From 9837facf21113c5c48ed80dab7d5ce1e387ee2f6 Mon Sep 17 00:00:00 2001 From: David Wood Date: Mon, 1 Jul 2019 16:08:27 +0100 Subject: [PATCH 1/2] nixos/deluge: user, group and web firewall opts. This commit adds new options to the Deluge service: - Allow configuration of the user/group which runs the deluged daemon. - Allow configuration of the user/group which runs the deluge web daemon. - Allow opening firewall for the deluge web daemon. --- nixos/modules/services/torrent/deluge.nix | 76 +++++++++++++++++------ nixos/tests/deluge.nix | 6 +- 2 files changed, 60 insertions(+), 22 deletions(-) diff --git a/nixos/modules/services/torrent/deluge.nix b/nixos/modules/services/torrent/deluge.nix index 01a5890a7845..f2e0c4a89dd6 100644 --- a/nixos/modules/services/torrent/deluge.nix +++ b/nixos/modules/services/torrent/deluge.nix @@ -118,30 +118,55 @@ in { more informations. ''; }; + + user = mkOption { + type = types.str; + default = "deluge"; + description = '' + User account under which deluge runs. + ''; + }; + + group = mkOption { + type = types.str; + default = "deluge"; + description = '' + Group under which deluge runs. + ''; + }; }; deluge.web = { enable = mkEnableOption "Deluge Web daemon"; + port = mkOption { - type = types.port; + type = types.port; default = 8112; description = '' Deluge web UI port. ''; }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = '' + Open ports in the firewall for deluge web daemon + ''; + }; }; }; }; config = mkIf cfg.enable { - systemd.tmpfiles.rules = [ "d '${configDir}' 0770 deluge deluge" ] + systemd.tmpfiles.rules = [ "d '${configDir}' 0770 ${cfg.user} ${cfg.group}" ] ++ optional (cfg.config ? "download_location") - "d '${cfg.config.download_location}' 0770 deluge deluge" + "d '${cfg.config.download_location}' 0770 ${cfg.user} ${cfg.group}" ++ optional (cfg.config ? "torrentfiles_location") - "d '${cfg.config.torrentfiles_location}' 0770 deluge deluge" + "d '${cfg.config.torrentfiles_location}' 0770 ${cfg.user} ${cfg.group}" ++ optional (cfg.config ? "move_completed_path") - "d '${cfg.config.move_completed_path}' 0770 deluge deluge"; + "d '${cfg.config.move_completed_path}' 0770 ${cfg.user} ${cfg.group}"; systemd.services.deluged = { after = [ "network.target" ]; @@ -157,8 +182,8 @@ in { # To prevent "Quit & shutdown daemon" from working; we want systemd to # manage it! Restart = "on-success"; - User = "deluge"; - Group = "deluge"; + User = cfg.user; + Group = cfg.group; UMask = "0002"; LimitNOFILE = cfg.openFilesLimit; }; @@ -177,26 +202,37 @@ in { --config ${configDir} \ --port ${toString cfg.web.port} ''; - User = "deluge"; - Group = "deluge"; + User = cfg.user; + Group = cfg.group; }; }; - networking.firewall = mkIf (cfg.declarative && cfg.openFirewall && !(cfg.config.random_port or true)) { - allowedTCPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault)); - allowedUDPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault)); - }; + networking.firewall = mkMerge [ + (mkIf (cfg.declarative && cfg.openFirewall && !(cfg.config.random_port or true)) { + allowedTCPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault)); + allowedUDPPortRanges = singleton (listToRange (cfg.config.listen_ports or listenPortsDefault)); + }) + (mkIf (cfg.web.openFirewall) { + allowedTCPPorts = [ cfg.web.port ]; + }) + ]; environment.systemPackages = [ pkgs.deluge ]; - users.users.deluge = { - group = "deluge"; - uid = config.ids.uids.deluge; - home = cfg.dataDir; - createHome = true; - description = "Deluge Daemon user"; + users.users = mkIf (cfg.user == "deluge") { + deluge = { + group = cfg.group; + uid = config.ids.uids.deluge; + home = cfg.dataDir; + createHome = true; + description = "Deluge Daemon user"; + }; }; - users.groups.deluge.gid = config.ids.gids.deluge; + users.groups = mkIf (cfg.group == "deluge") { + deluge = { + gid = config.ids.gids.deluge; + }; + }; }; } diff --git a/nixos/tests/deluge.nix b/nixos/tests/deluge.nix index 22ad84e7bff1..b58030409b5c 100644 --- a/nixos/tests/deluge.nix +++ b/nixos/tests/deluge.nix @@ -8,9 +8,11 @@ import ./make-test.nix ({ pkgs, ...} : { simple = { services.deluge = { enable = true; - web.enable = true; + web = { + enable = true; + openFirewall = true; + }; }; - networking.firewall.allowedTCPPorts = [ 8112 ]; }; declarative = From 16c394fe0f46935a4065a5a1ed43ef1cabd5840a Mon Sep 17 00:00:00 2001 From: David Wood Date: Mon, 1 Jul 2019 17:14:42 +0100 Subject: [PATCH 2/2] nixos/deluge: Add extractor dependencies. This commit adds the "Extractor" plugin dependencies to the PATH of the `deluged` service. --- nixos/modules/services/torrent/deluge.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/torrent/deluge.nix b/nixos/modules/services/torrent/deluge.nix index f2e0c4a89dd6..48ec4d692e2f 100644 --- a/nixos/modules/services/torrent/deluge.nix +++ b/nixos/modules/services/torrent/deluge.nix @@ -134,6 +134,16 @@ in { Group under which deluge runs. ''; }; + + extraPackages = mkOption { + type = types.listOf types.package; + default = []; + description = '' + Extra packages available at runtime to enable Deluge's plugins. For example, + extraction utilities are required for the built-in "Extractor" plugin. + This always contains unzip, gnutar, xz, p7zip and bzip2. + ''; + }; }; deluge.web = { @@ -160,6 +170,9 @@ in { config = mkIf cfg.enable { + # Provide a default set of `extraPackages`. + services.deluge.extraPackages = with pkgs; [ unzip gnutar xz p7zip bzip2 ]; + systemd.tmpfiles.rules = [ "d '${configDir}' 0770 ${cfg.user} ${cfg.group}" ] ++ optional (cfg.config ? "download_location") "d '${cfg.config.download_location}' 0770 ${cfg.user} ${cfg.group}" @@ -172,7 +185,7 @@ in { after = [ "network.target" ]; description = "Deluge BitTorrent Daemon"; wantedBy = [ "multi-user.target" ]; - path = [ pkgs.deluge ]; + path = [ pkgs.deluge ] ++ cfg.extraPackages; serviceConfig = { ExecStart = '' ${pkgs.deluge}/bin/deluged \