fujin/nixarr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated documentation and options

Browse Source
This commit is contained in:
rasmus-kirk
2024-02-21 14:29:09 +01:00
parent 222020782b
commit b78dd210a9
9 changed files with 225 additions and 162 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nixarr/default.nix
+20 -23
View File
@@ -37,26 +37,22 @@ in {
Remember to read the options. Remember to read the options.
''; '';
mediaUsers = mkOption {
type = with types; listOf str;
default = [];
description = "Extra users to add the the media group, giving access to the media directory. You probably want to add your own user here.";
};
mediaDir = mkOption { mediaDir = mkOption {
type = types.path; type = types.path;
default = "/data/media"; default = "/data/media";
description = "The location of the media directory for the services."; description = ''
The location of the media directory for the services.
'';
}; };
stateDir = mkOption { stateDir = mkOption {
type = types.path; type = types.path;
default = "/data/.state"; default = "/data/.state";
description = "The location of the state directory for the services."; description = ''
The location of the state directory for the services.
'';
}; };
upnp.enable = mkEnableOption "Enable automatic port forwarding using UPNP.";
vpn = { vpn = {
enable = mkEnableOption ''Enable vpn''; enable = mkEnableOption ''Enable vpn'';
@@ -69,7 +65,7 @@ in {
dnsServers = mkOption { dnsServers = mkOption {
type = with types; nullOr (listOf str); type = with types; nullOr (listOf str);
default = null; default = null;
description = lib.mdDoc '' description = ''
Extra DNS servers for the VPN. If your wg config has a DNS field, Extra DNS servers for the VPN. If your wg config has a DNS field,
then this should not be necessary. then this should not be necessary.
''; '';
@@ -77,12 +73,15 @@ in {
}; };
vpnTestService = { vpnTestService = {
enable = mkEnableOption "Enable the vpn test service."; enable = mkEnableOption ''
Enable the vpn test service. Useful for testing DNS leaks or VPN
port forwarding.
'';
port = mkOption { port = mkOption {
type = types.port; type = types.port;
default = 12300; default = 12300;
description = lib.mdDoc '' description = ''
The port that the vpn test service listens to. The port that the vpn test service listens to.
''; '';
example = 58403; example = 58403;
@@ -93,9 +92,9 @@ in {
type = with types; listOf port; type = with types; listOf port;
default = []; default = [];
description = lib.mdDoc '' description = lib.mdDoc ''
What TCP ports to allow incoming traffic from. You might need this What TCP ports to allow traffic from. You might need this if you're
if you're port forwarding on your VPN provider and you're setting port forwarding on your VPN provider and you're setting up services
up services that is not covered in by this module. not covered in by this module that uses the VPN.
''; '';
example = [46382 38473]; example = [46382 38473];
}; };
@@ -104,9 +103,9 @@ in {
type = with types; listOf port; type = with types; listOf port;
default = []; default = [];
description = lib.mdDoc '' description = lib.mdDoc ''
What UDP ports to allow incoming traffic from. You might need this What UDP ports to allow traffic from. You might need this if you're
if you're port forwarding on your VPN provider and you're setting port forwarding on your VPN provider and you're setting up services
up services that is not covered in by this module. not covered in by this module that uses the VPN.
