Why this is important: https://blog.cloudflare.com/ocsp-stapling-how-cloudflare-just-made-ssl-30/
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
#Intentionally not hardened for security for player support and encryption video streams has a lot of overhead with something like AES-256-GCM-SHA384.
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
#Intentionally not hardened for security for player support and encryption video streams has a lot of overhead with something like AES-256-GCM-SHA384.
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
# Forward real ip and host to Plex
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $server_addr;
proxy_set_header Referer $server_addr;
proxy_set_header Origin $server_addr;
# Forward real ip and host to Plex
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $server_addr;
proxy_set_header Referer $server_addr;
proxy_set_header Origin $server_addr;
# Nginx default client_max_body_size is 1MB, which breaks Camera Upload feature from the phones.
# Increasing the limit fixes the issue. Anyhow, if 4K videos are expected to be uploaded, the size might need to be increased even more
client_max_body_size 100M;
# Nginx default client_max_body_size is 1MB, which breaks Camera Upload feature from the phones.
# Increasing the limit fixes the issue. Anyhow, if 4K videos are expected to be uploaded, the size might need to be increased even more
client_max_body_size 100M;
# Plex headers
proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;
proxy_set_header X-Plex-Device $http_x_plex_device;
proxy_set_header X-Plex-Device-Name $http_x_plex_device_name;
proxy_set_header X-Plex-Platform $http_x_plex_platform;
proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version;
proxy_set_header X-Plex-Product $http_x_plex_product;
proxy_set_header X-Plex-Token $http_x_plex_token;
proxy_set_header X-Plex-Version $http_x_plex_version;
proxy_set_header X-Plex-Nocache $http_x_plex_nocache;
proxy_set_header X-Plex-Provides $http_x_plex_provides;
proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor;
proxy_set_header X-Plex-Model $http_x_plex_model;
# Plex headers
proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;
proxy_set_header X-Plex-Device $http_x_plex_device;
proxy_set_header X-Plex-Device-Name $http_x_plex_device_name;
proxy_set_header X-Plex-Platform $http_x_plex_platform;
proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version;
proxy_set_header X-Plex-Product $http_x_plex_product;
proxy_set_header X-Plex-Token $http_x_plex_token;
proxy_set_header X-Plex-Version $http_x_plex_version;
proxy_set_header X-Plex-Nocache $http_x_plex_nocache;
proxy_set_header X-Plex-Provides $http_x_plex_provides;
proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor;
proxy_set_header X-Plex-Model $http_x_plex_model;
# Buffering off send to the client as soon as the data is received from Plex.
proxy_redirect off;
proxy_buffering off;
'';
locations."/" = {
# Buffering off send to the client as soon as the data is received from Plex.
proxy_redirect off;
proxy_buffering off;
'';
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://plex2.hades:32400/";
proxyWebsockets = true;
proxyPass = "http://plex2.hades:32400/";
};
};
"fedi.xirion.net" = {
enableACME = true;
forceSSL = true;
root = "${pkgs.v.glitch-soc}/public/";
locations = {
"/".tryFiles = "$uri @proxy";
# location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
# add_header Cache-Control "public, max-age=31536000, immutable";
# add_header Strict-Transport-Security "max-age=31536000";
# try_files $uri @proxy;
# }
# location /sw.js {
# add_header Cache-Control "public, max-age=0";
# add_header Strict-Transport-Security "max-age=31536000";
# try_files $uri @proxy;
# }
"@proxy" = {
proxyPass = "http://192.168.0.138:55001";
proxyWebsockets = true;
};
"/api/v1/streaming" = {
proxyPass = "http://192.168.0.138:55000";
proxyWebsockets = true;
};
};
};
"fedi-media.xirion.net" = proxy "http://garage.hades:3902";
};
virtualHosts."fedi.xirion.net" = {
enableACME = true;
forceSSL = true;
root = "${pkgs.v.glitch-soc}/public/";
locations."/".tryFiles = "$uri @proxy";
# location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
# add_header Cache-Control "public, max-age=31536000, immutable";
# add_header Strict-Transport-Security "max-age=31536000";
# try_files $uri @proxy;
# }
# location /sw.js {
# add_header Cache-Control "public, max-age=0";
# add_header Strict-Transport-Security "max-age=31536000";
# try_files $uri @proxy;
# }
locations."@proxy" = {
proxyPass = "http://192.168.0.138:55001";
proxyWebsockets = true;
};
locations."/api/v1/streaming" = {
proxyPass = "http://192.168.0.138:55000";
proxyWebsockets = true;
};
};
virtualHosts."fedi-media.xirion.net" = proxy "http://garage.hades:3902";
};
}

