fujin/nixarr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated docs

Browse Source
This commit is contained in:
rasmus-kirk
2024-08-08 10:16:31 +02:00
parent dd769cce96
commit 7ef3d63f5c
17 changed files with 153 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+2 -2
View File
@@ -108,8 +108,8 @@ forwarding. I suggest [AirVpn](https://airvpn.org/), since they support
static port forwarding, support wg-quick configurations and accept Monero, static port forwarding, support wg-quick configurations and accept Monero,
but you can use whatever you want. but you can use whatever you want.
**Notice:** There is [an open](https://github.com/rasmus-kirk/nixarr/issues/27) > **Notice:** There is [an open](https://github.com/rasmus-kirk/nixarr/issues/27)
issue regarding the DNS servers of AirVPN. > issue regarding the DNS servers of AirVPN.
## Domain Registrars ## Domain Registrars
docs/wiki/examples/example-2/index.md
+1 -1
View File
@@ -11,7 +11,7 @@ example does the following:
outside your home network outside your home network
- Runs all the supported "*Arrs" - Runs all the supported "*Arrs"
**Warning:** This is largely untested ATM! > **Warning:** This is largely untested ATM!
```nix {.numberLines} ```nix {.numberLines}
nixarr = { nixarr = {
docs/wiki/expose/index.md
+1 -1
View File
@@ -37,7 +37,7 @@ up, of your server. This lets you access the services on `localhost:6001`
through `localhost:6007`. [Example 2](/wiki/examples/example-2) has an through `localhost:6007`. [Example 2](/wiki/examples/example-2) has an
example configuration for this. example configuration for this.
**Warning:** Disable password authentication if you use SSH, it's insecure! > **Warning:** Disable password authentication if you use SSH, it's insecure!
## Without Authentication ## Without Authentication
docs/wiki/secrets/index.md
+5 -5
View File
@@ -8,7 +8,7 @@ config in `/nix/store` somewhere (_Not good!_). The way to solve this is to
keep your secrets in files and pass these to nix. Below, I will present two keep your secrets in files and pass these to nix. Below, I will present two
ways of accomplishing this. ways of accomplishing this.
**Warning:** Do _not_ let secrets live in your configuration directory either! > **Warning:** Do _not_ let secrets live in your configuration directory either!
## The simple way ## The simple way
@@ -37,10 +37,10 @@ And set the accompanying Nixarr option:
}; };
``` ```
**Note:** This is "impure", meaning that since the file is not part of the nix > **Note:** This is "impure", meaning that since the file is not part of the nix
store, a nixos rollback will not restore a previous secret (not a big problem > store, a nixos rollback will not restore a previous secret (not a big problem
if the secrets are not changed often). This also means you have to rebuild Nixos > if the secrets are not changed often). This also means you have to rebuild Nixos
using the `--impure` flag set. > using the `--impure` flag set.
## Agenix - A Path to Purity ## Agenix - A Path to Purity
docs/wiki/vpn/uncovered-services/index.md
+2 -2
View File
@@ -46,8 +46,8 @@ through a VPN, then you could use the following configuration:
}; };
``` ```
**Note:** that the submodule supports more namespaces than just one, but Nixarr > **Note:** that the submodule supports more namespaces than just one, but Nixarr
uses the name `wg`, so you should use that too. > uses the name `wg`, so you should use that too.
Services running over the VPN will have address `192.168.15.1` instead of Services running over the VPN will have address `192.168.15.1` instead of
`127.0.0.1`. For more options and information on the VPN-submodule, check out `127.0.0.1`. For more options and information on the VPN-submodule, check out
nixarr/bazarr/default.nix
+8 -8
View File
@@ -31,14 +31,14 @@ in {
description = '' description = ''
The location of the state directory for the Bazarr service. The location of the state directory for the Bazarr service.
