fujin/nixarr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'dev'

Browse Source
This commit is contained in:
rasmus-kirk
2024-06-24 12:18:18 +02:00
parent fd8d42475e 8b1e2a8c1f
commit e62ea5436a
13 changed files with 216 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CHANGELOG.md
+6
View File
@@ -1,5 +1,11 @@
# Changelog
## 2024-06-11
Updated:
- VPNConfinement submodule
## 2024-03-12
Added:
flake.lock
Generated
+37 -15
View File
@@ -8,11 +8,11 @@
]
},
"locked": {
"lastModified": 1713532798,
"narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=",
"lastModified": 1717408969,
"narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=",
"owner": "numtide",
"repo": "devshell",
"rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40",
"rev": "1ebbe68d57457c8cae98145410b164b5477761f4",
"type": "github"
},
"original": {
@@ -28,11 +28,32 @@
]
},
"locked": {
"lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
"lastModified": 1717285511,
"narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
"rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"vpnconfinement",
"nixpkgs"
]
},
"locked": {
"lastModified": 1717285511,
"narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
"type": "github"
},
"original": {
@@ -76,11 +97,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1713562564,
"narHash": "sha256-NQpYhgoy0M89g9whRixSwsHb8RFIbwlxeYiVSDwSXJg=",
"lastModified": 1717893485,
"narHash": "sha256-WMU6ZRZrBgEUDIF0siu2aIyVAXcxfElSwzZtS/mSpN4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "92d295f588631b0db2da509f381b4fb1e74173c5",
"rev": "3bcedce9f4de37570242faf16e1e143583407eab",
"type": "github"
},
"original": {
@@ -122,11 +143,11 @@
]
},
"locked": {
"lastModified": 1711963903,
"narHash": "sha256-N3QDhoaX+paWXHbEXZapqd1r95mdshxToGowtjtYkGI=",
"lastModified": 1717850719,
"narHash": "sha256-npYqVg+Wk4oxnWrnVG7416fpfrlRhp/lQ6wQ4DHI8YE=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "49dc4a92b02b8e68798abd99184f228243b6e3ac",
"rev": "4fc1c45a5f50169f9f29f6a98a438fb910b834ed",
"type": "github"
},
"original": {
@@ -137,16 +158,17 @@
},
"vpnconfinement": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1711570356,
"narHash": "sha256-SiOKmuE+ezmmZlIbjwtl9BPtT0M/T1X0f/mQwynZRTE=",
"lastModified": 1718094603,
"narHash": "sha256-1XhMelD62FU3Us3BGzH1VQTIqN2eeMmkM69NNowD5/8=",
"owner": "Maroka-chan",
"repo": "VPN-Confinement",
"rev": "7f35705087b742e22f3fb07704c04c4818fff2c7",
"rev": "9ff61662f1a167b53897bd120811dd7ec22a1b88",
"type": "github"
},
"original": {
nixarr/bazarr/default.nix
+17 -1
View File
@@ -12,7 +12,16 @@ in {
];
options.nixarr.bazarr = {
enable = mkEnableOption "the bazarr service.";
enable = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Whether or not to enable the Bazarr service.
**Required options:** [`nixarr.enable`](#nixarr.enable)
'';
};
stateDir = mkOption {
type = types.path;
@@ -62,6 +71,13 @@ in {
nixarr.vpn.enable option to be set, but it was not.
'';
}
{
assertion = cfg.enable -> nixarr.enable;
message = ''
The nixarr.bazarr.enable option requires the nixarr.enable option
to be set, but it was not.