3
nixos/hosts/hades/pmm/configuration.nix
View file

@ -14,7 +14,8 @@ let
-v "/etc/pmm/TVShows.yml:/config/TVShows.yml:ro" \
${container} --run
'';
in {
in
{
imports = [ ];
# This value determines the NixOS release from which the default

44
nixos/hosts/hades/rtorrent/configuration.nix
View file

@ -21,27 +21,29 @@ in {
vault-secrets.secrets.rtorrent = { services = [ "wg-quick-wg0" ]; };
# Mullvad VPN
networking.wg-quick.interfaces = let
postUpScript = pkgs.writeScriptBin "post_up" ''
#!${pkgs.stdenv.shell}
${pkgs.iproute2}/bin/ip route add 10.42.42.0/23 via 192.168.0.1
${pkgs.iproute2}/bin/ip route add 10.100.0.0/24 via 192.168.0.1
'';
in {
wg0 = {
address = [ "10.66.153.191/32" "fc00:bbbb:bbbb:bb01::3:99be/128" ];
dns = [ "10.64.0.1" ];
privateKeyFile = "${vs.rtorrent}/wireguardKey";
postUp = "${postUpScript}/bin/post_up || true";
networking.wg-quick.interfaces =
let
postUpScript = pkgs.writeScriptBin "post_up" ''
#!${pkgs.stdenv.shell}
${pkgs.iproute2}/bin/ip route add 10.42.42.0/23 via 192.168.0.1
${pkgs.iproute2}/bin/ip route add 10.100.0.0/24 via 192.168.0.1
'';
in
{
wg0 = {
address = [ "10.66.153.191/32" "fc00:bbbb:bbbb:bb01::3:99be/128" ];
dns = [ "10.64.0.1" ];
privateKeyFile = "${vs.rtorrent}/wireguardKey";
postUp = "${postUpScript}/bin/post_up || true";
peers = [
{
publicKey = "HQHCrq4J6bSpdW1fI5hR/bvcrYa6HgGgwaa5ZY749ik=";
allowedIPs = [ "0.0.0.0/0" "::/0"];
endpoint = "185.213.155.73:51820";
# persistentKeepalive = 25;
}
];
peers = [
{
publicKey = "HQHCrq4J6bSpdW1fI5hR/bvcrYa6HgGgwaa5ZY749ik=";
allowedIPs = [ "0.0.0.0/0" "::/0" ];
endpoint = "185.213.155.73:51820";
# persistentKeepalive = 25;
}
];
};
};
};
}

