Last active
February 17, 2022 23:41
-
-
Save bodziek666/b1c448e42f09e412a602adf0f48a6048 to your computer and use it in GitHub Desktop.
Transmission Daemon with Wireguard on separated netns managed by systemd units
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/systemd/system/flexget.service | |
| [Unit] | |
| Description=FlexGet Daemon | |
| # network namespace | |
| BindsTo=netns@torrent.service | |
| After=netns@torrent.service | |
| # cnfiguration of network interface assiciated with network namespace | |
| BindsTo=wg-torrent-netns.service | |
| After=wg-torrent-netns.service | |
| # soft dependency on transmission instance | |
| Wants=transmission-daemon-opt.service | |
| After=transmission-daemon-opt.service | |
| JoinsNamespaceOf=netns@torrent.service | |
| [Service] | |
| User=pawel | |
| Group=pawel | |
| PrivateNetwork=true | |
| Type=simple | |
| ExecStart=/opt/flexget/bin/flexget daemon start | |
| ExecStop=/opt/flexget/bin/flexget daemon stop | |
| ExecReload=/opt/flexget/bin/flexget daemon reload | |
| [Install] | |
| WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/systemd/system/netns@.service | |
| [Unit] | |
| Description=Named network namespace %i | |
| StopWhenUnneeded=true | |
| After=network.target | |
| [Service] | |
| Type=oneshot | |
| RemainAfterExit=yes | |
| # Ask systemd to create a network namespace | |
| PrivateNetwork=yes | |
| # Ask ip netns to create a named network namespace | |
| # (This ensures that things like /var/run/netns are properly setup) | |
| ExecStart=/sbin/ip netns add %i | |
| # Drop the network namespace that ip netns just created | |
| ExecStart=/bin/umount /var/run/netns/%i | |
| # Re-use the same name for the network namespace that systemd put us in | |
| ExecStart=/bin/mount --bind /proc/self/ns/net /var/run/netns/%i | |
| # Clean up the name when we are done with the network namespace | |
| ExecStop=/sbin/ip netns delete %i |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/systemd/system/transmission-daemon-opt.service - transmission daemon 3.00 built locally from source | |
| [Unit] | |
| Description=Transmission BitTorrent Daemon | |
| # network namespace | |
| BindsTo=netns@torrent.service | |
| After=netns@torrent.service | |
| # cnfiguration of network interface assiciated with network namespace | |
| BindsTo=wg-torrent-netns.service | |
| After=wg-torrent-netns.service | |
| JoinsNamespaceOf=netns@torrent.service | |
| [Service] | |
| User=pawel | |
| Group=pawel | |
| Environment=PATH=/opt/transmission/bin:$PATH | |
| #Restart=on-failure | |
| #RestartSec=10s | |
| PrivateNetwork=true | |
| #Type=notify | |
| Type=exec | |
| ExecStart=/opt/transmission/bin/transmission-daemon -f --log-error --config-dir /home/pawel/.config/transmission-daemon | |
| ExecStop=/bin/kill -s STOP $MAINPID | |
| ExecReload=/bin/kill -s HUP $MAINPID | |
| [Install] | |
| WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/systemd/system/transmission-daemon-web-netns.service | |
| [Unit] | |
| Description=Forwarder to transmission-daemon web interface in netns | |
| After=network-online.target | |
| # require network namespace for torrenting to be configured | |
| BindsTo=wg-torrent-netns.service | |
| After=wg-torrent-netns.service | |
| # soft dependency on transmission instance | |
| Wants=transmission-daemon-opt.service | |
| After=transmission-daemon-opt.service | |
| [Service] | |
| Type=simple | |
| ExecStart=socat tcp-listen:9091,fork,reuseaddr exec:'ip netns exec torrent socat STDIO "tcp-connect:127.0.0.1:9091"',nofork | |
| SyslogIdentifier=transmission-web-netns | |
| Restart=on-failure | |
| SuccessExitStatus=143 | |
| # Time to wait before forcefully stopped. | |
| TimeoutStopSec=300 | |
| [Install] | |
| WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/systemd/system/transmission-daemon.service - transmission daemon 2.94 | |
| [Unit] | |
| Description=Transmission BitTorrent Daemon | |
| # network namespace | |
| BindsTo=netns@torrent.service | |
| After=netns@torrent.service | |
| # configuration of network interface assiciated with network namespace | |
| BindsTo=wg-torrent-netns.service | |
| After=wg-torrent-netns.service | |
| JoinsNamespaceOf=netns@torrent.service | |
| [Service] | |
| User=pawel | |
| Group=pawel | |
| PrivateNetwork=true | |
| Type=notify | |
| ExecStart=/usr/bin/transmission-daemon -f --log-error | |
| ExecStop=/bin/kill -s STOP $MAINPID | |
| ExecReload=/bin/kill -s HUP $MAINPID | |
| [Install] | |
| WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/systemd/system/wg-torrent-netns-firewall.service | |
| [Unit] | |
| Description=Fireall rules for torrent ns | |
| Requires=netns@torrent.service | |
| After=netns@torrent.service | |
| Requires=wg-torrent-netns.service | |
| After=wg-torrent-netns.service | |
| [Service] | |
| Type=oneshot | |
| RemainAfterExit=yes | |
| # restore configured rules | |
| ExecStart=/sbin/ip netns exec torrent iptables-restore /etc/iptables.torrent.rules | |
| ExecStart=/sbin/ip netns exec torrent ip6tables-restore /etc/ip6tables.torrent.rules | |
| # remove rules after stopping this service | |
| ExecStop=/sbin/ip netns exec torrent iptables -P INPUT ACCEPT | |
| ExecStop=/sbin/ip netns exec torrent iptables -P FORWARD ACCEPT | |
| ExecStop=/sbin/ip netns exec torrent iptables -F | |
| ExecStop=/sbin/ip netns exec torrent ip6tables -P INPUT ACCEPT | |
| ExecStop=/sbin/ip netns exec torrent ip6tables -P FORWARD ACCEPT | |
| ExecStop=/sbin/ip netns exec torrent ip6tables -F | |
| [Install] | |
| WantedBy=wg-torrent-netns.service |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/systemd/system/wg-torrent-netns.service | |
| [Unit] | |
| Description=Configure wg-torrent for torrent network namespace | |
| Requires=netns@torrent.service | |
| After=netns@torrent.service | |
| [Service] | |
| Type=oneshot | |
| RemainAfterExit=yes | |
| # Create wg-torrent interface | |
| ExecStart=/bin/ip link add wg-torrent type wireguard | |
| # Associate the wg-torent interface with torrent network namespace | |
| ExecStart=/bin/ip link set wg-torrent netns torrent | |
| # Configure wg-torrent interface in a specified namespace | |
| ExecStart=/bin/ip -n torrent addr add 10.10.3.2/24 dev wg-torrent | |
| ExecStart=/bin/ip netns exec torrent wg setconf wg-torrent /etc/wireguard/wg-torrent.conf | |
| # Bring the wg-torrent interface up in a specified namespace | |
| ExecStart=/bin/ip -n torrent link set wg-torrent up | |
| # Configure default route for a specified namespace | |
| ExecStart=/bin/ip -n torrent route add default dev wg-torrent | |
| ExecStop=/bin/ip -n torrent link set wg-torrent down |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment