From b4b30f6c78c23e7fadfbf512b764f6b4d3d3c0b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexandra=20=C3=98stermark?= Date: Sun, 14 Dec 2025 16:03:20 +0100 Subject: [PATCH 1/2] flake update --- flake.lock | 14 ++-- flake.nix | 221 +++++++++++++++++++++++++++++------------------------ 2 files changed, 127 insertions(+), 108 deletions(-) diff --git a/flake.lock b/flake.lock index 67c36fb..1349fbc 100644 --- a/flake.lock +++ b/flake.lock @@ -2,16 +2,16 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1761016216, - "narHash": "sha256-G/iC4t/9j/52i/nm+0/4ybBmAF4hzR8CNHC75qEhjHo=", + "lastModified": 1765608474, + "narHash": "sha256-9Wx53UK0z8Di5iesJID0tS1dRKwGxI4i7tsSanOHhF0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "481cf557888e05d3128a76f14c76397b7d7cc869", + "rev": "28bb483c11a1214a73f9fd2d9928a6e2ea86ec71", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-25.05", + "ref": "nixos-25.11", "repo": "nixpkgs", "type": "github" } @@ -25,11 +25,11 @@ }, "vpnconfinement": { "locked": { - "lastModified": 1759956062, - "narHash": "sha256-NUZu0Rb0fwUjfdp51zMm0xM3lcK8Kw4c97LLog7+JjA=", + "lastModified": 1765634578, + "narHash": "sha256-Fujb9sn1cj+u/bzfo2RbQkcAvJ7Ch1pimJzFie4ptb4=", "owner": "Maroka-chan", "repo": "VPN-Confinement", - "rev": "fabe7247b720b5eb4c3c053e24a2b3b70e64c52b", + "rev": "f2989e1e3cb06c7185939e9ddc368f88b998616a", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index bbb370c..55e835a 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "The Nixarr Media Server Nixos Module"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; vpnconfinement.url = "github:Maroka-chan/VPN-Confinement"; @@ -10,109 +10,128 @@ website-builder.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = { - nixpkgs, - vpnconfinement, - website-builder, - self, - ... - } @ inputs: let - # Systems supported - supportedSystems = [ - "x86_64-linux" # 64-bit Intel/AMD Linux - "aarch64-linux" # 64-bit ARM Linux - "x86_64-darwin" # 64-bit Intel macOS - "aarch64-darwin" # 64-bit ARM macOS - ]; + outputs = + { + nixpkgs, + vpnconfinement, + website-builder, + self, + ... + }@inputs: + let + # Systems supported + supportedSystems = [ + "x86_64-linux" # 64-bit Intel/AMD Linux + "aarch64-linux" # 64-bit ARM Linux + "x86_64-darwin" # 64-bit Intel macOS + "aarch64-darwin" # 64-bit ARM macOS + ]; - # Helper to provide system-specific attributes - forAllSystems = f: - nixpkgs.lib.genAttrs supportedSystems (system: - f { - pkgs = import nixpkgs { - inherit system; - config.allowUnfree = true; + # Helper to provide system-specific attributes + forAllSystems = + f: + nixpkgs.lib.genAttrs supportedSystems ( + system: + f { + pkgs = import nixpkgs { + inherit system; + config.allowUnfree = true; + }; + } + ); + in + { + nixosModules.default.imports = [ + ./nixarr + vpnconfinement.nixosModules.default + ]; + + # Add tests attribute to the flake outputs + # To run interactively run: + # > nix build .#checks.x86_64-linux.monitoring-test.driver -L + checks = forAllSystems ( + { pkgs }: + { + permissions-test = pkgs.callPackage ./tests/permissions-test.nix { + inherit (self) nixosModules; }; - }); - in { - nixosModules.default.imports = [./nixarr vpnconfinement.nixosModules.default]; + simple-test = pkgs.callPackage ./tests/simple-test.nix { + inherit (self) nixosModules; + }; + # vpn-confinement-test = pkgs.callPackage ./tests/vpn-confinement-test.nix { + # inherit (self) nixosModules; + # }; + } + ); - # Add tests attribute to the flake outputs - # To run interactively run: - # > nix build .