diff --git a/flake.lock b/flake.lock index 67c36fb..1349fbc 100644 --- a/flake.lock +++ b/flake.lock @@ -2,16 +2,16 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1761016216, - "narHash": "sha256-G/iC4t/9j/52i/nm+0/4ybBmAF4hzR8CNHC75qEhjHo=", + "lastModified": 1765608474, + "narHash": "sha256-9Wx53UK0z8Di5iesJID0tS1dRKwGxI4i7tsSanOHhF0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "481cf557888e05d3128a76f14c76397b7d7cc869", + "rev": "28bb483c11a1214a73f9fd2d9928a6e2ea86ec71", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "repo": "nixpkgs", "type": "github" } @@ -25,11 +25,11 @@ }, "vpnconfinement": { "locked": { - "lastModified": 1759956062, - "narHash": "sha256-NUZu0Rb0fwUjfdp51zMm0xM3lcK8Kw4c97LLog7+JjA=", + "lastModified": 1765634578, + "narHash": "sha256-Fujb9sn1cj+u/bzfo2RbQkcAvJ7Ch1pimJzFie4ptb4=", "owner": "Maroka-chan", "repo": "VPN-Confinement", - "rev": "fabe7247b720b5eb4c3c053e24a2b3b70e64c52b", + "rev": "f2989e1e3cb06c7185939e9ddc368f88b998616a", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index bbb370c..90c404a 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "The Nixarr Media Server Nixos Module"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; vpnconfinement.url = "github:Maroka-chan/VPN-Confinement"; @@ -27,91 +27,102 @@ # Helper to provide system-specific attributes forAllSystems = f: - nixpkgs.lib.genAttrs supportedSystems (system: - f { - pkgs = import nixpkgs { - inherit system; - config.allowUnfree = true; - }; - }); + nixpkgs.lib.genAttrs supportedSystems ( + system: + f { + pkgs = import nixpkgs { + inherit system; + config.allowUnfree = true; + }; + } + ); in { - nixosModules.default.imports = [./nixarr vpnconfinement.nixosModules.default]; + nixosModules.default.imports = [ + ./nixarr + vpnconfinement.nixosModules.default + ]; # Add tests attribute to the flake outputs # To run interactively run: # > nix build .#checks.x86_64-linux.monitoring-test.driver -L - checks = forAllSystems ({pkgs}: { - permissions-test = pkgs.callPackage ./tests/permissions-test.nix { - inherit (self) nixosModules; - }; - simple-test = pkgs.callPackage ./tests/simple-test.nix { - inherit (self) nixosModules; - }; - # vpn-confinement-test = pkgs.callPackage ./tests/vpn-confinement-test.nix { - # inherit (self) nixosModules; - # }; - }); - - devShells = forAllSystems ({pkgs}: { - default = pkgs.mkShell { - packages = with pkgs; [ - alejandra - nixd - ]; - }; - }); - - packages = forAllSystems ({pkgs}: let - website = website-builder.lib { - pkgs = pkgs; - src = "${self}"; - timestamp = self.lastModified; - headerTitle = "Nixarr"; - standalonePages = [ - { - title = "Nixarr - Media Server Nixos Module"; - inputFile = ./README.md; - outputFile = "index.html"; - } - ]; - includedDirs = ["docs"]; - articleDirs = ["docs/wiki"]; - navbar = [ - { - title = "Home"; - location = "/"; - } - { - title = "Options"; - location = "/nixos-options"; - } - { - title = "Wiki"; - location = "/wiki"; - } - { - title = "Github"; - location = "https://github.com/rasmus-kirk/nixarr"; - } - ]; - favicons = { - # For all browsers - "16x16" = "/docs/img/favicons/16x16.png"; - "32x32" = "/docs/img/favicons/32x32.png"; - # For Google and Android - "48x48" = "/docs/img/favicons/48x48.png"; - "192x192" = "/docs/img/favicons/192x192.png"; - # For iPad - "167x167" = "/docs/img/favicons/167x167.png"; - # For iPhone - "180x180" = "/docs/img/favicons/180x180.png"; + checks = forAllSystems ( + {pkgs}: { + permissions-test = pkgs.callPackage ./tests/permissions-test.nix { + inherit (self) nixosModules; }; - nixosModules = ./nixarr; - }; - in { - default = website.package; - debug = website.loop; - }); + simple-test = pkgs.callPackage ./tests/simple-test.nix { + inherit (self) nixosModules; + }; + # vpn-confinement-test = pkgs.callPackage ./tests/vpn-confinement-test.nix { + # inherit (self) nixosModules; + # }; + } + ); + + devShells = forAllSystems ( + {pkgs}: { + default = pkgs.mkShell { + packages = with pkgs; [ + alejandra + nixd + ]; + }; + } + ); + + packages = forAllSystems ( + {pkgs}: let + website = website-builder.lib { + pkgs = pkgs; + src = "${self}"; + timestamp = self.lastModified; + headerTitle = "Nixarr"; + standalonePages = [ + { + title = "Nixarr - Media Server Nixos