fujin/nixarr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added wiki page and cleaned up dirs and users

Browse Source
This commit is contained in:
rasmus-kirk
2024-08-06 11:12:46 +02:00
parent 8036fe35e9
commit 3b714a8e33
7 changed files with 108 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/wiki/index.md
+3 -1
View File
@@ -11,7 +11,9 @@ This is an index of existing articles:
- **[Basic Example](/wiki/examples/example-1)** - **[Basic Example](/wiki/examples/example-1)**
- **[Example Configuration Where Port Forwarding Is Not an Option](/wiki/examples/example-2)** - **[Example Configuration Where Port Forwarding Is Not an Option](/wiki/examples/example-2)**
- **[Exposing Services Safely](/wiki/expose)** - **[Exposing Services Safely](/wiki/expose)**
- **[Running Services Not Covered by Nixarr Through a VPN](/wiki/vpn)** - **VPN**
- **[Running Services Not Covered by Nixarr Through a VPN](/docs/wiki/vpn/uncovered-services)**
- **[Opening Ports](/docs/wiki/vpn/ports/index.md)**
For learning how to setup the "*Arrs", once running, refer to the [servarr For learning how to setup the "*Arrs", once running, refer to the [servarr
wiki](https://wiki.servarr.com/) wiki](https://wiki.servarr.com/)
docs/wiki/vpn/ports/index.md
+45
View File
@@ -0,0 +1,45 @@
---
title: Opening Ports
---
In order to open a port through a VPN you need to open a port with your VPN-provider.
> **Note:** Not all VPN-providers support this feature! Notably, Mullvad does not anymore!
> **Note:** The port present in the
> [nixarr.vpn.wgConf](https://nixarr.com/options.html#nixarr.vpn.wgconf),
> should not be used for any options!
## AirVPN
Go to the [ports page](https://airvpn.org/ports/) at AirVPN's website open
a port. After opening it should look like this:
![An open port on AirVPN, the port number that should be used in Nixarr is 12345.](./airvpn.png)
Then you can set that port for a service, for example
```nix {.numberLines}
nixarr.transmission = {
enable = true;
vpn.enable = true;
peerPort = 12345;
};
```
## Debugging Ports
You can debug an open port using the
`[vpnTestService](https://nixarr.com/options.html#nixarr.vpn.vpntestservice.enable)`.
If the DNS and IP checks out, it will
open a `netcat` instance on the port specified in
`[vpnTestService.port](https://nixarr.com/options.html#nixarr.vpn.vpntestservice.port)`.
You can then run:
```sh
nc <public VPN ip> <specified port>
```
Where the "_public VPN ip_" is the one shown in the `vpnTestService` logs as
your ip. Upon succesful connection type messages that _should_ show up in the
`vpnTestService` logs.
docs/wiki/vpn/index.md → docs/wiki/vpn/uncovered-services/index.md
View File
nixarr/jellyfin/default.nix
+15
View File
@@ -200,8 +200,23 @@ in
} }
]; ];
users = {
groups.streamer = {};
users.streamer = {
isSystemUser = true;
group = "streamer";
};
};
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' 0700 streamer root - -" "d '${cfg.stateDir}' 0700 streamer root - -"
# Media Dirs
"d '${cfg.mediaDir}/library' 0775 streamer media - -"
"d '${cfg.mediaDir}/library/shows' 0775 streamer media - -"
"d '${cfg.mediaDir}/library/movies' 0775 streamer media - -"
"d '${cfg.mediaDir}/library/music' 0775 streamer media - -"
"d '${cfg.mediaDir}/library/books' 0775 streamer media - -"
]; ];
# Always prioritise Jellyfin IO # Always prioritise Jellyfin IO
nixarr/nixarr.nix
