add vpn options back
This commit is contained in:
Rohan Datar
@@ -7,6 +7,7 @@
|
||||
with lib; let
|
||||
cfg = config.nixarr.flaresolverr;
|
||||
nixarr = config.nixarr;
|
||||
defaultPort = 8191;
|
||||
in {
|
||||
options.nixarr.flaresolverr = {
|
||||
enable = mkOption {
|
||||
@@ -24,17 +25,29 @@ in {
|
||||
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 8191;
|
||||
default = defaultPort;
|
||||
example = 12345;
|
||||
description = "Flaresolverr port.";
|
||||
};
|
||||
|
||||
openFirewall = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
defaultText = literalExpression ''!nixarr.flaresolverr.vpn.enable'';
|
||||
default = !cfg.vpn.enable;
|
||||
example = true;
|
||||
description = "Open firewall for Flaresolverr";
|
||||
};
|
||||
|
||||
vpn.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
example = true;
|
||||
description = ''
|
||||
**Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable)
|
||||
|
||||
Route Jellyseerr traffic through the VPN.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
@@ -46,6 +59,13 @@ in {
|
||||
nixarr.enable option to be set, but it was not.
|
||||
'';
|
||||
}
|
||||
{
|
||||
assertion = cfg.vpn.enable -> nixarr.vpn.enable;
|
||||
message = ''
|
||||
The nixarr.flaresolverr.vpn.enable option requires the
|
||||
nixarr.vpn.enable option to be set, but it was not.
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
services.flaresolverr = {
|
||||
@@ -54,5 +74,43 @@ in {
|
||||
openFirewall = cfg.openFirewall;
|
||||
port = cfg.port;
|
||||
};
|
||||
|
||||
# Enable and specify VPN namespace to confine service in.
|
||||
systemd.services.flaresolverr.vpnConfinement = mkIf cfg.vpn.enable {
|
||||
enable = true;
|
||||
vpnNamespace = "wg";
|
||||
};
|
||||
|
||||
# Port mappings
|
||||
vpnNamespaces.wg = mkIf cfg.vpn.enable {
|
||||
portMappings = [
|
||||
{
|
||||
from = defaultPort;
|
||||
to = defaultPort;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
services.nginx = mkIf cfg.vpn.enable {
|
||||
enable = true;
|
||||
|
||||
recommendedTlsSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
|
||||
virtualHosts."127.0.0.1:${builtins.toString defaultPort}" = {
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = defaultPort;
|
||||
}
|
||||
];
|
||||
locations."/" = {
|
||||
recommendedProxySettings = true;
|
||||
proxyWebsockets = true;
|
||||
proxyPass = "http://192.168.15.1:${builtins.toString defaultPort}";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user