Module"; + inputFile = ./README.md; + outputFile = "index.html"; + } + ]; + includedDirs = ["docs"]; + articleDirs = ["docs/wiki"]; + navbar = [ + { + title = "Home"; + location = "/"; + } + { + title = "Options"; + location = "/nixos-options"; + } + { + title = "Wiki"; + location = "/wiki"; + } + { + title = "Github"; + location = "https://github.com/rasmus-kirk/nixarr"; + } + ]; + favicons = { + # For all browsers + "16x16" = "/docs/img/favicons/16x16.png"; + "32x32" = "/docs/img/favicons/32x32.png"; + # For Google and Android + "48x48" = "/docs/img/favicons/48x48.png"; + "192x192" = "/docs/img/favicons/192x192.png"; + # For iPad + "167x167" = "/docs/img/favicons/167x167.png"; + # For iPhone + "180x180" = "/docs/img/favicons/180x180.png"; + }; + nixosModules = ./nixarr; + }; + in { + default = website.package; + debug = website.loop; + } + ); formatter = forAllSystems ({pkgs}: pkgs.alejandra); }; diff --git a/tests/permissions-test.nix b/tests/permissions-test.nix index e5667e3..98a4e77 100644 --- a/tests/permissions-test.nix +++ b/tests/permissions-test.nix @@ -4,7 +4,7 @@ nixosModules, lib ? pkgs.lib, }: -pkgs.nixosTest { +pkgs.testers.nixosTest { name = "nixarr-permissions-test"; nodes.machine = { diff --git a/tests/simple-test.nix b/tests/simple-test.nix index 6dd7f73..b147fd8 100644 --- a/tests/simple-test.nix +++ b/tests/simple-test.nix @@ -3,7 +3,7 @@ nixosModules, lib ? pkgs.lib, }: -pkgs.nixosTest { +pkgs.testers.nixosTest { name = "simple-test"; nodes.machine = { diff --git a/tests/vpn-confinement-test.nix b/tests/vpn-confinement-test.nix index 3a3b7f6..32924c9 100644 --- a/tests/vpn-confinement-test.nix +++ b/tests/vpn-confinement-test.nix @@ -43,19 +43,27 @@ The test ensures that: wgGatewayPort = 51820; # Generate real WireGuard keys - wgGatewayPrivateKey = pkgs.runCommand "wg-gateway-private" {buildInputs = [pkgs.wireguard-tools];} '' - wg genkey > $out - ''; - wgGatewayPublicKey = pkgs.runCommand "wg-gateway-public" {buildInputs = [pkgs.wireguard-tools];} '' - cat ${wgGatewayPrivateKey} | wg pubkey > $out - ''; + wgGatewayPrivateKey = + pkgs.runCommand "wg-gateway-private" {buildInputs = [pkgs.wireguard-tools];} + '' + wg genkey > $out + ''; + wgGatewayPublicKey = + pkgs.runCommand "wg-gateway-public" {buildInputs = [pkgs.wireguard-tools];} + '' + cat ${wgGatewayPrivateKey} | wg pubkey > $out + ''; - wgClientPrivateKey = pkgs.runCommand "wg-client-private" {buildInputs = [pkgs.wireguard-tools];} '' - wg genkey > $out - ''; - wgClientPublicKey = pkgs.runCommand "wg-client-public" {buildInputs = [pkgs.wireguard-tools];} '' - cat ${wgClientPrivateKey} | wg pubkey > $out - ''; + wgClientPrivateKey = + pkgs.runCommand "wg-client-private" {buildInputs = [pkgs.wireguard-tools];} + '' + wg genkey > $out + ''; + wgClientPublicKey = + pkgs.runCommand "wg-client-public" {buildInputs = [pkgs.wireguard-tools];} + '' + cat ${wgClientPrivateKey} | wg pubkey > $out + ''; # Network configuration wgGatewayAddr = "10.100.0.1"; @@ -92,7 +100,7 @@ The test ensures that: PersistentKeepalive = 25 ''; in - pkgs.nixosTest { + pkgs.testers.nixosTest { name = "nixarr-vpn-confinement-test"; # Disable interactive mode to avoid hanging @@ -128,7 +136,10 @@ in "${internetClientIP}/24" "${internetClientIPv6}/64" ]; - gateway = ["${internetGatewayIP}" "${internetGatewayIPv6}"]; + gateway = [ + "${internetGatewayIP}" + "${internetGatewayIPv6}" + ]; routes = [ { Destination = "${wgSubnet}"; @@ -189,7 +200,10 @@ in pkgs, ... }: { - virtualisation.vlans = [1 2]; # VLAN 1 for LAN, VLAN 2 for Internet + virtualisation.vlans = [ + 1 + 2 + ]; # VLAN 1 for LAN, VLAN 2 for Internet networking = { interfaces.eth1 = { @@ -224,19 +238,28 @@ in firewall = { enable = true; - allowedUDPPorts = [wgGatewayPort 51413]; + allowedUDPPorts = [ + wgGatewayPort + 51413 + ]; allowedTCPPorts = [51413]; }; wireguard.interfaces.wg0 = { - ips = ["${wgGatewayAddr}/24" "${wgGatewayAddrV6}/64"]; + ips = [ + "${wgGatewayAddr}/24" + "${wgGatewayAddrV6}/64" + ]; listenPort = wgGatewayPort; privateKeyFile = "${wgGatewayPrivateKey}"; peers = [ { publicKey = builtins.readFile wgClientPublicKey; - allowedIPs = ["${wgClientAddr}/32" "${wgClientAddrV6}/128"]; + allowedIPs = [ + "${wgClientAddr}/32" + "${wgClientAddrV6}/128" + ]; } ]; };