NixOS Wiki

Deluge: Difference between revisions

← Older editNewer edit →
VisualWikitext
Klinger (talk | contribs)
trusted
903 edits
Fschn90 (talk | contribs)
6 edits
No edit summary
Line 4: Line 4:
<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
  services.deluge = {
  services.deluge = {
   enable = true;
   enable = true;
   web.enable = true;
   web.enable = true;
  };
  };
</syntaxhighlight>The web UI is then accessible on http://localhost:8112.
</syntaxhighlight>The web UI is then accessible on http://localhost:8112.
Line 17: Line 14:
First, creating a network namespace with wireguard vpn interface based on this [https://discourse.nixos.org/t/setting-up-wireguard-in-a-network-namespace-for-selectively-routing-traffic-through-vpn/10252/8 tutorial]:<syntaxhighlight lang="nix">
First, creating a network namespace with wireguard vpn interface based on this [https://discourse.nixos.org/t/setting-up-wireguard-in-a-network-namespace-for-selectively-routing-traffic-through-vpn/10252/8 tutorial]:<syntaxhighlight lang="nix">
  # creating network namespace
  # creating network namespace
  systemd.services."netns@" = {
  systemd.services."netns@" = {
   description = "%I network namespace";
   description = "%I network namespace";
   before = [ "network.target" ];
   before = [ "network.target" ];
   serviceConfig = {
   serviceConfig = {
     Type = "oneshot";
     Type = "oneshot";
     RemainAfterExit = true;
     RemainAfterExit = true;
     ExecStart = "${pkgs.iproute2}/bin/ip netns add %I";
     ExecStart = "${pkgs.iproute2}/bin/ip netns add %I";
     ExecStop = "${pkgs.iproute2}/bin/ip netns del %I";
     ExecStop = "${pkgs.iproute2}/bin/ip netns del %I";
   };
   };
  };
  };


  # setting up wireguard interface within network namespace
  # setting up wireguard interface within network namespace
  systemd.services.wg = {
  systemd.services.wg = {
   description = "wg network interface";
   description = "wg network interface";
   bindsTo = [ "netns@wg.service" ];
   bindsTo = [ "netns@wg.service" ];
   requires = [ "network-online.target" ];
   requires = [ "network-online.target" ];
   after = [ "netns@wg.service" ];
   after = [ "netns@wg.service" ];
   serviceConfig = {
   serviceConfig = {
     Type = "oneshot";
     Type = "oneshot";
     RemainAfterExit = true;
     RemainAfterExit = true;
     ExecStart = with pkgs; writers.writeBash "wg-up" ''
     ExecStart = with pkgs; writers.writeBash "wg-up" ''
       see -e
       see -e
       ${iproute2}/bin/ip link add wg0 type wireguard
       ${iproute2}/bin/ip link add wg0 type wireguard
       ${iproute2}/bin/ip link set wg0 netns wg
       ${iproute2}/bin/ip link set wg0 netns wg
       ${iproute2}/bin/ip -n wg address add <ipv4 VPN addr/cidr> dev wg0
       ${iproute2}/bin/ip -n wg address add <ipv4 VPN addr/cidr> dev wg0
       # ${iproute2}/bin/ip -n wg -6 address add <ipv6 VPN addr/cidr> dev wg0
       # ${iproute2}/bin/ip -n wg -6 address add <ipv6 VPN addr/cidr> dev wg0
       ${iproute2}/bin/ip netns exec wg \
       ${iproute2}/bin/ip netns exec wg \
         ${wireguard-tools}/bin/wg setconf wg0 /root/myVPNprovider.conf
         ${wireguard-tools}/bin/wg setconf wg0 /root/myVPNprovider.conf
       ${iproute2}/bin/ip -n wg link set wg0 up
       ${iproute2}/bin/ip -n wg link set wg0 up
       # need to set lo up as network namespace is started with lo down
       # need to set lo up as network namespace is started with lo down
       ${iproute2}/bin/ip -n wg link set lo up
       ${iproute2}/bin/ip -n wg link set lo up
       ${iproute2}/bin/ip -n wg route add default dev wg0
       ${iproute2}/bin/ip -n wg route add default dev wg0
       # ${iproute}/bin/ip -n wg -6 route add default dev wg0
       # ${iproute}/bin/ip -n wg -6 route add default dev wg0
     '';
     '';
     ExecStop = with pkgs; writers.writeBash "wg-down" ''
     ExecStop = with pkgs; writers.writeBash "wg-down" ''
       ${iproute2}/bin/ip -n wg route del default dev wg0
       ${iproute2}/bin/ip -n wg route del default dev wg0
       # ${iproute2}/bin/ip -n wg -6 route del default dev wg0
       # ${iproute2}/bin/ip -n wg -6 route del default dev wg0
       ${iproute2}/bin/ip -n wg link del wg0
       ${iproute2}/bin/ip -n wg link del wg0
     '';
     '';
   };
   };
  };
  };
</syntaxhighlight>Second, binding deluged to newly created network namespace and enabling connectivity of delugeweb (in root namespace) to delguded in seperate network namespace, based on this [https://github.com/existentialtype/deluge-namespaced-wireguard tutorial]:<syntaxhighlight lang="nix">
</syntaxhighlight>Second, binding deluged to newly created network namespace and enabling connectivity of delugeweb (in root namespace) to delguded in seperate network namespace, based on this [https://github.com/existentialtype/deluge-namespaced-wireguard tutorial]:<syntaxhighlight lang="nix">
# binding deluged to network namespace
  # binding deluged to network namespace
 
