fujin/nixarr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Formatted

Browse Source
This commit is contained in:
rasmus-kirk
2024-12-04 18:20:42 +01:00
parent 7d1dd5e07e
commit c6a6d0f872
12 changed files with 200 additions and 185 deletions
Download Patch File Download Diff File Expand all files Collapse all files
flake.nix
+34 -33
View File
@@ -11,40 +11,41 @@
nixpkgs, nixpkgs,
vpnconfinement, vpnconfinement,
... ...
} @ inputs: } @ inputs: let
let # Systems supported
# Systems supported supportedSystems = [
supportedSystems = [ "x86_64-linux" # 64-bit Intel/AMD Linux
"x86_64-linux" # 64-bit Intel/AMD Linux "aarch64-linux" # 64-bit ARM Linux
"aarch64-linux" # 64-bit ARM Linux "x86_64-darwin" # 64-bit Intel macOS
"x86_64-darwin" # 64-bit Intel macOS "aarch64-darwin" # 64-bit ARM macOS
"aarch64-darwin" # 64-bit ARM macOS ];
];
# Helper to provide system-specific attributes # Helper to provide system-specific attributes
forAllSystems = f: nixpkgs.lib.genAttrs supportedSystems (system: f { forAllSystems = f:
pkgs = import nixpkgs { inherit system; }; nixpkgs.lib.genAttrs supportedSystems (system:
}); f {
in { pkgs = import nixpkgs {inherit system;};
nixosModules = { });
default = { in {
imports = [ ./nixarr vpnconfinement.nixosModules.default ]; nixosModules = {
}; default = {
imports = [./nixarr vpnconfinement.nixosModules.default];
}; };
devShells = forAllSystems ({ pkgs } : {
default = pkgs.mkShell {
packages = with pkgs; [
alejandra
nixd
];
};
});
packages = forAllSystems ({ pkgs } : {
default = pkgs.callPackage ./mkDocs.nix {inherit inputs;};
});
formatter = forAllSystems ({ pkgs }: pkgs.alejandra);
}; };
devShells = forAllSystems ({pkgs}: {
default = pkgs.mkShell {
packages = with pkgs; [
alejandra
nixd
];
};
});
packages = forAllSystems ({pkgs}: {
default = pkgs.callPackage ./mkDocs.nix {inherit inputs;};
});
formatter = forAllSystems ({pkgs}: pkgs.alejandra);
};
} }
nixarr/bazarr/bazarr-module/default.nix
+1 -1
View File
@@ -11,7 +11,7 @@ in {
util-nixarr.services.bazarr = { util-nixarr.services.bazarr = {
enable = mkEnableOption "bazarr, a subtitle manager for Sonarr and Radarr"; enable = mkEnableOption "bazarr, a subtitle manager for Sonarr and Radarr";
package = mkPackageOption pkgs "bazarr" { }; package = mkPackageOption pkgs "bazarr" {};
openFirewall = mkOption { openFirewall = mkOption {
type = types.bool; type = types.bool;
nixarr/bazarr/default.nix
+3 -3
View File
@@ -24,7 +24,7 @@ in {
''; '';
}; };
package = mkPackageOption pkgs "bazarr" { }; package = mkPackageOption pkgs "bazarr" {};
stateDir = mkOption { stateDir = mkOption {
type = types.path; type = types.path;
@@ -36,11 +36,11 @@ in {
> **Warning:** Setting this to any path, where the subpath is not > **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example: > owned by root, will fail! For example:
> >
> ```nix > ```nix
> stateDir = /home/user/nixarr/.state/bazarr > stateDir = /home/user/nixarr/.state/bazarr
> ``` > ```
> >
> Is not supported, because `/home/user` is owned by `user`. > Is not supported, because `/home/user` is owned by `user`.
