diff --git a/nixarr/default.nix b/nixarr/default.nix index 2c1f419..8fec7af 100644 --- a/nixarr/default.nix +++ b/nixarr/default.nix @@ -73,6 +73,11 @@ with lib; let chown -R readarr:root "${cfg.readarr.stateDir}" find "${cfg.readarr.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \) ''; + + + strings.optionalString cfg.jellyseerr.enable '' + chown -R jellyseerr:root "${cfg.jellyseerr.stateDir}" + find "${cfg.jellyseerr.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \) + ''; }; in { imports = [ diff --git a/nixarr/flaresolverr/default.nix b/nixarr/flaresolverr/default.nix deleted file mode 100644 index 529aeb7..0000000 --- a/nixarr/flaresolverr/default.nix +++ /dev/null @@ -1,116 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixarr.flaresolverr; - nixarr = config.nixarr; - defaultPort = 8191; -in { - options.nixarr.flaresolverr = { - enable = mkOption { - type = types.bool; - default = false; - example = true; - description = '' - Whether or not to enable the Flaresolverr service. - - **Required options:** [`nixarr.enable`](#nixarr.enable) - ''; - }; - - package = mkPackageOption pkgs "flaresolverr" {}; - - port = mkOption { - type = types.port; - default = defaultPort; - example = 12345; - description = "Flaresolverr port."; - }; - - openFirewall = mkOption { - type = types.bool; - defaultText = literalExpression ''!nixarr.flaresolverr.vpn.enable''; - default = !cfg.vpn.enable; - example = true; - description = "Open firewall for Flaresolverr"; - }; - - vpn.enable = mkOption { - type = types.bool; - default = false; - example = true; - description = '' - **Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable) - - Route Jellyseerr traffic through the VPN. - ''; - }; - }; - - config = mkIf cfg.enable { - assertions = [ - { - assertion = cfg.enable -> nixarr.enable; - message = '' - The nixarr.flaresolverr.enable option requires the - nixarr.enable option to be set, but it was not. - ''; - } - { - assertion = cfg.vpn.enable -> nixarr.vpn.enable; - message = '' - The nixarr.flaresolverr.vpn.enable option requires the - nixarr.vpn.enable option to be set, but it was not. - ''; - } - ]; - - services.flaresolverr = { - enable = cfg.enable; - package = cfg.package; - openFirewall = cfg.openFirewall; - port = cfg.port; - }; - - # Enable and specify VPN namespace to confine service in. - systemd.services.flaresolverr.vpnConfinement = mkIf cfg.vpn.enable { - enable = true; - vpnNamespace = "wg"; - }; - - # Port mappings - vpnNamespaces.wg = mkIf cfg.vpn.enable { - portMappings = [ - { - from = defaultPort; - to = defaultPort; - } - ]; - }; - - services.nginx = mkIf cfg.vpn.enable { - enable = true; - - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - - virtualHosts."127.0.0.1:${builtins.toString defaultPort}" = { - listen = [ - { - addr = "0.0.0.0"; - port = defaultPort; - } - ]; - locations."/" = { - recommendedProxySettings = true; - proxyWebsockets = true; - proxyPass = "http://192.168.15.1:${builtins.toString defaultPort}"; - }; - }; - }; - }; -} diff --git a/nixarr/jellyseerr/default.nix b/nixarr/jellyseerr/default.nix index 337bdcf..d3c4dd6 100644 --- a/nixarr/jellyseerr/default.nix +++ b/nixarr/jellyseerr/default.nix @@ -23,6 +23,25 @@ in { package = mkPackageOption pkgs "jellyseerr" {}; + stateDir = mkOption { + type = types.path; + default = "${nixarr.stateDir}/jellyseerr"; + defaultText = literalExpression ''"''${nixarr.stateDir}/jellyseerr"''; + example = "/nixarr/.state/jellyseerr"; + description = '' + The location of the state directory for the Jellyseerr service. + + > **Warning:** Setting this to any path, where the subpath is not + > owned by root, will fail! For example: + > + > ```nix + > stateDir = /home/user/nixarr/.state/jellyseerr + > ``` + > + > Is not supported, because `/home/user` is owned by `user`. + ''; + }; + port = mkOption { type = types.port; default = defaultPort; @@ -73,6 +92,7 @@ in { package = cfg.package; openFirewall = cfg.openFirewall; port = cfg.port; + configDir = cfg.stateDir; }; # Enable and specify VPN namespace to confine service in.