diff options
| author | David Wood <david@davidtw.co> | 2019-07-01 16:08:27 +0100 |
|---|---|---|
| committer | David Wood <david@davidtw.co> | 2019-07-02 22:26:34 +0100 |
| commit | 9837facf21113c5c48ed80dab7d5ce1e387ee2f6 (patch) | |
| tree | 82fd2e30d6a997721ba3ec52543c90d520788e1a | |
| parent | f08b05d89fb0a0a975f3c9feaf48e80cb85bc615 (diff) | |
| download | nixpkgs-9837facf21113c5c48ed80dab7d5ce1e387ee2f6.tar nixpkgs-9837facf21113c5c48ed80dab7d5ce1e387ee2f6.tar.gz nixpkgs-9837facf21113c5c48ed80dab7d5ce1e387ee2f6.tar.bz2 nixpkgs-9837facf21113c5c48ed80dab7d5ce1e387ee2f6.tar.lz nixpkgs-9837facf21113c5c48ed80dab7d5ce1e387ee2f6.tar.xz nixpkgs-9837facf21113c5c48ed80dab7d5ce1e387ee2f6.tar.zst nixpkgs-9837facf21113c5c48ed80dab7d5ce1e387ee2f6.zip | |
nixos/deluge: user, group and web firewall opts.
This commit adds new options to the Deluge service: - Allow configuration of the user/group which runs the deluged daemon. - Allow configuration of the user/group which runs the deluge web daemon. - Allow opening firewall for the deluge web daemon.
| -rw-r--r-- | nixos/modules/services/torrent/deluge.nix | 76 | ||||
| -rw-r--r-- | nixos/tests/deluge.nix | 6 |
2 files changed, 60 insertions, 22 deletions
diff --git a/nixos/modules/services/torrent/deluge.nix b/nixos/modules/services/torrent/deluge.nix index 01a5890a784..f2e0c4a89dd 100644 --- a/nixos/modules/services/torrent/deluge.nix +++ b/nixos/modules/services/torrent/deluge.nix @@ -118,30 +118,55 @@ in { more informations. ''; }; + + user = mkOption { + type = types.str; + default = "deluge"; + description = '' + User account under which deluge runs. + ''; + }; + + group = mkOption { + type = types.str; + default = "deluge"; + description = '' + Group under which deluge runs. + ''; + }; }; deluge.web = { enable = mkEnableOption "Deluge Web daemon"; + port = mkOption { - type = types.port; + type = types.port; default = 8112; description = '' Deluge web UI port. ''; }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Open ports in the firewall for deluge web daemon + ''; + }; }; }; }; config = mkIf cfg.enable { - systemd.tmpfiles.rules = [ "d '${configDir}' 0770 deluge deluge" ] + systemd.tmpfiles.rules = [ "d '${configDir}' 0770 ${cfg.user} ${cfg.group}" ] ++ optional (cfg.config ? "download_location") - "d '${cfg.config.download_location}' 0770 deluge deluge" + "d '${cfg.config.download_location}' 0770 ${cfg.user} ${cfg.group}" ++ optional (cfg.config ? "torrentfiles_location") - "d '${cfg.config.torrentfiles_location}' 0770 deluge deluge" + "d '${cfg.config.torrentfiles_location}' 0770 ${cfg.user} ${cfg.group}" ++ optional (cfg.config ? "move_completed_path") - "d '${cfg.config.move_completed_path}' 0770 deluge deluge"; + "d '${cfg.config.move_completed_path}' 0770 ${cfg.user} ${cfg.group}"; systemd.services.deluged = { after = [ "network.target" ]; @@ -157,8 +182,8 @@ in { # To prevent "Quit & shutdown daemon" from working; we want systemd to # manage it! Restart = "on-success"; - User = "deluge"; - Group = "deluge"; + User = cfg.user; + Group = cfg.group; UMask = "0002"; LimitNOFILE = cfg.openFilesLimit; }; @@ -177,26 +202,37 @@ in { --config ${configDir} \ --port ${toString cfg.web.port} ''; - User = "deluge"; - Group = "deluge"; + User = cfg.user; + Group = cfg.group; }; }; - networking.firewall = mkIf (cfg.declarative && cfg.openFirewall && !(cfg.config.random_port or true)) { - allowedTCPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault)); - allowedUDPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault)); - }; + networking.firewall = mkMerge [ + (mkIf (cfg.declarative && cfg.openFirewall && !(cfg.config.random_port or true)) { + allowedTCPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault)); + allowedUDPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault)); + }) + (mkIf (cfg.web.openFirewall) { + allowedTCPPorts = [ cfg.web.port ]; + }) + ]; environment.systemPackages = [ pkgs.deluge ]; - users.users.deluge = { - group = "deluge"; - uid = config.ids.uids.deluge; - home = cfg.dataDir; - createHome = true; - description = "Deluge Daemon user"; + users.users = mkIf (cfg.user == "deluge") { + deluge = { + group = cfg.group; + uid = config.ids.uids.deluge; + home = cfg.dataDir; + createHome = true; + description = "Deluge Daemon user"; + }; }; - users.groups.deluge.gid = config.ids.gids.deluge; + users.groups = mkIf (cfg.group == "deluge") { + deluge = { + gid = config.ids.gids.deluge; + }; + }; }; } diff --git a/nixos/tests/deluge.nix b/nixos/tests/deluge.nix index 22ad84e7bff..b58030409b5 100644 --- a/nixos/tests/deluge.nix +++ b/nixos/tests/deluge.nix @@ -8,9 +8,11 @@ import ./make-test.nix ({ pkgs, ...} : { simple = { services.deluge = { enable = true; - web.enable = true; + web = { + enable = true; + openFirewall = true; + }; }; - networking.firewall.allowedTCPPorts = [ 8112 ]; }; declarative = |