''; '';
}; };
nixarr/default.nix
+55 -44
View File
@@ -21,47 +21,58 @@ with lib; let
fix-permissions = pkgs.writeShellApplication { fix-permissions = pkgs.writeShellApplication {
name = "fix-permissions"; name = "fix-permissions";
runtimeInputs = with pkgs; [util-linux]; runtimeInputs = with pkgs; [util-linux];
text = '' text =
if [ "$EUID" -ne 0 ]; then ''
echo "Please run as root" if [ "$EUID" -ne 0 ]; then
exit echo "Please run as root"
fi exit
fi
find "${cfg.mediaDir}" \( -type d -exec chmod 0775 {} + -true \) -o \( -exec chmod 0664 {} + \) find "${cfg.mediaDir}" \( -type d -exec chmod 0775 {} + -true \) -o \( -exec chmod 0664 {} + \)
'' + strings.optionalString cfg.jellyfin.enable '' ''
chown -R streamer:media "${cfg.mediaDir}/library" + strings.optionalString cfg.jellyfin.enable ''
chown -R streamer:root "${cfg.jellyfin.stateDir}" chown -R streamer:media "${cfg.mediaDir}/library"
find "${cfg.jellyfin.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \) chown -R streamer:root "${cfg.jellyfin.stateDir}"
'' + strings.optionalString cfg.transmission.enable '' find "${cfg.jellyfin.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \)
chown -R torrenter:media "${cfg.mediaDir}/torrents" ''
chown -R torrenter:cross-seed "${cfg.transmission.stateDir}" + strings.optionalString cfg.transmission.enable ''
find "${cfg.transmission.stateDir}" \( -type d -exec chmod 0750 {} + -true \) -o \( -exec chmod 0640 {} + \) chown -R torrenter:media "${cfg.mediaDir}/torrents"
'' + strings.optionalString cfg.sabnzbd.enable '' chown -R torrenter:cross-seed "${cfg.transmission.stateDir}"
chown -R usenet:media "${cfg.mediaDir}/usenet" find "${cfg.transmission.stateDir}" \( -type d -exec chmod 0750 {} + -true \) -o \( -exec chmod 0640 {} + \)
chown -R usenet:root "${cfg.sabnzbd.stateDir}" ''
find "${cfg.sabnzbd.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \) + strings.optionalString cfg.sabnzbd.enable ''
'' + strings.optionalString cfg.transmission.privateTrackers.cross-seed.enable '' chown -R usenet:media "${cfg.mediaDir}/usenet"
chown -R cross-seed:root "${cfg.transmission.privateTrackers.cross-seed.stateDir}" chown -R usenet:root "${cfg.sabnzbd.stateDir}"
find "${cfg.transmission.privateTrackers.cross-seed.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \) find "${cfg.sabnzbd.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \)
'' + strings.optionalString cfg.prowlarr.enable '' ''
chown -R prowlarr:root "${cfg.prowlarr.stateDir}" + strings.optionalString cfg.transmission.privateTrackers.cross-seed.enable ''
find "${cfg.prowlarr.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \) chown -R cross-seed:root "${cfg.transmission.privateTrackers.cross-seed.stateDir}"
'' + strings.optionalString cfg.sonarr.enable '' find "${cfg.transmission.privateTrackers.cross-seed.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \)
chown -R sonarr:root "${cfg.sonarr.stateDir}" ''
find "${cfg.sonarr.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \) + strings.optionalString cfg.prowlarr.enable ''
'' + strings.optionalString cfg.radarr.enable '' chown -R prowlarr:root "${cfg.prowlarr.stateDir}"
chown -R radarr:root "${cfg.radarr.stateDir}" find "${cfg.prowlarr.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \)
find "${cfg.radarr.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \) ''
'' + strings.optionalString cfg.lidarr.enable '' + strings.optionalString cfg.sonarr.enable ''
chown -R lidarr:root "${cfg.lidarr.stateDir}" chown -R sonarr:root "${cfg.sonarr.stateDir}"
find "${cfg.lidarr.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \) find "${cfg.sonarr.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \)
'' + strings.optionalString cfg.bazarr.enable '' ''
chown -R bazarr:root "${cfg.bazarr.stateDir}" + strings.optionalString cfg.radarr.enable ''
find "${cfg.bazarr.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \) chown -R radarr:root "${cfg.radarr.stateDir}"
'' + strings.optionalString cfg.readarr.enable '' find "${cfg.radarr.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \)
chown -R readarr:root "${cfg.readarr.stateDir}" ''
find "${cfg.readarr.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \) + strings.optionalString cfg.lidarr.enable ''
''; chown -R lidarr:root "${cfg.lidarr.stateDir}"
find "${cfg.lidarr.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \)
''
+ strings.optionalString cfg.bazarr.enable ''
chown -R bazarr:root "${cfg.bazarr.stateDir}"
find "${cfg.bazarr.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \)
''
+ strings.optionalString cfg.readarr.enable ''
chown -R readarr:root "${cfg.readarr.stateDir}"
find "${cfg.readarr.stateDir}" \( -type d -exec chmod 0700 {} + -true \) -o \( -exec chmod 0600 {} + \)
'';
}; };
in { in {
imports = [ imports = [
@@ -135,11 +146,11 @@ in {
> **Warning:** Setting this to any path, where the subpath is not > **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example: > owned by root, will fail! For example:
> >
> ```nix > ```nix
> mediaDir = /home/user/nixarr > mediaDir = /home/user/nixarr
> ``` > ```
> >
> Is not supported, because `/home/user` is owned by `user`. > Is not supported, because `/home/user` is owned by `user`.
