fujin/nixarr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #115 from cramt/cramt/flake_update

Browse Source 
flake update
This commit is contained in:
Rasmus Kirk
2025-12-14 16:56:44 +00:00
committed by GitHub
parent ac11a6d765 d6838844ca
commit 204da9209a
5 changed files with 141 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files
flake.lock
Generated
+7 -7
View File
@@ -2,16 +2,16 @@
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1761016216,
"narHash": "sha256-G/iC4t/9j/52i/nm+0/4ybBmAF4hzR8CNHC75qEhjHo=",
"lastModified": 1765608474,
"narHash": "sha256-9Wx53UK0z8Di5iesJID0tS1dRKwGxI4i7tsSanOHhF0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "481cf557888e05d3128a76f14c76397b7d7cc869",
"rev": "28bb483c11a1214a73f9fd2d9928a6e2ea86ec71",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-25.05",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
@@ -25,11 +25,11 @@
},
"vpnconfinement": {
"locked": {
"lastModified": 1759956062,
"narHash": "sha256-NUZu0Rb0fwUjfdp51zMm0xM3lcK8Kw4c97LLog7+JjA=",
"lastModified": 1765634578,
"narHash": "sha256-Fujb9sn1cj+u/bzfo2RbQkcAvJ7Ch1pimJzFie4ptb4=",
"owner": "Maroka-chan",
"repo": "VPN-Confinement",
"rev": "fabe7247b720b5eb4c3c053e24a2b3b70e64c52b",
"rev": "f2989e1e3cb06c7185939e9ddc368f88b998616a",
"type": "github"
},
"original": {
flake.nix
+91 -80
View File
@@ -2,7 +2,7 @@
description = "The Nixarr Media Server Nixos Module";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
vpnconfinement.url = "github:Maroka-chan/VPN-Confinement";
@@ -27,91 +27,102 @@
# Helper to provide system-specific attributes
forAllSystems = f:
nixpkgs.lib.genAttrs supportedSystems (system:
f {
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
};
});
nixpkgs.lib.genAttrs supportedSystems (
system:
f {
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
};
}
);
in {
nixosModules.default.imports = [./nixarr vpnconfinement.nixosModules.default];
nixosModules.default.imports = [
./nixarr
vpnconfinement.nixosModules.default
];
# Add tests attribute to the flake outputs
# To run interactively run:
# > nix build .#checks.x86_64-linux.monitoring-test.driver -L
checks = forAllSystems ({pkgs}: {
permissions-test = pkgs.callPackage ./tests/permissions-test.nix {
inherit (self) nixosModules;
};
simple-test = pkgs.callPackage ./tests/simple-test.nix {
inherit (self) nixosModules;
};
# vpn-confinement-test = pkgs.callPackage ./tests/vpn-confinement-test.nix {
# inherit (self) nixosModules;
# };
});
devShells = forAllSystems ({pkgs}: {
default = pkgs.mkShell {
packages = with pkgs; [
alejandra
nixd
];
};
});
packages = forAllSystems ({pkgs}: let
website = website-builder.lib {
pkgs = pkgs;
src = "${self}";
timestamp = self.lastModified;
headerTitle = "Nixarr";
standalonePages = [
{
title = "Nixarr - Media Server Nixos Module";
inputFile = ./README.md;
outputFile = "index.html";
}
];
includedDirs = ["docs"];
articleDirs = ["docs/wiki"];
navbar = [
{
title = "Home";
location = "/";
}
{
title = "Options";
location = "/nixos-options";
}
{
title = "Wiki";
location = "/wiki";
}
{
title = "Github";
location = "https://github.com/rasmus-kirk/nixarr";
}
];
favicons = {
# For all browsers
"16x16" = "/docs/img/favicons/16x16.png";
"32x32" = "/docs/img/favicons/32x32.png";
# For Google and Android
"48x48" = "/docs/img/favicons/48x48.png";
"192x192" = "/docs/img/favicons/192x192.png";
# For iPad
"167x167" = "/docs/img/favicons/167x167.png";
# For iPhone
"180x180" = "/docs/img/favicons/180x180.png";
checks = forAllSystems (
{pkgs}: {
permissions-test = pkgs.callPackage ./tests/permissions-test.nix {
inherit (self) nixosModules;
};
nixosModules = ./nixarr;
};
in {
default = website.package;
debug = website.loop;
});
simple-test = pkgs.callPackage ./tests/simple-test.nix {
inherit (self) nixosModules;
};
# vpn-confinement-test = pkgs.callPackage ./tests/vpn-confinement-test.nix {
# inherit (self) nixosModules;
# };
}
);
devShells = forAllSystems (
{pkgs}: {
default = pkgs.mkShell {
