diff --git a/modules/server/deluge/default.nix b/modules/server/deluge/default.nix index 15f14c46..6cfeed67 100644 --- a/modules/server/deluge/default.nix +++ b/modules/server/deluge/default.nix @@ -35,14 +35,13 @@ in { default = "Downloads"; }; }; + config = lib.mkIf cfg.enable { services.deluge = { enable = true; user = srv.user; group = srv.group; - web = { - enable = true; - }; + web.enable = true; }; services.caddy.virtualHosts."${cfg.url}" = { @@ -53,37 +52,32 @@ in { }; systemd = lib.mkIf srv.wireguard-netns.enable { - services.deluged.bindsTo = ["netns@${ns}.service"]; - services.deluged.requires = [ - "network-online.target" - "${ns}.service" - ]; services.deluged.serviceConfig.NetworkNamespacePath = "/var/run/netns/${ns}"; - sockets."deluged-proxy" = { - enable = true; - description = "Socket for Proxy to Deluge WebUI"; - listenStreams = ["58846"]; + services.deluge-web.serviceConfig.NetworkNamespacePath = "/var/run/netns/${ns}"; + + services.deluged.after = ["netns@${ns}.service"]; + services.deluge-web.after = ["netns@${ns}.service"]; + + sockets."deluge-web-proxy" = { + description = "Socket Proxy for Deluge WebUI"; + listenStreams = [ + "127.0.0.1:8112" + ]; wantedBy = ["sockets.target"]; }; - services."deluged-proxy" = { - enable = true; - description = "Proxy to Deluge Daemon in Network Namespace"; - requires = [ - "deluged.service" - "deluged-proxy.socket" - ]; - after = [ - "deluged.service" - "deluged-proxy.socket" - ]; - unitConfig = { - JoinsNamespaceOf = "deluged.service"; - }; + + services."deluge-web-proxy" = { + description = "Proxy to Deluge WebUI in Network Namespace"; + requires = ["deluge-web-proxy.socket"]; + after = ["deluge-web-proxy.socket"]; + serviceConfig = { - User = config.services.deluge.user; - Group = config.services.deluge.group; - ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd --exit-idle-time=5min 127.0.0.1:58846"; - PrivateNetwork = "yes"; + Type = "simple"; + ExecStart = '' + ${pkgs.socat}/bin/socat - TCP4:127.0.0.1:8112 + ''; + PrivateNetwork = true; + NetworkNamespacePath = "/var/run/netns/${ns}"; }; }; }; diff --git a/modules/server/wireguard-netns/default.nix b/modules/server/wireguard-netns/default.nix index 617d9432..bbe6242a 100644 --- a/modules/server/wireguard-netns/default.nix +++ b/modules/server/wireguard-netns/default.nix @@ -31,29 +31,22 @@ in { NS=${cfg.namespace} ADDR=$(awk -F' *= *' '/^Address/ { print $2 }' "$CONFIG") DNS=$(awk -F' *= *' '/^DNS/ { print $2 }' "$CONFIG") - ip netns delete "$NS" 2>/dev/null || true ip netns add "$NS" ip link add wg0 type wireguard ip link set wg0 netns "$NS" - IFS=',' read -ra ADDRS <<< "$ADDR" for ip in "''${ADDRS[@]}"; do ip -n "$NS" addr add "$ip" dev wg0 done - ip -n "$NS" link set wg0 up - grep -vE '^(Address|DNS) *=' "$CONFIG" | ip netns exec "$NS" wg setconf wg0 /dev/stdin - ip netns exec "$NS" ip link set lo up ip netns exec "$NS" ip route add default dev wg0 - mkdir -p /etc/netns/"$NS" echo "nameserver $DNS" > /etc/netns/"$NS"/resolv.conf ''; }; - netnsTeardown = pkgs.writeShellApplication { name = "netns-${cfg.namespace}-teardown"; runtimeInputs = with pkgs; [iproute2]; @@ -65,8 +58,9 @@ in { in { systemd.services."netns@${cfg.namespace}" = { description = "WireGuard VPN netns (${cfg.namespace})"; - after = ["network-online.target"]; - wants = ["network-online.target"]; + bindsTo = ["netns@${cfg.namespace}.service"]; + requires = ["network-online.target"]; + after = ["netns@${cfg.namespace}.service"]; wantedBy = ["multi-user.target"]; serviceConfig = {