''; '';
}; };
@@ -153,11 +164,11 @@ in {
> **Warning:** Setting this to any path, where the subpath is not > **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example: > owned by root, will fail! For example:
> >
> ```nix > ```nix
> stateDir = /home/user/nixarr/.state > stateDir = /home/user/nixarr/.state
> ``` > ```
> >
> Is not supported, because `/home/user` is owned by `user`. > Is not supported, because `/home/user` is owned by `user`.
''; '';
}; };
nixarr/jellyfin/default.nix
+3 -3
View File
@@ -21,7 +21,7 @@ in
''; '';
}; };
package = mkPackageOption pkgs "jellyfin" { }; package = mkPackageOption pkgs "jellyfin" {};
stateDir = mkOption { stateDir = mkOption {
type = types.path; type = types.path;
@@ -33,11 +33,11 @@ in
> **Warning:** Setting this to any path, where the subpath is not > **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example: > owned by root, will fail! For example:
> >
> ```nix > ```nix
> stateDir = /home/user/nixarr/.state/jellyfin > stateDir = /home/user/nixarr/.state/jellyfin
> ``` > ```
> >
> Is not supported, because `/home/user` is owned by `user`. > Is not supported, because `/home/user` is owned by `user`.
''; '';
}; };
nixarr/lidarr/default.nix
+1 -1
View File
@@ -21,7 +21,7 @@ in {
''; '';
}; };
package = mkPackageOption pkgs "lidarr" { }; package = mkPackageOption pkgs "lidarr" {};
stateDir = mkOption { stateDir = mkOption {
type = types.path; type = types.path;
nixarr/prowlarr/default.nix
+3 -3
View File
@@ -25,7 +25,7 @@ in {
''; '';
}; };
package = mkPackageOption pkgs "prowlarr" { }; package = mkPackageOption pkgs "prowlarr" {};
stateDir = mkOption { stateDir = mkOption {
type = types.path; type = types.path;
@@ -37,11 +37,11 @@ in {
> **Warning:** Setting this to any path, where the subpath is not > **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example: > owned by root, will fail! For example:
> >
> ```nix > ```nix
> stateDir = /home/user/nixarr/.state/prowlarr > stateDir = /home/user/nixarr/.state/prowlarr
> ``` > ```
> >
> Is not supported, because `/home/user` is owned by `user`. > Is not supported, because `/home/user` is owned by `user`.
''; '';
}; };
nixarr/radarr/default.nix
+3 -3
View File
@@ -21,7 +21,7 @@ in {
''; '';
}; };
package = mkPackageOption pkgs "radarr" { }; package = mkPackageOption pkgs "radarr" {};
stateDir = mkOption { stateDir = mkOption {
type = types.path; type = types.path;
@@ -33,11 +33,11 @@ in {
> **Warning:** Setting this to any path, where the subpath is not > **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example: > owned by root, will fail! For example:
> >
> ```nix > ```nix
> stateDir = /home/user/nixarr/.state/radarr > stateDir = /home/user/nixarr/.state/radarr
> ``` > ```
> >
> Is not supported, because `/home/user` is owned by `user`. > Is not supported, because `/home/user` is owned by `user`.
