diff options
Diffstat (limited to 'modules/tlmp/rutorrent.nix')
| -rw-r--r-- | modules/tlmp/rutorrent.nix | 43 |
1 files changed, 9 insertions, 34 deletions
diff --git a/modules/tlmp/rutorrent.nix b/modules/tlmp/rutorrent.nix index 34bff4c..bfb8ef1 100644 --- a/modules/tlmp/rutorrent.nix +++ b/modules/tlmp/rutorrent.nix @@ -3,10 +3,10 @@ with lib; let - rutorrent = pkgs.callPackage ./rutorrent.pkg.nix {}; - cfg = config.services.rutorrent; + rutorrent = pkgs.callPackage ./rutorrent.pkg.nix {}; + rtorrentPluginDependencies = with pkgs; { _task = [ procps ]; unpack = [ unzip unrar ]; @@ -128,7 +128,6 @@ in { in [] ++ (optional (cfg.nginx.exposeInsecureRPC2mount && (nginxVhostCfg.basicAuth == {} || nginxVhostCfg.basicAuthFile == null )) '' You are using exposeInsecureRPC2mount without using basic auth on the virtual host. The exposed rpc mount allow for remote command execution. - Please make sure it is not accessible from the outside. ''); @@ -139,7 +138,6 @@ in { rutorrentConfig = pkgs.writeText "rutorrent-config.php" '' <?php // configuration parameters - // for snoopy client @define('HTTP_USER_AGENT', 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36', true); @define('HTTP_TIME_OUT', 30, true); // in seconds @@ -152,32 +150,22 @@ in { 'host' => 'PROXY_HOST_HERE', 'port' => 3128 ); - @define('RPC_TIME_OUT', 5, true); // in seconds - @define('LOG_RPC_CALLS', false, true); @define('LOG_RPC_FAULTS', true, true); - // for php @define('PHP_USE_GZIP', false, true); @define('PHP_GZIP_LEVEL', 2, true); - $schedule_rand = 10; // rand for schedulers start, +0..X seconds - $do_diagnostic = true; $log_file = '${cfg.dataDir}/logs/errors.log'; // path to log file (comment or leave blank to disable logging) - $saveUploadedTorrents = true; // Save uploaded torrents to profile/torrents directory or not $overwriteUploadedTorrents = false; // Overwrite existing uploaded torrents in profile/torrents directory or make unique name - $topDirectory = '/'; // Upper available directory. Absolute path with trail slash. $forbidUserSettings = false; - - $scgi_port = 5000; - $scgi_host = "${cfg.rpcSocket}"; - + $scgi_port = 0; + $scgi_host = "unix://${cfg.rpcSocket}"; $XMLRPCMountPoint = "/RPC2"; // DO NOT DELETE THIS LINE!!! DO NOT COMMENT THIS LINE!!! - $pathToExternals = array( "php" => "${pkgs.php}/bin/php", // Something like /usr/bin/php. If empty, will be found in PATH. "curl" => "${pkgs.curl}/bin/curl", // Something like /usr/bin/curl. If empty, will be found in PATH. @@ -186,21 +174,16 @@ in { "stat" => "${pkgs.coreutils}/bin/stat", // Something like /usr/bin/stat. If empty, will be found in PATH. "pgrep" => "${pkgs.procps}/bin/pgrep", // TODO why can't we use phpEnv.PATH ); - $localhosts = array( // list of local interfaces "127.0.0.1", "localhost", ); - $profilePath = '${cfg.dataDir}/share'; // Path to user profiles $profileMask = 0770; // Mask for files and directory creation in user profiles. // Both Webserver and rtorrent users must have read-write access to it. // For example, if Webserver and rtorrent users are in the same group then the value may be 0770. - $tempDirectory = null; // Temp directory. Absolute path with trail slash. If null, then autodetect will be used. - $canUseXSendFile = false; // If true then use X-Sendfile feature if it exist - $locale = "UTF8"; ''; in { @@ -211,12 +194,9 @@ in { mkdir -p ${cfg.dataDir}/{conf,logs,plugins} ${cfg.dataDir}/share/{settings,torrents,users} ln -sf ${rutorrent}/conf/{access.ini,plugins.ini} ${cfg.dataDir}/conf/ ln -sf ${rutorrentConfig} ${cfg.dataDir}/conf/config.php - cp -r ${rutorrent}/php ${cfg.dataDir}/ - ${optionalString (cfg.plugins != []) ''cp -r ${concatMapStringsSep " " (p: "${rutorrent}/plugins/${p}") cfg.plugins} ${cfg.dataDir}/plugins/''} - chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}/{conf,share,logs,plugins} chmod -R 755 ${cfg.dataDir}/{conf,share,logs,plugins} ''; @@ -233,14 +213,14 @@ in { "${cfg.user}" = { home = cfg.dataDir; group = cfg.group; - # extraGroups = [ config.services.rtorrent.group ]; + extraGroups = [ config.services.rtorrent.group ]; description = "ruTorrent Daemon user"; isSystemUser = true; }; - # "${config.services.rtorrent.user}" = { - # extraGroups = [ cfg.group ]; - # }; + "${config.services.rtorrent.user}" = { + extraGroups = [ cfg.group ]; + }; }; } @@ -250,7 +230,7 @@ in { envPath = lib.makeBinPath (getPluginDependencies phpPluginDependencies cfg.plugins); pool = { user = cfg.user; - group = config.services.rutorrent.group; + group = config.services.rtorrent.group; settings = mapAttrs (name: mkDefault) { "listen.owner" = config.services.nginx.user; "listen.group" = config.services.nginx.group; @@ -270,13 +250,10 @@ in { if (!-f $document_root$fastcgi_script_name) { return 404; } - # Mitigate https://httpoxy.org/ vulnerabilities fastcgi_param HTTP_PROXY ""; - fastcgi_pass unix:${config.services.phpfpm.pools.rutorrent.socket}; fastcgi_index index.php; - include ${pkgs.nginx}/conf/fastcgi.conf; ''; }; @@ -294,8 +271,6 @@ in { scgi_pass unix:${cfg.rpcSocket}; ''; }; - - # services.rtorrent.rpcGroup = "nginx"; }) ])) ]); |