fujin/nixarr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated docs

Browse Source
This commit is contained in:
rasmus-kirk
2024-08-08 10:16:31 +02:00
parent dd769cce96
commit 7ef3d63f5c
17 changed files with 153 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+2 -2
View File
@@ -108,8 +108,8 @@ forwarding. I suggest [AirVpn](https://airvpn.org/), since they support
static port forwarding, support wg-quick configurations and accept Monero,
but you can use whatever you want.
**Notice:** There is [an open](https://github.com/rasmus-kirk/nixarr/issues/27)
issue regarding the DNS servers of AirVPN.
> **Notice:** There is [an open](https://github.com/rasmus-kirk/nixarr/issues/27)
> issue regarding the DNS servers of AirVPN.
## Domain Registrars
docs/wiki/examples/example-2/index.md
+1 -1
View File
@@ -11,7 +11,7 @@ example does the following:
outside your home network
- Runs all the supported "*Arrs"
**Warning:** This is largely untested ATM!
> **Warning:** This is largely untested ATM!
```nix {.numberLines}
nixarr = {
docs/wiki/expose/index.md
+1 -1
View File
@@ -37,7 +37,7 @@ up, of your server. This lets you access the services on `localhost:6001`
through `localhost:6007`. [Example 2](/wiki/examples/example-2) has an
example configuration for this.
**Warning:** Disable password authentication if you use SSH, it's insecure!
> **Warning:** Disable password authentication if you use SSH, it's insecure!
## Without Authentication
docs/wiki/secrets/index.md
+5 -5
View File
@@ -8,7 +8,7 @@ config in `/nix/store` somewhere (_Not good!_). The way to solve this is to
keep your secrets in files and pass these to nix. Below, I will present two
ways of accomplishing this.
**Warning:** Do _not_ let secrets live in your configuration directory either!
> **Warning:** Do _not_ let secrets live in your configuration directory either!
## The simple way
@@ -37,10 +37,10 @@ And set the accompanying Nixarr option:
};
```
**Note:** This is "impure", meaning that since the file is not part of the nix
store, a nixos rollback will not restore a previous secret (not a big problem
if the secrets are not changed often). This also means you have to rebuild Nixos
using the `--impure` flag set.
> **Note:** This is "impure", meaning that since the file is not part of the nix
> store, a nixos rollback will not restore a previous secret (not a big problem
> if the secrets are not changed often). This also means you have to rebuild Nixos
> using the `--impure` flag set.
## Agenix - A Path to Purity
docs/wiki/vpn/uncovered-services/index.md
+2 -2
View File
@@ -46,8 +46,8 @@ through a VPN, then you could use the following configuration:
};
```
**Note:** that the submodule supports more namespaces than just one, but Nixarr
uses the name `wg`, so you should use that too.
> **Note:** that the submodule supports more namespaces than just one, but Nixarr
> uses the name `wg`, so you should use that too.
Services running over the VPN will have address `192.168.15.1` instead of
`127.0.0.1`. For more options and information on the VPN-submodule, check out
nixarr/bazarr/default.nix
+8 -8
View File
@@ -31,14 +31,14 @@ in {
description = ''
The location of the state directory for the Bazarr service.
**Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example:
```nix
stateDir = /home/user/nixarr/.state/bazarr
```
Is not supported, because `/home/user` is owned by `user`.
> **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example:
>
> ```nix
> stateDir = /home/user/nixarr/.state/bazarr
> ```
>
> Is not supported, because `/home/user` is owned by `user`.
'';
};
nixarr/ddns/default.nix
+2 -2
View File
@@ -54,8 +54,8 @@ in {
the public ip of your VPN. Useful if you're running services
over VPN and want a domain that points to the corresponding ip.
**Note:** You can enable both this and the regular njalla DDNS
service.
> **Note:** You can enable both this and the regular njalla DDNS
> service.
'';
};
nixarr/jellyfin/default.nix
+12 -12
View File
@@ -28,14 +28,14 @@ in
description = ''
The location of the state directory for the Jellyfin service.
**Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example:
```nix
stateDir = /home/user/nixarr/.state/jellyfin
```
Is not supported, because `/home/user` is owned by `user`.
> **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example:
>
> ```nix
> stateDir = /home/user/nixarr/.state/jellyfin
> ```
>
> Is not supported, because `/home/user` is owned by `user`.
