fujin/nixarr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added package options to all modules

Browse Source
This commit is contained in:
rasmus-kirk
2024-09-19 22:49:35 +02:00
parent 0ef85b5345
commit c93ecf892e
18 changed files with 150 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CHANGELOG.md
+9 -1
View File
@@ -1,11 +1,19 @@
# Changelog
## 2024-09-19
Added:
- Options to control the package of each service
- sub-merge package to systemPkgs
Updated:
- All submodules (notably VPNConfinement)
## 2024-06-11
Updated:
- VPNConfinement submodule
## 2024-03-12
Added:
flake.lock
Generated
+54 -45
View File
@@ -2,17 +2,16 @@
"nodes": {
"devshell": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1717408969,
"narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=",
"lastModified": 1722113426,
"narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=",
"owner": "numtide",
"repo": "devshell",
"rev": "1ebbe68d57457c8cae98145410b164b5477761f4",
"rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae",
"type": "github"
},
"original": {
@@ -28,11 +27,11 @@
]
},
"locked": {
"lastModified": 1717285511,
"narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
"lastModified": 1726153070,
"narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
"rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a",
"type": "github"
},
"original": {
@@ -64,11 +63,11 @@
},
"flake-root": {
"locked": {
"lastModified": 1713493429,
"narHash": "sha256-ztz8JQkI08tjKnsTpfLqzWoKFQF4JGu2LRz8bkdnYUk=",
"lastModified": 1723604017,
"narHash": "sha256-rBtQ8gg+Dn4Sx/s+pvjdq3CB2wQNzx9XGFq/JVGCB6k=",
"owner": "srid",
"repo": "flake-root",
"rev": "bc748b93b86ee76e2032eecda33440ceb2532fcd",
"rev": "b759a56851e10cb13f6b8e5698af7b59c44be26e",
"type": "github"
},
"original": {
@@ -77,31 +76,13 @@
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1717893485,
"narHash": "sha256-WMU6ZRZrBgEUDIF0siu2aIyVAXcxfElSwzZtS/mSpN4=",
"lastModified": 1726583932,
"narHash": "sha256-zACxiQx8knB3F8+Ze+1BpiYrI+CbhxyWpcSID9kVhkQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3bcedce9f4de37570242faf16e1e143583407eab",
"rev": "658e7223191d2598641d50ee4e898126768fe847",
"type": "github"
},
"original": {
@@ -117,22 +98,50 @@
"flake-parts": "flake-parts",
"flake-root": "flake-root",
"nixpkgs": "nixpkgs",
"sub-merge": "sub-merge",
"treefmt-nix": "treefmt-nix",
"vpnconfinement": "vpnconfinement"
}
},
"systems": {
"rust-overlay": {
"inputs": {
"nixpkgs": [
"sub-merge",
"nixpkgs"
]
},
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"lastModified": 1726626348,
"narHash": "sha256-sYV7e1B1yLcxo8/h+/hTwzZYmaju2oObNiy5iRI0C30=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "6fd52ad8bd88f39efb2c999cc971921c2fb9f3a2",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"sub-merge": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1726777757,
"narHash": "sha256-erzx+U/itU8MmIj1lhYoKHElCWaHJetsUihTlfW2OrQ=",
"owner": "rasmus-kirk",
"repo": "sub-merge",
"rev": "01e8d59a07a6841a2ac17f5cf73f077e47bf2ec4",
"type": "github"
},
"original": {
"owner": "rasmus-kirk",
"repo": "sub-merge",
"type": "github"
}
},
@@ -143,11 +152,11 @@
]
},
"locked": {
"lastModified": 1717850719,
"narHash": "sha256-npYqVg+Wk4oxnWrnVG7416fpfrlRhp/lQ6wQ4DHI8YE=",
"lastModified": 1726734507,
"narHash": "sha256-VUH5O5AcOSxb0uL/m34dDkxFKP6WLQ6y4I1B4+N3L2w=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "4fc1c45a5f50169f9f29f6a98a438fb910b834ed",
"rev": "ee41a466c2255a3abe6bc50fc6be927cdee57a9f",
"type": "github"
},
"original": {
@@ -164,11 +173,11 @@
]
},
"locked": {
"lastModified": 1718094603,
"narHash": "sha256-1XhMelD62FU3Us3BGzH1VQTIqN2eeMmkM69NNowD5/8=",
"lastModified": 1725824375,
"narHash": "sha256-c0nVYn1Jcjqt7XLXRM7jBmkvwMu+qcUVO7AL8+ZwiaQ=",
"owner": "Maroka-chan",
"repo": "VPN-Confinement",
"rev": "9ff61662f1a167b53897bd120811dd7ec22a1b88",
"rev": "0fc1023446e906094fef69ccd6991d8659b34d42",
"type": "github"
},
"original": {
flake.nix
+4 -4
View File
@@ -28,12 +28,12 @@
treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = inputs @ {
outputs = {
flake-parts,
vpnconfinement,
sub-merge,
...