**Warning:** Setting this to any path, where the subpath is not > **Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example: > owned by root, will fail! For example:
>
```nix > ```nix
stateDir = /home/user/nixarr/.state/bazarr > stateDir = /home/user/nixarr/.state/bazarr
``` > ```
>
Is not supported, because `/home/user` is owned by `user`. > Is not supported, because `/home/user` is owned by `user`.
''; '';
}; };
nixarr/ddns/default.nix
+2 -2
View File
@@ -54,8 +54,8 @@ in {
the public ip of your VPN. Useful if you're running services the public ip of your VPN. Useful if you're running services
over VPN and want a domain that points to the corresponding ip. over VPN and want a domain that points to the corresponding ip.
**Note:** You can enable both this and the regular njalla DDNS > **Note:** You can enable both this and the regular njalla DDNS
service. > service.
''; '';
}; };
nixarr/jellyfin/default.nix
+12 -12
View File
@@ -28,14 +28,14 @@ in
description = '' description = ''
The location of the state directory for the Jellyfin service. The location of the state directory for the Jellyfin service.
**Warning:** Setting this to any path, where the subpath is not > **Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example: > owned by root, will fail! For example:
>
```nix > ```nix
stateDir = /home/user/nixarr/.state/jellyfin > stateDir = /home/user/nixarr/.state/jellyfin
``` > ```
>
Is not supported, because `/home/user` is owned by `user`. > Is not supported, because `/home/user` is owned by `user`.
''; '';
}; };
@@ -76,8 +76,8 @@ in
Expose the Jellyfin web service to the internet, allowing anyone to Expose the Jellyfin web service to the internet, allowing anyone to
access it. access it.
**Warning:** Do _not_ enable this without setting up Jellyfin > **Warning:** Do _not_ enable this without setting up Jellyfin
authentication through localhost first! > authentication through localhost first!
''; '';
}; };
@@ -117,8 +117,8 @@ in
Expose the Jellyfin web service to the internet with https support, Expose the Jellyfin web service to the internet with https support,
allowing anyone to access it. allowing anyone to access it.
**Warning:** Do _not_ enable this without setting up Jellyfin > **Warning:** Do _not_ enable this without setting up Jellyfin
authentication through localhost first! > authentication through localhost first!
''; '';
}; };
nixarr/lidarr/default.nix
+8 -8
View File
@@ -28,14 +28,14 @@ in {
description = '' description = ''
The location of the state directory for the Lidarr service. The location of the state directory for the Lidarr service.
**Warning:** Setting this to any path, where the subpath is not > **Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example: > owned by root, will fail! For example:
>
```nix > ```nix
stateDir = /home/user/nixarr/.state/lidarr > stateDir = /home/user/nixarr/.state/lidarr
``` > ```
>
Is not supported, because `/home/user` is owned by `user`. > Is not supported, because `/home/user` is owned by `user`.
''; '';
}; };
nixarr/nixarr.nix
+16 -16
View File
@@ -132,14 +132,14 @@ in {
description = '' description = ''
The location of the media directory for the services. The location of the media directory for the services.
**Warning:** Setting this to any path, where the subpath is not > **Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example: > owned by root, will fail! For example:
>
```nix > ```nix
mediaDir = /home/user/nixarr > mediaDir = /home/user/nixarr
``` > ```
>
Is not supported, because `/home/user` is owned by `user`. > Is not supported, because `/home/user` is owned by `user`.
''; '';
}; };
@@ -150,14 +150,14 @@ in {
description = '' description = ''
The location of the state directory for the services. The location of the state directory for the services.
**Warning:** Setting this to any path, where the subpath is not > **Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example: > owned by root, will fail! For example:
>
```nix > ```nix
stateDir = /home/user/nixarr/.state > stateDir = /home/user/nixarr/.state
``` > ```
>
Is not supported, because `/home/user` is owned by `user`. > Is not supported, because `/home/user` is owned by `user`.
''; '';
}; };
nixarr/openssh/default.nix
+22 -22
View File
@@ -18,29 +18,29 @@ in {
Run the openssh service through a vpn, exposing it to the internet. Run the openssh service through a vpn, exposing it to the internet.