''; '';
example = [46382 38473]; example = [46382 38473];
}; };
@@ -169,7 +168,7 @@ in {
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
# State dirs # State dirs
"d '${cfg.stateDir}' 0755 root root - -" "d '${cfg.stateDir}' 0755 root root - -"
"d '${cfg.stateDir}/nixarr' 0755 root root - -" "d '${cfg.stateDir}/nixarr' 0755 root root - -"
"d '${cfg.stateDir}/nixarr/jellyfin' 0700 jellyfin root - -" "d '${cfg.stateDir}/nixarr/jellyfin' 0700 jellyfin root - -"
"d '${cfg.stateDir}/nixarr/transmission' 0700 transmission root - -" "d '${cfg.stateDir}/nixarr/transmission' 0700 transmission root - -"
@@ -196,9 +195,7 @@ in {
"d '${cfg.mediaDir}/torrents/readarr' 0755 transmission media - -" "d '${cfg.mediaDir}/torrents/readarr' 0755 transmission media - -"
]; ];
kirk.upnp.enable = cfg.upnp.enable; util.vpnnamespace = {
kirk.vpnnamespace = {
enable = true; enable = true;
accessibleFrom = [ accessibleFrom = [
"192.168.1.0/24" "192.168.1.0/24"
nixarr/jellyfin/default.nix
+43 -30
View File
@@ -10,57 +10,68 @@ with lib; let
dnsServers = config.lib.vpn.dnsServers; dnsServers = config.lib.vpn.dnsServers;
in { in {
options.nixarr.jellyfin = { options.nixarr.jellyfin = {
enable = mkOption { enable = mkEnableOption "Enable the Jellyfin service.";
type = types.bool;
default = false;
description = lib.mdDoc "enable jellyfin";
};
stateDir = mkOption { stateDir = mkOption {
type = types.path; type = types.path;
default = "${nixarr.stateDir}/nixarr/jellyfin"; default = "${nixarr.stateDir}/nixarr/jellyfin";
description = lib.mdDoc "The state directory for jellyfin"; description = "The state directory for Jellyfin.";
}; };
useVpn = mkOption { vpn.enable = mkEnableOption ''
type = types.bool; Route Jellyfin traffic through the VPN. Requires that `nixarr.vpn`
default = false; is configured
description = lib.mdDoc "Use VPN with prowlarr"; '';
};
nginx = { expose = {
enable = mkEnableOption "Enable nginx for jellyfin"; enable = mkEnableOption ''
Enable nginx for Jellyfin, exposing the web service to the internet.
'';
upnp = mkOption {
type = types.bool;
default = false;
description = "Use UPNP to try to open ports 80 and 443 on your router.";
};
domainName = mkOption { domainName = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
description = "REQUIRED! The domain name to host jellyfin on."; description = "REQUIRED! The domain name to host Jellyfin on.";
}; };
acmeMail = mkOption { acmeMail = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
description = "REQUIRED! The ACME mail."; description = "REQUIRED! The ACME mail required for the letsencrypt bot.";
}; };
}; };
}; };
config = config =
#assert (!(cfg.useVpn && cfg.nginx.enable)) || abort "useVpn not compatible with nginx.enable."; # TODO: this doesn't work. I don't know why :(
#assert (!(cfg.vpn.enable && cfg.nginx.enable)) || abort "vpn.enable not compatible with nginx.enable.";
#assert (cfg.nginx.enable -> (cfg.nginx.domainName != null && cfg.nginx.acmeMail != null)) || abort "Both nginx.domain and nginx.acmeMail needs to be set if nginx.enable is set."; #assert (cfg.nginx.enable -> (cfg.nginx.domainName != null && cfg.nginx.acmeMail != null)) || abort "Both nginx.domain and nginx.acmeMail needs to be set if nginx.enable is set.";
mkIf cfg.enable mkIf cfg.enable
{ {
services.jellyfin.enable = cfg.enable; services.jellyfin = {
enable = cfg.enable;
logDir = "${cfg.stateDir}/log";
cacheDir = "${cfg.stateDir}/cache";
dataDir = "${cfg.stateDir}/data";
configDir = "${cfg.stateDir}/config";
};
networking.firewall.allowedTCPPorts = networking.firewall = mkIf cfg.nginx.enable {
if cfg.nginx.enable allowedTCPPorts = [ 80 443 ];
then [ };
80 # http
443 # https
]
else [];
services.nginx = mkIf (cfg.nginx.enable || cfg.useVpn) { util.upnp = mkIf cfg.nginx.upnp.enable {
