Added wiki page and cleaned up dirs and users

2024-08-06 11:12:46 +02:00
parent 8036fe35e9
commit 3b714a8e33
7 changed files with 108 additions and 52 deletions
@@ -11,7 +11,9 @@ This is an index of existing articles:
  - **[Basic Example](/wiki/examples/example-1)**
  - **[Example Configuration Where Port Forwarding Is Not an Option](/wiki/examples/example-2)**
 - **[Exposing Services Safely](/wiki/expose)**
- **[Running Services Not Covered by Nixarr Through a VPN](/wiki/vpn)**
+- **VPN**
+  - **[Running Services Not Covered by Nixarr Through a VPN](/docs/wiki/vpn/uncovered-services)**
+  - **[Opening Ports](/docs/wiki/vpn/ports/index.md)**

 For learning how to setup the "*Arrs", once running, refer to the [servarr
 wiki](https://wiki.servarr.com/)
@@ -0,0 +1,45 @@
+---
+title: Opening Ports
+---
+
+In order to open a port through a VPN you need to open a port with your VPN-provider.
+
+> **Note:** Not all VPN-providers support this feature! Notably, Mullvad does not anymore!
+
+> **Note:** The port present in the
+>   [nixarr.vpn.wgConf](https://nixarr.com/options.html#nixarr.vpn.wgconf),
+>   should not be used for any options!
+
+## AirVPN
+
+Go to the [ports page](https://airvpn.org/ports/) at AirVPN's website open
+a port. After opening it should look like this:
+
+![An open port on AirVPN, the port number that should be used in Nixarr is 12345.](./airvpn.png)
+
+Then you can set that port for a service, for example
+
+```nix {.numberLines}
+  nixarr.transmission = {
+    enable = true;
+    vpn.enable = true;
+    peerPort = 12345;
+  };
+```
+
+## Debugging Ports
+
+You can debug an open port using the
+`[vpnTestService](https://nixarr.com/options.html#nixarr.vpn.vpntestservice.enable)`.
+If the DNS and IP checks out, it will
+open a `netcat` instance on the port specified in
+`[vpnTestService.port](https://nixarr.com/options.html#nixarr.vpn.vpntestservice.port)`.
+You can then run:
+
+```sh
+  nc <public VPN ip> <specified port>
+```
+
+Where the "_public VPN ip_" is the one shown in the `vpnTestService` logs as
+your ip. Upon succesful connection type messages that _should_ show up in the
+`vpnTestService` logs.
@@ -200,8 +200,23 @@ in
          }
        ];

+        users = {
+          groups.streamer = {};
+          users.streamer = {
+            isSystemUser = true;
+            group = "streamer";
+          };
+        };
+
        systemd.tmpfiles.rules = [
          "d '${cfg.stateDir}' 0700 streamer root - -"
+
+          # Media Dirs
+          "d '${cfg.mediaDir}/library'              0775 streamer  media - -"
+          "d '${cfg.mediaDir}/library/shows'        0775 streamer  media - -"
+          "d '${cfg.mediaDir}/library/movies'       0775 streamer  media - -"
+          "d '${cfg.mediaDir}/library/music'        0775 streamer  media - -"
+          "d '${cfg.mediaDir}/library/books'        0775 streamer  media - -"
        ];

        # Always prioritise Jellyfin IO
@@ -26,17 +26,17 @@ with lib; let
        exit
      fi

-      chown -R torrenter:media "${cfg.mediaDir}/torrents"
-      chown -R usenet:media "${cfg.mediaDir}/usenet"
-      chown -R streamer:media "${cfg.mediaDir}/library"
      find "${cfg.mediaDir}" \( -type d -exec chmod 0775 {} + -true \) -o \( -exec chmod 0664 {} + \)
    '' + strings.optionalString cfg.jellyfin.enable ''
+      chown -R streamer:media "${cfg.mediaDir}/library"
      chown -R streamer:root "${cfg.jellyfin.stateDir}"
      find "${cfg.jellyfin.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \)
    '' + strings.optionalString cfg.transmission.enable ''
+      chown -R torrenter:media "${cfg.mediaDir}/torrents"
      chown -R torrenter:cross-seed "${cfg.transmission.stateDir}"
      find "${cfg.transmission.stateDir}" \( -type d -exec chmod 0750 {} + -true \) -o \( -exec chmod 0640 {} + \)
    '' + strings.optionalString cfg.sabnzbd.enable ''
+      chown -R usenet:media "${cfg.mediaDir}/usenet"
      chown -R usenet:root "${cfg.sabnzbd.stateDir}"
      find "${cfg.sabnzbd.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \)
    '' + strings.optionalString cfg.transmission.privateTrackers.cross-seed.enable ''
@@ -233,53 +233,10 @@ in {
      }
    ];