  systemd.services.deluged.bindsTo = [ "netns@wg.service" ];
  systemd.services.deluged.bindsTo = [ "netns@wg.service" ];
  systemd.services.deluged.requires = [ "network-online.target" "wg.service" ];
  systemd.services.deluged.requires = [ "network-online.target" "wg.service" ];
  systemd.services.deluged.serviceConfig.NetworkNamespacePath = [ "/var/run/netns/wg" ];
  systemd.services.deluged.serviceConfig.NetworkNamespacePath = [ "/var/run/netns/wg" ];


  # allowing delugeweb to access deluged in network namespace, a socket is necesarry
  # allowing delugeweb to access deluged in network namespace, a socket is necesarry
  systemd.sockets."proxy-to-deluged" = {
  systemd.sockets."proxy-to-deluged" = {
   enable = true;
   enable = true;
   description = "Socket for Proxy to Deluge Daemon";
   description = "Socket for Proxy to Deluge Daemon";
   listenStreams = [ "58846" ];
   listenStreams = [ "58846" ];
   wantedBy = [ "sockets.target" ];
   wantedBy = [ "sockets.target" ];
  };
  };


  # creating proxy service on socket, which forwards the same port from the root namespace to the isolated namespace
  # creating proxy service on socket, which forwards the same port from the root namespace to the isolated namespace
  systemd.services."proxy-to-deluged" = {
  systemd.services."proxy-to-deluged" = {
   enable = true;
   enable = true;
   description = "Proxy to Deluge Daemon in Network Namespace";
   description = "Proxy to Deluge Daemon in Network Namespace";
   requires = [ "deluged.service" "proxy-to-deluged.socket" ];
   requires = [ "deluged.service" "proxy-to-deluged.socket" ];
   after = [ "deluged.service" "proxy-to-deluged.socket" ];
   after = [ "deluged.service" "proxy-to-deluged.socket" ];
   unitConfig = { JoinsNamespaceOf = "deluged.service"; };
   unitConfig = { JoinsNamespaceOf = "deluged.service"; };
   serviceConfig = {
   serviceConfig = {
     User = "deluge";
     User = "deluge";
     Group = "deluge";
     Group = "deluge";
     ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd --exit-idle-time=5min 127.0.0.1:58846";
     ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd --exit-idle-time=5min 127.0.0.1:58846";
     PrivateNetwork = "yes";
     PrivateNetwork = "yes";
   };
   };
  };
  };
</syntaxhighlight>
</syntaxhighlight>
Retrieved from "https://wiki.nixos.org/wiki/Deluge"