fujin/nixarr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added rest of assertions and fixed docs issue

Browse Source
This commit is contained in:
rasmus-kirk
2024-02-27 18:07:36 +01:00
parent 5d6ee98d06
commit 84303df9a4
9 changed files with 100 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nixarr/default.nix
+12 -1
View File
@@ -73,7 +73,7 @@ in {
type = types.bool;
default = false;
description = ''
**Required options:** [`nixarr.vpn.wgConf`](/options.html#nixarr.vpn.wgConf)
**Required options:** [`nixarr.vpn.wgConf`](#nixarr.vpn.wgconf)
Whether or not to enable VPN support for the services that nixarr
supports.
@@ -137,6 +137,16 @@ in {
};
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.vpn.enable && !cfg.vpn.wgConf;
message = ''
The nixarr.vpn.enable option requires the nixarr.vpn.wgConf option
to be set, but it was not.
'';
}
];
users.groups = {
media.gid = 992;
prowlarr = {};
@@ -146,6 +156,7 @@ in {
# TODO: This is BAD. But seems necessary when using containers.
# The prefered solution is to just remove containerization.
# Look at https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/misc/ids.nix
# See also issue: https://github.com/rasmus-kirk/nixarr/issues/1
users.users = {
streamer = {
isSystemUser = true;
nixarr/jellyfin/default.nix
+8 -8
View File
@@ -22,8 +22,8 @@ in with lib; {
type = types.bool;
default = false;
description = ''
**Required options:** [`nixarr.vpn.enable`](/options.html#nixarr.vpn.enable)
**Conflicting options:** [`nixarr.jellyfin.expose.https.enable`](/options.html#nixarr.jellyfin.expose.https.enable)
**Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable)
**Conflicting options:** [`nixarr.jellyfin.expose.https.enable`](#nixarr.jellyfin.expose.https.enable)
Route Jellyfin traffic through the VPN.
'';
@@ -37,9 +37,9 @@ in with lib; {
description = ''
**Required options:**
- [`nixarr.jellyfin.vpn.enable`](/options.html#nixarr.jellyfin.vpn.enable)
- [`nixarr.jellyfin.expose.vpn.port`](/options.html#nixarr.jellyfin.expose.vpn.port)
- [`nixarr.jellyfin.expose.vpn.accessibleFrom`](/options.html#nixarr.jellyfin.expose.vpn.accessibleFrom)
- [`nixarr.jellyfin.vpn.enable`](#nixarr.jellyfin.vpn.enable)
- [`nixarr.jellyfin.expose.vpn.port`](#nixarr.jellyfin.expose.vpn.port)
- [`nixarr.jellyfin.expose.vpn.accessibleFrom`](#nixarr.jellyfin.expose.vpn.accessiblefrom)
Expose the Jellyfin web service to the internet, allowing anyone to
access it.
@@ -75,10 +75,10 @@ in with lib; {
description = ''
**Required options:**
- [`nixarr.jellyfin.expose.https.acmeMail`](/options.html#nixarr.jellyfin.expose.https.acmeMail)
- [`nixarr.jellyfin.expose.https.domainName`](/options.html#nixarr.jellyfin.expose.https.domainName)
- [`nixarr.jellyfin.expose.https.acmeMail`](#nixarr.jellyfin.expose.https.acmemail)
- [`nixarr.jellyfin.expose.https.domainName`](#nixarr.jellyfin.expose.https.domainname)
**Conflicting options:** [`nixarr.jellyfin.vpn.enable`](/options.html#nixarr.jellyfin.vpn.enable)
**Conflicting options:** [`nixarr.jellyfin.vpn.enable`](#nixarr.jellyfin.vpn.enable)
Expose the Jellyfin web service to the internet with https support,
allowing anyone to access it.
nixarr/lidarr/default.nix
+11 -1
View File
@@ -21,7 +21,7 @@ in {
type = types.bool;
default = false;
description = ''
**Required options:** [`nixarr.vpn.enable`](/options.html#nixarr.vpn.enable)
**Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable)
Route Lidarr traffic through the VPN.
'';
@@ -29,6 +29,16 @@ in {
};
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.vpn.enable && !nixarr.vpn.enable;
message = ''
The nixarr.lidarr.vpn.enable option requires the
nixarr.vpn.enable option to be set, but it was not.