#checks.x86_64-linux.monitoring-test.driver -L - checks = forAllSystems ({pkgs}: { - permissions-test = pkgs.callPackage ./tests/permissions-test.nix { - inherit (self) nixosModules; - }; - simple-test = pkgs.callPackage ./tests/simple-test.nix { - inherit (self) nixosModules; - }; - # vpn-confinement-test = pkgs.callPackage ./tests/vpn-confinement-test.nix { - # inherit (self) nixosModules; - # }; - }); + devShells = forAllSystems ( + { pkgs }: + { + default = pkgs.mkShell { + packages = with pkgs; [ + alejandra + nixd + ]; + }; + } + ); - devShells = forAllSystems ({pkgs}: { - default = pkgs.mkShell { - packages = with pkgs; [ - alejandra - nixd - ]; - }; - }); + packages = forAllSystems ( + { pkgs }: + let + website = website-builder.lib { + pkgs = pkgs; + src = "${self}"; + timestamp = self.lastModified; + headerTitle = "Nixarr"; + standalonePages = [ + { + title = "Nixarr - Media Server Nixos Module"; + inputFile = ./README.md; + outputFile = "index.html"; + } + ]; + includedDirs = [ "docs" ]; + articleDirs = [ "docs/wiki" ]; + navbar = [ + { + title = "Home"; + location = "/"; + } + { + title = "Options"; + location = "/nixos-options"; + } + { + title = "Wiki"; + location = "/wiki"; + } + { + title = "Github"; + location = "https://github.com/rasmus-kirk/nixarr"; + } + ]; + favicons = { + # For all browsers + "16x16" = "/docs/img/favicons/16x16.png"; + "32x32" = "/docs/img/favicons/32x32.png"; + # For Google and Android + "48x48" = "/docs/img/favicons/48x48.png"; + "192x192" = "/docs/img/favicons/192x192.png"; + # For iPad + "167x167" = "/docs/img/favicons/167x167.png"; + # For iPhone + "180x180" = "/docs/img/favicons/180x180.png"; + }; + nixosModules = ./nixarr; + }; + in + { + default = website.package; + debug = website.loop; + } + ); - packages = forAllSystems ({pkgs}: let - website = website-builder.lib { - pkgs = pkgs; - src = "${self}"; - timestamp = self.lastModified; - headerTitle = "Nixarr"; - standalonePages = [ - { - title = "Nixarr - Media Server Nixos Module"; - inputFile = ./README.md; - outputFile = "index.html"; - } - ]; - includedDirs = ["docs"]; - articleDirs = ["docs/wiki"]; - navbar = [ - { - title = "Home"; - location = "/"; - } - { - title = "Options"; - location = "/nixos-options"; - } - { - title = "Wiki"; - location = "/wiki"; - } - { - title = "Github"; - location = "https://github.com/rasmus-kirk/nixarr"; - } - ]; - favicons = { - # For all browsers - "16x16" = "/docs/img/favicons/16x16.png"; - "32x32" = "/docs/img/favicons/32x32.png"; - # For Google and Android - "48x48" = "/docs/img/favicons/48x48.png"; - "192x192" = "/docs/img/favicons/192x192.png"; - # For iPad - "167x167" = "/docs/img/favicons/167x167.png"; - # For iPhone - "180x180" = "/docs/img/favicons/180x180.png"; - }; - nixosModules = ./nixarr; - }; - in { - default = website.package; - debug = website.loop; - }); - - formatter = forAllSystems ({pkgs}: pkgs.alejandra); - }; + formatter = forAllSystems ({ pkgs }: pkgs.alejandra); + }; } From d6838844caf73d5750fe2f4a8dfcc86ed983ea44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexandra=20=C3=98stermark?= Date: Sun, 14 Dec 2025 16:46:46 +0100 Subject: [PATCH 2/2] fixed --- flake.nix | 218 ++++++++++++++++----------------- tests/permissions-test.nix | 2 +- tests/simple-test.nix | 2 +- tests/vpn-confinement-test.nix | 59 ++++++--- 4 files changed, 148 insertions(+), 133 deletions(-) diff --git a/flake.nix b/flake.nix index 55e835a..90c404a 100644 --- a/flake.nix +++ b/flake.nix @@ -10,128 +10,120 @@ website-builder.