Deluge: Difference between revisions

From NixOS Wiki
Fschn90 (talk | contribs)
Created page with "is a BitTorrent client. === Basic Nix Configuration === <blockquote>  services.deluge = {    enable = true;    web.enable = true;   };</blockquote>The web UI is then accessible on http://localhost:8112. === How to set up deluge in a separate network namespace with only a wireguard vpn interface: === First, creating network namespace with wireguard vpn interface based on this [tutorual](<nowiki>https://discourse.nixos.org/t/setting-up-wireguard-in-a-network-n..."
 
Fschn90 (talk | contribs)
No edit summary
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
is a BitTorrent client.
[https://deluge-torrent.org/ Deluge] is a BitTorrent client.
 
=== Basic Nix Configuration ===
<blockquote>  services.deluge = {


== Basic Nix Configuration ==
<syntaxhighlight lang="nix">
  services.deluge = {
   enable = true;
   enable = true;
   web.enable = true;
   web.enable = true;
  };
</syntaxhighlight>The web UI is then accessible on http://localhost:8112.


  };</blockquote>The web UI is then accessible on http://localhost:8112.
== How to set up Deluge in a separate network namespace with only a wireguard vpn interface: ==
 
=== How to set up deluge in a separate network namespace with only a wireguard vpn interface: ===
 
 
First, creating network namespace with wireguard vpn interface based on this [tutorual](<nowiki>https://discourse.nixos.org/t/setting-up-wireguard-in-a-network-namespace-for-selectively-routing-traffic-through-vpn/10252/8</nowiki>):




```nix
First, creating a network namespace with wireguard vpn interface based on this [https://discourse.nixos.org/t/setting-up-wireguard-in-a-network-namespace-for-selectively-routing-traffic-through-vpn/10252/8 tutorial]:<syntaxhighlight lang="nix">
 
  # creating network namespace
  # creating network namespace
  systemd.services."netns@" = {
  systemd.services."netns@" = {
   description = "%I network namespace";
   description = "%I network namespace";
   before = [ "network.target" ];
   before = [ "network.target" ];
   serviceConfig = {
   serviceConfig = {
     Type = "oneshot";
     Type = "oneshot";
     RemainAfterExit = true;
     RemainAfterExit = true;
     ExecStart = "${pkgs.iproute2}/bin/ip netns add %I";
     ExecStart = "${pkgs.iproute2}/bin/ip netns add %I";
     ExecStop = "${pkgs.iproute2}/bin/ip netns del %I";
     ExecStop = "${pkgs.iproute2}/bin/ip netns del %I";
   };
   };
  };
  };


  # setting up wireguard interface within network namespace
  # setting up wireguard interface within network namespace
  systemd.services.wg = {
  systemd.services.wg = {
   description = "wg network interface";
   description = "wg network interface";
   bindsTo = [ "netns@wg.service" ];
   bindsTo = [ "netns@wg.service" ];
   requires = [ "network-online.target" ];
   requires = [ "network-online.target" ];
   after = [ "netns@wg.service" ];
   after = [ "netns@wg.service" ];
   serviceConfig = {
   serviceConfig = {
     Type = "oneshot";
     Type = "oneshot";
     RemainAfterExit = true;
     RemainAfterExit = true;
 
     ExecStart = with pkgs; writers.writeBash "wg-up" ''
     ExecStart = with pkgs; writers.writeBash "wg-up" <nowiki>''</nowiki>
 
       see -e
       see -e
       ${iproute2}/bin/ip link add wg0 type wireguard
       ${iproute2}/bin/ip link add wg0 type wireguard
       ${iproute2}/bin/ip link set wg0 netns wg
       ${iproute2}/bin/ip link set wg0 netns wg
       ${iproute2}/bin/ip -n wg address add <ipv4 VPN addr/cidr> dev wg0
       ${iproute2}/bin/ip -n wg address add <ipv4 VPN addr/cidr> dev wg0
       # ${iproute2}/bin/ip -n wg -6 address add <ipv6 VPN addr/cidr> dev wg0
       # ${iproute2}/bin/ip -n wg -6 address add <ipv6 VPN addr/cidr> dev wg0
       ${iproute2}/bin/ip netns exec wg \
       ${iproute2}/bin/ip netns exec wg \
         ${wireguard-tools}/bin/wg setconf wg0 /root/myVPNprovider.conf
         ${wireguard-tools}/bin/wg setconf wg0 /root/myVPNprovider.conf
       ${iproute2}/bin/ip -n wg link set wg0 up
       ${iproute2}/bin/ip -n wg link set wg0 up
       # need to set lo up as network namespace is started with lo down
       # need to set lo up as network namespace is started with lo down
       ${iproute2}/bin/ip -n wg link set lo up
       ${iproute2}/bin/ip -n wg link set lo up
       ${iproute2}/bin/ip -n wg route add default dev wg0
       ${iproute2}/bin/ip -n wg route add default dev wg0
       # ${iproute}/bin/ip -n wg -6 route add default dev wg0
       # ${iproute}/bin/ip -n wg -6 route add default dev wg0
 
     '';
     <nowiki>''</nowiki>;
     ExecStop = with pkgs; writers.writeBash "wg-down" ''
 
     ExecStop = with pkgs; writers.writeBash "wg-down" <nowiki>''</nowiki>
 
       ${iproute2}/bin/ip -n wg route del default dev wg0
       ${iproute2}/bin/ip -n wg route del default dev wg0
       # ${iproute2}/bin/ip -n wg -6 route del default dev wg0
       # ${iproute2}/bin/ip -n wg -6 route del default dev wg0
       ${iproute2}/bin/ip -n wg link del wg0
       ${iproute2}/bin/ip -n wg link del wg0
 
     '';
     <nowiki>''</nowiki>;
 
   };
   };
  };
  };
 
</syntaxhighlight>Second, binding deluged to newly created network namespace and enabling connectivity of delugeweb (in root namespace) to delguded in seperate network namespace, based on this [https://github.com/existentialtype/deluge-namespaced-wireguard tutorial]:<syntaxhighlight lang="nix">
```
  # binding deluged to network namespace
 