''; '';
}; };
nixarr/readarr/default.nix
+3 -3
View File
@@ -21,7 +21,7 @@ in {
''; '';
}; };
package = mkPackageOption pkgs "readarr" { }; package = mkPackageOption pkgs "readarr" {};
stateDir = mkOption { stateDir = mkOption {
type = types.path; type = types.path;
@@ -33,11 +33,11 @@ in {
> **Warning:** Setting this to any path, where the subpath is not > **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example: > owned by root, will fail! For example:
> >
> ```nix > ```nix
> stateDir = /home/user/nixarr/.state/readarr > stateDir = /home/user/nixarr/.state/readarr
> ``` > ```
> >
> Is not supported, because `/home/user` is owned by `user`. > Is not supported, because `/home/user` is owned by `user`.
''; '';
}; };
nixarr/sabnzbd/default.nix
+81 -79
View File
@@ -21,16 +21,16 @@ in {
> **Warning:** Setting this to any path, where the subpath is not > **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example: > owned by root, will fail! For example:
> >
> ```nix > ```nix
> stateDir = /home/user/nixarr/.state/sabnzbd > stateDir = /home/user/nixarr/.state/sabnzbd
> ``` > ```
> >
> Is not supported, because `/home/user` is owned by `user`. > Is not supported, because `/home/user` is owned by `user`.
''; '';
}; };
package = mkPackageOption pkgs "sabnzbd" { }; package = mkPackageOption pkgs "sabnzbd" {};
guiPort = mkOption { guiPort = mkOption {
type = types.port; type = types.port;
@@ -56,18 +56,18 @@ in {
example = literalExpression ''[ "mediaserv" "media.example.com" ]''; example = literalExpression ''[ "mediaserv" "media.example.com" ]'';
description = '' description = ''
A list that specifies what URLs that are allowed to represent your A list that specifies what URLs that are allowed to represent your
SABnzbd instance. SABnzbd instance.
> **Note:** If you see an error message like this when trying to connect to > **Note:** If you see an error message like this when trying to connect to
> SABnzbd from another device: > SABnzbd from another device:
> >
> ``` > ```
> Refused connection with hostname "your.hostname.com" > Refused connection with hostname "your.hostname.com"
> ``` > ```
> >
> Then you should add your hostname ("`hostname.com`" above) to > Then you should add your hostname ("`hostname.com`" above) to
> this list. > this list.
> >
> SABnzbd only allows connections matching these URLs in order to prevent > SABnzbd only allows connections matching these URLs in order to prevent
> DNS hijacking. See <https://sabnzbd.org/wiki/extra/hostname-check.html> > DNS hijacking. See <https://sabnzbd.org/wiki/extra/hostname-check.html>
> for more info. > for more info.
@@ -97,7 +97,7 @@ in {
}; };
}; };
config = let config = let
ini-file-target = "${cfg.stateDir}/sabnzbd.ini"; ini-file-target = "${cfg.stateDir}/sabnzbd.ini";
concatStringsCommaIfExists = with lib.strings; concatStringsCommaIfExists = with lib.strings;
stringList: ( stringList: (
@@ -154,9 +154,10 @@ in {
user-configs user-configs
); );
apply-user-configs-script = pkgs.writers.writePython3Bin "sabnzbd-set-user-values" { apply-user-configs-script =
libraries = [pkgs.python3Packages.configobj]; pkgs.writers.writePython3Bin "sabnzbd-set-user-values" {
} '' libraries = [pkgs.python3Packages.configobj];
} ''
# flake8: noqa # flake8: noqa
from pathlib import Path from pathlib import Path
from configobj import ConfigObj from configobj import ConfigObj
@@ -170,86 +171,87 @@ in {
${lib.strings.concatStringsSep "\n" user-configs-to-python-list} ${lib.strings.concatStringsSep "\n" user-configs-to-python-list}
sab_config_map.write() sab_config_map.write()
''; '';
in mkIf cfg.enable { in
users = { mkIf cfg.enable {
groups.usenet = {}; users = {
users.usenet = { groups.usenet = {};
isSystemUser = true; users.usenet = {
group = "usenet"; isSystemUser = true;
group = "usenet";
};
}; };
};
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' 0700 usenet root - -" "d '${cfg.stateDir}' 0700 usenet root - -"
"C ${cfg.stateDir}/sabnzbd.ini - - - - ${ini-base-config-file}" "C ${cfg.stateDir}/sabnzbd.ini - - - - ${ini-base-config-file}"
