Skip to content

Commit f15b16b

Browse files
feat(services): add aria2 downloader (#266)
1 parent dcfcadc commit f15b16b

File tree

10 files changed

+125
-44
lines changed

10 files changed

+125
-44
lines changed

.github/workflows/build.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -98,6 +98,7 @@ jobs:
9898
strategy:
9999
matrix:
100100
host: ${{ fromJson(needs.plan.outputs.diff-hosts) }}
101+
if: needs.plan.outputs.diff-hosts != '[]'
101102
permissions:
102103
pull-requests: write # for updating the PR comment
103104
steps:

flake/hosts.nix

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -116,6 +116,7 @@ let
116116
++ suites.domestic
117117
++ (with profiles; [
118118
config.bbr
119+
services.aria2
119120
services.atticd
120121
services.acme-dns
121122
services.coredns

nixos/modules/misc/ports.nix

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,8 @@ in
6767
loki-grpc = 30181;
6868

6969
cloudreve = 30190;
70+
71+
aria2-rpc = 30200;
7072
};
7173
};
7274
}

nixos/profiles/services/aria2.nix

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{ config, ... }:
2+
{
3+
## ---------------------------------------------------------------------------
4+
## SETTINGS
5+
## ---------------------------------------------------------------------------
6+
services.aria2 = {
7+
enable = true;
8+
rpcSecretFile = config.sops.secrets."aria2/rpcSecret".path;
9+
serviceUMask = "0002";
10+
settings = {
11+
continue = true;
12+
save-session-interval = 60;
13+
rpc-listen-port = config.ports.aria2-rpc;
14+
};
15+
};
16+
17+
## ---------------------------------------------------------------------------
18+
## PERSISTENCE
19+
## ---------------------------------------------------------------------------
20+
environment.persistence.default.directories = [
21+
{
22+
directory = "/var/lib/aria2";
23+
mode = "0770";
24+
user = "aria2";
25+
group = "aria2";
26+
}
27+
];
28+
29+
## ---------------------------------------------------------------------------
30+
## SECRETS
31+
## ---------------------------------------------------------------------------
32+
sops.secrets."aria2/rpcSecret" = { };
33+
34+
## ---------------------------------------------------------------------------
35+
## FIREWALL
36+
## ---------------------------------------------------------------------------
37+
networking.firewall = {
38+
allowedUDPPortRanges = config.services.aria2.settings.listen-port;
39+
};
40+
}

nixos/profiles/services/cloudreve.nix

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -33,12 +33,11 @@ in
3333
wantedBy = [ "multi-user.target" ];
3434
serviceConfig = {
3535
ExecStart = [
36-
"${lib.getExe package} server -c ${config.sops.templates."cloudreve.ini".path}"
36+
"${lib.getExe package} server -c ${config.sops.templates."cloudreve.ini".path} -w ${stateDir}"
3737
];
3838
StateDirectory = "cloudreve";
3939
User = "cloudreve";
4040
Group = "cloudreve";
41-
DynamicUser = true;
4241
WorkingDirectory = stateDir;
4342
Restart = "on-abnormal";
4443
RestartSec = "5s";
@@ -49,6 +48,7 @@ in
4948
users.users.cloudreve = {
5049
isSystemUser = true;
5150
group = "cloudreve";
51+
extraGroups = [ "aria2" ];
5252
home = stateDir;
5353
};
5454
users.groups.cloudreve = { };
@@ -82,7 +82,7 @@ in
8282
## ---------------------------------------------------------------------------
8383
environment.persistence.default.directories = [
8484
{
85-
directory = "/var/lib/private/cloudreve";
85+
directory = "/var/lib/cloudreve";
8686
mode = "0700";
8787
}
8888
];

secrets/nodes/hgh0.yaml

Lines changed: 31 additions & 29 deletions
Large diffs are not rendered by default.

