nixos/deluge: user, group and web firewall opts.
This commit adds new options to the Deluge service: - Allow configuration of the user/group which runs the deluged daemon. - Allow configuration of the user/group which runs the deluge web daemon. - Allow opening firewall for the deluge web daemon.
This commit is contained in:
parent
f08b05d89f
commit
9837facf21
@ -118,30 +118,55 @@ in {
|
||||
more informations.
|
||||
'';
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "deluge";
|
||||
description = ''
|
||||
User account under which deluge runs.
|
||||
'';
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.str;
|
||||
default = "deluge";
|
||||
description = ''
|
||||
Group under which deluge runs.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
deluge.web = {
|
||||
enable = mkEnableOption "Deluge Web daemon";
|
||||
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
type = types.port;
|
||||
default = 8112;
|
||||
description = ''
|
||||
Deluge web UI port.
|
||||
'';
|
||||
};
|
||||
|
||||
openFirewall = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Open ports in the firewall for deluge web daemon
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
systemd.tmpfiles.rules = [ "d '${configDir}' 0770 deluge deluge" ]
|
||||
systemd.tmpfiles.rules = [ "d '${configDir}' 0770 ${cfg.user} ${cfg.group}" ]
|
||||
++ optional (cfg.config ? "download_location")
|
||||
"d '${cfg.config.download_location}' 0770 deluge deluge"
|
||||
"d '${cfg.config.download_location}' 0770 ${cfg.user} ${cfg.group}"
|
||||
++ optional (cfg.config ? "torrentfiles_location")
|
||||
"d '${cfg.config.torrentfiles_location}' 0770 deluge deluge"
|
||||
"d '${cfg.config.torrentfiles_location}' 0770 ${cfg.user} ${cfg.group}"
|
||||
++ optional (cfg.config ? "move_completed_path")
|
||||
"d '${cfg.config.move_completed_path}' 0770 deluge deluge";
|
||||
"d '${cfg.config.move_completed_path}' 0770 ${cfg.user} ${cfg.group}";
|
||||
|
||||
systemd.services.deluged = {
|
||||
after = [ "network.target" ];
|
||||
@ -157,8 +182,8 @@ in {
|
||||
# To prevent "Quit & shutdown daemon" from working; we want systemd to
|
||||
# manage it!
|
||||
Restart = "on-success";
|
||||
User = "deluge";
|
||||
Group = "deluge";
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
UMask = "0002";
|
||||
LimitNOFILE = cfg.openFilesLimit;
|
||||
};
|
||||
@ -177,26 +202,37 @@ in {
|
||||
--config ${configDir} \
|
||||
--port ${toString cfg.web.port}
|
||||
'';
|
||||
User = "deluge";
|
||||
Group = "deluge";
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall = mkIf (cfg.declarative && cfg.openFirewall && !(cfg.config.random_port or true)) {
|
||||
allowedTCPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault));
|
||||
allowedUDPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault));
|
||||
};
|
||||
networking.firewall = mkMerge [
|
||||
(mkIf (cfg.declarative && cfg.openFirewall && !(cfg.config.random_port or true)) {
|
||||
allowedTCPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault));
|
||||
allowedUDPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault));
|
||||
})
|
||||
(mkIf (cfg.web.openFirewall) {
|
||||
allowedTCPPorts = [ cfg.web.port ];
|
||||
})
|
||||
];
|
||||
|
||||
environment.systemPackages = [ pkgs.deluge ];
|
||||
|
||||
users.users.deluge = {
|
||||
group = "deluge";
|
||||
uid = config.ids.uids.deluge;
|
||||
home = cfg.dataDir;
|
||||
createHome = true;
|
||||
description = "Deluge Daemon user";
|
||||
users.users = mkIf (cfg.user == "deluge") {
|
||||
deluge = {
|
||||
group = cfg.group;
|
||||
uid = config.ids.uids.deluge;
|
||||
home = cfg.dataDir;
|
||||
createHome = true;
|
||||
description = "Deluge Daemon user";
|
||||
};
|
||||
};
|
||||
|
||||
users.groups.deluge.gid = config.ids.gids.deluge;
|
||||
users.groups = mkIf (cfg.group == "deluge") {
|
||||
deluge = {
|
||||
gid = config.ids.gids.deluge;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -8,9 +8,11 @@ import ./make-test.nix ({ pkgs, ...} : {
|
||||
simple = {
|
||||
services.deluge = {
|
||||
enable = true;
|
||||
web.enable = true;
|
||||
web = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
};
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [ 8112 ];
|
||||
};
|
||||
|
||||
declarative =
|
||||
|
Loading…
Reference in New Issue
Block a user