}:
} @ inputs:
flake-parts.lib.mkFlake {
inherit inputs;
} {
@@ -48,9 +48,9 @@
flake = {
nixosModules = rec {
nixarr = import ./nixarr vpnconfinement;
nixarr = import ./nixarr sub-merge vpnconfinement;
imports = [ vpnconfinement.nixosModules.default ];
specialArgs = { inherit inputs; };
#specialArgs = { inherit sub-merge; };
default = nixarr;
};
};
nixarr/bazarr/bazarr-module/default.nix
+2
View File
@@ -11,6 +11,8 @@ in {
util-nixarr.services.bazarr = {
enable = mkEnableOption "bazarr, a subtitle manager for Sonarr and Radarr";
package = mkPackageOption pkgs "bazarr" { };
openFirewall = mkOption {
type = types.bool;
default = false;
nixarr/bazarr/default.nix
+7 -3
View File
@@ -1,6 +1,7 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
@@ -23,6 +24,8 @@ in {
'';
};
package = mkPackageOption pkgs "bazarr" { };
stateDir = mkOption {
type = types.path;
default = "${nixarr.stateDir}/bazarr";
@@ -82,6 +85,7 @@ in {
util-nixarr.services.bazarr = {
enable = cfg.enable;
package = cfg.package;
user = "bazarr";
group = "media";
openFirewall = cfg.openFirewall;
@@ -89,14 +93,14 @@ in {
};
# Enable and specify VPN namespace to confine service in.
systemd.services.bazarr.vpnconfinement = mkIf cfg.vpn.enable {
systemd.services.bazarr.vpnConfinement = mkIf cfg.vpn.enable {
enable = true;
vpnnamespace = "wg";
vpnNamespace = "wg";
};
# Port mappings
# TODO: openports
vpnnamespaces.wg = mkIf cfg.vpn.enable {
vpnNamespaces.wg = mkIf cfg.vpn.enable {
portMappings = [
{
from = config.bazarr.listenPort;
nixarr/ddns/default.nix
+2 -2
View File
@@ -196,9 +196,9 @@ in {
ddnsNjallaVpn = {
description = "Sets the Njalla DDNS records over VPN";
vpnconfinement = {
vpnConfinement = {
enable = true;
vpnnamespace = "wg";
vpnNamespace = "wg";
};
serviceConfig = {
nixarr/default.nix
+3 -1
View File
@@ -1,6 +1,8 @@
vpnconfinement: {...}: {
sub-merge: vpnconfinement: { pkgs, ... }: {
imports = [
vpnconfinement.nixosModules.default
./nixarr.nix
];
config.environment.systemPackages = [ sub-merge.packages."${pkgs.system}".default ];
}
nixarr/jellyfin/default.nix
+7 -3
View File
@@ -1,6 +1,7 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.nixarr.jellyfin;
@@ -20,6 +21,8 @@ in
'';
};
package = mkPackageOption pkgs "jellyfin" { };
stateDir = mkOption {
type = types.path;
default = "${nixarr.stateDir}/jellyfin";
@@ -224,6 +227,7 @@ in
services.jellyfin = {
enable = cfg.enable;
package = cfg.package;
user = "streamer";
group = "media";
openFirewall = cfg.openFirewall;
@@ -295,14 +299,14 @@ in
};
# Enable and specify VPN namespace to confine service in.
systemd.services.jellyfin.vpnconfinement = mkIf cfg.vpn.enable {
systemd.services.jellyfin.vpnConfinement = mkIf cfg.vpn.enable {
enable = true;
vpnnamespace = "wg";
vpnNamespace = "wg";
};
# Port mappings
# TODO: openports if expose.vpn
vpnnamespaces.wg = mkIf cfg.vpn.enable {
vpnNamespaces.wg = mkIf cfg.vpn.enable {
portMappings = [
{
from = defaultPort;
nixarr/lidarr/default.nix
+16 -12
View File
@@ -1,6 +1,7 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
@@ -9,16 +10,18 @@ with lib; let
defaultPort = 8686;
in {
options.nixarr.lidarr = {
enable = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Whether or not to enable the Lidarr service.
enable = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Whether or not to enable the Lidarr service.
