nix-config/modules/nixos/services/pyload/default.nix

{ config, lib, ... }:
let
  cfg = config.my.services.pyload;
in
{
  options.my.services.pyload = with lib; {
    enable = mkEnableOption "pyload download manager";

    credentialsFile = mkOption {
      type = types.path;
      example = "/run/secrets/pyload-credentials.env";
      description = "pyload credentials";
    };

    downloadDirectory = mkOption {
      type = types.str;
      default = "/data/downloads/pyload";
      example = "/var/lib/pyload/download";
      description = "Download directory";
    };

    port = mkOption {
      type = types.port;
      default = 9093;
      example = 8080;
      description = "Internal port for webui";
    };
  };

  config = lib.mkIf cfg.enable {
    services.pyload = {
      enable = true;

      # Listening on `localhost` leads to 502 with the reverse proxy...
      listenAddress = "127.0.0.1";

      inherit (cfg)
        credentialsFile
        downloadDirectory
        port
        ;

      # Use media group when downloading files
      group = "media";
    };

    # Set-up media group
    users.groups.media = { };

    my.services.nginx.virtualHosts = {
      pyload = {
        inherit (cfg) port;
      };
    };

    my.system.persist.directories = [
      cfg.downloadDirectory
      "/var/lib/pyload"
    ];

    services.fail2ban.jails = {
      pyload = ''
        enabled = true
        filter = pyload
        port = http,https
      '';
    };

    environment.etc = {
      "fail2ban/filter.d/pyload.conf".text = ''
        [Definition]
        failregex = ^.*Login failed for user '<F-USER>.*</F-USER>' \[CLIENT: <HOST>\]$
        journalmatch = _SYSTEMD_UNIT=pyload.service
      '';
    };
  };
}
nixos: services: add pyload 2023-12-24 22:56:50 +01:00			`{ config, lib, ... }:`
			`let`
			`cfg = config.my.services.pyload;`
			`in`
			`{`
			`options.my.services.pyload = with lib; {`
			`enable = mkEnableOption "pyload download manager";`

			`credentialsFile = mkOption {`
			`type = types.path;`
			`example = "/run/secrets/pyload-credentials.env";`
			`description = "pyload credentials";`
			`};`

			`downloadDirectory = mkOption {`
			`type = types.str;`
			`default = "/data/downloads/pyload";`
			`example = "/var/lib/pyload/download";`
			`description = "Download directory";`
			`};`

			`port = mkOption {`
			`type = types.port;`
			`default = 9093;`
			`example = 8080;`
			`description = "Internal port for webui";`
			`};`
			`};`

			`config = lib.mkIf cfg.enable {`
			`services.pyload = {`
			`enable = true;`

			# Listening on `localhost` leads to 502 with the reverse proxy...
			`listenAddress = "127.0.0.1";`

			`inherit (cfg)`
			`credentialsFile`
			`downloadDirectory`
			`port`
			`;`

flake: bump inputs Fix the pyLoad user/group option that I added upstream [1]. Fix an evaluation error due to Pipewire changes [2]. [1]: https://github.com/NixOS/nixpkgs/pull/287304 [2]: https://github.com/NixOS/nixpkgs/pull/282377 2024-02-29 13:06:58 +01:00			`# Use media group when downloading files`
nixos: services: add pyload 2023-12-24 22:56:50 +01:00			`group = "media";`
			`};`

flake: bump inputs Fix the pyLoad user/group option that I added upstream [1]. Fix an evaluation error due to Pipewire changes [2]. [1]: https://github.com/NixOS/nixpkgs/pull/287304 [2]: https://github.com/NixOS/nixpkgs/pull/282377 2024-02-29 13:06:58 +01:00			`# Set-up media group`
nixos: services: add pyload 2023-12-24 22:56:50 +01:00			`users.groups.media = { };`

			`my.services.nginx.virtualHosts = {`
			`pyload = {`
			`inherit (cfg) port;`
			`};`
			`};`

nixos: services: pyload: persist data 2024-11-28 22:47:37 +01:00			`my.system.persist.directories = [`
			`cfg.downloadDirectory`
			`"/var/lib/pyload"`
			`];`

nixos: services: pyload: add fail2ban jail 2024-11-18 13:31:08 +01:00			`services.fail2ban.jails = {`
			`pyload = ''`
			`enabled = true`
			`filter = pyload`
			`port = http,https`
			`'';`
			`};`

			`environment.etc = {`
			`"fail2ban/filter.d/pyload.conf".text = ''`
			`[Definition]`
			`failregex = ^.Login failed for user '<F-USER>.</F-USER>' \[CLIENT: <HOST>\]$`
			`journalmatch = _SYSTEMD_UNIT=pyload.service`
			`'';`
			`};`
nixos: services: add pyload 2023-12-24 22:56:50 +01:00			`};`
			`}`