165
nixos/hosts/hades/rtorrent/rtorrent.nix
View file

@ -4,112 +4,113 @@
port = 54945; # Port Forwarded in mullvad
downloadDir = "/mnt/storage/torrents/r";
package = pkgs.jesec-rtorrent;
configText = let cfg = config.services.rtorrent;
in pkgs.lib.mkForce ''
# rTorrent runtime directory (cfg.basedir) [default: "$HOME/.local/share/rtorrent"]
method.insert = cfg.basedir, private|const|string, (cat,"${cfg.dataDir}/")
configText =
let cfg = config.services.rtorrent;
in pkgs.lib.mkForce ''
# rTorrent runtime directory (cfg.basedir) [default: "$HOME/.local/share/rtorrent"]
method.insert = cfg.basedir, private|const|string, (cat,"${cfg.dataDir}/")
# Default download directory (cfg.download) [default: "$(cfg.basedir)/download"]
method.insert = cfg.download, private|const|string, (cat,"${cfg.downloadDir}")
# Default download directory (cfg.download) [default: "$(cfg.basedir)/download"]
method.insert = cfg.download, private|const|string, (cat,"${cfg.downloadDir}")
# RPC Socket
method.insert = cfg.rpcsock, private|const|string, (cat,"${cfg.rpcSocket}")
# RPC Socket
method.insert = cfg.rpcsock, private|const|string, (cat,"${cfg.rpcSocket}")
# Log directory (cfg.logs) [default: "$(cfg.basedir)/log"]
method.insert = cfg.logs, private|const|string, (cat,(cfg.basedir),"log/")
method.insert = cfg.logfile, private|const|string, (cat,(cfg.logs),"rtorrent-",(system.time),".log")
# Log directory (cfg.logs) [default: "$(cfg.basedir)/log"]
method.insert = cfg.logs, private|const|string, (cat,(cfg.basedir),"log/")
method.insert = cfg.logfile, private|const|string, (cat,(cfg.logs),"rtorrent-",(system.time),".log")
# Torrent session directory (cfg.session) [default: "$(cfg.basedir)/.session"]
method.insert = cfg.session, private|const|string, (cat,(cfg.basedir),".session/")
# Torrent session directory (cfg.session) [default: "$(cfg.basedir)/.session"]
method.insert = cfg.session, private|const|string, (cat,(cfg.basedir),".session/")
# Watch (drop to add) directories (cfg.watch) [default: "$(cfg.basedir)/watch"]
method.insert = cfg.watch, private|const|string, (cat,(cfg.basedir),"watch/")
# Watch (drop to add) directories (cfg.watch) [default: "$(cfg.basedir)/watch"]
method.insert = cfg.watch, private|const|string, (cat,(cfg.basedir),"watch/")
# Create directories
fs.mkdir.recursive = (cat,(cfg.basedir))
# Create directories
fs.mkdir.recursive = (cat,(cfg.basedir))
fs.mkdir = (cat,(cfg.download))
fs.mkdir = (cat,(cfg.logs))
fs.mkdir = (cat,(cfg.session))
fs.mkdir = (cat,(cfg.download))
fs.mkdir = (cat,(cfg.logs))
fs.mkdir = (cat,(cfg.session))
fs.mkdir = (cat,(cfg.watch))
fs.mkdir = (cat,(cfg.watch),"/load")
fs.mkdir = (cat,(cfg.watch),"/start")
fs.mkdir = (cat,(cfg.watch))
fs.mkdir = (cat,(cfg.watch),"/load")
fs.mkdir = (cat,(cfg.watch),"/start")
# Drop to "$(cfg.watch)/load" to add torrent
schedule2 = watch_load, 11, 10, ((load.verbose, (cat, (cfg.watch), "load/*.torrent")))
# Drop to "$(cfg.watch)/load" to add torrent
schedule2 = watch_load, 11, 10, ((load.verbose, (cat, (cfg.watch), "load/*.torrent")))
# Drop to "$(cfg.watch)/start" to add torrent and start downloading
schedule2 = watch_start, 10, 10, ((load.start_verbose, (cat, (cfg.watch), "start/*.torrent")))
# Drop to "$(cfg.watch)/start" to add torrent and start downloading
schedule2 = watch_start, 10, 10, ((load.start_verbose, (cat, (cfg.watch), "start/*.torrent")))
# Listening port for incoming peer traffic
network.port_range.set = ${toString cfg.port}-${toString cfg.port}
network.port_random.set = no
# Listening port for incoming peer traffic
network.port_range.set = ${toString cfg.port}-${toString cfg.port}
network.port_random.set = no
# Distributed Hash Table and Peer EXchange
dht.mode.set = disable
dht.port.set = 6881
protocol.pex.set = yes
# Distributed Hash Table and Peer EXchange
dht.mode.set = disable
dht.port.set = 6881
protocol.pex.set = yes
# UDP tracker support
trackers.use_udp.set = yes
# UDP tracker support
trackers.use_udp.set = yes
