Added package options to all modules

2024-09-19 22:49:35 +02:00
parent 0ef85b5345
commit c93ecf892e
18 changed files with 150 additions and 117 deletions
@@ -1,11 +1,19 @@
 # Changelog

+## 2024-09-19
+
+Added:
+- Options to control the package of each service
+- sub-merge package to systemPkgs
+
+Updated:
+- All submodules (notably VPNConfinement)
+
 ## 2024-06-11

 Updated:
 - VPNConfinement submodule

-
 ## 2024-03-12

 Added:
@@ -2,17 +2,16 @@
  "nodes": {
    "devshell": {
      "inputs": {
-        "flake-utils": "flake-utils",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
-        "lastModified": 1717408969,
-        "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=",
+        "lastModified": 1722113426,
+        "narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=",
        "owner": "numtide",
        "repo": "devshell",
-        "rev": "1ebbe68d57457c8cae98145410b164b5477761f4",
+        "rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae",
        "type": "github"
      },
      "original": {
@@ -28,11 +27,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1717285511,
-        "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
+        "lastModified": 1726153070,
+        "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
+        "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a",
        "type": "github"
      },
      "original": {
@@ -64,11 +63,11 @@
    },
    "flake-root": {
      "locked": {
-        "lastModified": 1713493429,
-        "narHash": "sha256-ztz8JQkI08tjKnsTpfLqzWoKFQF4JGu2LRz8bkdnYUk=",
+        "lastModified": 1723604017,
+        "narHash": "sha256-rBtQ8gg+Dn4Sx/s+pvjdq3CB2wQNzx9XGFq/JVGCB6k=",
        "owner": "srid",
        "repo": "flake-root",
-        "rev": "bc748b93b86ee76e2032eecda33440ceb2532fcd",
+        "rev": "b759a56851e10cb13f6b8e5698af7b59c44be26e",
        "type": "github"
      },
      "original": {
@@ -77,31 +76,13 @@
        "type": "github"
      }
    },
-    "flake-utils": {
-      "inputs": {
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1701680307,
-        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1717893485,
-        "narHash": "sha256-WMU6ZRZrBgEUDIF0siu2aIyVAXcxfElSwzZtS/mSpN4=",
+        "lastModified": 1726583932,
+        "narHash": "sha256-zACxiQx8knB3F8+Ze+1BpiYrI+CbhxyWpcSID9kVhkQ=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "3bcedce9f4de37570242faf16e1e143583407eab",
+        "rev": "658e7223191d2598641d50ee4e898126768fe847",
        "type": "github"
      },
      "original": {
@@ -117,22 +98,50 @@
        "flake-parts": "flake-parts",
        "flake-root": "flake-root",
        "nixpkgs": "nixpkgs",
+        "sub-merge": "sub-merge",
        "treefmt-nix": "treefmt-nix",
        "vpnconfinement": "vpnconfinement"
      }
    },
-    "systems": {
+    "rust-overlay": {
+      "inputs": {
+        "nixpkgs": [
+          "sub-merge",
+          "nixpkgs"
+        ]
+      },
      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "lastModified": 1726626348,
+        "narHash": "sha256-sYV7e1B1yLcxo8/h+/hTwzZYmaju2oObNiy5iRI0C30=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "6fd52ad8bd88f39efb2c999cc971921c2fb9f3a2",
        "type": "github"
      },
      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
+    "sub-merge": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "rust-overlay": "rust-overlay"
+      },
+      "locked": {
+        "lastModified": 1726777757,
+        "narHash": "sha256-erzx+U/itU8MmIj1lhYoKHElCWaHJetsUihTlfW2OrQ=",
+        "owner": "rasmus-kirk",
+        "repo": "sub-merge",
+        "rev": "01e8d59a07a6841a2ac17f5cf73f077e47bf2ec4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "rasmus-kirk",
+        "repo": "sub-merge",
        "type": "github"
      }
    },
@@ -143,11 +152,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1717850719,
-        "narHash": "sha256-npYqVg+Wk4oxnWrnVG7416fpfrlRhp/lQ6wQ4DHI8YE=",
+        "lastModified": 1726734507,
+        "narHash": "sha256-VUH5O5AcOSxb0uL/m34dDkxFKP6WLQ6y4I1B4+N3L2w=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "4fc1c45a5f50169f9f29f6a98a438fb910b834ed",
+        "rev": "ee41a466c2255a3abe6bc50fc6be927cdee57a9f",
        "type": "github"
      },
      "original": {
@@ -164,11 +173,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1718094603,
-        "narHash": "sha256-1XhMelD62FU3Us3BGzH1VQTIqN2eeMmkM69NNowD5/8=",
+        "lastModified": 1725824375,
+        "narHash": "sha256-c0nVYn1Jcjqt7XLXRM7jBmkvwMu+qcUVO7AL8+ZwiaQ=",
        "owner": "Maroka-chan",
        "repo": "VPN-Confinement",
-        "rev": "9ff61662f1a167b53897bd120811dd7ec22a1b88",
+        "rev": "0fc1023446e906094fef69ccd6991d8659b34d42",
        "type": "github"
      },
      "original": {
@@ -28,12 +28,12 @@
    treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
  };