-    users.groups = {
-      media.members = cfg.mediaUsers;
-      streamer = {};
-      torrenter = {};
-      usenet = {};
-    };
-    users.users = {
-      streamer = {
-        isSystemUser = true;
-        group = "streamer";
-      };
-      torrenter = {
-        isSystemUser = true;
-        group = "torrenter";
-      };
-      usenet = {
-        isSystemUser = true;
-        group = "usenet";
-      };
-    };
+    users.groups.media.members = cfg.mediaUsers;

    systemd.tmpfiles.rules = [
-      # Media dirs
-      "d '${cfg.mediaDir}'                      0775 root      media - -"
-      "d '${cfg.mediaDir}/library'              0775 streamer  media - -"
-      "d '${cfg.mediaDir}/library/shows'        0775 streamer  media - -"
-      "d '${cfg.mediaDir}/library/movies'       0775 streamer  media - -"
-      "d '${cfg.mediaDir}/library/music'        0775 streamer  media - -"
-      "d '${cfg.mediaDir}/library/books'        0775 streamer  media - -"
-      "d '${cfg.mediaDir}/torrents'             0755 torrenter media - -"
-      "d '${cfg.mediaDir}/torrents/.incomplete' 0755 torrenter media - -"
-      "d '${cfg.mediaDir}/torrents/.watch'      0755 torrenter media - -"
-      "d '${cfg.mediaDir}/torrents/manual'      0755 torrenter media - -"
-      "d '${cfg.mediaDir}/torrents/lidarr'      0755 torrenter media - -"
-      "d '${cfg.mediaDir}/torrents/radarr'      0755 torrenter media - -"
-      "d '${cfg.mediaDir}/torrents/sonarr'      0755 torrenter media - -"
-      "d '${cfg.mediaDir}/torrents/readarr'     0755 torrenter media - -"
-    ] ++ lists.optionals cfg.sabnzbd.enable [
-      # only create usenet dirs if sabnzbd is enabled
-      "d '${cfg.mediaDir}/usenet'             0755 usenet media - -"
-      "d '${cfg.mediaDir}/usenet/.incomplete' 0755 usenet media - -"
-      "d '${cfg.mediaDir}/usenet/.watch'      0755 usenet media - -"
-      "d '${cfg.mediaDir}/usenet/manual'      0775 usenet media - -"
-      "d '${cfg.mediaDir}/usenet/liadarr'     0775 usenet media - -"
-      "d '${cfg.mediaDir}/usenet/radarr'      0775 usenet media - -"
-      "d '${cfg.mediaDir}/usenet/sonarr'      0775 usenet media - -"
-      "d '${cfg.mediaDir}/usenet/readarr'     0775 usenet media - -"
+      "d '${cfg.mediaDir}'  0775 root media - -"
    ];

    environment.systemPackages = with pkgs; [
@@ -290,7 +247,7 @@ in {

    vpnnamespaces.wg = mkIf cfg.vpn.enable {
      enable = true;
-      openVPNPorts = optional cfg.vpn.vpnTestService.enable {
+      openVPNPorts = optional cfg.vpn.vpnTestService.port != null {
        port = cfg.vpn.vpnTestService.port;
        protocol = "tcp";
      };
@@ -168,9 +168,27 @@ in {
        sab_config_map.write()
    '';
  in mkIf cfg.enable {
+    users = {
+      groups.usenet = {};
+      users.usenet = {
+        isSystemUser = true;
+        group = "usenet";
+      };
+    };
+
    systemd.tmpfiles.rules = [
      "d '${cfg.stateDir}' 0700 usenet root - -"
      "C ${cfg.stateDir}/sabnzbd.ini - - - - ${ini-base-config-file}"
+
+      # Media dirs
+      "d '${cfg.mediaDir}/usenet'             0755 usenet media - -"
+      "d '${cfg.mediaDir}/usenet/.incomplete' 0755 usenet media - -"
+      "d '${cfg.mediaDir}/usenet/.watch'      0755 usenet media - -"
+      "d '${cfg.mediaDir}/usenet/manual'      0775 usenet media - -"
+      "d '${cfg.mediaDir}/usenet/liadarr'     0775 usenet media - -"
+      "d '${cfg.mediaDir}/usenet/radarr'      0775 usenet media - -"
+      "d '${cfg.mediaDir}/usenet/sonarr'      0775 usenet media - -"
+      "d '${cfg.mediaDir}/usenet/readarr'     0775 usenet media - -"
    ];

    services.sabnzbd = {
@@ -290,14 +290,33 @@ in {
      }
    ];

+    users = {
+      groups = {
+        torrenter = {};
+        cross-seed = {};
+      };
+      users.torrenter = {
+        isSystemUser = true;
+        group = "torrenter";
+      };
+    };
+
    systemd.tmpfiles.rules = [
      "d '${cfg.stateDir}' 0750 torrenter cross-seed - -"
      # This is fixes a bug in nixpks (https://github.com/NixOS/nixpkgs/issues/291883)
      "d '${cfg.stateDir}/.config' 0750 torrenter cross-seed - -"
      "d '${cfg.stateDir}/.config/transmission-daemon' 0750 torrenter cross-seed - -"
-     ];

-    users.groups.cross-seed = {};
+      # Media Dirs
+      "d '${cfg.mediaDir}/torrents'             0755 torrenter media - -"
+      "d '${cfg.mediaDir}/torrents/.incomplete' 0755 torrenter media - -"
+      "d '${cfg.mediaDir}/torrents/.watch'      0755 torrenter media - -"
+      "d '${cfg.mediaDir}/torrents/manual'      0755 torrenter media - -"
+      "d '${cfg.mediaDir}/torrents/lidarr'      0755 torrenter media - -"
+      "d '${cfg.mediaDir}/torrents/radarr'      0755 torrenter media - -"
+      "d '${cfg.mediaDir}/torrents/sonarr'      0755 torrenter media - -"
+      "d '${cfg.mediaDir}/torrents/readarr'     0755 torrenter media - -"
+     ];

    util-nixarr.services.cross-seed = mkIf cfg-cross-seed.enable {
      enable = true;