public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #64112 from davidtwco/deluge/users-groups-firewalls 

nixos/deluge: add user/group/openFirewall opts and extraction packages to path
This commit is contained in:
Silvan Mosberger 2019-07-12 20:26:55 +02:00 committed by GitHub
parent ec381b5e83 16c394fe0f
commit 5b8b5a694c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 74 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
nixos/modules/services/torrent/deluge.nix
View File

@ -118,10 +118,37 @@ in {
more informations. more informations.
''; '';
}; };
user = mkOption {
type = types.str;
default = "deluge";
description = ''
User account under which deluge runs.
'';
};
group = mkOption {
type = types.str;
default = "deluge";
description = ''
Group under which deluge runs.
'';
};
extraPackages = mkOption {
type = types.listOf types.package;
default = [];
description = ''
Extra packages available at runtime to enable Deluge's plugins. For example,
extraction utilities are required for the built-in "Extractor" plugin.
This always contains unzip, gnutar, xz, p7zip and bzip2.
'';
};
}; };
deluge.web = { deluge.web = {
enable = mkEnableOption "Deluge Web daemon"; enable = mkEnableOption "Deluge Web daemon";
port = mkOption { port = mkOption {
type = types.port; type = types.port;
default = 8112; default = 8112;
@ -129,25 +156,36 @@ in {
Deluge web UI port. Deluge web UI port.
''; '';
}; };
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Open ports in the firewall for deluge web daemon
'';
};
}; };
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = [ "d '${configDir}' 0770 deluge deluge" ] # Provide a default set of `extraPackages`.
services.deluge.extraPackages = with pkgs; [ unzip gnutar xz p7zip bzip2 ];
systemd.tmpfiles.rules = [ "d '${configDir}' 0770 ${cfg.user} ${cfg.group}" ]
++ optional (cfg.config ? "download_location") ++ optional (cfg.config ? "download_location")
"d '${cfg.config.download_location}' 0770 deluge deluge" "d '${cfg.config.download_location}' 0770 ${cfg.user} ${cfg.group}"
++ optional (cfg.config ? "torrentfiles_location") ++ optional (cfg.config ? "torrentfiles_location")
"d '${cfg.config.torrentfiles_location}' 0770 deluge deluge" "d '${cfg.config.torrentfiles_location}' 0770 ${cfg.user} ${cfg.group}"
++ optional (cfg.config ? "move_completed_path") ++ optional (cfg.config ? "move_completed_path")
"d '${cfg.config.move_completed_path}' 0770 deluge deluge"; "d '${cfg.config.move_completed_path}' 0770 ${cfg.user} ${cfg.group}";
systemd.services.deluged = { systemd.services.deluged = {
after = [ "network.target" ]; after = [ "network.target" ];
description = "Deluge BitTorrent Daemon"; description = "Deluge BitTorrent Daemon";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = [ pkgs.deluge ]; path = [ pkgs.deluge ] ++ cfg.extraPackages;
serviceConfig = { serviceConfig = {
ExecStart = '' ExecStart = ''
${pkgs.deluge}/bin/deluged \ ${pkgs.deluge}/bin/deluged \
@ -157,8 +195,8 @@ in {
# To prevent "Quit & shutdown daemon" from working; we want systemd to # To prevent "Quit & shutdown daemon" from working; we want systemd to
# manage it! # manage it!
Restart = "on-success"; Restart = "on-success";
User = "deluge"; User = cfg.user;
Group = "deluge"; Group = cfg.group;
UMask = "0002"; UMask = "0002";
LimitNOFILE = cfg.openFilesLimit; LimitNOFILE = cfg.openFilesLimit;
}; };
@ -177,26 +215,37 @@ in {
--config ${configDir} \ --config ${configDir} \
--port ${toString cfg.web.port} --port ${toString cfg.web.port}
''; '';
User = "deluge"; User = cfg.user;
Group = "deluge"; Group = cfg.group;
}; };
}; };
networking.firewall = mkIf (cfg.declarative && cfg.openFirewall && !(cfg.config.random_port or true)) { networking.firewall = mkMerge [
(mkIf (cfg.declarative && cfg.openFirewall && !(cfg.config.random_port or true)) {
allowedTCPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault)); allowedTCPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault));
allowedUDPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault)); allowedUDPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault));
}; })
(mkIf (cfg.web.openFirewall) {
allowedTCPPorts = [ cfg.web.port ];
})
];
environment.systemPackages = [ pkgs.deluge ]; environment.systemPackages = [ pkgs.deluge ];
users.users.deluge = { users.users = mkIf (cfg.user == "deluge") {
group = "deluge"; deluge = {
group = cfg.group;
uid = config.ids.uids.deluge; uid = config.ids.uids.deluge;
home = cfg.dataDir; home = cfg.dataDir;
createHome = true; createHome = true;
description = "Deluge Daemon user"; description = "Deluge Daemon user";
}; };
};
users.groups.deluge.gid = config.ids.gids.deluge; users.groups = mkIf (cfg.group == "deluge") {
deluge = {
gid = config.ids.gids.deluge;
};
};
}; };
} }

6
nixos/tests/deluge.nix
View File

@ -8,9 +8,11 @@ import ./make-test.nix ({ pkgs, ...} : {
simple = { simple = {
services.deluge = { services.deluge = {
enable = true; enable = true;
web.enable = true; web = {
enable = true;
openFirewall = true;
};
}; };
networking.firewall.allowedTCPPorts = [ 8112 ];
}; };
declarative = declarative =