updated docs

CHANGELOG.md

@@ -13,3 +13,8 @@ Fixed:
 Updated:
 - Docs (stateDirs and mediaDir cannot be home!)
 - vpn submodule (adds firewall and DNS-leak killswitch)
+
+## 2024-03-14
+
+Added:
+- Reexported VPN-submodule, allowing users to run services, not supported by this module, through the VPN

docs/wiki/examples/example-2/index.md

@@ -1,5 +1,5 @@
 ---
-title: Example Configuration where Port Forwarding is not an Option
+title: Example Configuration Where Port Forwarding Is Not an Option
 ---
 
 An example where port forwarding is not an option. This is useful if,

docs/wiki/index.md

@@ -9,8 +9,9 @@ This is an index of existing articles:
   - **[Njalla](/wiki/ddns/njalla)**
 - **Examples**
   - **[Basic Example](/wiki/examples/example-1)**
-  - **[Example Configuration where Port Forwading is not an Option](/wiki/examples/example-2)**
+  - **[Example Configuration Where Port Forwarding Is Not an Option](/wiki/examples/example-2)**
 - **[Exposing Services Safely](/wiki/expose)**
+- **[Running Services Not Covered by Nixarr Through a VPN](/wiki/vpn)**
 
 For learning how to setup the "*Arrs", once running, refer to the [servarr
 wiki](https://wiki.servarr.com/)

docs/wiki/vpn/index.md

@@ -0,0 +1,54 @@
+---
+title: Running Services Not Covered by Nixarr Through a VPN
+---
+
+Nixarr reexports its VPN-submodule, meaning you can run your own services
+using it. As an example, let's say you want to run a Monero node
+through a VPN, then you could use the following configuration:
+
+```nix {.numberLines}
+  # Open vpnports, must also be opened by VPN-provider
+  vpnnamespaces.wg = {
+    openVPNPorts = [ 
+      { port = xmrP2PPort; protocol = "both"; }
+      { port = xmrRpcPort; protocol = "both"; }
+    ];
+  };
+  
+  # Force moneronode to VPN
+  systemd.services.monero.vpnconfinement = {
+    enable = true;
+    vpnnamespace = "wg"; # This must be "wg", that's what nixarr uses
+  };
+
+  services.monero = {
+    enable = true;
+    # Run as public node
+    extraConfig = ''
+      p2p-bind-ip=0.0.0.0
+      p2p-bind-port=${builtins.toString xmrP2PPort}
+
+      rpc-restricted-bind-ip=0.0.0.0
+      rpc-restricted-bind-port=${builtins.toString xmrRpcPort}
+
+      # Disable UPnP port mapping
+      no-igd=1
+
+      # Public-node
+      public-node=1
+
+      # ZMQ configuration
+      no-zmq=1
+
+      # Block known-malicious nodes from a DNSBL
+      enable-dns-blocklist=1
+    '';
+  };
+```
+
+**Note:** that the submodule supports more namespaces than just one, but Nixarr
+uses the name `wg`, so you should use that too.
+
+Services running over the VPN will have address `192.168.15.1` instead of
+`127.0.0.1`. For more options and information on the VPN-submodule, check out
+[the repo](https://github.com/Maroka-chan/VPN-Confinement)

flake.nix

@@ -69,8 +69,9 @@
           };
         };
 
-        packages = {
+        packages = rec {
           docs = pkgs.callPackage ./mkDocs.nix {inherit inputs;};
+          default = docs;
         };
 
         devshells.default = {

mkDocs.nix

@@ -54,7 +54,9 @@ in
       }
 
       # Make home page
+      sed '1d' README.md > "$tmpdir/readme.md"
       pandoc \
+        --metadata title="Nixarr - Media Server Nixos Module" \
         --metadata date="$(date -u '+%Y-%m-%d - %H:%M:%S %Z')" \
         --standalone \
         --highlight-style docs/pandoc/gruvbox.theme \
@@ -64,7 +66,7 @@ in
         -V --mathjax \
         -f markdown+smart \
         -o $out/index.html \
-        README.md
+        "$tmpdir/readme.md"
 
       # Make wiki pages
       find docs/wiki -type f -name "*.md" | while IFS= read -r file; do