'';
}
];
util-nixarr.services.bazarr = {
nixarr/ddns/default.nix
+27 -9
View File
@@ -6,6 +6,7 @@
}:
with lib; let
cfg = config.nixarr.ddns;
nixarr = config.nixarr;
ddns-njalla = pkgs.writeShellApplication {
name = "ddns-njalla";
@@ -44,6 +45,7 @@ in {
description = ''
**Required options:**
- [`nixarr.enable`](#nixarr.enable)
- [`nixarr.ddns.njalla.keysFile`](#nixarr.ddns.njalla.keysfile)
- [`nixarr.vpn.enable`](#nixarr.vpn.enable)
@@ -73,6 +75,7 @@ in {
description = ''
**Required options:**
- [`nixarr.enable`](#nixarr.enable)
- [`nixarr.ddns.njalla.keysFile`](#nixarr.ddns.njalla.keysfile)
Whether or not to enable DDNS for a [Njalla](https://njal.la/)
@@ -118,16 +121,31 @@ in {
'';
}
{
assertion =
cfg.njalla.vpn.enable
-> (
cfg.njalla.vpn.keysFile
!= null
&& config.nixarr.vpn.enable
);
assertion = cfg.njalla.enable -> nixarr.enable;
message = ''
The nixarr.ddns.njalla.enable option requires the
nixarr.vpn.enable option to be set, but it was not.
The nixarr.ddns.njalla.enable option requires the nixarr.enable
option to be set, but it was not.
'';
}
{
assertion = cfg.njalla.vpn.enable -> nixarr.enable;
message = ''
The nixarr.ddns.njalla.vpn.enable option requires the nixarr.enable
option to be set, but it was not.
'';
}
{
assertion = cfg.njalla.vpn.enable -> cfg.njalla.vpn.keysFile != null;
message = ''
The nixarr.ddns.njalla.enable option requires the nixarr.vpn.keysFile
option to be set (not null), but it was not.
'';
}
{
assertion = cfg.njalla.vpn.enable -> config.nixarr.vpn.enable;
message = ''
The nixarr.ddns.njalla.enable option requires the nixarr.vpn.enable
option to be set, but it was not.
'';
}
];
nixarr/jellyfin/default.nix
+17 -1
View File
@@ -9,7 +9,16 @@
in
with lib; {
options.nixarr.jellyfin = {
enable = mkEnableOption "the Jellyfin service.";
enable = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Whether or not to enable the Jellyfin service.
**Required options:** [`nixarr.enable`](#nixarr.enable)
'';
};
stateDir = mkOption {
type = types.path;
@@ -143,6 +152,13 @@ in
nixarr.vpn.enable option to be set, but it was not.
'';
}
{
assertion = cfg.enable -> nixarr.enable;
message = ''
The nixarr.jellyfin.enable option requires the nixarr.enable
option to be set, but it was not.
'';
}
{
assertion = !(cfg.vpn.enable && cfg.expose.https.enable);
message = ''
nixarr/lidarr/default.nix
+17 -1
View File
@@ -9,7 +9,16 @@ with lib; let
defaultPort = 8686;
in {
options.nixarr.lidarr = {
enable = mkEnableOption "the Lidarr service.";
enable = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Whether or not to enable the Lidarr service.
**Required options:** [`nixarr.enable`](#nixarr.enable)
'';
};
stateDir = mkOption {
type = types.path;
@@ -52,6 +61,13 @@ in {
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.enable -> nixarr.enable;
message = ''
The nixarr.lidarr.enable option requires the nixarr.enable option
to be set, but it was not.
'';
}
{
assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = ''
nixarr/nixarr.nix
+3 -5
View File
@@ -267,7 +267,6 @@ in {
fix-permissions
];
# TODO: wtf to do about openports
vpnnamespaces.wg = mkIf cfg.vpn.enable {
enable = true;
openVPNPorts = optional cfg.vpn.vpnTestService.enable {
@@ -301,6 +300,9 @@ in {
''
cd "$(mktemp -d)"
# DNS information
dig google.com
# Print resolv.conf
echo "/etc/resolv.conf contains:"
cat /etc/resolv.conf
@@ -329,10 +331,6 @@ in {
);
};
in "${vpn-test}/bin/vpn-test";
bindsTo = ["netns@wg.service"];
requires = ["network-online.target"];
after = ["wg.service"];
};
};
}
nixarr/openssh/default.nix
+10 -1
View File
@@ -12,7 +12,9 @@ in {
default = false;
example = true;
description = ''
**Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable)
**Required options:**
- [`nixarr.vpn.enable`](#nixarr.vpn.enable)
- [`nixarr.enable`](#nixarr.enable)
Run the openssh service through a vpn, exposing it to the internet.