**Required options:** [`nixarr.enable`](#nixarr.enable)
'';
};
**Required options:** [`nixarr.enable`](#nixarr.enable)
'';
};
package = mkPackageOption pkgs "lidarr" { };
stateDir = mkOption {
type = types.path;
@@ -79,6 +82,7 @@ in {
services.lidarr = {
enable = cfg.enable;
package = cfg.package;
user = "lidarr";
group = "media";
openFirewall = cfg.openFirewall;
@@ -86,14 +90,14 @@ in {
};
# Enable and specify VPN namespace to confine service in.
systemd.services.lidarr.vpnconfinement = mkIf cfg.vpn.enable {
systemd.services.lidarr.vpnConfinement = mkIf cfg.vpn.enable {
enable = true;
vpnnamespace = "wg";
vpnNamespace = "wg";
};
# Port mappings
# TODO: openports
vpnnamespaces.wg = mkIf cfg.vpn.enable {
vpnNamespaces.wg = mkIf cfg.vpn.enable {
portMappings = [
{
from = defaultPort;
nixarr/nixarr.nix
+3 -5
View File
@@ -2,7 +2,6 @@
config,
lib,
pkgs,
inputs,
...
}:
with lib; let
@@ -241,13 +240,12 @@ in {
];
environment.systemPackages = with pkgs; [
inputs.sub-merge.packages."${system}".default
jdupes
list-unlinked
fix-permissions
];
vpnnamespaces.wg = mkIf cfg.vpn.enable {
vpnNamespaces.wg = mkIf cfg.vpn.enable {
enable = true;
openVPNPorts = optional (cfg.vpn.vpnTestService.port != null) {
port = cfg.vpn.vpnTestService.port;
@@ -264,9 +262,9 @@ in {
systemd.services.vpn-test-service = mkIf cfg.vpn.vpnTestService.enable {
enable = true;
vpnconfinement = {
vpnConfinement = {
enable = true;
vpnnamespace = "wg";
vpnNamespace = "wg";
};
script = let
nixarr/openssh/default.nix
+3 -3
View File
@@ -89,13 +89,13 @@ in {
else [];
# Enable and specify VPN namespace to confine service in.
systemd.services.openssh.vpnconfinement = {
systemd.services.openssh.vpnConfinement = {
enable = true;
vpnnamespace = "wg";
vpnNamespace = "wg";
};
# Port mappings
vpnnamespaces.wg = {
vpnNamespaces.wg = {
portMappings = [
{
From = defaultPort;
nixarr/prowlarr/default.nix
+7 -4
View File
@@ -1,7 +1,7 @@
# TODO: Dir creation and file permissions in nix
{
config,
lib,
pkgs,
...
}:
with lib; let
@@ -25,6 +25,8 @@ in {
'';
};
package = mkPackageOption pkgs "prowlarr" { };
stateDir = mkOption {
type = types.path;
default = "${nixarr.stateDir}/prowlarr";
@@ -84,18 +86,19 @@ in {
util-nixarr.services.prowlarr = {
enable = true;
package = cfg.package;
openFirewall = cfg.openFirewall;
dataDir = cfg.stateDir;
};
# Enable and specify VPN namespace to confine service in.
systemd.services.prowlarr.vpnconfinement = mkIf cfg.vpn.enable {
systemd.services.prowlarr.vpnConfinement = mkIf cfg.vpn.enable {
enable = true;
vpnnamespace = "wg";
vpnNamespace = "wg";
};
# Port mappings
vpnnamespaces.wg = mkIf cfg.vpn.enable {
vpnNamespaces.wg = mkIf cfg.vpn.enable {
portMappings = [
{
from = defaultPort;
nixarr/radarr/default.nix
+7 -4
View File
@@ -1,7 +1,7 @@
# TODO: Dir creation and file permissions in nix
{
config,
lib,
pkgs,
...
}:
with lib; let
@@ -21,6 +21,8 @@ in {
'';
};
package = mkPackageOption pkgs "radarr" { };
stateDir = mkOption {
type = types.path;
default = "${nixarr.stateDir}/radarr";
@@ -80,6 +82,7 @@ in {
services.radarr = {
enable = cfg.enable;
package = cfg.package;
user = "radarr";
group = "media";
openFirewall = cfg.openFirewall;
@@ -87,13 +90,13 @@ in {
};
# Enable and specify VPN namespace to confine service in.
systemd.services.radarr.vpnconfinement = mkIf cfg.vpn.enable {
systemd.services.radarr.vpnConfinement = mkIf cfg.vpn.enable {
enable = true;
vpnnamespace = "wg";
vpnNamespace = "wg";
};
# Port mappings
vpnnamespaces.wg = mkIf cfg.vpn.enable {
vpnNamespaces.wg = mkIf cfg.vpn.enable {
portMappings = [
{
from = defaultPort;
nixarr/readarr/default.nix
+7 -3
View File
@@ -1,6 +1,7 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
@@ -20,6 +21,8 @@ in {
'';
};
package = mkPackageOption pkgs "readarr" { };
stateDir = mkOption {
type = types.path;
default = "${nixarr.stateDir}/readarr";
@@ -79,6 +82,7 @@ in {
services.readarr = {
enable = cfg.enable;
package = cfg.package;
user = "readarr";
group = "media";
openFirewall = cfg.openFirewall;
@@ -86,13 +90,13 @@ in {
};