enable = true;
openTcpPorts = [ 80 443 ];
};
services.nginx = mkIf (cfg.nginx.enable || cfg.vpn.enable) {
enable = true; enable = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
@@ -77,7 +88,7 @@ in {
}; };
}; };
virtualHosts."127.0.0.1:${builtins.toString defaultPort}" = mkIf cfg.useVpn { virtualHosts."127.0.0.1:${builtins.toString defaultPort}" = mkIf cfg.vpn.enable {
listen = [ listen = [
{ {
addr = "0.0.0.0"; addr = "0.0.0.0";
@@ -99,14 +110,14 @@ in {
util.vpnnamespace.portMappings = [ util.vpnnamespace.portMappings = [
( (
mkIf cfg.useVpn { mkIf cfg.vpn.enable {
From = defaultPort; From = defaultPort;
To = defaultPort; To = defaultPort;
} }
) )
]; ];
containers.jellyfin = mkIf cfg.useVpn { containers.jellyfin = mkIf cfg.vpn.enable {
autoStart = true; autoStart = true;
ephemeral = true; ephemeral = true;
extraFlags = ["--network-namespace-path=/var/run/netns/wg"]; extraFlags = ["--network-namespace-path=/var/run/netns/wg"];
@@ -132,8 +143,10 @@ in {
services.jellyfin = { services.jellyfin = {
enable = true; enable = true;
group = "jellyfin"; logDir = "${cfg.stateDir}/log";
dataDir = "${cfg.stateDir}"; cacheDir = "${cfg.stateDir}/cache";
dataDir = "${cfg.stateDir}/data";
configDir = "${cfg.stateDir}/config";
}; };
system.stateVersion = "23.11"; system.stateVersion = "23.11";
nixarr/lidarr/default.nix
+9 -14
View File
@@ -9,23 +9,18 @@ with lib; let
nixarr = config.nixarr; nixarr = config.nixarr;
in { in {
options.nixarr.lidarr = { options.nixarr.lidarr = {
enable = mkOption { enable = mkEnableOption "Enable the Lidarr service.";
type = types.bool;
default = false;
description = lib.mdDoc "Enable lidarr";
};
stateDir = mkOption { stateDir = mkOption {
type = types.path; type = types.path;
default = "${nixarr.stateDir}/nixarr/lidarr"; default = "${nixarr.stateDir}/nixarr/lidarr";
description = lib.mdDoc "The state directory for lidarr"; description = "The state directory for Lidarr";
}; };
useVpn = mkOption { vpn.enable = mkEnableOption ''
type = types.bool; Route Lidarr traffic through the VPN. Requires that `nixarr.vpn`
default = false; is configured
description = lib.mdDoc "Use VPN with prowlarr"; '';
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@@ -38,14 +33,14 @@ in {
util.vpnnamespace.portMappings = [ util.vpnnamespace.portMappings = [
( (
mkIf cfg.useVpn { mkIf cfg.vpn.enable {
From = defaultPort; From = defaultPort;
To = defaultPort; To = defaultPort;
} }
) )
]; ];
containers.lidarr = mkIf cfg.useVpn { containers.lidarr = mkIf cfg.vpn.enable {
autoStart = true; autoStart = true;
ephemeral = true; ephemeral = true;
extraFlags = ["--network-namespace-path=/var/run/netns/wg"]; extraFlags = ["--network-namespace-path=/var/run/netns/wg"];
@@ -81,7 +76,7 @@ in {
}; };
}; };
services.nginx = mkIf cfg.useVpn { services.nginx = mkIf cfg.vpn.enable {
enable = true; enable = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
nixarr/prowlarr/default.nix
+14 -27
View File
@@ -12,53 +12,40 @@ with lib; let
cfg = config.nixarr.prowlarr; cfg = config.nixarr.prowlarr;
in { in {
options.nixarr.prowlarr = { options.nixarr.prowlarr = {
enable = mkOption { enable = mkEnableOption "Enable the Prowlarr service.";
type = types.bool;
default = false;
description = lib.mdDoc "Enable prowlarr";
};
stateDir = mkOption { stateDir = mkOption {
type = types.path; type = types.path;
default = "${nixarr.stateDir}/nixarr/prowlarr"; default = "${nixarr.stateDir}/nixarr/prowlarr";
description = lib.mdDoc '' description = "The state directory for Prowlarr.";
The state directory for prowlarr. Currently doesn't work, except with VPN.
'';
}; };
useVpn = mkOption { vpn.enable = mkEnableOption ''
type = types.bool; Route Prowlarr traffic through the VPN. Requires that `nixarr.vpn`
default = false; is configured.
