fujin/nixarr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updated assertions

Browse Source
This commit is contained in:
rasmus-kirk
2024-02-28 07:18:12 +01:00
parent 4dc515d395
commit 7da46a110d
9 changed files with 44 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nixarr/default.nix
+3 -2
View File
@@ -12,6 +12,7 @@ in {
./lidarr ./lidarr
./readarr ./readarr
./sonarr ./sonarr
./openssh
./prowlarr ./prowlarr
./transmission ./transmission
../util ../util
@@ -139,7 +140,7 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [ assertions = [
{ {
assertion = cfg.vpn.enable && (cfg.vpn.wgConf == null); assertion = cfg.vpn.enable -> cfg.vpn.wgConf != null;
message = '' message = ''
The nixarr.vpn.enable option requires the nixarr.vpn.wgConf option The nixarr.vpn.enable option requires the nixarr.vpn.wgConf option
to be set, but it was not. to be set, but it was not.
@@ -221,7 +222,7 @@ in {
]; ];
dnsServers = cfg.vpn.dnsServers; dnsServers = cfg.vpn.dnsServers;
wireguardAddressPath = cfg.vpn.wgAddress; wireguardAddressPath = cfg.vpn.wgAddress;
wireguardConfigFile = cfg.vpn.wgConf; wireguardConfigFile = if cfg.vpn.wgConf != null then cfg.vpn.wgConf else "";
vpnTestService = { vpnTestService = {
enable = cfg.vpn.vpnTestService.enable; enable = cfg.vpn.vpnTestService.enable;
port = cfg.vpn.vpnTestService.port; port = cfg.vpn.vpnTestService.port;
nixarr/jellyfin/default.nix
+3 -3
View File
@@ -110,7 +110,7 @@ in with lib; {
{ {
assertions = [ assertions = [
{ {
assertion = cfg.vpn.enable && !nixarr.vpn.enable; assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = '' message = ''
The nixarr.jellyfin.vpn.enable option requires the The nixarr.jellyfin.vpn.enable option requires the
nixarr.vpn.enable option to be set, but it was not. nixarr.vpn.enable option to be set, but it was not.
@@ -138,7 +138,7 @@ in with lib; {
} }
{ {
assertion = cfg.expose.vpn.enable -> ( assertion = cfg.expose.vpn.enable -> (
!cfg.vpn.enable && cfg.vpn.enable &&
(cfg.expose.vpn.port != null) && (cfg.expose.vpn.port != null) &&
(cfg.expose.vpn.accessibleFrom != null) (cfg.expose.vpn.accessibleFrom != null)
); );
@@ -211,7 +211,7 @@ in with lib; {
}; };
}) })
(mkIf cfg.expose.vpn.enable { (mkIf cfg.expose.vpn.enable {
virtualHosts."${cfg.expose.vpn.accessibleFrom}:${builtins.toString cfg.expose.vpn.port}" = { virtualHosts."${builtins.toString cfg.expose.vpn.accessibleFrom}:${builtins.toString cfg.expose.vpn.port}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
nixarr/lidarr/default.nix
+1 -1
View File
@@ -31,7 +31,7 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [ assertions = [
{ {
assertion = cfg.vpn.enable && !nixarr.vpn.enable; assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = '' message = ''
The nixarr.lidarr.vpn.enable option requires the The nixarr.lidarr.vpn.enable option requires the
nixarr.vpn.enable option to be set, but it was not. nixarr.vpn.enable option to be set, but it was not.
nixarr/openssh/default.nix
+32 -5
View File
@@ -1,4 +1,3 @@
# TODO: Dir creation and file permissions in nix
{ {
config, config,
lib, lib,
@@ -6,8 +5,9 @@
}: }:
with lib; let with lib; let
cfg = config.nixarr.openssh; cfg = config.nixarr.openssh;
nixarr = config.nixarr;
in { in {
options.nixarr.openssh.vpn.enable = { options.nixarr.openssh.vpn.enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = ''
@@ -27,16 +27,20 @@ in {
}; };
users.extraUsers.username.openssh.authorizedKeys.keyFiles = [ users.extraUsers.username.openssh.authorizedKeys.keyFiles = [
./path/to/public/key/machine.pub} ./path/to/public/key/machine.pub
]; ];
Then replace username with your username and the keyFiles path
to a ssh public key file from the machine that you want to have
access. Don't use password authentication as it is insecure!
