From 21ec3dbb26d2467fbe426521d8a0344bbeb86e92 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 24 Dec 2023 22:56:50 +0100 Subject: [PATCH 1/3] nixos: services: add pyload --- modules/nixos/services/default.nix | 1 + modules/nixos/services/pyload/default.nix | 70 +++++++++++++++++++++++ 2 files changed, 71 insertions(+) create mode 100644 modules/nixos/services/pyload/default.nix diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 3e2b3c8..67504da 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -27,6 +27,7 @@ ./podgrab ./postgresql ./postgresql-backup + ./pyload ./quassel ./rss-bridge ./sabnzbd diff --git a/modules/nixos/services/pyload/default.nix b/modules/nixos/services/pyload/default.nix new file mode 100644 index 0000000..3751301 --- /dev/null +++ b/modules/nixos/services/pyload/default.nix @@ -0,0 +1,70 @@ +{ config, lib, ... }: +let + cfg = config.my.services.pyload; +in +{ + options.my.services.pyload = with lib; { + enable = mkEnableOption "pyload download manager"; + + credentialsFile = mkOption { + type = types.path; + example = "/run/secrets/pyload-credentials.env"; + description = "pyload credentials"; + }; + + downloadDirectory = mkOption { + type = types.str; + default = "/data/downloads/pyload"; + example = "/var/lib/pyload/download"; + description = "Download directory"; + }; + + port = mkOption { + type = types.port; + default = 9093; + example = 8080; + description = "Internal port for webui"; + }; + }; + + config = lib.mkIf cfg.enable { + services.pyload = { + enable = true; + + # Listening on `localhost` leads to 502 with the reverse proxy... + listenAddress = "127.0.0.1"; + + inherit (cfg) + credentialsFile + downloadDirectory + port + ; + }; + + # User media group when downloading files + systemd.services.pyload = { + serviceConfig = { + Group = lib.mkForce "media"; + }; + }; + + # And make sure the download directory has the correct owners + systemd.tmpfiles.settings.pyload = { + ${cfg.downloadDirectory}.d = { + user = "pyload"; + group = "media"; + }; + }; + + # Set-up media group + users.groups.media = { }; + + my.services.nginx.virtualHosts = { + pyload = { + inherit (cfg) port; + }; + }; + + # FIXME: fail2ban + }; +} From d50cf8477f6af7ca039f7fed8f1a96df71433260 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sun, 24 Dec 2023 22:57:37 +0100 Subject: [PATCH 2/3] hosts: nixos: porthos: secrets: add pyload creds --- hosts/nixos/porthos/secrets/pyload/credentials.age | 7 +++++++ hosts/nixos/porthos/secrets/secrets.nix | 2 ++ 2 files changed, 9 insertions(+) create mode 100644 hosts/nixos/porthos/secrets/pyload/credentials.age diff --git a/hosts/nixos/porthos/secrets/pyload/credentials.age b/hosts/nixos/porthos/secrets/pyload/credentials.age new file mode 100644 index 0000000..089f962 --- /dev/null +++ b/hosts/nixos/porthos/secrets/pyload/credentials.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 cKojmg nJbOfp0/wmFOZLzcWjoGB7wEB8e56aO1NntSmn5KomU +/Vio4Z/t7IPJrdzdwUPidVH3wrouSkwRzNHP0T4z3x0 +-> ssh-ed25519 jPowng QXg/xqs7/VfkYQg3X77w4i53q64bL9oYeTxqb9NVhiQ +sMHIXlmrIxtIr+s0X4lBqev/PPd3AKD5P7AP5K4NeJg +--- gzTn+6+aa4Ptic1lsvSt+r3IEBysHrvMMIyONogMDF0 +ˮUE_ Date: Sun, 24 Dec 2023 22:58:03 +0100 Subject: [PATCH 3/3] hosts: nixos: porthos: services: enable pyload --- hosts/nixos/porthos/services.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index d73cdc1..2486752 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -134,6 +134,10 @@ in }; # Regular backups postgresql-backup.enable = true; + pyload = { + enable = true; + credentialsFile = secrets."pyload/credentials".path; + }; # RSS provider for websites that do not provide any feeds rss-bridge.enable = true; # Usenet client