+6 -49
View File
@@ -26,17 +26,17 @@ with lib; let
exit exit
fi fi
chown -R torrenter:media "${cfg.mediaDir}/torrents"
chown -R usenet:media "${cfg.mediaDir}/usenet"
chown -R streamer:media "${cfg.mediaDir}/library"
find "${cfg.mediaDir}" \( -type d -exec chmod 0775 {} + -true \) -o \( -exec chmod 0664 {} + \) find "${cfg.mediaDir}" \( -type d -exec chmod 0775 {} + -true \) -o \( -exec chmod 0664 {} + \)
'' + strings.optionalString cfg.jellyfin.enable '' '' + strings.optionalString cfg.jellyfin.enable ''
chown -R streamer:media "${cfg.mediaDir}/library"
chown -R streamer:root "${cfg.jellyfin.stateDir}" chown -R streamer:root "${cfg.jellyfin.stateDir}"
find "${cfg.jellyfin.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \) find "${cfg.jellyfin.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \)
'' + strings.optionalString cfg.transmission.enable '' '' + strings.optionalString cfg.transmission.enable ''
chown -R torrenter:media "${cfg.mediaDir}/torrents"
chown -R torrenter:cross-seed "${cfg.transmission.stateDir}" chown -R torrenter:cross-seed "${cfg.transmission.stateDir}"
find "${cfg.transmission.stateDir}" \( -type d -exec chmod 0750 {} + -true \) -o \( -exec chmod 0640 {} + \) find "${cfg.transmission.stateDir}" \( -type d -exec chmod 0750 {} + -true \) -o \( -exec chmod 0640 {} + \)
'' + strings.optionalString cfg.sabnzbd.enable '' '' + strings.optionalString cfg.sabnzbd.enable ''
chown -R usenet:media "${cfg.mediaDir}/usenet"
chown -R usenet:root "${cfg.sabnzbd.stateDir}" chown -R usenet:root "${cfg.sabnzbd.stateDir}"
find "${cfg.sabnzbd.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \) find "${cfg.sabnzbd.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \)
'' + strings.optionalString cfg.transmission.privateTrackers.cross-seed.enable '' '' + strings.optionalString cfg.transmission.privateTrackers.cross-seed.enable ''
@@ -233,53 +233,10 @@ in {
} }
]; ];
users.groups = { users.groups.media.members = cfg.mediaUsers;
media.members = cfg.mediaUsers;
streamer = {};
torrenter = {};
usenet = {};
};
users.users = {
streamer = {
isSystemUser = true;
group = "streamer";
};
torrenter = {
isSystemUser = true;
group = "torrenter";
};
usenet = {
isSystemUser = true;
group = "usenet";
};
};
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
# Media dirs "d '${cfg.mediaDir}' 0775 root media - -"
"d '${cfg.mediaDir}' 0775 root media - -"
"d '${cfg.mediaDir}/library' 0775 streamer media - -"
"d '${cfg.mediaDir}/library/shows' 0775 streamer media - -"
"d '${cfg.mediaDir}/library/movies' 0775 streamer media - -"
"d '${cfg.mediaDir}/library/music' 0775 streamer media - -"
"d '${cfg.mediaDir}/library/books' 0775 streamer media - -"
"d '${cfg.mediaDir}/torrents' 0755 torrenter media - -"
"d '${cfg.mediaDir}/torrents/.incomplete' 0755 torrenter media - -"
"d '${cfg.mediaDir}/torrents/.watch' 0755 torrenter media - -"
"d '${cfg.mediaDir}/torrents/manual' 0755 torrenter media - -"
"d '${cfg.mediaDir}/torrents/lidarr' 0755 torrenter media - -"
"d '${cfg.mediaDir}/torrents/radarr' 0755 torrenter media - -"
"d '${cfg.mediaDir}/torrents/sonarr' 0755 torrenter media - -"
"d '${cfg.mediaDir}/torrents/readarr' 0755 torrenter media - -"
] ++ lists.optionals cfg.sabnzbd.enable [
# only create usenet dirs if sabnzbd is enabled
"d '${cfg.mediaDir}/usenet' 0755 usenet media - -"
