152 lines
3.7 KiB
Nix
152 lines
3.7 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
with lib;
|
|
let cfg = config.services.flood;
|
|
in {
|
|
options.services.flood = {
|
|
enable = mkEnableOption "flood";
|
|
|
|
user = mkOption {
|
|
default = "flood";
|
|
type = types.str;
|
|
description = ''
|
|
User account under which flood runs.
|
|
'';
|
|
};
|
|
|
|
group = mkOption {
|
|
type = types.str;
|
|
default = "rtorrent";
|
|
description = ''
|
|
Group under which flood runs.
|
|
Flood needs to have the correct permissions if accessing rtorrent through the socket.
|
|
'';
|
|
};
|
|
|
|
package = mkOption {
|
|
type = types.package;
|
|
default = pkgs.flood;
|
|
defaultText = "pkgs.flood";
|
|
description = ''
|
|
The flood package to use.
|
|
'';
|
|
};
|
|
|
|
host = mkOption {
|
|
type = types.str;
|
|
default = "127.0.0.1";
|
|
description = ''
|
|
Address flood binds to.
|
|
'';
|
|
};
|
|
|
|
port = mkOption {
|
|
type = types.port;
|
|
default = 3000;
|
|
description = ''
|
|
The flood web port.
|
|
'';
|
|
};
|
|
|
|
openFirewall = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = ''
|
|
Whether to open the firewall for the port in <option>services.flood.port</option>.
|
|
'';
|
|
};
|
|
|
|
rpcSocket = mkOption {
|
|
type = types.str;
|
|
readOnly = true;
|
|
default = "/run/rtorrent/rpc.sock";
|
|
description = ''
|
|
RPC socket path.
|
|
(Only used when auth=none).
|
|
'';
|
|
};
|
|
|
|
dataDir = mkOption {
|
|
type = types.str;
|
|
default = "/var/lib/flood";
|
|
description = ''
|
|
The directory where flood stores its data files.
|
|
'';
|
|
};
|
|
|
|
downloadDir = mkOption {
|
|
type = types.str;
|
|
default = "/var/lib/rtorrent/download";
|
|
description = ''
|
|
Root directory for downloaded files.
|
|
'';
|
|
};
|
|
|
|
authMode = mkOption {
|
|
type = types.str;
|
|
default = "none";
|
|
description = ''
|
|
Access control and user management method.
|
|
Either 'default' or 'none'.
|
|
'';
|
|
};
|
|
|
|
ssl = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = ''
|
|
Enable SSL.
|
|
key.pem and fullchain.pem needed in runtime directory.
|
|
'';
|
|
};
|
|
|
|
baseURI = mkOption {
|
|
type = types.str;
|
|
default = "/";
|
|
description = ''
|
|
This URI will prefix all of Flood's HTTP requests
|
|
'';
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
# Create group if set to default
|
|
users.groups = mkIf (cfg.group == "rtorrent") { rtorrent = { }; };
|
|
|
|
# Create user if set to default
|
|
users.users = mkIf (cfg.user == "flood") {
|
|
flood = {
|
|
group = cfg.group;
|
|
shell = pkgs.bashInteractive;
|
|
home = cfg.dataDir;
|
|
description = "flood Daemon user";
|
|
isSystemUser = true;
|
|
};
|
|
};
|
|
|
|
# Open firewall if option is set to do so.
|
|
networking.firewall.allowedTCPPorts = mkIf (cfg.openFirewall) [ cfg.port ];
|
|
|
|
# The actual service
|
|
systemd.services.flood = {
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [ "network.target" ];
|
|
description = "flood system service";
|
|
serviceConfig = {
|
|
User = cfg.user;
|
|
Group = cfg.group;
|
|
Type = "simple";
|
|
Restart = "on-failure";
|
|
WorkingDirectory = cfg.dataDir;
|
|
ExecStart =
|
|
"${cfg.package}/bin/flood --baseuri ${cfg.baseURI} --rundir ${cfg.dataDir} --host ${cfg.host} --port ${
|
|
toString cfg.port
|
|
} ${
|
|
if cfg.ssl then "--ssl" else ""
|
|
} --auth ${cfg.authMode} --rtsocket ${cfg.rpcSocket} --allowedpath ${cfg.downloadDir}";
|
|
};
|
|
};
|
|
|
|
# This is needed to create the dataDir with the correct permissions.
|
|
systemd.tmpfiles.rules = [ "d '${cfg.dataDir}' 0755 ${cfg.user} ${cfg.group} -" ];
|
|
};
|
|
}
|