description = lib.mdDoc "Use VPN with prowlarr"; '';
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.prowlarr = mkIf (!cfg.useVpn) { util.services.prowlarr = mkIf (!cfg.vpn.enable) {
enable = true; enable = true;
openFirewall = true; dataDir = cfg.statedir;
}; };
util.vpnnamespace.portMappings = [ util.vpnnamespace.portMappings = [
( (
mkIf cfg.useVpn { mkIf cfg.vpn.enable {
From = defaultPort; From = defaultPort;
To = defaultPort; To = defaultPort;
} }
) )
]; ];
containers.prowlarr = mkIf cfg.useVpn { containers.prowlarr = mkIf cfg.vpn.enable {
autoStart = true; autoStart = true;
ephemeral = true; ephemeral = true;
extraFlags = ["--network-namespace-path=/var/run/netns/wg"]; extraFlags = ["--network-namespace-path=/var/run/netns/wg"];
bindMounts."${cfg.statedir}".isReadOnly = false;
bindMounts = {
"/var/lib/prowlarr" = {
hostPath = cfg.stateDir;
isReadOnly = false;
};
};
config = { config = {
users.groups.prowlarr = {}; users.groups.prowlarr = {};
@@ -74,16 +61,16 @@ in {
services.resolved.enable = true; services.resolved.enable = true;
networking.nameservers = dnsServers; networking.nameservers = dnsServers;
services.prowlarr = { util.services.prowlarr = {
enable = true; enable = true;
openFirewall = true; dataDir = cfg.stateDir;
}; };
system.stateVersion = "23.11"; system.stateVersion = "23.11";
}; };
}; };
services.nginx = mkIf cfg.useVpn { services.nginx = mkIf cfg.vpn.enable {
enable = true; enable = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
nixarr/prowlarr/module/default.nix
+74
View File
@@ -0,0 +1,74 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.util.services.prowlarr;
in
{
options = {
util.services.prowlarr = {
enable = mkEnableOption "Prowlarr";
package = mkPackageOption pkgs "prowlarr" { };
user = mkOption {
type = types.str;
default = "prowlarr";
description = "User account under which Prowlarr runs.";
};
group = mkOption {
type = types.str;
default = "prowlarr";
description = "Group under which Prowlarr runs.";
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/prowlarr";
description = "The directory where Prowlarr stores its data files.";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Open ports in the firewall for the Prowlarr web interface.";
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' 0700 ${cfg.user} ${cfg.group} - -"
];
systemd.services.prowlarr = {
description = "Prowlarr";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
User = cfg.user;
Group = cfg.group;
ExecStart = "${lib.getExe cfg.package} -nobrowser -data=${cfg.dataDir}";
Restart = "on-failure";
};
};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ 9696 ];
};
users.users = mkIf (cfg.user == "prowlarr") {
sonarr = {
group = cfg.group;
home = cfg.dataDir;
uid = 293;
};
};
users.groups = mkIf (cfg.group == "prowlarr") {};
};
}
nixarr/radarr/default.nix
+10 -15
View File
@@ -12,27 +12,22 @@ with lib; let
dnsServers = config.lib.vpn.dnsServers; dnsServers = config.lib.vpn.dnsServers;
in { in {
options.nixarr.radarr = { options.nixarr.radarr = {
enable = mkOption { enable = mkEnableOption "Enable the Radarr service.";
type = types.bool;
default = false;
description = lib.mdDoc "Enable radarr";
};
stateDir = mkOption { stateDir = mkOption {
type = types.path; type = types.path;
default = "${nixarr.stateDir}/nixarr/radarr"; default = "${nixarr.stateDir}/nixarr/radarr";
description = lib.mdDoc "The state directory for radarr"; description = "The state directory for radarr.";
}; };
useVpn = mkOption { vpn.enable = mkEnableOption ''
type = types.bool; Route Radarr traffic through the VPN. Requires that `nixarr.vpn`
default = false; is configured.
description = lib.mdDoc "Use VPN with radarr"; '';
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.radarr = mkIf (!cfg.useVpn) { services.radarr = mkIf (!cfg.vpn.enable) {
enable = cfg.enable; enable = cfg.enable;
user = "radarr"; user = "radarr";
group = "media"; group = "media";
@@ -41,14 +36,14 @@ in {
util.vpnnamespace.portMappings = [ util.vpnnamespace.portMappings = [
( (
mkIf cfg.useVpn { mkIf cfg.vpn.enable {
From = defaultPort; From = defaultPort;
To = defaultPort; To = defaultPort;
} }
) )
]; ];
containers.radarr = mkIf cfg.useVpn { containers.radarr = mkIf cfg.vpn.enable {
autoStart = true; autoStart = true;
ephemeral = true; ephemeral = true;
extraFlags = ["--network-namespace-path=/var/run/netns/wg"]; extraFlags = ["--network-namespace-path=/var/run/netns/wg"];
@@ -84,7 +79,7 @@ in {
}; };
}; };
services.nginx = mkIf cfg.useVpn { services.nginx = mkIf cfg.vpn.enable {
enable = true; enable = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
nixarr/readarr/default.nix
+9 -14
View File
@@ -9,23 +9,18 @@ with lib; let
dnsServers = config.lib.vpn.dnsServers; dnsServers = config.lib.vpn.dnsServers;
in { in {
options.nixarr.readarr = { options.nixarr.readarr = {
enable = mkOption { enable = mkEnableOption "Enable the Readarr service";
type = types.bool;
default = false;
description = lib.mdDoc "Enable readarr";
};
stateDir = mkOption { stateDir = mkOption {
type = types.path; type = types.path;
default = "${nixarr.stateDir}/nixarr/readarr"; default = "${nixarr.stateDir}/nixarr/readarr";
description = lib.mdDoc "The state directory for readarr"; description = "The state directory for Readarr";
}; };
useVpn = mkOption { vpn.enable = mkEnableOption ''
type = types.bool; Route Readarr traffic through the VPN. Requires that `nixarr.vpn`
default = false; is configured.