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = - { - nixpkgs, - vpnconfinement, - website-builder, - self, - ... - }@inputs: - let - # Systems supported - supportedSystems = [ - "x86_64-linux" # 64-bit Intel/AMD Linux - "aarch64-linux" # 64-bit ARM Linux - "x86_64-darwin" # 64-bit Intel macOS - "aarch64-darwin" # 64-bit ARM macOS - ]; + outputs = { + nixpkgs, + vpnconfinement, + website-builder, + self, + ... + } @ inputs: let + # Systems supported + supportedSystems = [ + "x86_64-linux" # 64-bit Intel/AMD Linux + "aarch64-linux" # 64-bit ARM Linux + "x86_64-darwin" # 64-bit Intel macOS + "aarch64-darwin" # 64-bit ARM macOS + ]; - # Helper to provide system-specific attributes - forAllSystems = - f: - nixpkgs.lib.genAttrs supportedSystems ( - system: + # Helper to provide system-specific attributes + forAllSystems = f: + nixpkgs.lib.genAttrs supportedSystems ( + system: f { pkgs = import nixpkgs { inherit system; config.allowUnfree = true; }; } - ); - in - { - nixosModules.default.imports = [ - ./nixarr - vpnconfinement.nixosModules.default - ]; - - # Add tests attribute to the flake outputs - # To run interactively run: - # > nix build .#checks.x86_64-linux.monitoring-test.driver -L - checks = forAllSystems ( - { pkgs }: - { - permissions-test = pkgs.callPackage ./tests/permissions-test.nix { - inherit (self) nixosModules; - }; - simple-test = pkgs.callPackage ./tests/simple-test.nix { - inherit (self) nixosModules; - }; - # vpn-confinement-test = pkgs.callPackage ./tests/vpn-confinement-test.nix { - # inherit (self) nixosModules; - # }; - } ); + in { + nixosModules.default.imports = [ + ./nixarr + vpnconfinement.nixosModules.default + ]; - devShells = forAllSystems ( - { pkgs }: - { - default = pkgs.mkShell { - packages = with pkgs; [ - alejandra - nixd - ]; + # Add tests attribute to the flake outputs + # To run interactively run: + # > nix build .#checks.x86_64-linux.monitoring-test.driver -L + checks = forAllSystems ( + {pkgs}: { + permissions-test = pkgs.callPackage ./tests/permissions-test.nix { + inherit (self) nixosModules; + }; + simple-test = pkgs.callPackage ./tests/simple-test.nix { + inherit (self) nixosModules; + }; + # vpn-confinement-test = pkgs.callPackage ./tests/vpn-confinement-test.nix { + # inherit (self) nixosModules; + # }; + } + ); + + devShells = forAllSystems ( + {pkgs}: { + default = pkgs.mkShell { + packages = with pkgs; [ + alejandra + nixd + ]; + }; + } + ); + + packages = forAllSystems ( + {pkgs}: let + website = website-builder.lib { + pkgs = pkgs; + src = "${self}"; + timestamp = self.lastModified; + headerTitle = "Nixarr"; + standalonePages = [ + { + title = "Nixarr - Media Server Nixos Module"; + inputFile = ./README.md; + outputFile = "index.html"; + } + ]; + includedDirs = ["docs"]; + articleDirs = ["docs/wiki"]; + navbar = [ + { + title = "Home"; + location = "/"; + } + { + title = "Options"; + location = "/nixos-options"; + } + { + title = "Wiki"; + location = "/wiki"; + } + { + title = "Github"; + location = "https://github.com/rasmus-kirk/nixarr"; + } + ]; + favicons = { + # For all browsers + "16x16" = "/docs/img/favicons/16x16.png"; + "32x32" = "/docs/img/favicons/32x32.png"; + # For Google and Android + "48x48" = "/docs/img/favicons/48x48.png"; + "192x192" = "/docs/img/favicons/192x192.png"; + # For iPad + "167x167" = "/docs/img/favicons/167x167.png"; + # For iPhone + "180x180" = "/docs/img/favicons/180x180.png"; }; - } - ); + nixosModules = ./nixarr; + }; + in { + default = website.package; + debug = website.loop; + } + ); - packages = forAllSystems ( - { pkgs }: - let - website = website-builder.lib { - pkgs = pkgs; - src = "${self}"; - timestamp = self.lastModified; - headerTitle = "Nixarr"; - standalonePages = [ - { - title = "Nixarr - Media Server Nixos Module"; - inputFile = ./README.md; - outputFile = "index.html"; - } - ]; - includedDirs = [ "docs" ]; - articleDirs = [ "docs/wiki" ]; - navbar = [ - { - title = "Home"; - location = "/"; - } - { - title = "Options"; - location = "/nixos-options"; - } - { - title = "Wiki"; - location = "/wiki"; - } - { - title = "Github"; - location = "https://github.com/rasmus-kirk/nixarr"; - } - ]; - favicons = { - # For all browsers - "16x16" = "/docs/img/favicons/16x16.png"; - "32x32" = "/docs/img/favicons/32x32.png"; - # For Google and Android - "48x48" = "/docs/img/favicons/48x48.png"; - "192x192" = "/docs/img/favicons/192x192.png"; - # For iPad - "167x167" = "/docs/img/favicons/167x167.png"; - # For iPhone - "180x180" = "/docs/img/favicons/180x180.png"; - }; - nixosModules = ./nixarr; - }; - in - { - default = website.package; - debug = website.loop; - } - ); - - formatter = forAllSystems ({ pkgs }: pkgs.alejandra); - }; + formatter = forAllSystems ({pkgs}: pkgs.alejandra); + }; } diff --git a/tests/permissions-test.nix b/tests/permissions-test.nix index e5667e3..98a4e77 100644 --- a/tests/permissions-test.nix +++ b/tests/permissions-test.nix @@ -4,7 +4,7 @@ nixosModules, lib ? pkgs.lib, }: -pkgs.nixosTest { +pkgs.testers.nixosTest { name = "nixarr-permissions-test"; nodes.machine = { diff --git a/tests/simple-test.nix b/tests/simple-test.nix index 6dd7f73..b147fd8 100644 --- a/tests/simple-test.nix +++ b/tests/simple-test.nix @@ -3,7 +3,7 @@ nixosModules, lib ? pkgs.lib, }: -pkgs.nixosTest { +pkgs.testers.nixosTest { name = "simple-test"; nodes.machine = { diff --git a/tests/vpn-confinement-test.nix b/tests/vpn-confinement-test.nix index 3a3b7f6..32924c9 100644 --- a/tests/vpn-confinement-test.nix +++ b/tests/vpn-confinement-test.nix @@ -43,19 +43,27 @@ The test ensures that: wgGatewayPort = 51820; # Generate real WireGuard keys - wgGatewayPrivateKey = pkgs.runCommand "wg-gateway-private" {buildInputs = [pkgs.wireguard-tools];} '' - wg genkey > $out - ''; - wgGatewayPublicKey = pkgs.runCommand "wg-gateway-public" {buildInputs = [pkgs.wireguard-tools];} '' - cat ${wgGatewayPrivateKey} | wg pubkey > $out - ''; + wgGatewayPrivateKey = + pkgs.runCommand "wg-gateway-private" {buildInputs = [pkgs.wireguard-tools];} + '' + wg genkey > $out + ''; + wgGatewayPublicKey = + pkgs.runCommand "wg-gateway-public" {buildInputs = [pkgs.wireguard-tools];} + '' + cat ${wgGatewayPrivateKey} | wg pubkey > $out + ''; - wgClientPrivateKey = pkgs.runCommand "wg-client-private" {buildInputs = [pkgs.wireguard-tools];} '' - wg genkey > $out - ''; - wgClientPublicKey = pkgs.runCommand "wg-client-public" {buildInputs = [pkgs.wireguard-tools];} '' - cat ${wgClientPrivateKey} | wg pubkey > $out - ''; + wgClientPrivateKey = + pkgs.runCommand "wg-client-private" {buildInputs = [pkgs.wireguard-tools];} + '' + wg genkey > $out + ''; + wgClientPublicKey = + pkgs.runCommand "wg-client-public" {buildInputs = [pkgs.wireguard-tools];} + '' + cat ${wgClientPrivateKey} | wg pubkey > $out + ''; # Network configuration wgGatewayAddr = "10.100.0.1"; @@ -92,7 +100,7 @@ The test ensures that: PersistentKeepalive = 25 ''; in - pkgs.nixosTest { + pkgs.testers.nixosTest { name = "nixarr-vpn-confinement-test"; # Disable interactive mode to avoid hanging @@ -128,7 +136,10 @@ in "${internetClientIP}/24" "${internetClientIPv6}/64" ]; - gateway = ["${internetGatewayIP}" "${internetGatewayIPv6}"]; + gateway = [ + "${internetGatewayIP}" + "${internetGatewayIPv6}" + ]; routes = [ { Destination = "${wgSubnet}"; @@ -189,7 +200,10 @@ in pkgs, ... }: { - virtualisation.vlans = [1 2]; # VLAN 1 for LAN, VLAN 2 for Internet + virtualisation.vlans = [ + 1 + 2 + ]; # VLAN 1 for LAN, VLAN 2 for Internet networking = { interfaces.eth1 = { @@ -224,19 +238,28 @@ in firewall = { enable = true; - allowedUDPPorts = [wgGatewayPort 51413]; + allowedUDPPorts = [ + wgGatewayPort + 51413 + ]; allowedTCPPorts = [51413]; }; wireguard.interfaces.wg0 = { - ips = ["${wgGatewayAddr}/24" "${wgGatewayAddrV6}/64"]; + ips = [ + "${wgGatewayAddr}/24" + "${wgGatewayAddrV6}/64" + ]; listenPort = wgGatewayPort; privateKeyFile = "${wgGatewayPrivateKey}"; peers = [ { publicKey = builtins.readFile wgClientPublicKey; - allowedIPs = ["${wgClientAddr}/32" "${wgClientAddrV6}/128"]; + allowedIPs = [ + "${wgClientAddr}/32" + "${wgClientAddrV6}/128" + ]; } ]; };