# Media dirs # Media dirs
"d '${nixarr.mediaDir}/usenet' 0755 usenet media - -" "d '${nixarr.mediaDir}/usenet' 0755 usenet media - -"
"d '${nixarr.mediaDir}/usenet/.incomplete' 0755 usenet media - -" "d '${nixarr.mediaDir}/usenet/.incomplete' 0755 usenet media - -"
"d '${nixarr.mediaDir}/usenet/.watch' 0755 usenet media - -" "d '${nixarr.mediaDir}/usenet/.watch' 0755 usenet media - -"
"d '${nixarr.mediaDir}/usenet/manual' 0775 usenet media - -" "d '${nixarr.mediaDir}/usenet/manual' 0775 usenet media - -"
"d '${nixarr.mediaDir}/usenet/liadarr' 0775 usenet media - -" "d '${nixarr.mediaDir}/usenet/liadarr' 0775 usenet media - -"
"d '${nixarr.mediaDir}/usenet/radarr' 0775 usenet media - -" "d '${nixarr.mediaDir}/usenet/radarr' 0775 usenet media - -"
"d '${nixarr.mediaDir}/usenet/sonarr' 0775 usenet media - -" "d '${nixarr.mediaDir}/usenet/sonarr' 0775 usenet media - -"
"d '${nixarr.mediaDir}/usenet/readarr' 0775 usenet media - -" "d '${nixarr.mediaDir}/usenet/readarr' 0775 usenet media - -"
];
services.sabnzbd = {
enable = true;
package = cfg.package;
user = "usenet";
group = "media";
configFile = "${cfg.stateDir}/sabnzbd.ini";
};
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [cfg.guiPort];
systemd.services.sabnzbd.serviceConfig = {
ExecStartPre = lib.mkBefore [
("+" + fix-config-permissions-script + "/bin/sabnzbd-fix-config-permissions")
(apply-user-configs-script + "/bin/sabnzbd-set-user-values")
]; ];
Restart = "on-failure";
StartLimitBurst = 5;
};
# Enable and specify VPN namespace to confine service in. services.sabnzbd = {
systemd.services.sabnzbd.vpnConfinement = mkIf cfg.vpn.enable { enable = true;
enable = true; package = cfg.package;
vpnNamespace = "wg"; user = "usenet";
}; group = "media";
configFile = "${cfg.stateDir}/sabnzbd.ini";
};
# Port mappings networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [cfg.guiPort];
vpnNamespaces.wg = mkIf cfg.vpn.enable {
portMappings = [
{
from = cfg.guiPort;
to = cfg.guiPort;
}
];
};
services.nginx = mkIf cfg.vpn.enable { systemd.services.sabnzbd.serviceConfig = {
enable = true; ExecStartPre = lib.mkBefore [
("+" + fix-config-permissions-script + "/bin/sabnzbd-fix-config-permissions")
(apply-user-configs-script + "/bin/sabnzbd-set-user-values")
];
Restart = "on-failure";
StartLimitBurst = 5;
};
recommendedTlsSettings = true; # Enable and specify VPN namespace to confine service in.
recommendedOptimisation = true; systemd.services.sabnzbd.vpnConfinement = mkIf cfg.vpn.enable {
recommendedGzipSettings = true; enable = true;
vpnNamespace = "wg";
};
virtualHosts."127.0.0.1:${builtins.toString cfg.guiPort}" = { # Port mappings
listen = [ vpnNamespaces.wg = mkIf cfg.vpn.enable {
portMappings = [
{ {
addr = "0.0.0.0"; from = cfg.guiPort;
port = cfg.guiPort; to = cfg.guiPort;
} }
]; ];
locations."/" = { };
recommendedProxySettings = true;
proxyWebsockets = true; services.nginx = mkIf cfg.vpn.enable {
proxyPass = "http://192.168.15.1:${builtins.toString cfg.guiPort}"; enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts."127.0.0.1:${builtins.toString cfg.guiPort}" = {
listen = [
{
addr = "0.0.0.0";
port = cfg.guiPort;
}
];
locations."/" = {
recommendedProxySettings = true;
proxyWebsockets = true;
proxyPass = "http://192.168.15.1:${builtins.toString cfg.guiPort}";
};
}; };
}; };
}; };
};
} }
nixarr/sonarr/default.nix
+3 -3
View File
@@ -21,7 +21,7 @@ in {
''; '';
}; };
package = mkPackageOption pkgs "sonarr" { }; package = mkPackageOption pkgs "sonarr" {};
stateDir = mkOption { stateDir = mkOption {
type = types.path; type = types.path;
@@ -33,11 +33,11 @@ in {
> **Warning:** Setting this to any path, where the subpath is not > **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example: > owned by root, will fail! For example:
> >
> ```nix > ```nix
> stateDir = /home/user/nixarr/.state/sonarr > stateDir = /home/user/nixarr/.state/sonarr
> ``` > ```
> >
> Is not supported, because `/home/user` is owned by `user`. > Is not supported, because `/home/user` is owned by `user`.