 
Second, binding deluged to newly created network namespace and enabling connectivity of delugeweb (in root namespace) to delguded in seperate network namespace, based on this [tutorial](<nowiki>https://github.com/existentialtype/deluge-namespaced-wireguard</nowiki>):
 
 
```nix
 
  # binding deluged to network namespace
 
  systemd.services.deluged.bindsTo = [ "netns@wg.service" ];
  systemd.services.deluged.bindsTo = [ "netns@wg.service" ];
  systemd.services.deluged.requires = [ "network-online.target" "wg.service" ];
  systemd.services.deluged.requires = [ "network-online.target" "wg.service" ];
  systemd.services.deluged.serviceConfig.NetworkNamespacePath = [ "/var/run/netns/wg" ];
  systemd.services.deluged.serviceConfig.NetworkNamespacePath = [ "/var/run/netns/wg" ];


  # allowing delugeweb to access deluged in network namespace, a socket is necesarry
  # allowing delugeweb to access deluged in network namespace, a socket is necesarry
  systemd.sockets."proxy-to-deluged" = {
  systemd.sockets."proxy-to-deluged" = {
   enable = true;
   enable = true;
   description = "Socket for Proxy to Deluge Daemon";
   description = "Socket for Proxy to Deluge Daemon";
   listenStreams = [ "58846" ];
   listenStreams = [ "58846" ];
   wantedBy = [ "sockets.target" ];
   wantedBy = [ "sockets.target" ];
  };
  };


  # creating proxy service on socket, which forwards the same port from the root namespace to the isolated namespace
  # creating proxy service on socket, which forwards the same port from the root namespace to the isolated namespace
  systemd.services."proxy-to-deluged" = {
  systemd.services."proxy-to-deluged" = {
   enable = true;
   enable = true;
   description = "Proxy to Deluge Daemon in Network Namespace";
   description = "Proxy to Deluge Daemon in Network Namespace";
   requires = [ "deluged.service" "proxy-to-deluged.socket" ];
   requires = [ "deluged.service" "proxy-to-deluged.socket" ];
   after = [ "deluged.service" "proxy-to-deluged.socket" ];
   after = [ "deluged.service" "proxy-to-deluged.socket" ];
   unitConfig = { JoinsNamespaceOf = "deluged.service"; };
   unitConfig = { JoinsNamespaceOf = "deluged.service"; };
   serviceConfig = {
   serviceConfig = {
     User = "deluge";
     User = "deluge";
     Group = "deluge";
     Group = "deluge";
     ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd --exit-idle-time=5min 127.0.0.1:58846";
     ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd --exit-idle-time=5min 127.0.0.1:58846";
     PrivateNetwork = "yes";
     PrivateNetwork = "yes";
   };
   };
  };
</syntaxhighlight>


  };


```
[[Category:Applications]]
[[Category:Web Applications]]

Latest revision as of 11:41, 10 December 2024

Deluge is a BitTorrent client.