'';
};
@@ -76,8 +76,8 @@ in
Expose the Jellyfin web service to the internet, allowing anyone to
access it.
**Warning:** Do _not_ enable this without setting up Jellyfin
authentication through localhost first!
> **Warning:** Do _not_ enable this without setting up Jellyfin
> authentication through localhost first!
'';
};
@@ -117,8 +117,8 @@ in
Expose the Jellyfin web service to the internet with https support,
allowing anyone to access it.
**Warning:** Do _not_ enable this without setting up Jellyfin
authentication through localhost first!
> **Warning:** Do _not_ enable this without setting up Jellyfin
> authentication through localhost first!
'';
};
nixarr/lidarr/default.nix
+8 -8
View File
@@ -28,14 +28,14 @@ in {
description = ''
The location of the state directory for the Lidarr service.
**Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example:
```nix
stateDir = /home/user/nixarr/.state/lidarr
```
Is not supported, because `/home/user` is owned by `user`.
> **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example:
>
> ```nix
> stateDir = /home/user/nixarr/.state/lidarr
> ```
>
> Is not supported, because `/home/user` is owned by `user`.
'';
};
nixarr/nixarr.nix
+16 -16
View File
@@ -132,14 +132,14 @@ in {
description = ''
The location of the media directory for the services.
**Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example:
```nix
mediaDir = /home/user/nixarr
```
Is not supported, because `/home/user` is owned by `user`.
> **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example:
>
> ```nix
> mediaDir = /home/user/nixarr
> ```
>
> Is not supported, because `/home/user` is owned by `user`.
'';
};
@@ -150,14 +150,14 @@ in {
description = ''
The location of the state directory for the services.
**Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example:
```nix
stateDir = /home/user/nixarr/.state
```
Is not supported, because `/home/user` is owned by `user`.
> **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example:
>
> ```nix
> stateDir = /home/user/nixarr/.state
> ```
>
> Is not supported, because `/home/user` is owned by `user`.
'';
};
nixarr/openssh/default.nix
+22 -22
View File
@@ -18,29 +18,29 @@ in {
Run the openssh service through a vpn, exposing it to the internet.
**Warning:** This lets anyone on the internet connect through SSH,
make sure the SSH configuration is secure! Disallowing password
authentication and only allowing SSH-keys is considered secure.
> **Warning:** This lets anyone on the internet connect through SSH,
> make sure the SSH configuration is secure! Disallowing password
> authentication and only allowing SSH-keys is considered secure.
**Note:** This option does _not_ enable the SSHD service you still
need to setup sshd in your nixos configuration, fx:
```nix
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
# Get this port from your VPN provider
ports [ 12345 ];
};
users.extraUsers.username.openssh.authorizedKeys.keyFiles = [
./path/to/public/key/machine.pub
];
```
Then replace `username` with your username and the `keyFiles` path to a
ssh public key file from the machine that you want to have access. Don't
use password authentication as it is insecure!
> **Note:** This option does _not_ enable the SSHD service you still
> need to setup sshd in your nixos configuration, fx:
>
> ```nix
> services.openssh = {
> enable = true;
> settings.PasswordAuthentication = false;
> # Get this port from your VPN provider
> ports [ 12345 ];
> };
>
> users.extraUsers.username.openssh.authorizedKeys.keyFiles = [
> ./path/to/public/key/machine.pub
> ];
> ```
>
> Then replace `username` with your username and the `keyFiles` path to a
> ssh public key file from the machine that you want to have access. Don't
> use password authentication as it is insecure!
'';
};
nixarr/prowlarr/default.nix
+8 -8
View File
@@ -33,14 +33,14 @@ in {
description = ''
The location of the state directory for the Prowlarr service.
**Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example:
```nix
stateDir = /home/user/nixarr/.state/prowlarr
```
Is not supported, because `/home/user` is owned by `user`.
> **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example:
>
> ```nix
> stateDir = /home/user/nixarr/.state/prowlarr
> ```
>
> Is not supported, because `/home/user` is owned by `user`.
'';
};
nixarr/radarr/default.nix
+8 -8
View File
@@ -29,14 +29,14 @@ in {
description = ''
The location of the state directory for the Radarr service.
**Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example:
```nix
stateDir = /home/user/nixarr/.state/radarr
```
Is not supported, because `/home/user` is owned by `user`.
> **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example:
>
> ```nix
> stateDir = /home/user/nixarr/.state/radarr
> ```
>
> Is not supported, because `/home/user` is owned by `user`.