description = lib.mdDoc "Use VPN with prowlarr"; '';
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@@ -38,14 +33,14 @@ in {
util.vpnnamespace.portMappings = [ util.vpnnamespace.portMappings = [
( (
mkIf cfg.useVpn { mkIf cfg.vpn.enable {
From = defaultPort; From = defaultPort;
To = defaultPort; To = defaultPort;
} }
) )
]; ];
containers.readarr = mkIf cfg.useVpn { containers.readarr = mkIf cfg.vpn.enable {
autoStart = true; autoStart = true;
ephemeral = true; ephemeral = true;
extraFlags = ["--network-namespace-path=/var/run/netns/wg"]; extraFlags = ["--network-namespace-path=/var/run/netns/wg"];
@@ -81,7 +76,7 @@ in {
}; };
}; };
services.nginx = mkIf cfg.useVpn { services.nginx = mkIf cfg.vpn.enable {
enable = true; enable = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
nixarr/sonarr/default.nix
+10 -11
View File
@@ -14,24 +14,23 @@ in {
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = lib.mdDoc "Enable sonarr"; description = "Enable the Sonarr service.";
}; };
stateDir = mkOption { stateDir = mkOption {
type = types.path; type = types.path;
default = "${nixarr.stateDir}/sonarr"; default = "${nixarr.stateDir}/sonarr";
description = lib.mdDoc "The state directory for sonarr"; description = "The state directory for Sonarr.";
}; };
useVpn = mkOption { vpn.enable = mkEnableOption ''
type = types.bool; Route Readarr traffic through the VPN. Requires that `nixarr.vpn`
default = false; is configured.
description = lib.mdDoc "Use VPN with sonarr"; '';
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.sonarr = mkIf (!cfg.useVpn) { services.sonarr = mkIf (!cfg.vpn.enable) {
enable = cfg.enable; enable = cfg.enable;
user = "sonarr"; user = "sonarr";
group = "media"; group = "media";
@@ -39,13 +38,13 @@ in {
}; };
util.vpnnamespace.portMappings = [ util.vpnnamespace.portMappings = [
(mkIf cfg.useVpn { (mkIf cfg.vpn.enable {
From = defaultPort; From = defaultPort;
To = defaultPort; To = defaultPort;
}) })
]; ];
containers.sonarr = mkIf cfg.useVpn { containers.sonarr = mkIf cfg.vpn.enable {
autoStart = true; autoStart = true;
ephemeral = true; ephemeral = true;
extraFlags = ["--network-namespace-path=/var/run/netns/wg"]; extraFlags = ["--network-namespace-path=/var/run/netns/wg"];
@@ -83,7 +82,7 @@ in {
}; };
}; };
services.nginx = mkIf cfg.useVpn { services.nginx = mkIf cfg.vpn.enable {
enable = true; enable = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
nixarr/transmission/default.nix
+36 -28
View File
@@ -11,61 +11,62 @@ with lib; let
dnsServers = config.lib.vpn.dnsServers; dnsServers = config.lib.vpn.dnsServers;
in { in {
options.nixarr.transmission = { options.nixarr.transmission = {
enable = mkOption { enable = mkEnableOption "Enable the Transmission service.";
type = types.bool;
default = false;
description = lib.mdDoc "Enable transmission";
};
stateDir = mkOption { stateDir = mkOption {
type = types.path; type = types.path;
default = "${nixarr.stateDir}/nixarr/transmission"; default = "${nixarr.stateDir}/nixarr/transmission";
description = lib.mdDoc "The state directory for transmission. Only works with useVpn option."; description = ''
The state directory for Transmission.