-  outputs = inputs @ {
+  outputs = {
    flake-parts,
    vpnconfinement,
    sub-merge,
    ...
-  }:
+  } @ inputs:
    flake-parts.lib.mkFlake {
      inherit inputs;
    } {
@@ -48,9 +48,9 @@

      flake = {
        nixosModules = rec {
-          nixarr = import ./nixarr vpnconfinement;
+          nixarr = import ./nixarr sub-merge vpnconfinement;
          imports = [ vpnconfinement.nixosModules.default ];
-          specialArgs = { inherit inputs; };
+          #specialArgs = { inherit sub-merge; };
          default = nixarr;
        };
      };
@@ -11,6 +11,8 @@ in {
    util-nixarr.services.bazarr = {
      enable = mkEnableOption "bazarr, a subtitle manager for Sonarr and Radarr";

+      package = mkPackageOption pkgs "bazarr" { };
+
      openFirewall = mkOption {
        type = types.bool;
        default = false;
@@ -1,6 +1,7 @@
 {
  config,
  lib,
+  pkgs,
  ...
 }:
 with lib; let
@@ -23,6 +24,8 @@ in {
      '';
    };

+    package = mkPackageOption pkgs "bazarr" { };
+
    stateDir = mkOption {
      type = types.path;
      default = "${nixarr.stateDir}/bazarr";
@@ -82,6 +85,7 @@ in {

    util-nixarr.services.bazarr = {
      enable = cfg.enable;
+      package = cfg.package;
      user = "bazarr";
      group = "media";
      openFirewall = cfg.openFirewall;
@@ -89,14 +93,14 @@ in {
    };

    # Enable and specify VPN namespace to confine service in.
-    systemd.services.bazarr.vpnconfinement = mkIf cfg.vpn.enable {
+    systemd.services.bazarr.vpnConfinement = mkIf cfg.vpn.enable {
      enable = true;
-      vpnnamespace = "wg";
+      vpnNamespace = "wg";
    };

    # Port mappings
    # TODO: openports
-    vpnnamespaces.wg = mkIf cfg.vpn.enable {
+    vpnNamespaces.wg = mkIf cfg.vpn.enable {
      portMappings = [
        {
          from = config.bazarr.listenPort;
@@ -196,9 +196,9 @@ in {
        ddnsNjallaVpn = {
          description = "Sets the Njalla DDNS records over VPN";

-          vpnconfinement = {
+          vpnConfinement = {
            enable = true;
-            vpnnamespace = "wg";
+            vpnNamespace = "wg";
          };

          serviceConfig = {
@@ -1,6 +1,8 @@
-vpnconfinement: {...}: {
+sub-merge: vpnconfinement: { pkgs, ... }: {
  imports = [
    vpnconfinement.nixosModules.default
    ./nixarr.nix
  ];
+
+  config.environment.systemPackages = [ sub-merge.packages."${pkgs.system}".default ];
 }
@@ -1,6 +1,7 @@
 {
  config,
  lib,
+  pkgs,
  ...
 }: let
  cfg = config.nixarr.jellyfin;
@@ -20,6 +21,8 @@ in
        '';
      };

