Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nixos/deluge: add user/group/openFirewall opts and extraction packages to path #64112

Merged
merged 2 commits into from Jul 12, 2019
Merged
Changes from 1 commit
Commits
File filter...
Filter file types
Jump to…
Jump to file or symbol
Failed to load files and symbols.

Always

Just for now

Next

nixos/deluge: user, group and web firewall opts.

This commit adds new options to the Deluge service:

- Allow configuration of the user/group which runs the deluged daemon.
- Allow configuration of the user/group which runs the deluge web
  daemon.
- Allow opening firewall for the deluge web daemon.
  • Loading branch information...
davidtwco committed Jul 1, 2019
commit 9837facf21113c5c48ed80dab7d5ce1e387ee2f6
@@ -118,30 +118,55 @@ in {
more informations.
'';
};

user = mkOption {
type = types.str;
default = "deluge";
description = ''
User account under which deluge runs.
'';
};

group = mkOption {
type = types.str;
default = "deluge";
description = ''
Group under which deluge runs.
'';
};
};

deluge.web = {
enable = mkEnableOption "Deluge Web daemon";

port = mkOption {
type = types.port;
type = types.port;
default = 8112;
description = ''
Deluge web UI port.
'';
};

openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Open ports in the firewall for deluge web daemon
'';
};
};
};
};

config = mkIf cfg.enable {

systemd.tmpfiles.rules = [ "d '${configDir}' 0770 deluge deluge" ]
systemd.tmpfiles.rules = [ "d '${configDir}' 0770 ${cfg.user} ${cfg.group}" ]
++ optional (cfg.config ? "download_location")
"d '${cfg.config.download_location}' 0770 deluge deluge"
"d '${cfg.config.download_location}' 0770 ${cfg.user} ${cfg.group}"
++ optional (cfg.config ? "torrentfiles_location")
"d '${cfg.config.torrentfiles_location}' 0770 deluge deluge"
"d '${cfg.config.torrentfiles_location}' 0770 ${cfg.user} ${cfg.group}"
++ optional (cfg.config ? "move_completed_path")
"d '${cfg.config.move_completed_path}' 0770 deluge deluge";
"d '${cfg.config.move_completed_path}' 0770 ${cfg.user} ${cfg.group}";

systemd.services.deluged = {
after = [ "network.target" ];
@@ -157,8 +182,8 @@ in {
# To prevent "Quit & shutdown daemon" from working; we want systemd to
# manage it!
Restart = "on-success";
User = "deluge";
Group = "deluge";
User = cfg.user;
Group = cfg.group;
UMask = "0002";
LimitNOFILE = cfg.openFilesLimit;
};
@@ -177,26 +202,37 @@ in {
--config ${configDir} \
--port ${toString cfg.web.port}
'';
User = "deluge";
Group = "deluge";
User = cfg.user;
Group = cfg.group;
};
};

networking.firewall = mkIf (cfg.declarative && cfg.openFirewall && !(cfg.config.random_port or true)) {
allowedTCPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault));
allowedUDPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault));
};
networking.firewall = mkMerge [
(mkIf (cfg.declarative && cfg.openFirewall && !(cfg.config.random_port or true)) {
allowedTCPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault));
allowedUDPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault));
})
(mkIf (cfg.web.openFirewall) {
allowedTCPPorts = [ cfg.web.port ];
})
];

environment.systemPackages = [ pkgs.deluge ];

users.users.deluge = {
group = "deluge";
uid = config.ids.uids.deluge;
home = cfg.dataDir;
createHome = true;
description = "Deluge Daemon user";
users.users = mkIf (cfg.user == "deluge") {
deluge = {
group = cfg.group;
uid = config.ids.uids.deluge;
home = cfg.dataDir;
createHome = true;
description = "Deluge Daemon user";
};
};

users.groups.deluge.gid = config.ids.gids.deluge;
users.groups = mkIf (cfg.group == "deluge") {
deluge = {
gid = config.ids.gids.deluge;
};
};
};
}
@@ -8,9 +8,11 @@ import ./make-test.nix ({ pkgs, ...} : {
simple = {
services.deluge = {
enable = true;
web.enable = true;
web = {
enable = true;
openFirewall = true;
};
};
networking.firewall.allowedTCPPorts = [ 8112 ];
};

declarative =
ProTip! Use n and p to navigate between commits in a pull request.
You can’t perform that action at this time.