"d '${cfg.mediaDir}/usenet/.incomplete' 0755 usenet media - -"
"d '${cfg.mediaDir}/usenet/.watch' 0755 usenet media - -"
"d '${cfg.mediaDir}/usenet/manual' 0775 usenet media - -"
"d '${cfg.mediaDir}/usenet/liadarr' 0775 usenet media - -"
"d '${cfg.mediaDir}/usenet/radarr' 0775 usenet media - -"
"d '${cfg.mediaDir}/usenet/sonarr' 0775 usenet media - -"
"d '${cfg.mediaDir}/usenet/readarr' 0775 usenet media - -"
]; ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@@ -290,7 +247,7 @@ in {
vpnnamespaces.wg = mkIf cfg.vpn.enable { vpnnamespaces.wg = mkIf cfg.vpn.enable {
enable = true; enable = true;
openVPNPorts = optional cfg.vpn.vpnTestService.enable { openVPNPorts = optional cfg.vpn.vpnTestService.port != null {
port = cfg.vpn.vpnTestService.port; port = cfg.vpn.vpnTestService.port;
protocol = "tcp"; protocol = "tcp";
}; };
nixarr/sabnzbd/default.nix
+18
View File
@@ -168,9 +168,27 @@ in {
sab_config_map.write() sab_config_map.write()
''; '';
in mkIf cfg.enable { in mkIf cfg.enable {
users = {
groups.usenet = {};
users.usenet = {
isSystemUser = true;
group = "usenet";
};
};
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' 0700 usenet root - -" "d '${cfg.stateDir}' 0700 usenet root - -"
"C ${cfg.stateDir}/sabnzbd.ini - - - - ${ini-base-config-file}" "C ${cfg.stateDir}/sabnzbd.ini - - - - ${ini-base-config-file}"
# Media dirs
"d '${cfg.mediaDir}/usenet' 0755 usenet media - -"
"d '${cfg.mediaDir}/usenet/.incomplete' 0755 usenet media - -"
"d '${cfg.mediaDir}/usenet/.watch' 0755 usenet media - -"
"d '${cfg.mediaDir}/usenet/manual' 0775 usenet media - -"
"d '${cfg.mediaDir}/usenet/liadarr' 0775 usenet media - -"
"d '${cfg.mediaDir}/usenet/radarr' 0775 usenet media - -"
"d '${cfg.mediaDir}/usenet/sonarr' 0775 usenet media - -"
"d '${cfg.mediaDir}/usenet/readarr' 0775 usenet media - -"
]; ];
services.sabnzbd = { services.sabnzbd = {
nixarr/transmission/default.nix
+21 -2
View File
@@ -290,14 +290,33 @@ in {
} }
]; ];
users = {
groups = {
torrenter = {};
cross-seed = {};
};
users.torrenter = {
isSystemUser = true;
group = "torrenter";
};
};
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' 0750 torrenter cross-seed - -" "d '${cfg.stateDir}' 0750 torrenter cross-seed - -"
# This is fixes a bug in nixpks (https://github.com/NixOS/nixpkgs/issues/291883) # This is fixes a bug in nixpks (https://github.com/NixOS/nixpkgs/issues/291883)
"d '${cfg.stateDir}/.config' 0750 torrenter cross-seed - -" "d '${cfg.stateDir}/.config' 0750 torrenter cross-seed - -"
"d '${cfg.stateDir}/.config/transmission-daemon' 0750 torrenter cross-seed - -" "d '${cfg.stateDir}/.config/transmission-daemon' 0750 torrenter cross-seed - -"
];
users.groups.cross-seed = {}; # Media Dirs
"d '${cfg.mediaDir}/torrents' 0755 torrenter media - -"
"d '${cfg.mediaDir}/torrents/.incomplete' 0755 torrenter media - -"
"d '${cfg.mediaDir}/torrents/.watch' 0755 torrenter media - -"
"d '${cfg.mediaDir}/torrents/manual' 0755 torrenter media - -"
"d '${cfg.mediaDir}/torrents/lidarr' 0755 torrenter media - -"
"d '${cfg.mediaDir}/torrents/radarr' 0755 torrenter media - -"
"d '${cfg.mediaDir}/torrents/sonarr' 0755 torrenter media - -"
"d '${cfg.mediaDir}/torrents/readarr' 0755 torrenter media - -"
];
util-nixarr.services.cross-seed = mkIf cfg-cross-seed.enable { util-nixarr.services.cross-seed = mkIf cfg-cross-seed.enable {
enable = true; enable = true;