+      package = mkPackageOption pkgs "jellyfin" { };
+
      stateDir = mkOption {
        type = types.path;
        default = "${nixarr.stateDir}/jellyfin";
@@ -224,6 +227,7 @@ in

        services.jellyfin = {
          enable = cfg.enable;
+          package = cfg.package;
          user = "streamer";
          group = "media";
          openFirewall = cfg.openFirewall;
@@ -295,14 +299,14 @@ in
        };

        # Enable and specify VPN namespace to confine service in.
-        systemd.services.jellyfin.vpnconfinement = mkIf cfg.vpn.enable {
+        systemd.services.jellyfin.vpnConfinement = mkIf cfg.vpn.enable {
          enable = true;
-          vpnnamespace = "wg";
+          vpnNamespace = "wg";
        };

        # Port mappings
        # TODO: openports if expose.vpn
-        vpnnamespaces.wg = mkIf cfg.vpn.enable {
+        vpnNamespaces.wg = mkIf cfg.vpn.enable {
          portMappings = [
            {
              from = defaultPort;
@@ -1,6 +1,7 @@
 {
  config,
  lib,
+  pkgs,
  ...
 }:
 with lib; let
@@ -20,6 +21,8 @@ in {
      '';
    };

+    package = mkPackageOption pkgs "lidarr" { };
+
    stateDir = mkOption {
      type = types.path;
      default = "${nixarr.stateDir}/lidarr";
@@ -79,6 +82,7 @@ in {

    services.lidarr = {
      enable = cfg.enable;
+      package = cfg.package;
      user = "lidarr";
      group = "media";
      openFirewall = cfg.openFirewall;
@@ -86,14 +90,14 @@ in {
    };

    # Enable and specify VPN namespace to confine service in.
-    systemd.services.lidarr.vpnconfinement = mkIf cfg.vpn.enable {
+    systemd.services.lidarr.vpnConfinement = mkIf cfg.vpn.enable {
      enable = true;
-      vpnnamespace = "wg";
+      vpnNamespace = "wg";
    };

    # Port mappings
    # TODO: openports
-    vpnnamespaces.wg = mkIf cfg.vpn.enable {
+    vpnNamespaces.wg = mkIf cfg.vpn.enable {
      portMappings = [
        {
          from = defaultPort;
@@ -2,7 +2,6 @@
  config,
  lib,
  pkgs,
-  inputs,
  ...
 }:
 with lib; let
@@ -241,13 +240,12 @@ in {
    ];

    environment.systemPackages = with pkgs; [
-      inputs.sub-merge.packages."${system}".default
      jdupes
      list-unlinked
      fix-permissions
    ];

-    vpnnamespaces.wg = mkIf cfg.vpn.enable {
+    vpnNamespaces.wg = mkIf cfg.vpn.enable {
      enable = true;
      openVPNPorts = optional (cfg.vpn.vpnTestService.port != null) {
        port = cfg.vpn.vpnTestService.port;
@@ -264,9 +262,9 @@ in {
    systemd.services.vpn-test-service = mkIf cfg.vpn.vpnTestService.enable {
      enable = true;

-      vpnconfinement = {
+      vpnConfinement = {
        enable = true;
-        vpnnamespace = "wg";
+        vpnNamespace = "wg";
      };

      script = let
@@ -89,13 +89,13 @@ in {
      else [];

    # Enable and specify VPN namespace to confine service in.
-    systemd.services.openssh.vpnconfinement = {
+    systemd.services.openssh.vpnConfinement = {
      enable = true;
-      vpnnamespace = "wg";
+      vpnNamespace = "wg";
    };

