| blob | b681c58dfe2ad6ef46ff93e352e7a08f4352844d |
1 { config, lib, pkgs, ... }:
3 with lib;
5 let
6 cfg = config.services.magnetico;
8 dataDir = "/var/lib/magnetico";
10 credFile = with cfg.web;
11 if credentialsFile != null
12 then credentialsFile
13 else pkgs.writeText "magnetico-credentials"
14 (concatStrings (mapAttrsToList
15 (user: hash: "${user}:${hash}\n")
16 cfg.web.credentials));
18 # default options in magneticod/main.go
19 dbURI = concatStrings
20 [ "sqlite3://${dataDir}/database.sqlite3"
21 "?_journal_mode=WAL"
22 "&_busy_timeout=3000"
23 "&_foreign_keys=true"
24 ];
26 crawlerArgs = with cfg.crawler; escapeShellArgs
27 ([ "--database=${dbURI}"
28 "--indexer-addr=${address}:${toString port}"
29 "--indexer-max-neighbors=${toString maxNeighbors}"
30 "--leech-max-n=${toString maxLeeches}"
31 ] ++ extraOptions);
33 webArgs = with cfg.web; escapeShellArgs
34 ([ "--database=${dbURI}"
35 (if (cfg.web.credentialsFile != null || cfg.web.credentials != { })
36 then "--credentials=${toString credFile}"
37 else "--no-auth")
38 "--addr=${address}:${toString port}"
39 ] ++ extraOptions);
41 in {
43 ###### interface
45 options.services.magnetico = {
46 enable = mkEnableOption (lib.mdDoc "Magnetico, Bittorrent DHT crawler");
48 crawler.address = mkOption {
49 type = types.str;
50 default = "0.0.0.0";
51 example = "1.2.3.4";
52 description = lib.mdDoc ''
53 Address to be used for indexing DHT nodes.
54 '';
55 };
57 crawler.port = mkOption {
58 type = types.port;
59 default = 0;
60 description = lib.mdDoc ''
61 Port to be used for indexing DHT nodes.
62 This port should be added to
63 {option}`networking.firewall.allowedTCPPorts`.
64 '';
65 };
67 crawler.maxNeighbors = mkOption {
68 type = types.ints.positive;
69 default = 1000;
70 description = lib.mdDoc ''
71 Maximum number of simultaneous neighbors of an indexer.
72 Be careful changing this number: high values can very
73 easily cause your network to be congested or even crash
74 your router.
75 '';
76 };
78 crawler.maxLeeches = mkOption {
79 type = types.ints.positive;
80 default = 200;
81 description = lib.mdDoc ''
82 Maximum number of simultaneous leeches.
83 '';
84 };
86 crawler.extraOptions = mkOption {
87 type = types.listOf types.str;
88 default = [];
89 description = lib.mdDoc ''
90 Extra command line arguments to pass to magneticod.
91 '';
92 };
94 web.address = mkOption {
95 type = types.str;
96 default = "localhost";
97 example = "1.2.3.4";
98 description = lib.mdDoc ''
99 Address the web interface will listen to.
100 '';
101 };
103 web.port = mkOption {
104 type = types.port;
105 default = 8080;
106 description = lib.mdDoc ''
107 Port the web interface will listen to.
108 '';
109 };
111 web.credentials = mkOption {
112 type = types.attrsOf types.str;
113 default = {};
114 example = lib.literalExpression ''
115 {
116 myuser = "$2y$12$YE01LZ8jrbQbx6c0s2hdZO71dSjn2p/O9XsYJpz.5968yCysUgiaG";
117 }
118 '';
119 description = lib.mdDoc ''
120 The credentials to access the web interface, in case authentication is
121 enabled, in the format `username:hash`. If unset no
122 authentication will be required.
124 Usernames must start with a lowercase ([a-z]) ASCII character, might
125 contain non-consecutive underscores except at the end, and consists of
126 small-case a-z characters and digits 0-9. The
127 {command}`htpasswd` tool from the `apacheHttpd`
128 package may be used to generate the hash:
129 {command}`htpasswd -bnBC 12 username password`
131 ::: {.warning}
132 The hashes will be stored world-readable in the nix store.
133 Consider using the `credentialsFile` option if you
134 don't want this.
135 :::
136 '';
137 };
139 web.credentialsFile = mkOption {
140 type = types.nullOr types.path;
141 default = null;
142 description = lib.mdDoc ''
143 The path to the file holding the credentials to access the web
144 interface. If unset no authentication will be required.
146 The file must constain user names and password hashes in the format
147 `username:hash `, one for each line. Usernames must
148 start with a lowecase ([a-z]) ASCII character, might contain
149 non-consecutive underscores except at the end, and consists of
150 small-case a-z characters and digits 0-9.
151 The {command}`htpasswd` tool from the `apacheHttpd`
152 package may be used to generate the hash:
153 {command}`htpasswd -bnBC 12 username password`
154 '';
155 };
157 web.extraOptions = mkOption {
158 type = types.listOf types.str;
159 default = [];
160 description = lib.mdDoc ''
161 Extra command line arguments to pass to magneticow.
162 '';
163 };
165 };
167 ###### implementation
169 config = mkIf cfg.enable {
171 users.users.magnetico = {
172 description = "Magnetico daemons user";
173 group = "magnetico";
174 isSystemUser = true;
175 };
176 users.groups.magnetico = {};
178 systemd.services.magneticod = {
179 description = "Magnetico DHT crawler";
180 wantedBy = [ "multi-user.target" ];
181 after = [ "network.target" ];
183 serviceConfig = {
184 User = "magnetico";
185 Restart = "on-failure";
186 ExecStart = "${pkgs.magnetico}/bin/magneticod ${crawlerArgs}";
187 };
188 };
190 systemd.services.magneticow = {
191 description = "Magnetico web interface";
192 wantedBy = [ "multi-user.target" ];
193 after = [ "network.target" "magneticod.service"];
195 serviceConfig = {
196 User = "magnetico";
197 StateDirectory = "magnetico";
198 Restart = "on-failure";
199 ExecStart = "${pkgs.magnetico}/bin/magneticow ${webArgs}";
200 };
201 };
203 assertions =
204 [
205 {
206 assertion = cfg.web.credentialsFile == null || cfg.web.credentials == { };
207 message = ''
208 The options services.magnetico.web.credentialsFile and
209 services.magnetico.web.credentials are mutually exclusives.
210 '';
211 }
212 ];
214 };
216 meta.maintainers = with lib.maintainers; [ rnhmjoj ];
218 }