packages = with pkgs; [
alejandra
nixd
];
};
}
);
packages = forAllSystems (
{pkgs}: let
website = website-builder.lib {
pkgs = pkgs;
src = "${self}";
timestamp = self.lastModified;
headerTitle = "Nixarr";
standalonePages = [
{
title = "Nixarr - Media Server Nixos Module";
inputFile = ./README.md;
outputFile = "index.html";
}
];
includedDirs = ["docs"];
articleDirs = ["docs/wiki"];
navbar = [
{
title = "Home";
location = "/";
}
{
title = "Options";
location = "/nixos-options";
}
{
title = "Wiki";
location = "/wiki";
}
{
title = "Github";
location = "https://github.com/rasmus-kirk/nixarr";
}
];
favicons = {
# For all browsers
"16x16" = "/docs/img/favicons/16x16.png";
"32x32" = "/docs/img/favicons/32x32.png";
# For Google and Android
"48x48" = "/docs/img/favicons/48x48.png";
"192x192" = "/docs/img/favicons/192x192.png";
# For iPad
"167x167" = "/docs/img/favicons/167x167.png";
# For iPhone
"180x180" = "/docs/img/favicons/180x180.png";
};
nixosModules = ./nixarr;
};
in {
default = website.package;
debug = website.loop;
}
);
formatter = forAllSystems ({pkgs}: pkgs.alejandra);
};
tests/permissions-test.nix
+1 -1
View File
@@ -4,7 +4,7 @@
nixosModules,
lib ? pkgs.lib,
}:
pkgs.nixosTest {
pkgs.testers.nixosTest {
name = "nixarr-permissions-test";
nodes.machine = {
tests/simple-test.nix
+1 -1
View File
@@ -3,7 +3,7 @@
nixosModules,
lib ? pkgs.lib,
}:
pkgs.nixosTest {
pkgs.testers.nixosTest {
name = "simple-test";
nodes.machine = {
tests/vpn-confinement-test.nix
+41 -18
View File
@@ -43,19 +43,27 @@ The test ensures that:
wgGatewayPort = 51820;
# Generate real WireGuard keys
wgGatewayPrivateKey = pkgs.runCommand "wg-gateway-private" {buildInputs = [pkgs.wireguard-tools];} ''
wg genkey > $out
'';
wgGatewayPublicKey = pkgs.runCommand "wg-gateway-public" {buildInputs = [pkgs.wireguard-tools];} ''
cat ${wgGatewayPrivateKey} | wg pubkey > $out
'';
wgGatewayPrivateKey =
pkgs.runCommand "wg-gateway-private" {buildInputs = [pkgs.wireguard-tools];}
''
wg genkey > $out
'';
wgGatewayPublicKey =
pkgs.runCommand "wg-gateway-public" {buildInputs = [pkgs.wireguard-tools];}
''
cat ${wgGatewayPrivateKey} | wg pubkey > $out
'';
wgClientPrivateKey = pkgs.runCommand "wg-client-private" {buildInputs = [pkgs.wireguard-tools];} ''
wg genkey > $out
'';
wgClientPublicKey = pkgs.runCommand "wg-client-public" {buildInputs = [pkgs.wireguard-tools];} ''
cat ${wgClientPrivateKey} | wg pubkey > $out
'';
wgClientPrivateKey =
pkgs.runCommand "wg-client-private" {buildInputs = [pkgs.wireguard-tools];}
''
wg genkey > $out
'';
wgClientPublicKey =
pkgs.runCommand "wg-client-public" {buildInputs = [pkgs.wireguard-tools];}
''
cat ${wgClientPrivateKey} | wg pubkey > $out
'';
# Network configuration
wgGatewayAddr = "10.100.0.1";
@@ -92,7 +100,7 @@ The test ensures that:
PersistentKeepalive = 25
'';
in
pkgs.nixosTest {
pkgs.testers.nixosTest {
name = "nixarr-vpn-confinement-test";
# Disable interactive mode to avoid hanging
@@ -128,7 +136,10 @@ in
"${internetClientIP}/24"
"${internetClientIPv6}/64"
];
gateway = ["${internetGatewayIP}" "${internetGatewayIPv6}"];
gateway = [
"${internetGatewayIP}"
"${internetGatewayIPv6}"
];
routes = [
{
Destination = "${wgSubnet}";
@@ -189,7 +200,10 @@ in
pkgs,
...
}: {
virtualisation.vlans = [1 2]; # VLAN 1 for LAN, VLAN 2 for Internet
virtualisation.vlans = [
1
2
]; # VLAN 1 for LAN, VLAN 2 for Internet
networking = {
interfaces.eth1 = {
@@ -224,19 +238,28 @@ in
firewall = {
enable = true;
allowedUDPPorts = [wgGatewayPort 51413];
allowedUDPPorts = [
wgGatewayPort
51413
];
allowedTCPPorts = [51413];
};
wireguard.interfaces.wg0 = {
ips = ["${wgGatewayAddr}/24" "${wgGatewayAddrV6}/64"];
ips = [
"${wgGatewayAddr}/24"
"${wgGatewayAddrV6}/64"
];
listenPort = wgGatewayPort;
privateKeyFile = "${wgGatewayPrivateKey}";
peers = [
{
publicKey = builtins.readFile wgClientPublicKey;
allowedIPs = ["${wgClientAddr}/32" "${wgClientAddrV6}/128"];
allowedIPs = [
"${wgClientAddr}/32"
"${wgClientAddrV6}/128"
];
}
];
};