    # Port mappings
-    vpnnamespaces.wg = {
+    vpnNamespaces.wg = {
      portMappings = [
        {
          From = defaultPort;
@@ -1,7 +1,7 @@
-# TODO: Dir creation and file permissions in nix
 {
  config,
  lib,
+  pkgs,
  ...
 }:
 with lib; let
@@ -25,6 +25,8 @@ in {
      '';
    };

+    package = mkPackageOption pkgs "prowlarr" { };
+
    stateDir = mkOption {
      type = types.path;
      default = "${nixarr.stateDir}/prowlarr";
@@ -84,18 +86,19 @@ in {

    util-nixarr.services.prowlarr = {
      enable = true;
+      package = cfg.package;
      openFirewall = cfg.openFirewall;
      dataDir = cfg.stateDir;
    };

    # Enable and specify VPN namespace to confine service in.
-    systemd.services.prowlarr.vpnconfinement = mkIf cfg.vpn.enable {
+    systemd.services.prowlarr.vpnConfinement = mkIf cfg.vpn.enable {
      enable = true;
-      vpnnamespace = "wg";
+      vpnNamespace = "wg";
    };

    # Port mappings
-    vpnnamespaces.wg = mkIf cfg.vpn.enable {
+    vpnNamespaces.wg = mkIf cfg.vpn.enable {
      portMappings = [
        {
          from = defaultPort;
@@ -1,7 +1,7 @@
-# TODO: Dir creation and file permissions in nix
 {
  config,
  lib,
+  pkgs,
  ...
 }:
 with lib; let
@@ -21,6 +21,8 @@ in {
      '';
    };

+    package = mkPackageOption pkgs "radarr" { };
+
    stateDir = mkOption {
      type = types.path;
      default = "${nixarr.stateDir}/radarr";
@@ -80,6 +82,7 @@ in {

    services.radarr = {
      enable = cfg.enable;
+      package = cfg.package;
      user = "radarr";
      group = "media";
      openFirewall = cfg.openFirewall;
@@ -87,13 +90,13 @@ in {
    };

    # Enable and specify VPN namespace to confine service in.
-    systemd.services.radarr.vpnconfinement = mkIf cfg.vpn.enable {
+    systemd.services.radarr.vpnConfinement = mkIf cfg.vpn.enable {
      enable = true;
-      vpnnamespace = "wg";
+      vpnNamespace = "wg";
    };

    # Port mappings
-    vpnnamespaces.wg = mkIf cfg.vpn.enable {
+    vpnNamespaces.wg = mkIf cfg.vpn.enable {
      portMappings = [
        {
          from = defaultPort;
@@ -1,6 +1,7 @@
 {
  config,
  lib,
+  pkgs,
  ...
 }:
 with lib; let
@@ -20,6 +21,8 @@ in {
      '';
    };

+    package = mkPackageOption pkgs "readarr" { };
+
    stateDir = mkOption {
      type = types.path;
      default = "${nixarr.stateDir}/readarr";
@@ -79,6 +82,7 @@ in {

    services.readarr = {
      enable = cfg.enable;
+      package = cfg.package;
      user = "readarr";
      group = "media";
      openFirewall = cfg.openFirewall;
@@ -86,13 +90,13 @@ in {
    };

    # Enable and specify VPN namespace to confine service in.
-    systemd.services.readarr.vpnconfinement = mkIf cfg.vpn.enable {
+    systemd.services.readarr.vpnConfinement = mkIf cfg.vpn.enable {
      enable = true;
-      vpnnamespace = "wg";
+      vpnNamespace = "wg";
    };

    # Port mappings
-    vpnnamespaces.wg = mkIf cfg.vpn.enable {
+    vpnNamespaces.wg = mkIf cfg.vpn.enable {
      portMappings = [
        {
          from = defaultPort;
@@ -30,6 +30,8 @@ in {
      '';
    };