``` ```
''; '';
}; };
config = mkIf (cfg.vpn.enable && config.services.openssh.enable) { config = mkIf cfg.vpn.enable {
assertions = [ assertions = [
{ {
assertion = cfg.vpn.enable && !nixarr.vpn.enable; assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = '' message = ''
The nixarr.openssh.vpn.enable option requires the The nixarr.openssh.vpn.enable option requires the
nixarr.vpn.enable option to be set, but it was not. nixarr.vpn.enable option to be set, but it was not.
@@ -44,6 +48,29 @@ in {
} }
]; ];
warnings = if config.services.openssh.enable then [
''
nixarr.openssh.vpn.enable is set, but openssh is not enabled on your
system, so the openssh server is not running. This is probably not
what you wanted. You can add the following lines to enable it:
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
# Get this port from your VPN provider
ports [ 12345 ];
};
users.extraUsers.username.openssh.authorizedKeys.keyFiles = [
./path/to/public/key/machine.pub
];
Then replace username with your username and the keyFiles path
to a ssh public key file from the machine that you want to have
access. Don't use password authentication as it is insecure!
''
] else [];
util-nixarr.vpnnamespace = { util-nixarr.vpnnamespace = {
portMappings = builtins.map (x: { From = x; To = x; }) config.services.openssh.ports; portMappings = builtins.map (x: { From = x; To = x; }) config.services.openssh.ports;
openUdpPorts = config.services.openssh.ports; openUdpPorts = config.services.openssh.ports;
nixarr/prowlarr/default.nix
+1 -1
View File
@@ -37,7 +37,7 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [ assertions = [
{ {
assertion = cfg.vpn.enable && !nixarr.vpn.enable; assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = '' message = ''
The nixarr.prowlarr.vpn.enable option requires the The nixarr.prowlarr.vpn.enable option requires the
nixarr.vpn.enable option to be set, but it was not. nixarr.vpn.enable option to be set, but it was not.
nixarr/radarr/default.nix
+1 -1
View File
@@ -33,7 +33,7 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [ assertions = [
{ {
assertion = cfg.vpn.enable && !nixarr.vpn.enable; assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = '' message = ''
The nixarr.radarr.vpn.enable option requires the The nixarr.radarr.vpn.enable option requires the
nixarr.vpn.enable option to be set, but it was not. nixarr.vpn.enable option to be set, but it was not.
nixarr/readarr/default.nix
+1 -1
View File
@@ -31,7 +31,7 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [ assertions = [
{ {
assertion = cfg.vpn.enable && !nixarr.vpn.enable; assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = '' message = ''
The nixarr.readarr.vpn.enable option requires the The nixarr.readarr.vpn.enable option requires the
nixarr.vpn.enable option to be set, but it was not. nixarr.vpn.enable option to be set, but it was not.
nixarr/sonarr/default.nix
+1 -1
View File
@@ -37,7 +37,7 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [ assertions = [
{ {
assertion = cfg.vpn.enable && !nixarr.vpn.enable; assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = '' message = ''
The nixarr.sonarr.vpn.enable option requires the The nixarr.sonarr.vpn.enable option requires the
nixarr.vpn.enable option to be set, but it was not. nixarr.vpn.enable option to be set, but it was not.
nixarr/transmission/default.nix
+1 -1
View File
@@ -97,7 +97,7 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [ assertions = [
{ {
assertion = cfg.vpn.enable && !nixarr.vpn.enable; assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = '' message = ''
The nixarr.transmission.vpn.enable option requires the The nixarr.transmission.vpn.enable option requires the
nixarr.vpn.enable option to be set, but it was not. nixarr.vpn.enable option to be set, but it was not.