public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/deluge: user, group and web firewall opts. 

This commit adds new options to the Deluge service:

- Allow configuration of the user/group which runs the deluged daemon.
- Allow configuration of the user/group which runs the deluge web
  daemon.
- Allow opening firewall for the deluge web daemon.
This commit is contained in:
David Wood 2019-07-01 16:08:27 +01:00
parent f08b05d89f
commit 9837facf21
No known key found for this signature in database
GPG Key ID: 2592E76C87381FD9
2 changed files with 60 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
nixos/modules/services/torrent/deluge.nix
View File

@ -118,30 +118,55 @@ in {
more informations. more informations.
''; '';
}; };
user = mkOption {
type = types.str;
default = "deluge";
description = ''
User account under which deluge runs.
'';
};
group = mkOption {
type = types.str;
default = "deluge";
description = ''
Group under which deluge runs.
'';
};
}; };
deluge.web = { deluge.web = {
enable = mkEnableOption "Deluge Web daemon"; enable = mkEnableOption "Deluge Web daemon";
port = mkOption { port = mkOption {
type = types.port; type = types.port;
default = 8112; default = 8112;
description = '' description = ''
Deluge web UI port. Deluge web UI port.
''; '';
}; };
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Open ports in the firewall for deluge web daemon
'';
};
}; };
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.tmpfiles.rules = [ "d '${configDir}' 0770 deluge deluge" ] systemd.tmpfiles.rules = [ "d '${configDir}' 0770 ${cfg.user} ${cfg.group}" ]
++ optional (cfg.config ? "download_location") ++ optional (cfg.config ? "download_location")
"d '${cfg.config.download_location}' 0770 deluge deluge" "d '${cfg.config.download_location}' 0770 ${cfg.user} ${cfg.group}"
++ optional (cfg.config ? "torrentfiles_location") ++ optional (cfg.config ? "torrentfiles_location")
"d '${cfg.config.torrentfiles_location}' 0770 deluge deluge" "d '${cfg.config.torrentfiles_location}' 0770 ${cfg.user} ${cfg.group}"
++ optional (cfg.config ? "move_completed_path") ++ optional (cfg.config ? "move_completed_path")
"d '${cfg.config.move_completed_path}' 0770 deluge deluge"; "d '${cfg.config.move_completed_path}' 0770 ${cfg.user} ${cfg.group}";
systemd.services.deluged = { systemd.services.deluged = {
after = [ "network.target" ]; after = [ "network.target" ];
@ -157,8 +182,8 @@ in {
# To prevent "Quit & shutdown daemon" from working; we want systemd to # To prevent "Quit & shutdown daemon" from working; we want systemd to
# manage it! # manage it!
Restart = "on-success"; Restart = "on-success";
User = "deluge"; User = cfg.user;
Group = "deluge"; Group = cfg.group;
UMask = "0002"; UMask = "0002";
LimitNOFILE = cfg.openFilesLimit; LimitNOFILE = cfg.openFilesLimit;
}; };
@ -177,26 +202,37 @@ in {
--config ${configDir} \ --config ${configDir} \
--port ${toString cfg.web.port} --port ${toString cfg.web.port}
''; '';
User = "deluge"; User = cfg.user;
Group = "deluge"; Group = cfg.group;
}; };
}; };
networking.firewall = mkIf (cfg.declarative && cfg.openFirewall && !(cfg.config.random_port or true)) { networking.firewall = mkMerge [
allowedTCPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault)); (mkIf (cfg.declarative && cfg.openFirewall && !(cfg.config.random_port or true)) {
allowedUDPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault)); allowedTCPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault));
}; allowedUDPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault));
})
(mkIf (cfg.web.openFirewall) {
allowedTCPPorts = [ cfg.web.port ];
})
];
environment.systemPackages = [ pkgs.deluge ]; environment.systemPackages = [ pkgs.deluge ];
users.users.deluge = { users.users = mkIf (cfg.user == "deluge") {
group = "deluge"; deluge = {
uid = config.ids.uids.deluge; group = cfg.group;
home = cfg.dataDir; uid = config.ids.uids.deluge;
createHome = true; home = cfg.dataDir;
description = "Deluge Daemon user"; createHome = true;
description = "Deluge Daemon user";
};
}; };
users.groups.deluge.gid = config.ids.gids.deluge; users.groups = mkIf (cfg.group == "deluge") {
deluge = {
gid = config.ids.gids.deluge;
};
};
}; };
} }

6
nixos/tests/deluge.nix
View File

@ -8,9 +8,11 @@ import ./make-test.nix ({ pkgs, ...} : {
simple = { simple = {
services.deluge = { services.deluge = {
enable = true; enable = true;
web.enable = true; web = {
enable = true;
openFirewall = true;
};
}; };
networking.firewall.allowedTCPPorts = [ 8112 ];
}; };
declarative = declarative =