**BUG**: Only works when the `nixarr.transmission.vpn.enable` option
is set.
'';
}; };
downloadDir = mkOption { downloadDir = mkOption {
type = types.path; type = types.path;
default = "${nixarr.mediaDir}/torrents"; default = "${nixarr.mediaDir}/torrents";
description = lib.mdDoc '' description = ''
The directory for transmission to download to. The directory for Transmission to download to.
''; '';
}; };
useVpn = mkOption { vpn.enable = mkEnableOption ''
type = types.bool; Route Transmission traffic through the VPN. Requires that `nixarr.vpn`
default = false; is configured.
description = lib.mdDoc "Run transmission through VPN"; '';
};
useFlood = mkOption { flood.enable = mkEnableOption "Use the flood web-UI";
type = types.bool;
default = false;
description = lib.mdDoc "Use the flood UI";
};
peerPort = mkOption { peerPort = mkOption {
type = types.port; type = types.port;
default = 50000; default = 50000;
description = "transmission peer traffic port."; description = "Transmission peer traffic port.";
}; };
uiPort = mkOption { uiPort = mkOption {
type = types.port; type = types.port;
default = 9091; default = 9091;
description = "transmission web-UI port."; description = "Transmission web-UI port.";
}; };
extraConfig = mkOption { extraConfig = mkOption {
type = types.attrs; type = types.attrs;
default = {}; default = {};
description = "Extra settings config for the transmission service."; description = ''
Extra config settings for the Transmission service. See the
`services.transmission.settings` section of the `configuration.nix`
manual.
'';
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.transmission = mkIf (!cfg.useVpn) { services.transmission = mkIf (!cfg.vpn.enable) {
enable = true; enable = true;
group = "media"; group = "media";
# TODO: This doesn't work, and it should...
#home = cfg.stateDir; #home = cfg.stateDir;
webHome = webHome =
if cfg.useFlood if cfg.useFlood
@@ -82,25 +83,32 @@ in {
watch-dir-enabled = true; watch-dir-enabled = true;
watch-dir = "${nixarr.mediaDir}/torrents/.watch"; watch-dir = "${nixarr.mediaDir}/torrents/.watch";
rpc-bind-address = "192.168.15.1";
rpc-port = cfg.uiPort; rpc-port = cfg.uiPort;
rpc-whitelist-enabled = true; rpc-whitelist-enabled = false;
rpc-whitelist = "192.168.15.1,127.0.0.1"; rpc-whitelist = "192.168.15.1,127.0.0.1";
rpc-authentication-required = true; rpc-authentication-required = false;
blocklist-enabled = true; blocklist-enabled = true;
blocklist-url = "https://github.com/Naunter/BT_BlockLists/raw/master/bt_blocklists.gz"; blocklist-url = "https://github.com/Naunter/BT_BlockLists/raw/master/bt_blocklists.gz";
peer-port = cfg.peerPort;
dht-enabled = true;
pex-enabled = true;
utp-enabled = false;
encryption = 1; encryption = 1;
utp-enabled = true;
port-forwarding-enabled = false; port-forwarding-enabled = false;
anti-brute-force-enabled = true; anti-brute-force-enabled = true;
anti-brute-force-threshold = 10; anti-brute-force-threshold = 10;
# 0 = None, 1 = Critical, 2 = Error, 3 = Warn, 4 = Info, 5 = Debug, 6 = Trace
message-level = 3;
} }
// cfg.extraConfig; // cfg.extraConfig;
}; };
util.vpnnamespace = mkIf cfg.useVpn { util.vpnnamespace = mkIf cfg.vpn.enable {
portMappings = [ portMappings = [
{ {
From = cfg.uiPort; From = cfg.uiPort;
@@ -111,7 +119,7 @@ in {
openTcpPorts = [cfg.peerPort]; openTcpPorts = [cfg.peerPort];
}; };
containers.transmission = mkIf cfg.useVpn { containers.transmission = mkIf cfg.vpn.enable {
autoStart = true; autoStart = true;
ephemeral = true; ephemeral = true;
extraFlags = ["--network-namespace-path=/var/run/netns/wg"]; extraFlags = ["--network-namespace-path=/var/run/netns/wg"];
@@ -207,7 +215,7 @@ in {
}; };
}; };
services.nginx = mkIf cfg.useVpn { services.nginx = mkIf cfg.vpn.enable {
enable = true; enable = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;