diff --git a/CHANGELOG.md b/CHANGELOG.md index da55582..1a6972a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,3 +13,8 @@ Fixed: Updated: - Docs (stateDirs and mediaDir cannot be home!) - vpn submodule (adds firewall and DNS-leak killswitch) + +## 2024-03-14 + +Added: +- Reexported VPN-submodule, allowing users to run services, not supported by this module, through the VPN diff --git a/docs/img/logo-1.png b/docs/img/logo-1.png deleted file mode 100644 index fd1c161..0000000 Binary files a/docs/img/logo-1.png and /dev/null differ diff --git a/docs/img/logo-1.webp b/docs/img/logo-1.webp deleted file mode 100644 index d5a2853..0000000 Binary files a/docs/img/logo-1.webp and /dev/null differ diff --git a/docs/wiki/examples/example-2/index.md b/docs/wiki/examples/example-2/index.md index 95fd464..fa1a8a9 100644 --- a/docs/wiki/examples/example-2/index.md +++ b/docs/wiki/examples/example-2/index.md @@ -1,5 +1,5 @@ --- -title: Example Configuration where Port Forwarding is not an Option +title: Example Configuration Where Port Forwarding Is Not an Option --- An example where port forwarding is not an option. This is useful if, diff --git a/docs/wiki/index.md b/docs/wiki/index.md index 059a695..a837e9d 100644 --- a/docs/wiki/index.md +++ b/docs/wiki/index.md @@ -9,8 +9,9 @@ This is an index of existing articles: - **[Njalla](/wiki/ddns/njalla)** - **Examples** - **[Basic Example](/wiki/examples/example-1)** - - **[Example Configuration where Port Forwading is not an Option](/wiki/examples/example-2)** + - **[Example Configuration Where Port Forwarding Is Not an Option](/wiki/examples/example-2)** - **[Exposing Services Safely](/wiki/expose)** +- **[Running Services Not Covered by Nixarr Through a VPN](/wiki/vpn)** For learning how to setup the "*Arrs", once running, refer to the [servarr wiki](https://wiki.servarr.com/) diff --git a/docs/wiki/vpn/index.md b/docs/wiki/vpn/index.md new file mode 100644 index 0000000..5b8e15a --- /dev/null +++ b/docs/wiki/vpn/index.md @@ -0,0 +1,54 @@ +--- +title: Running Services Not Covered by Nixarr Through a VPN +--- + +Nixarr reexports its VPN-submodule, meaning you can run your own services +using it. As an example, let's say you want to run a Monero node +through a VPN, then you could use the following configuration: + +```nix {.numberLines} + # Open vpnports, must also be opened by VPN-provider + vpnnamespaces.wg = { + openVPNPorts = [ + { port = xmrP2PPort; protocol = "both"; } + { port = xmrRpcPort; protocol = "both"; } + ]; + }; + + # Force moneronode to VPN + systemd.services.monero.vpnconfinement = { + enable = true; + vpnnamespace = "wg"; # This must be "wg", that's what nixarr uses + }; + + services.monero = { + enable = true; + # Run as public node + extraConfig = '' + p2p-bind-ip=0.0.0.0 + p2p-bind-port=${builtins.toString xmrP2PPort} + + rpc-restricted-bind-ip=0.0.0.0 + rpc-restricted-bind-port=${builtins.toString xmrRpcPort} + + # Disable UPnP port mapping + no-igd=1 + + # Public-node + public-node=1 + + # ZMQ configuration + no-zmq=1 + + # Block known-malicious nodes from a DNSBL + enable-dns-blocklist=1 + ''; + }; +``` + +**Note:** that the submodule supports more namespaces than just one, but Nixarr +uses the name `wg`, so you should use that too. + +Services running over the VPN will have address `192.168.15.1` instead of +`127.0.0.1`. For more options and information on the VPN-submodule, check out +[the repo](https://github.com/Maroka-chan/VPN-Confinement) diff --git a/flake.nix b/flake.nix index 96dc433..d47fbe6 100644 --- a/flake.nix +++ b/flake.nix @@ -69,8 +69,9 @@ }; }; - packages = { + packages = rec { docs = pkgs.callPackage ./mkDocs.nix {inherit inputs;}; + default = docs; }; devshells.default = { diff --git a/mkDocs.nix b/mkDocs.nix index 345b20f..f03faa2 100644 --- a/mkDocs.nix +++ b/mkDocs.nix @@ -54,7 +54,9 @@ in } # Make home page + sed '1d' README.md > "$tmpdir/readme.md" pandoc \ + --metadata title="Nixarr - Media Server Nixos Module" \ --metadata date="$(date -u '+%Y-%m-%d - %H:%M:%S %Z')" \ --standalone \ --highlight-style docs/pandoc/gruvbox.theme \ @@ -64,7 +66,7 @@ in -V --mathjax \ -f markdown+smart \ -o $out/index.html \ - README.md + "$tmpdir/readme.md" # Make wiki pages find docs/wiki -type f -name "*.md" | while IFS= read -r file; do