**Warning:** This lets anyone on the internet connect through SSH, > **Warning:** This lets anyone on the internet connect through SSH,
make sure the SSH configuration is secure! Disallowing password > make sure the SSH configuration is secure! Disallowing password
authentication and only allowing SSH-keys is considered secure. > authentication and only allowing SSH-keys is considered secure.
**Note:** This option does _not_ enable the SSHD service you still > **Note:** This option does _not_ enable the SSHD service you still
need to setup sshd in your nixos configuration, fx: > need to setup sshd in your nixos configuration, fx:
>
```nix > ```nix
services.openssh = { > services.openssh = {
enable = true; > enable = true;
settings.PasswordAuthentication = false; > settings.PasswordAuthentication = false;
# Get this port from your VPN provider > # Get this port from your VPN provider
ports [ 12345 ]; > ports [ 12345 ];
}; > };
>
users.extraUsers.username.openssh.authorizedKeys.keyFiles = [ > users.extraUsers.username.openssh.authorizedKeys.keyFiles = [
./path/to/public/key/machine.pub > ./path/to/public/key/machine.pub
]; > ];
``` > ```
>
Then replace `username` with your username and the `keyFiles` path to a > Then replace `username` with your username and the `keyFiles` path to a
ssh public key file from the machine that you want to have access. Don't > ssh public key file from the machine that you want to have access. Don't
use password authentication as it is insecure! > use password authentication as it is insecure!
''; '';
}; };
nixarr/prowlarr/default.nix
+8 -8
View File
@@ -33,14 +33,14 @@ in {
description = '' description = ''
The location of the state directory for the Prowlarr service. The location of the state directory for the Prowlarr service.
**Warning:** Setting this to any path, where the subpath is not > **Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example: > owned by root, will fail! For example:
>
```nix > ```nix
stateDir = /home/user/nixarr/.state/prowlarr > stateDir = /home/user/nixarr/.state/prowlarr
``` > ```
>
Is not supported, because `/home/user` is owned by `user`. > Is not supported, because `/home/user` is owned by `user`.
''; '';
}; };
nixarr/radarr/default.nix
+8 -8
View File
@@ -29,14 +29,14 @@ in {
description = '' description = ''
The location of the state directory for the Radarr service. The location of the state directory for the Radarr service.
**Warning:** Setting this to any path, where the subpath is not > **Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example: > owned by root, will fail! For example:
>
```nix > ```nix
stateDir = /home/user/nixarr/.state/radarr > stateDir = /home/user/nixarr/.state/radarr
``` > ```
>
Is not supported, because `/home/user` is owned by `user`. > Is not supported, because `/home/user` is owned by `user`.
''; '';
}; };
nixarr/readarr/default.nix
+8 -8
View File
@@ -27,14 +27,14 @@ in {
description = '' description = ''
The location of the state directory for the Readarr service. The location of the state directory for the Readarr service.
**Warning:** Setting this to any path, where the subpath is not > **Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example: > owned by root, will fail! For example:
>
```nix > ```nix
stateDir = /home/user/nixarr/.state/readarr > stateDir = /home/user/nixarr/.state/readarr
``` > ```
>
Is not supported, because `/home/user` is owned by `user`. > Is not supported, because `/home/user` is owned by `user`.
''; '';
}; };
nixarr/sabnzbd/default.nix
+26 -24
View File
@@ -19,14 +19,14 @@ in {
description = '' description = ''
The location of the state directory for the SABnzbd service. The location of the state directory for the SABnzbd service.
**Warning:** Setting this to any path, where the subpath is not > **Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example: > owned by root, will fail! For example:
>
```nix > ```nix
stateDir = /home/user/nixarr/.state/sabnzbd > stateDir = /home/user/nixarr/.state/sabnzbd
``` > ```
>
Is not supported, because `/home/user` is owned by `user`. > Is not supported, because `/home/user` is owned by `user`.
