boneskull/README.md

## README.md

      
    Raw
  

              README.md
            
          
    This is my setup which automatically binds Deluge to the IP assigned by the OpenVPN server.
Assumes OpenVPN client uses the tun0 interface.
It's theoretically subject to race conditions, but have not had problems so far.  There's probably a better way to do this, but I'm no systemd whiz.
Requires sponge be present (apt-get install sponge); was running into permissions problems when allowing sed to create a temp file.
Suggestions welcome!

  
## deluge-daemon.service
[Unit]
Description=Deluge Bittorrent Client Daemon
# ensure we start after the service is up and the interface is bound,
# and importantly, Deluge stops when OpenVPN client does
After=openvpn@foo.service sys-devices-virtual-net-tun0.device
Requires=openvpn@foo.service sys-devices-virtual-net-tun0.device

[Service]
Type=simple
User=deluge-daemon
Group=users
UMask=000
# I find that `up.sh` is executed about 7s or 8s after the client service starts, and Deluge
# cannot start up until that happens.
ExecStartPre=/bin/sleep 10
ExecStart=/usr/bin/deluged -d
Restart=on-failure

# Configures the time to wait before service is stopped forcefully.
TimeoutStopSec=300

[Install]
WantedBy=multi-user.target

## openvpn@foo.service
[Unit]
Description=OpenVPN connection to %i
PartOf=openvpn.service
ReloadPropagatedFrom=openvpn.service
Before=systemd-user-sessions.service
Documentation=man:openvpn(8)
Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO

[Service]
PrivateTmp=true
KillMode=mixed
Type=forking
ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.ovpn --writepid /run/openvpn/%i.pid --mute-replay-warnings --up /etc/openvpn/up.sh
PIDFile=/run/openvpn/%i.pid
ExecReload=/bin/kill -HUP $MAINPID
WorkingDirectory=/etc/openvpn
ProtectSystem=yes
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_AUDIT_WRITE
LimitNPROC=10
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw

[Install]
WantedBy=multi-user.target

## up.sh
#!/bin/bash

IPVPN=$4
# use your path to core.conf
DELUGE_CONFIG_PATH=/home/deluge-daemon/.config/deluge/core.conf

/bin/sed "s/\"listen_interface\": \".*\"/\"listen_interface\": \"${IPVPN}\"/" \
  "${DELUGE_CONFIG_PATH}" | /usr/bin/sponge "${DELUGE_CONFIG_PATH}"
	[Unit]
	Description=Deluge Bittorrent Client Daemon
	# ensure we start after the service is up and the interface is bound,
	# and importantly, Deluge stops when OpenVPN client does
	After=openvpn@foo.service sys-devices-virtual-net-tun0.device
	Requires=openvpn@foo.service sys-devices-virtual-net-tun0.device

	[Service]
	Type=simple
	User=deluge-daemon
	Group=users
	UMask=000
	# I find that `up.sh` is executed about 7s or 8s after the client service starts, and Deluge
	# cannot start up until that happens.
	ExecStartPre=/bin/sleep 10
	ExecStart=/usr/bin/deluged -d
	Restart=on-failure

	# Configures the time to wait before service is stopped forcefully.
	TimeoutStopSec=300

	[Install]
	WantedBy=multi-user.target
	[Unit]
	Description=OpenVPN connection to %i
	PartOf=openvpn.service
	ReloadPropagatedFrom=openvpn.service
	Before=systemd-user-sessions.service
	Documentation=man:openvpn(8)
	Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
	Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO

	[Service]
	PrivateTmp=true
	KillMode=mixed
	Type=forking
	ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.ovpn --writepid /run/openvpn/%i.pid --mute-replay-warnings --up /etc/openvpn/up.sh
	PIDFile=/run/openvpn/%i.pid
	ExecReload=/bin/kill -HUP $MAINPID
	WorkingDirectory=/etc/openvpn
	ProtectSystem=yes
	CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_AUDIT_WRITE
	LimitNPROC=10
	DeviceAllow=/dev/null rw
	DeviceAllow=/dev/net/tun rw

	[Install]
	WantedBy=multi-user.target
	#!/bin/bash

	IPVPN=$4
	# use your path to core.conf
	DELUGE_CONFIG_PATH=/home/deluge-daemon/.config/deluge/core.conf

	/bin/sed "s/\"listen_interface\": \".*\"/\"listen_interface\": \"${IPVPN}\"/" \
	"${DELUGE_CONFIG_PATH}" \| /usr/bin/sponge "${DELUGE_CONFIG_PATH}"