dns module

nixos/common/modules/flood.nix

@@ -0,0 +1,152 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let cfg = config.services.flood;
+in {
+  options.services.flood = {
+    enable = mkEnableOption "flood";
+
+    user = mkOption {
+      default = "flood";
+      type = types.str;
+      description = ''
+        User account under which flood runs.
+      '';
+    };
+
+    group = mkOption {
+      type = types.str;
+      default = "rtorrent";
+      description = ''
+        Group under which flood runs.
+        Flood needs to have the correct permissions if accessing rtorrent through the socket.
+      '';
+    };
+
+    package = mkOption {
+      type = types.package;
+      default = pkgs.flood;
+      defaultText = "pkgs.flood";
+      description = ''
+        The flood package to use.
+      '';
+    };
+
+    host = mkOption {
+      type = types.str;
+      default = "127.0.0.1";
+      description = ''
+        Address flood binds to.
+      '';
+    };
+
+    port = mkOption {
+      type = types.port;
+      default = 3000;
+      description = ''
+        The flood web port.
+      '';
+    };
+
+    openFirewall = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Whether to open the firewall for the port in <option>services.flood.port</option>.
+      '';
+    };
+
+    rpcSocket = mkOption {
+      type = types.str;
+      readOnly = true;
+      default = "/run/rtorrent/rpc.sock";
+      description = ''
+        RPC socket path.
+        (Only used when auth=none).
+      '';
+    };
+
+    dataDir = mkOption {
+      type = types.str;
+      default = "/var/lib/flood";
+      description = ''
+        The directory where flood stores its data files.
+      '';
+    };
+
+    downloadDir = mkOption {
+      type = types.str;
+      default = "/var/lib/rtorrent/download";
+      description = ''
+        Root directory for downloaded files.
+      '';
+    };
+
+    authMode = mkOption {
+      type = types.str;
+      default = "none";
+      description = ''
+        Access control and user management method.
+        Either 'default' or 'none'.
+      '';
+    };
+
+    ssl = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Enable SSL. 
+        key.pem and fullchain.pem needed in runtime directory.
+      '';
+    };
+
+    baseURI = mkOption {
+      type = types.str;
+      default = "/";
+      description = ''
+        This URI will prefix all of Flood's HTTP requests
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # Create group if set to default
+    users.groups = mkIf (cfg.group == "rtorrent") { rtorrent = { }; };
+
+    # Create user if set to default
+    users.users = mkIf (cfg.user == "flood") {
+      flood = {
+        group = cfg.group;
+        shell = pkgs.bashInteractive;
+        home = cfg.dataDir;
+        description = "flood Daemon user";
+        isSystemUser = true;
+      };
+    };
+
+    # Open firewall if option is set to do so.
+    networking.firewall.allowedTCPPorts = mkIf (cfg.openFirewall) [ cfg.port ];
+
+    # The actual service
+    systemd.services.flood = {
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      description = "flood system service";
+      serviceConfig = {
+        User = cfg.user;
+        Group = cfg.group;
+        Type = "simple";
+        Restart = "on-failure";
+        WorkingDirectory = cfg.dataDir;
+        ExecStart =
+          "${cfg.package}/bin/flood --baseuri ${cfg.baseURI} --rundir ${cfg.dataDir} --host ${cfg.host} --port ${
+            toString cfg.port
+          } ${
+            if cfg.ssl then "--ssl" else ""
+          } --auth ${cfg.authMode} --rtsocket ${cfg.rpcSocket} --allowedpath ${cfg.downloadDir}";
+      };
+    };
+
+    # This is needed to create the dataDir with the correct permissions.
+    systemd.tmpfiles.rules = [ "d '${cfg.dataDir}' 0755 ${cfg.user} ${cfg.group} -" ];
+  };
+}