'';
};
nixarr/readarr/default.nix
+8 -8
View File
@@ -27,14 +27,14 @@ in {
description = ''
The location of the state directory for the Readarr service.
**Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example:
```nix
stateDir = /home/user/nixarr/.state/readarr
```
Is not supported, because `/home/user` is owned by `user`.
> **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example:
>
> ```nix
> stateDir = /home/user/nixarr/.state/readarr
> ```
>
> Is not supported, because `/home/user` is owned by `user`.
'';
};
nixarr/sabnzbd/default.nix
+25 -23
View File
@@ -19,14 +19,14 @@ in {
description = ''
The location of the state directory for the SABnzbd service.
**Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example:
```nix
stateDir = /home/user/nixarr/.state/sabnzbd
```
Is not supported, because `/home/user` is owned by `user`.
> **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example:
>
> ```nix
> stateDir = /home/user/nixarr/.state/sabnzbd
> ```
>
> Is not supported, because `/home/user` is owned by `user`.
'';
};
@@ -41,7 +41,7 @@ in {
openFirewall = mkOption {
type = types.bool;
defaultText = literalExpression ''!nixarr.SABnzbd.vpn.enable'';
defaultText = literalExpression ''!nixarr.sabnzbd.vpn.enable'';
default = !cfg.vpn.enable;
example = true;
description = "Open firewall for SABnzbd";
@@ -50,29 +50,31 @@ in {
whitelistHostnames = mkOption {
type = types.listOf types.str;
default = [config.networking.hostName];
defaultText = "[ config.networking.hostName ]";
example = ''[ "mediaserv" "media.example.com" ]'';
defaultText = literalExpression ''[ config.networking.hostName ]'';
example = literalExpression ''[ "mediaserv" "media.example.com" ]'';
description = ''
A list that specifies what URLs that are allowed to represent your
SABnzbd instance. If you see an error message like this when
trying to connect to SABnzbd from another device...
SABnzbd instance.
```
Refused connection with hostname "your.hostname.com"
```
...then you should add your hostname(s) to this list.
SABnzbd only allows connections matching these URLs in order to prevent
DNS hijacking. See <https://sabnzbd.org/wiki/extra/hostname-check.html>
for more info.
> **Note:** If you see an error message like this when trying to connect to
> SABnzbd from another device:
>
> ```
> Refused connection with hostname "your.hostname.com"
> ```
>
> Then you should add your hostname ("`hostname.com`" above) to
> this list.
>
> SABnzbd only allows connections matching these URLs in order to prevent
> DNS hijacking. See <https://sabnzbd.org/wiki/extra/hostname-check.html>
> for more info.
'';
};
whitelistRanges = mkOption {
type = types.listOf types.str;
default = [];
defaultText = "[ ]";
example = ''[ "192.168.1.0/24" "10.0.0.0/23" ]'';
description = ''
A list of IP ranges that will be allowed to connect to SABnzbd's
nixarr/sonarr/default.nix
+8 -8
View File
@@ -29,14 +29,14 @@ in {
description = ''
The location of the state directory for the Sonarr service.
**Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example:
```nix
stateDir = /home/user/nixarr/.state/sonarr
```
Is not supported, because `/home/user` is owned by `user`.
> **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example:
>
> ```nix
> stateDir = /home/user/nixarr/.state/sonarr
> ```
>
> Is not supported, because `/home/user` is owned by `user`.
'';
};
nixarr/transmission/default.nix
+16 -16
View File
@@ -84,14 +84,14 @@ in {
description = ''
The location of the state directory for the Transmission service.
**Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example:
```nix
stateDir = /home/user/nixarr/.state/transmission
```
Is not supported, because `/home/user` is owned by `user`.
> **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example:
>
> ```nix
> stateDir = /home/user/nixarr/.state/transmission
> ```
>
> Is not supported, because `/home/user` is owned by `user`.
'';
};
@@ -163,14 +163,14 @@ in {
description = ''
The location of the state directory for the cross-seed service.
**Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example:
```nix
stateDir = /home/user/nixarr/.state/cross-seed
```
Is not supported, because `/home/user` is owned by `user`.
> **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example:
>
> ```nix
> stateDir = /home/user/nixarr/.state/cross-seed
> ```
>
> Is not supported, because `/home/user` is owned by `user`.
'';
};