# Peer settings
throttle.max_uploads.set = 100
throttle.max_uploads.global.set = 250
throttle.min_peers.normal.set = 20
throttle.max_peers.normal.set = 60
throttle.min_peers.seed.set = 30
throttle.max_peers.seed.set = 80
trackers.numwant.set = 80
# Peer settings
throttle.max_uploads.set = 100
throttle.max_uploads.global.set = 250
throttle.min_peers.normal.set = 20
throttle.max_peers.normal.set = 60
throttle.min_peers.seed.set = 30
throttle.max_peers.seed.set = 80
trackers.numwant.set = 80
protocol.encryption.set = allow_incoming,try_outgoing,enable_retry
protocol.encryption.set = allow_incoming,try_outgoing,enable_retry
# Limits for file handle resources, this is optimized for
# an `ulimit` of 1024 (a common default). You MUST leave
# a ceiling of handles reserved for rTorrent's internal needs!
network.max_open_files.set = 600
network.max_open_sockets.set = 300
# Limits for file handle resources, this is optimized for
# an `ulimit` of 1024 (a common default). You MUST leave
# a ceiling of handles reserved for rTorrent's internal needs!
network.max_open_files.set = 600
network.max_open_sockets.set = 300
# Memory resource usage (increase if you have a large number of items loaded,
# and/or the available resources to spend)
pieces.memory.max.set = 1800M
network.xmlrpc.size_limit.set = 32M
# Memory resource usage (increase if you have a large number of items loaded,
# and/or the available resources to spend)
pieces.memory.max.set = 1800M
network.xmlrpc.size_limit.set = 32M
# Basic operational settings
session.path.set = (cat, (cfg.session))
directory.default.set = (cat, (cfg.download))
log.execute = (cat, (cfg.logs), "execute.log")
# Basic operational settings
session.path.set = (cat, (cfg.session))
directory.default.set = (cat, (cfg.download))
log.execute = (cat, (cfg.logs), "execute.log")
# Other operational settings
encoding.add = utf8
system.umask.set = 0027
system.cwd.set = (directory.default)
#schedule2 = low_diskspace, 5, 60, ((close_low_diskspace, 500M))
#pieces.hash.on_completion.set = no
# Other operational settings
encoding.add = utf8
system.umask.set = 0027
system.cwd.set = (directory.default)
#schedule2 = low_diskspace, 5, 60, ((close_low_diskspace, 500M))
#pieces.hash.on_completion.set = no
# HTTP and SSL
network.http.max_open.set = 50
network.http.dns_cache_timeout.set = 25
# HTTP and SSL
network.http.max_open.set = 50
network.http.dns_cache_timeout.set = 25
#network.http.ssl_verify_peer.set = 1
#network.http.ssl_verify_host.set = 1
#network.http.ssl_verify_peer.set = 1
#network.http.ssl_verify_host.set = 1
# Run the rTorrent process as a daemon in the background
system.daemon.set = true
# Run the rTorrent process as a daemon in the background
system.daemon.set = true
# XML-RPC interface
network.scgi.open_local = (cat,(cfg.rpcsock))
schedule = scgi_group,0,0,"execute.nothrow=chown,\":rtorrent\",(cfg.rpcsock)"
schedule = scgi_permission,0,0,"execute.nothrow=chmod,\"g+w,o=\",(cfg.rpcsock)"
# XML-RPC interface
network.scgi.open_local = (cat,(cfg.rpcsock))
schedule = scgi_group,0,0,"execute.nothrow=chown,\":rtorrent\",(cfg.rpcsock)"
schedule = scgi_permission,0,0,"execute.nothrow=chmod,\"g+w,o=\",(cfg.rpcsock)"
# Logging:
# Levels = critical error warn notice info debug
# Groups = connection_* dht_* peer_* rpc_* storage_* thread_* tracker_* torrent_*
print = (cat, "Logging to ", (cfg.logfile))
log.open_file = "log", (cfg.logfile)
log.add_output = "debug", "log"
'';
# Logging:
# Levels = critical error warn notice info debug
# Groups = connection_* dht_* peer_* rpc_* storage_* thread_* tracker_* torrent_*
print = (cat, "Logging to ", (cfg.logfile))
log.open_file = "log", (cfg.logfile)
log.add_output = "debug", "log"
'';
};
}

2
nixos/hosts/hades/unifi/configuration.nix
View file

@ -1,4 +1,4 @@
{ pkgs, lib, pkgs_stable,... }: {
{ pkgs, lib, pkgs_stable, ... }: {
system.stateVersion = "21.05";
networking.interfaces.eth0.useDHCP = true;