Basic Nix Configuration

  services.deluge = {
   enable = true;
   web.enable = true;
  };

The web UI is then accessible on http://localhost:8112.

How to set up Deluge in a separate network namespace with only a wireguard vpn interface:

First, creating a network namespace with wireguard vpn interface based on this tutorial:

  # creating network namespace
  systemd.services."netns@" = {
   description = "%I network namespace";
   before = [ "network.target" ];
   serviceConfig = {
     Type = "oneshot";
     RemainAfterExit = true;
     ExecStart = "${pkgs.iproute2}/bin/ip netns add %I";
     ExecStop = "${pkgs.iproute2}/bin/ip netns del %I";
   };
  };

  # setting up wireguard interface within network namespace
  systemd.services.wg = {
   description = "wg network interface";
   bindsTo = [ "netns@wg.service" ];
   requires = [ "network-online.target" ];
   after = [ "netns@wg.service" ];
   serviceConfig = {
     Type = "oneshot";
     RemainAfterExit = true;
     ExecStart = with pkgs; writers.writeBash "wg-up" ''
       see -e
       ${iproute2}/bin/ip link add wg0 type wireguard
       ${iproute2}/bin/ip link set wg0 netns wg
       ${iproute2}/bin/ip -n wg address add <ipv4 VPN addr/cidr> dev wg0
       # ${iproute2}/bin/ip -n wg -6 address add <ipv6 VPN addr/cidr> dev wg0
       ${iproute2}/bin/ip netns exec wg \
         ${wireguard-tools}/bin/wg setconf wg0 /root/myVPNprovider.conf
       ${iproute2}/bin/ip -n wg link set wg0 up
       # need to set lo up as network namespace is started with lo down
       ${iproute2}/bin/ip -n wg link set lo up
       ${iproute2}/bin/ip -n wg route add default dev wg0
       # ${iproute}/bin/ip -n wg -6 route add default dev wg0
     '';
     ExecStop = with pkgs; writers.writeBash "wg-down" ''
       ${iproute2}/bin/ip -n wg route del default dev wg0
       # ${iproute2}/bin/ip -n wg -6 route del default dev wg0
       ${iproute2}/bin/ip -n wg link del wg0
     '';
   };
  };

Second, binding deluged to newly created network namespace and enabling connectivity of delugeweb (in root namespace) to delguded in seperate network namespace, based on this tutorial:

  # binding deluged to network namespace
  systemd.services.deluged.bindsTo = [ "netns@wg.service" ];
  systemd.services.deluged.requires = [ "network-online.target" "wg.service" ];
  systemd.services.deluged.serviceConfig.NetworkNamespacePath = [ "/var/run/netns/wg" ];

  # allowing delugeweb to access deluged in network namespace, a socket is necesarry
  systemd.sockets."proxy-to-deluged" = {
   enable = true;
   description = "Socket for Proxy to Deluge Daemon";
   listenStreams = [ "58846" ];
   wantedBy = [ "sockets.target" ];
  };

  # creating proxy service on socket, which forwards the same port from the root namespace to the isolated namespace
  systemd.services."proxy-to-deluged" = {
   enable = true;
   description = "Proxy to Deluge Daemon in Network Namespace";
   requires = [ "deluged.service" "proxy-to-deluged.socket" ];
   after = [ "deluged.service" "proxy-to-deluged.socket" ];
   unitConfig = { JoinsNamespaceOf = "deluged.service"; };
   serviceConfig = {
     User = "deluge";
     Group = "deluge";
     ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd --exit-idle-time=5min 127.0.0.1:58846";
     PrivateNetwork = "yes";
   };
  };