+    package = mkPackageOption pkgs "sabnzbd" { };
+
    guiPort = mkOption {
      type = types.port;
      default = 8080;
@@ -195,6 +197,7 @@ in {

    services.sabnzbd = {
      enable = true;
+      package = cfg.package;
      user = "usenet";
      group = "media";
      configFile = "${cfg.stateDir}/sabnzbd.ini";
@@ -212,13 +215,13 @@ in {
    };

    # Enable and specify VPN namespace to confine service in.
-    systemd.services.sabnzbd.vpnconfinement = mkIf cfg.vpn.enable {
+    systemd.services.sabnzbd.vpnConfinement = mkIf cfg.vpn.enable {
      enable = true;
-      vpnnamespace = "wg";
+      vpnNamespace = "wg";
    };

    # Port mappings
-    vpnnamespaces.wg = mkIf cfg.vpn.enable {
+    vpnNamespaces.wg = mkIf cfg.vpn.enable {
      portMappings = [
        {
          from = cfg.guiPort;
@@ -1,7 +1,7 @@
-# TODO: Dir creation and file permissions in nix
 {
  config,
  lib,
+  pkgs,
  ...
 }:
 with lib; let
@@ -21,6 +21,8 @@ in {
      '';
    };

+    package = mkPackageOption pkgs "sonarr" { };
+
    stateDir = mkOption {
      type = types.path;
      default = "${nixarr.stateDir}/sonarr";
@@ -80,6 +82,7 @@ in {

    services.sonarr = {
      enable = cfg.enable;
+      package = cfg.package;
      user = "sonarr";
      group = "media";
      openFirewall = cfg.openFirewall;
@@ -87,13 +90,13 @@ in {
    };

    # Enable and specify VPN namespace to confine service in.
-    systemd.services.sonarr.vpnconfinement = mkIf cfg.vpn.enable {
+    systemd.services.sonarr.vpnConfinement = mkIf cfg.vpn.enable {
      enable = true;
-      vpnnamespace = "wg";
+      vpnNamespace = "wg";
    };

    # Port mappings
-    vpnnamespaces.wg = mkIf cfg.vpn.enable {
+    vpnNamespaces.wg = mkIf cfg.vpn.enable {
      portMappings = [
        {
          from = defaultPort;
@@ -22,20 +22,6 @@ with lib; let
    // Parse the JSON content into a JavaScript object
    let config = JSON.parse(configFileContent);

-    // Function to recursively replace null values with undefined
-    /*
-    function replaceNullWithUndefined(obj) {
-      Object.keys(obj).forEach(key => {
-        if (obj[key] === null) {
-          obj[key] = undefined;
-        } else if (typeof obj[key] === 'object') {
-          replaceNullWithUndefined(obj[key]);
-        }
-      });
-    }
-    replaceNullWithUndefined(config);
-    */
-
    // Export the configuration object
    module.exports = config;
  '';
@@ -52,19 +38,19 @@ in {
            delay = 10;
          }
        '';
-        description = "cross-seed config"; # TODO: todo
+        description = "Settings for cross-seed";
      };

      dataDir = mkOption {
        type = types.path;
        default = "/var/lib/cross-seed";
-        description = "cross-seed dataDir"; # TODO: todo
+        description = "The cross-seed dataDir";
      };

      credentialsFile = mkOption {
        type = types.path;
        default = "/run/secrets/cross-seed/credentialsFile.json";
-        description = "cross-seed dataDir"; # TODO: todo
+        description = "Secret options to be merged into the cross-seed config";
      };

      user = mkOption {
@@ -431,13 +431,13 @@ in {
    };

    # Enable and specify VPN namespace to confine service in.
-    systemd.services.transmission.vpnconfinement = mkIf cfg.vpn.enable {
+    systemd.services.transmission.vpnConfinement = mkIf cfg.vpn.enable {
      enable = true;
-      vpnnamespace = "wg";
+      vpnNamespace = "wg";
    };

    # Port mappings
-    vpnnamespaces.wg = mkIf cfg.vpn.enable {
+    vpnNamespaces.wg = mkIf cfg.vpn.enable {
      portMappings = [
        {
          from = cfg.uiPort;