| blob | f0d5c5c8a21e382aa22b813a2769306cd14b4372 |
1 { config, lib, pkgs, ... }:
3 let
4 cfg = config.services.aria2;
6 homeDir = "/var/lib/aria2";
7 defaultRpcListenPort = 6800;
8 defaultDir = "${homeDir}/Downloads";
10 portRangesToString = ranges: lib.concatStringsSep "," (map
11 (x:
12 if x.from == x.to
13 then builtins.toString x.from
14 else builtins.toString x.from + "-" + builtins.toString x.to
15 )
16 ranges);
18 customToKeyValue = lib.generators.toKeyValue {
19 mkKeyValue = lib.generators.mkKeyValueDefault
20 {
21 mkValueString = v:
22 if builtins.isList v then portRangesToString v
23 else lib.generators.mkValueStringDefault { } v;
24 } "=";
25 };
26 in
27 {
28 imports = [
29 (lib.mkRemovedOptionModule [ "services" "aria2" "rpcSecret" ] "Use services.aria2.rpcSecretFile instead")
30 (lib.mkRemovedOptionModule [ "services" "aria2" "extraArguments" ] "Use services.aria2.settings instead")
31 (lib.mkRenamedOptionModule [ "services" "aria2" "downloadDir" ] [ "services" "aria2" "settings" "dir" ])
32 (lib.mkRenamedOptionModule [ "services" "aria2" "listenPortRange" ] [ "services" "aria2" "settings" "listen-port" ])
33 (lib.mkRenamedOptionModule [ "services" "aria2" "rpcListenPort" ] [ "services" "aria2" "settings" "rpc-listen-port" ])
34 ];
36 options = {
37 services.aria2 = {
38 enable = lib.mkOption {
39 type = lib.types.bool;
40 default = false;
41 description = ''
42 Whether or not to enable the headless Aria2 daemon service.
44 Aria2 daemon can be controlled via the RPC interface using one of many
45 WebUIs (http://localhost:${toString defaultRpcListenPort}/ by default).
47 Targets are downloaded to `${defaultDir}` by default and are
48 accessible to users in the `aria2` group.
49 '';
50 };
51 openPorts = lib.mkOption {
52 type = lib.types.bool;
53 default = false;
54 description = ''
55 Open listen and RPC ports found in `settings.listen-port` and
56 `settings.rpc-listen-port` options in the firewall.
57 '';
58 };
59 rpcSecretFile = lib.mkOption {
60 type = lib.types.path;
61 example = "/run/secrets/aria2-rpc-token.txt";
62 description = ''
63 A file containing the RPC secret authorization token.
64 Read https://aria2.github.io/manual/en/html/aria2c.html#rpc-auth to know how this option value is used.
65 '';
66 };
67 settings = lib.mkOption {
68 description = ''
69 Generates the `aria2.conf` file. Refer to [the documentation][0] for
70 all possible settings.
72 [0]: https://aria2.github.io/manual/en/html/aria2c.html#synopsis
73 '';
74 default = { };
75 type = lib.types.submodule {
76 freeformType = with lib.types; attrsOf (oneOf [ bool int float singleLineStr ]);
77 options = {
78 save-session = lib.mkOption {
79 type = lib.types.singleLineStr;
80 default = "${homeDir}/aria2.session";
81 description = "Save error/unfinished downloads to FILE on exit.";
82 };
83 dir = lib.mkOption {
84 type = lib.types.singleLineStr;
85 default = defaultDir;
86 description = "Directory to store downloaded files.";
87 };
88 conf-path = lib.mkOption {
89 type = lib.types.singleLineStr;
90 default = "${homeDir}/aria2.conf";
91 description = "Configuration file path.";
92 };
93 enable-rpc = lib.mkOption {
94 type = lib.types.bool;
95 default = true;
96 description = "Enable JSON-RPC/XML-RPC server.";
97 };
98 listen-port = lib.mkOption {
99 type = with lib.types; listOf (attrsOf port);
100 default = [{ from = 6881; to = 6999; }];
101 description = "Set UDP listening port range used by DHT(IPv4, IPv6) and UDP tracker.";
102 };
103 rpc-listen-port = lib.mkOption {
104 type = lib.types.port;
105 default = defaultRpcListenPort;
106 description = "Specify a port number for JSON-RPC/XML-RPC server to listen to. Possible Values: 1024-65535";
107 };
108 };
109 };
110 };
111 };
112 };
114 config = lib.mkIf cfg.enable {
115 assertions = [
116 {
117 assertion = cfg.settings.enable-rpc;
118 message = "RPC has to be enabled, the default module option takes care of that.";
119 }
120 {
121 assertion = !(cfg.settings ? rpc-secret);
122 message = "Set the RPC secret through services.aria2.rpcSecretFile so it will not end up in the world-readable nix store.";
123 }
124 ];
126 # Need to open ports for proper functioning
127 networking.firewall = lib.mkIf cfg.openPorts {
128 allowedUDPPortRanges = config.services.aria2.settings.listen-port;
129 allowedTCPPorts = [ config.services.aria2.settings.rpc-listen-port ];
130 };
132 users.users.aria2 = {
133 group = "aria2";
134 uid = config.ids.uids.aria2;
135 description = "aria2 user";
136 home = homeDir;
137 createHome = false;
138 };
140 users.groups.aria2.gid = config.ids.gids.aria2;
142 systemd.tmpfiles.rules = [
143 "d '${homeDir}' 0770 aria2 aria2 - -"
144 "d '${config.services.aria2.settings.dir}' 0770 aria2 aria2 - -"
145 ];
147 systemd.services.aria2 = {
148 description = "aria2 Service";
149 after = [ "network.target" ];
150 wantedBy = [ "multi-user.target" ];
151 preStart = ''
152 if [[ ! -e "${cfg.settings.save-session}" ]]
153 then
154 touch "${cfg.settings.save-session}"
155 fi
156 cp -f "${pkgs.writeText "aria2.conf" (customToKeyValue cfg.settings)}" "${cfg.settings.conf-path}"
157 chmod +w "${cfg.settings.conf-path}"
158 echo "rpc-secret=$(cat "$CREDENTIALS_DIRECTORY/rpcSecretFile")" >> "${cfg.settings.conf-path}"
159 '';
161 serviceConfig = {
162 Restart = "on-abort";
163 ExecStart = "${pkgs.aria2}/bin/aria2c --conf-path=${cfg.settings.conf-path}";
164 ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
165 User = "aria2";
166 Group = "aria2";
167 LoadCredential = "rpcSecretFile:${cfg.rpcSecretFile}";
168 };
169 };
170 };
172 meta.maintainers = [ lib.maintainers.timhae ];
173 }