@@ -44,6 +46,13 @@ in {
config = mkIf cfg.expose.vpn.enable {
assertions = [
{
assertion = cfg.expose.vpn.enable -> nixarr.enable;
message = ''
The nixarr.openssh.expose.vpn.enable option requires the
nixarr.enable option to be set, but it was not.
'';
}
{
assertion = cfg.expose.vpn.enable -> nixarr.vpn.enable;
message = ''
nixarr/prowlarr/default.nix
+17 -1
View File
@@ -14,7 +14,16 @@ in {
];
options.nixarr.prowlarr = {
enable = mkEnableOption "the Prowlarr service.";
enable = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Whether or not to enable the Prowlarr service.
**Required options:** [`nixarr.enable`](#nixarr.enable)
'';
};
stateDir = mkOption {
type = types.path;
@@ -57,6 +66,13 @@ in {
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.enable -> nixarr.enable;
message = ''
The nixarr.prowlarr.enable option requires the
nixarr.enable option to be set, but it was not.
'';
}
{
assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = ''
nixarr/radarr/default.nix
+17 -1
View File
@@ -10,7 +10,16 @@ with lib; let
nixarr = config.nixarr;
in {
options.nixarr.radarr = {
enable = mkEnableOption "Enable the Radarr service.";
enable = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Whether or not to enable the Radarr service.
**Required options:** [`nixarr.enable`](#nixarr.enable)
'';
};
stateDir = mkOption {
type = types.path;
@@ -53,6 +62,13 @@ in {
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.enable -> nixarr.enable;
message = ''
The nixarr.radarr.enable option requires the
nixarr.enable option to be set, but it was not.
'';
}
{
assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = ''
nixarr/readarr/default.nix
+17 -1
View File
@@ -8,7 +8,16 @@ with lib; let
nixarr = config.nixarr;
in {
options.nixarr.readarr = {
enable = mkEnableOption "Enable the Readarr service";
enable = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Whether or not to enable the Readarr service.
**Required options:** [`nixarr.enable`](#nixarr.enable)
'';
};
stateDir = mkOption {
type = types.path;
@@ -51,6 +60,13 @@ in {
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.enable -> nixarr.enable;
message = ''
The nixarr.readarr.enable option requires the
nixarr.enable option to be set, but it was not.
'';
}
{
assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = ''
nixarr/sonarr/default.nix
+13 -1
View File
@@ -13,7 +13,12 @@ in {
enable = mkOption {
type = types.bool;
default = false;
description = "Enable the Sonarr service.";
example = true;
description = ''
Whether or not to enable the Sonarr service.
**Required options:** [`nixarr.enable`](#nixarr.enable)
'';
};
stateDir = mkOption {
@@ -57,6 +62,13 @@ in {
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.enable -> nixarr.enable;
message = ''
The nixarr.sonarr.enable option requires the
nixarr.enable option to be set, but it was not.
'';
}
{
assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = ''
nixarr/transmission/default.nix
+18 -2
View File
@@ -16,7 +16,7 @@ with lib; let
runtimeInputs = with pkgs; [curl];
text = ''
PROWLARR_API_KEY=$(cat prowlarr-api-key)
PROWLARR_API_KEY=$(cat ${cfg.stateDir}/prowlarr-api-key)
curl -XPOST http://localhost:2468/api/webhook?apikey="$PROWLARR_API_KEY" --data-urlencode "infoHash=$TR_TORRENT_HASH"
'';
};
@@ -65,7 +65,16 @@ with lib; let
};
in {
options.nixarr.transmission = {
enable = mkEnableOption "the Transmission service.";
enable = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Whether or not to enable the Transmission service.
**Required options:** [`nixarr.enable`](#nixarr.enable)
'';
};
stateDir = mkOption {
type = types.path;
@@ -254,6 +263,13 @@ in {
nixarr.vpn.enable option to be set, but it was not.
'';
}
{
assertion = cfg.enable -> nixarr.enable;
message = ''
The nixarr.transmission.enable option requires the nixarr.enable
option to be set, but it was not.
'';
}
{
assertion = cfg-cross-seed.enable -> nixarr.prowlarr.enable;
message = ''