''; '';
}; };
@@ -41,7 +41,7 @@ in {
openFirewall = mkOption { openFirewall = mkOption {
type = types.bool; type = types.bool;
defaultText = literalExpression ''!nixarr.SABnzbd.vpn.enable''; defaultText = literalExpression ''!nixarr.sabnzbd.vpn.enable'';
default = !cfg.vpn.enable; default = !cfg.vpn.enable;
example = true; example = true;
description = "Open firewall for SABnzbd"; description = "Open firewall for SABnzbd";
@@ -50,29 +50,31 @@ in {
whitelistHostnames = mkOption { whitelistHostnames = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [config.networking.hostName]; default = [config.networking.hostName];
defaultText = "[ config.networking.hostName ]"; defaultText = literalExpression ''[ config.networking.hostName ]'';
example = ''[ "mediaserv" "media.example.com" ]''; example = literalExpression ''[ "mediaserv" "media.example.com" ]'';
description = '' description = ''
A list that specifies what URLs that are allowed to represent your A list that specifies what URLs that are allowed to represent your
SABnzbd instance. If you see an error message like this when SABnzbd instance.
trying to connect to SABnzbd from another device...
> **Note:** If you see an error message like this when trying to connect to
``` > SABnzbd from another device:
Refused connection with hostname "your.hostname.com" >
``` > ```
> Refused connection with hostname "your.hostname.com"
...then you should add your hostname(s) to this list. > ```
>
SABnzbd only allows connections matching these URLs in order to prevent > Then you should add your hostname ("`hostname.com`" above) to
DNS hijacking. See <https://sabnzbd.org/wiki/extra/hostname-check.html> > this list.
for more info. >
> SABnzbd only allows connections matching these URLs in order to prevent
> DNS hijacking. See <https://sabnzbd.org/wiki/extra/hostname-check.html>
> for more info.
''; '';
}; };
whitelistRanges = mkOption { whitelistRanges = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = []; default = [];
defaultText = "[ ]";
example = ''[ "192.168.1.0/24" "10.0.0.0/23" ]''; example = ''[ "192.168.1.0/24" "10.0.0.0/23" ]'';
description = '' description = ''
A list of IP ranges that will be allowed to connect to SABnzbd's A list of IP ranges that will be allowed to connect to SABnzbd's
nixarr/sonarr/default.nix
+8 -8
View File
@@ -29,14 +29,14 @@ in {
description = '' description = ''
The location of the state directory for the Sonarr service. The location of the state directory for the Sonarr service.
**Warning:** Setting this to any path, where the subpath is not > **Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example: > owned by root, will fail! For example:
>
```nix > ```nix
stateDir = /home/user/nixarr/.state/sonarr > stateDir = /home/user/nixarr/.state/sonarr
``` > ```
>
Is not supported, because `/home/user` is owned by `user`. > Is not supported, because `/home/user` is owned by `user`.
''; '';
}; };
nixarr/transmission/default.nix
+16 -16
View File
@@ -84,14 +84,14 @@ in {
description = '' description = ''
The location of the state directory for the Transmission service. The location of the state directory for the Transmission service.
**Warning:** Setting this to any path, where the subpath is not > **Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example: > owned by root, will fail! For example:
>
```nix > ```nix
stateDir = /home/user/nixarr/.state/transmission > stateDir = /home/user/nixarr/.state/transmission
``` > ```
>
Is not supported, because `/home/user` is owned by `user`. > Is not supported, because `/home/user` is owned by `user`.
''; '';
}; };
@@ -163,14 +163,14 @@ in {
description = '' description = ''
The location of the state directory for the cross-seed service. The location of the state directory for the cross-seed service.
**Warning:** Setting this to any path, where the subpath is not > **Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example: > owned by root, will fail! For example:
>
```nix > ```nix
stateDir = /home/user/nixarr/.state/cross-seed > stateDir = /home/user/nixarr/.state/cross-seed
``` > ```
>
Is not supported, because `/home/user` is owned by `user`. > Is not supported, because `/home/user` is owned by `user`.
''; '';
}; };