ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

WIP: nixos: services: add aria
Some checks failed
ci/woodpecker/push/check Pipeline failed
Details

Browse source
This commit is contained in:
Bruno BELANYI 2023-12-22 23:27:04 +01:00
parent 58b22b7354
commit 2172710dc8
3 changed files with 74 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
hosts/nixos/porthos/services.nix
View file

@ -10,6 +10,9 @@ in
adblock = {
enable = true;
};
aria = {
enable = true;
};
# Backblaze B2 backup
backup = {
enable = true;

70
modules/nixos/services/aria/default.nix Normal file
View file

@ -0,0 +1,70 @@
{ config, lib, pkgs, ... }:
let
cfg = config.my.services.aria;
in
{
options.my.services.aria = with lib; {
enable = mkEnableOption "";
rpcPort = mkOption {
type = types.port;
default = 6800;
example = 8080;
description = "RPC port";
};
downloadDir = mkOption {
type = types.str;
default = "/data/downloads";
example = "/var/lib/transmission/download";
description = "Download directory";
};
# FIXME: secrets file
};
config = lib.mkIf cfg.enable {
services.aria2 = {
enable = true;
inherit (cfg) downloadDir;
rpcListenPort = cfg.rpcPort;
};
# Expose DHT ports, but not RPC ports
networking.firewall = {
allowedUDPPortRanges = config.services.aria2.listenPortRange;
};
# Set-up media group
users.groups.media = { };
systemd.services.aria2 = {
serviceConfig = {
Group = lib.mkForce "media"; # Use 'media' group
};
};
my.services.nginx.virtualHosts = [
{
subdomain = "aria-rpc";
port = cfg.rpcPort;
# Proxy websockets for RPC
extraConfig = {
locations."/".proxyWebsockets = true;
};
}
{
subdomain = "aria";
root = "${pkgs.ariang}/share/ariang";
# For paranoia, don't allow anybody to use the UI unauthenticated
sso = {
enable = true;
};
}
];
# FIXME: fail2ban rules
};
}

1
modules/nixos/services/default.nix
View file

@ -3,6 +3,7 @@
{
imports = [
./adblock
./aria
./backup
./blog
./calibre-web