secrets/sources/aria2.yaml

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
rpcSecret: ENC[AES256_GCM,data:zWYBfYDqT9hZye2MrwX6AtvXC2dKW5D/,iv:MNAaBXg+j5jlf8HX6cA8SQjfrEVhhK9qJdKMAz5APbw=,tag:C6JKMcgKfcU/QrxmhA0JkQ==,type:str]
2+
sops:
3+
kms:
4+
- arn: arn:aws:kms:ap-southeast-1:137927498482:alias/sops-key
5+
created_at: "2025-05-05T15:03:45Z"
6+
enc: AQICAHiwVAd0L3aX3i1XRZXzZwmA7aymY8xieE6T9IsJQGsJFgGfSm8608QQnmc/zlHtAv09AAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQM5yGCK42CUf3gYbNPAgEQgDsHuVbDQqHeaOEI/3PGNO2rVxkgaW/VXPENCDtSCcB9Dawg6NndixDZsEfgdYi+GELDVPGb0wTPekBU/w==
7+
aws_profile: ""
8+
lastmodified: "2025-05-05T15:04:03Z"
9+
mac: ENC[AES256_GCM,data:DiEPCeHII7KkfpduogN7ppaMsLs7WlgavojRdYsaIGbWx5d/G6NtiexiOUflD4cUfDDNpbce0kCCAAnTa92GuJO6/ROh4FSy+Lq6zFCyvC4k8cTlWGspuF9ASo9MUNwgRdoI0z6lUI+Rn6nZF7m5DpCTIfO/sSTsjClm2j9K054=,iv:KHp2ghJPP8nwPvQ+3DXGG++MyzRwpXUmRam7i3zlIyI=,tag:60yLZ7mw2qG4v8ZqdGln9A==,type:str]
10+
pgp:
11+
- created_at: "2025-05-05T15:03:45Z"
12+
enc: |-
13+
-----BEGIN PGP MESSAGE-----
14+
15+
hF4DZSODbPSZIlESAQdAw0DdwUPqDZPWxbhwOpEJzcKmV5/pET3n3OJ4wSCLgX0w
16+
8ceXubprzZtF+VE4OvOQ/19EFVPJgo9zSXzGGFyFKTOxm2nCaIomr55Dbsu9W1pP
17+
0l4BZPQOJGgCYayaMkD31sI0DonMaRVk73Jm7upLLLZb1OwRzxwO8tfw0AcdZhvh
18+
0PtvSB1EdKHx4kndjnD6spajV9uDr4yEY0pdSW5t/FkwFBr1zOGc8reuzk/X4cRv
19+
=6hyI
20+
-----END PGP MESSAGE-----
21+
fp: 8CC5C91F72DB57DA20BD848C6523836CF4992251
22+
unencrypted_suffix: _unencrypted
23+
version: 3.10.2

terraform/aliyun/main.tf

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -56,12 +56,15 @@ module "sg" {
5656
{
5757
protocol = "tcp"
5858
cidrs = ["0.0.0.0/0", "::/0"]
59-
ports = [22, 80, 443, 25565]
59+
ports = [22, 80, 443]
6060
},
6161
{
6262
protocol = "udp"
6363
cidrs = ["0.0.0.0/0", "::/0"]
64-
ports = [3478]
64+
ports = [3478, 41641]
65+
port_ranges = [
66+
[6881, 6999]
67+
]
6568
}
6669
]
6770
}

terraform/modules/aliyun_security_group/main.tf

Lines changed: 15 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -10,24 +10,32 @@ locals {
1010
ingress_rules = {
1111
for rule in flatten([
1212
for rule in var.ingress_rules : [
13-
for cidr in rule.cidrs : [
13+
for cidr in rule.cidrs : concat([
1414
for port in rule.ports : {
15-
protocol = rule.protocol
16-
port = port
17-
cidr = cidr
15+
protocol = rule.protocol
16+
from_port = port
17+
to_port = port
18+
cidr = cidr
1819
}
19-
]
20+
], [
21+
for port in rule.port_ranges : {
22+
protocol = rule.protocol
23+
from_port = port[0]
24+
to_port = port[1]
25+
cidr = cidr
26+
}
27+
])
2028
]
2129
]) :
22-
"${rule.protocol}:${rule.cidr}:${rule.port}" => rule
30+
"${rule.protocol}:${rule.cidr}:${rule.from_port}:${rule.to_port}" => rule
2331
}
2432
}
2533

2634
resource "alicloud_security_group_rule" "this" {
2735
for_each = local.ingress_rules
2836
type = "ingress"
2937
ip_protocol = each.value.protocol
30-
port_range = "${each.value.port}/${each.value.port}"
38+
port_range = "${each.value.from_port}/${each.value.to_port}"
3139
cidr_ip = strcontains(each.value.cidr, ".") ? each.value.cidr : null
3240
ipv6_cidr_ip = strcontains(each.value.cidr, ":") ? each.value.cidr : null
3341
nic_type = "intranet"

terraform/modules/aliyun_security_group/variables.tf

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -20,9 +20,10 @@ variable "tags" {
2020

2121
variable "ingress_rules" {
2222
type = list(object({
23-
protocol = string
24-
cidrs = list(string)
25-
ports = list(number)
23+
protocol = string
24+
cidrs = list(string)
25+
ports = optional(list(number), [])
26+
port_ranges = optional(list(tuple([number, number])), [])
2627
}))
2728
default = []
2829
}

0 commit comments

Comments
 (0)