''; '';
}; };
nixarr/transmission/default.nix
+10 -9
View File
@@ -76,7 +76,7 @@ in {
''; '';
}; };
package = mkPackageOption pkgs "transmission_4" { }; package = mkPackageOption pkgs "transmission_4" {};
stateDir = mkOption { stateDir = mkOption {
type = types.path; type = types.path;
@@ -88,11 +88,11 @@ in {
> **Warning:** Setting this to any path, where the subpath is not > **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example: > owned by root, will fail! For example:
> >
> ```nix > ```nix
> stateDir = /home/user/nixarr/.state/transmission > stateDir = /home/user/nixarr/.state/transmission
> ``` > ```
> >
> Is not supported, because `/home/user` is owned by `user`. > Is not supported, because `/home/user` is owned by `user`.
''; '';
}; };
@@ -108,7 +108,7 @@ in {
extraAllowedIps = mkOption { extraAllowedIps = mkOption {
type = with types; listOf str; type = with types; listOf str;
default = []; default = [];
example = [ "10.19.5.10" ]; example = ["10.19.5.10"];
description = '' description = ''
Extra IP addresses allowed to access the Transmission RPC. By default Extra IP addresses allowed to access the Transmission RPC. By default
`192.168.*` and `127.0.0.1` (localhost) are allowed, but if your `192.168.*` and `127.0.0.1` (localhost) are allowed, but if your
@@ -167,11 +167,11 @@ in {
> **Warning:** Setting this to any path, where the subpath is not > **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example: > owned by root, will fail! For example:
> >
> ```nix > ```nix
> stateDir = /home/user/nixarr/.state/cross-seed > stateDir = /home/user/nixarr/.state/cross-seed
> ``` > ```
> >
> Is not supported, because `/home/user` is owned by `user`. > Is not supported, because `/home/user` is owned by `user`.
''; '';
}; };
@@ -318,7 +318,7 @@ in {
"d '${nixarr.mediaDir}/torrents/radarr' 0755 torrenter media - -" "d '${nixarr.mediaDir}/torrents/radarr' 0755 torrenter media - -"
"d '${nixarr.mediaDir}/torrents/sonarr' 0755 torrenter media - -" "d '${nixarr.mediaDir}/torrents/sonarr' 0755 torrenter media - -"
"d '${nixarr.mediaDir}/torrents/readarr' 0755 torrenter media - -" "d '${nixarr.mediaDir}/torrents/readarr' 0755 torrenter media - -"
]; ];
util-nixarr.services.cross-seed = mkIf cfg-cross-seed.enable { util-nixarr.services.cross-seed = mkIf cfg-cross-seed.enable {
enable = true; enable = true;
@@ -387,8 +387,9 @@ in {
rpc-port = cfg.uiPort; rpc-port = cfg.uiPort;
rpc-whitelist-enabled = true; rpc-whitelist-enabled = true;
rpc-whitelist = strings.concatStringsSep "," ([ rpc-whitelist = strings.concatStringsSep "," ([
"127.0.0.1,192.168.*,10.*" # Defaults "127.0.0.1,192.168.*,10.*" # Defaults
] ++ cfg.extraAllowedIps); ]
++ cfg.extraAllowedIps);
rpc-authentication-required = false; rpc-authentication-required = false;
blocklist-enabled = true; blocklist-enabled = true;