# Enable and specify VPN namespace to confine service in.
systemd.services.readarr.vpnconfinement = mkIf cfg.vpn.enable {
systemd.services.readarr.vpnConfinement = mkIf cfg.vpn.enable {
enable = true;
vpnnamespace = "wg";
vpnNamespace = "wg";
};
# Port mappings
vpnnamespaces.wg = mkIf cfg.vpn.enable {
vpnNamespaces.wg = mkIf cfg.vpn.enable {
portMappings = [
{
from = defaultPort;
nixarr/sabnzbd/default.nix
+6 -3
View File
@@ -30,6 +30,8 @@ in {
'';
};
package = mkPackageOption pkgs "sabnzbd" { };
guiPort = mkOption {
type = types.port;
default = 8080;
@@ -195,6 +197,7 @@ in {
services.sabnzbd = {
enable = true;
package = cfg.package;
user = "usenet";
group = "media";
configFile = "${cfg.stateDir}/sabnzbd.ini";
@@ -212,13 +215,13 @@ in {
};
# Enable and specify VPN namespace to confine service in.
systemd.services.sabnzbd.vpnconfinement = mkIf cfg.vpn.enable {
systemd.services.sabnzbd.vpnConfinement = mkIf cfg.vpn.enable {
enable = true;
vpnnamespace = "wg";
vpnNamespace = "wg";
};
# Port mappings
vpnnamespaces.wg = mkIf cfg.vpn.enable {
vpnNamespaces.wg = mkIf cfg.vpn.enable {
portMappings = [
{
from = cfg.guiPort;
nixarr/sonarr/default.nix
+7 -4
View File
@@ -1,7 +1,7 @@
# TODO: Dir creation and file permissions in nix
{
config,
lib,
pkgs,
...
}:
with lib; let
@@ -21,6 +21,8 @@ in {
'';
};
package = mkPackageOption pkgs "sonarr" { };
stateDir = mkOption {
type = types.path;
default = "${nixarr.stateDir}/sonarr";
@@ -80,6 +82,7 @@ in {
services.sonarr = {
enable = cfg.enable;
package = cfg.package;
user = "sonarr";
group = "media";
openFirewall = cfg.openFirewall;
@@ -87,13 +90,13 @@ in {
};
# Enable and specify VPN namespace to confine service in.
systemd.services.sonarr.vpnconfinement = mkIf cfg.vpn.enable {
systemd.services.sonarr.vpnConfinement = mkIf cfg.vpn.enable {
enable = true;
vpnnamespace = "wg";
vpnNamespace = "wg";
};
# Port mappings
vpnnamespaces.wg = mkIf cfg.vpn.enable {
vpnNamespaces.wg = mkIf cfg.vpn.enable {
portMappings = [
{
from = defaultPort;
nixarr/transmission/cross-seed/default.nix
+3 -17
View File
@@ -22,20 +22,6 @@ with lib; let
// Parse the JSON content into a JavaScript object
let config = JSON.parse(configFileContent);
// Function to recursively replace null values with undefined
/*
function replaceNullWithUndefined(obj) {
Object.keys(obj).forEach(key => {
if (obj[key] === null) {
obj[key] = undefined;
} else if (typeof obj[key] === 'object') {
replaceNullWithUndefined(obj[key]);
}
});
}
replaceNullWithUndefined(config);
*/
// Export the configuration object
module.exports = config;
'';
@@ -52,19 +38,19 @@ in {
delay = 10;
}
'';
description = "cross-seed config"; # TODO: todo
description = "Settings for cross-seed";
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/cross-seed";
description = "cross-seed dataDir"; # TODO: todo
description = "The cross-seed dataDir";
};
credentialsFile = mkOption {
type = types.path;
default = "/run/secrets/cross-seed/credentialsFile.json";
description = "cross-seed dataDir"; # TODO: todo
description = "Secret options to be merged into the cross-seed config";
};
user = mkOption {
nixarr/transmission/default.nix
+3 -3
View File
@@ -431,13 +431,13 @@ in {
};
# Enable and specify VPN namespace to confine service in.
systemd.services.transmission.vpnconfinement = mkIf cfg.vpn.enable {
systemd.services.transmission.vpnConfinement = mkIf cfg.vpn.enable {
enable = true;
vpnnamespace = "wg";
vpnNamespace = "wg";
};
# Port mappings
vpnnamespaces.wg = mkIf cfg.vpn.enable {
vpnNamespaces.wg = mkIf cfg.vpn.enable {
portMappings = [
{
from = cfg.uiPort;