'';
}
];
systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' 0700 lidarr root - -"
];
nixarr/openssh/default.nix
+13 -1
View File
@@ -11,7 +11,7 @@ in {
type = types.bool;
default = false;
description = ''
**Required options:** [`nixarr.vpn.enable`](/options.html#nixarr.vpn.enable)
**Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable)
Run the openssh service through a vpn.
@@ -22,6 +22,8 @@ in {
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
# Get this port from your VPN provider
ports [ 12345 ];
};
users.extraUsers.username.openssh.authorizedKeys.keyFiles = [
@@ -32,6 +34,16 @@ in {
};
config = mkIf (cfg.vpn.enable && config.services.openssh.enable) {
assertions = [
{
assertion = cfg.vpn.enable && !nixarr.vpn.enable;
message = ''
The nixarr.openssh.vpn.enable option requires the
nixarr.vpn.enable option to be set, but it was not.
'';
}
];
util-nixarr.vpnnamespace = {
portMappings = builtins.map (x: { From = x; To = x; }) config.services.openssh.ports;
openUdpPorts = config.services.openssh.ports;
nixarr/prowlarr/default.nix
+11 -1
View File
@@ -27,7 +27,7 @@ in {
type = types.bool;
default = false;
description = ''
**Required options:** [`nixarr.vpn.enable`](/options.html#nixarr.vpn.enable)
**Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable)
Route Prowlarr traffic through the VPN.
'';
@@ -35,6 +35,16 @@ in {
};
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.vpn.enable && !nixarr.vpn.enable;
message = ''
The nixarr.prowlarr.vpn.enable option requires the
nixarr.vpn.enable option to be set, but it was not.
'';
}
];
systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' 0700 prowlarr root - -"
];
nixarr/radarr/default.nix
+11 -1
View File
@@ -23,7 +23,7 @@ in {
type = types.bool;
default = false;
description = ''
**Required options:** [`nixarr.vpn.enable`](/options.html#nixarr.vpn.enable)
**Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable)
Route Radarr traffic through the VPN.
'';
@@ -31,6 +31,16 @@ in {
};
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.vpn.enable && !nixarr.vpn.enable;
message = ''
The nixarr.radarr.vpn.enable option requires the
nixarr.vpn.enable option to be set, but it was not.
'';
}
];
systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' 0700 radarr root - -"
];
nixarr/readarr/default.nix
+11 -1
View File
@@ -21,7 +21,7 @@ in {
type = types.bool;
default = false;
description = ''
**Required options:** [`nixarr.vpn.enable`](/options.html#nixarr.vpn.enable)
**Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable)
Route Readarr traffic through the VPN.
'';
@@ -29,6 +29,16 @@ in {
};
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.vpn.enable && !nixarr.vpn.enable;
message = ''
The nixarr.readarr.vpn.enable option requires the
nixarr.vpn.enable option to be set, but it was not.
'';
}
];
systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' 0700 readarr root - -"
];
nixarr/sonarr/default.nix
+11 -1
View File
@@ -27,7 +27,7 @@ in {
type = types.bool;
default = false;
description = ''
**Required options:** [`nixarr.vpn.enable`](/options.html#nixarr.vpn.enable)
**Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable)
Route Sonarr traffic through the VPN.
'';
@@ -35,6 +35,16 @@ in {
};
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.vpn.enable && !nixarr.vpn.enable;
message = ''
The nixarr.sonarr.vpn.enable option requires the
nixarr.vpn.enable option to be set, but it was not.
'';
}
];
systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' 0700 sonarr root - -"
];
nixarr/transmission/default.nix
+12 -2
View File
@@ -33,7 +33,7 @@ in {
type = types.bool;
default = false;
description = ''
**Required options:** [`nixarr.vpn.enable`](/options.html#nixarr.vpn.enable)
**Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable)
**Recommended:** Route Transmission traffic through the VPN.
'';
@@ -95,9 +95,19 @@ in {
};
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.vpn.enable && !nixarr.vpn.enable;
message = ''
The nixarr.transmission.vpn.enable option requires the
nixarr.vpn.enable option to be set, but it was not.
'';
}
];
systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' 0700 torrenter root - -"
# This is fixes a bug in nixpks TODO: create nixpkgs issue
# This is fixes a bug in nixpks (https://github.com/NixOS/nixpkgs/issues/291883)
"d '${cfg.stateDir}/.config/transmission-daemon' 0700 torrenter root - -"
];