nixos/deluge: user, group and web firewall opts.

This commit adds new options to the Deluge service:

- Allow configuration of the user/group which runs the deluged daemon.
- Allow configuration of the user/group which runs the deluge web
  daemon.
- Allow opening firewall for the deluge web daemon.
This commit is contained in:
David Wood 2019-07-01 16:08:27 +01:00
parent f08b05d89f
commit 9837facf21
No known key found for this signature in database
GPG Key ID: 2592E76C87381FD9
2 changed files with 60 additions and 22 deletions

View File

@ -118,30 +118,55 @@ in {
more informations.
'';
};
user = mkOption {
type = types.str;
default = "deluge";
description = ''
User account under which deluge runs.
'';
};
group = mkOption {
type = types.str;
default = "deluge";
description = ''
Group under which deluge runs.
'';
};
};
deluge.web = {
enable = mkEnableOption "Deluge Web daemon";
port = mkOption {
type = types.port;
type = types.port;
default = 8112;
description = ''
Deluge web UI port.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Open ports in the firewall for deluge web daemon
'';
};
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = [ "d '${configDir}' 0770 deluge deluge" ]
systemd.tmpfiles.rules = [ "d '${configDir}' 0770 ${cfg.user} ${cfg.group}" ]
++ optional (cfg.config ? "download_location")
"d '${cfg.config.download_location}' 0770 deluge deluge"
"d '${cfg.config.download_location}' 0770 ${cfg.user} ${cfg.group}"
++ optional (cfg.config ? "torrentfiles_location")
"d '${cfg.config.torrentfiles_location}' 0770 deluge deluge"
"d '${cfg.config.torrentfiles_location}' 0770 ${cfg.user} ${cfg.group}"
++ optional (cfg.config ? "move_completed_path")
"d '${cfg.config.move_completed_path}' 0770 deluge deluge";
"d '${cfg.config.move_completed_path}' 0770 ${cfg.user} ${cfg.group}";
systemd.services.deluged = {
after = [ "network.target" ];
@ -157,8 +182,8 @@ in {
# To prevent "Quit & shutdown daemon" from working; we want systemd to
# manage it!
Restart = "on-success";
User = "deluge";
Group = "deluge";
User = cfg.user;
Group = cfg.group;
UMask = "0002";
LimitNOFILE = cfg.openFilesLimit;
};
@ -177,26 +202,37 @@ in {
--config ${configDir} \
--port ${toString cfg.web.port}
'';
User = "deluge";
Group = "deluge";
User = cfg.user;
Group = cfg.group;
};
};
networking.firewall = mkIf (cfg.declarative && cfg.openFirewall && !(cfg.config.random_port or true)) {
allowedTCPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault));
allowedUDPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault));
};
networking.firewall = mkMerge [
(mkIf (cfg.declarative && cfg.openFirewall && !(cfg.config.random_port or true)) {
allowedTCPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault));
allowedUDPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault));
})
(mkIf (cfg.web.openFirewall) {
allowedTCPPorts = [ cfg.web.port ];
})
];
environment.systemPackages = [ pkgs.deluge ];
users.users.deluge = {
group = "deluge";
uid = config.ids.uids.deluge;
home = cfg.dataDir;
createHome = true;
description = "Deluge Daemon user";
users.users = mkIf (cfg.user == "deluge") {
deluge = {
group = cfg.group;
uid = config.ids.uids.deluge;
home = cfg.dataDir;
createHome = true;
description = "Deluge Daemon user";
};
};
users.groups.deluge.gid = config.ids.gids.deluge;
users.groups = mkIf (cfg.group == "deluge") {
deluge = {
gid = config.ids.gids.deluge;
};
};
};
}

View File

@ -8,9 +8,11 @@ import ./make-test.nix ({ pkgs, ...} : {
simple = {
services.deluge = {
enable = true;
web.enable = true;
web = {
enable = true;
openFirewall = true;
};
};
networking.firewall.allowedTCPPorts = [ 8112 ];
};
declarative =