fujin/nixarr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'dev'

Browse Source
This commit is contained in:
rasmus-kirk
2024-06-24 12:18:18 +02:00
parent fd8d42475e 8b1e2a8c1f
commit e62ea5436a
13 changed files with 216 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CHANGELOG.md
+6
View File
@@ -1,5 +1,11 @@
# Changelog # Changelog
## 2024-06-11
Updated:
- VPNConfinement submodule
## 2024-03-12 ## 2024-03-12
Added: Added:
flake.lock
Generated
+37 -15
View File
@@ -8,11 +8,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1713532798, "lastModified": 1717408969,
"narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=", "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=",
"owner": "numtide", "owner": "numtide",
"repo": "devshell", "repo": "devshell",
"rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40", "rev": "1ebbe68d57457c8cae98145410b164b5477761f4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -28,11 +28,32 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1712014858, "lastModified": 1717285511,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"vpnconfinement",
"nixpkgs"
]
},
"locked": {
"lastModified": 1717285511,
"narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -76,11 +97,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1713562564, "lastModified": 1717893485,
"narHash": "sha256-NQpYhgoy0M89g9whRixSwsHb8RFIbwlxeYiVSDwSXJg=", "narHash": "sha256-WMU6ZRZrBgEUDIF0siu2aIyVAXcxfElSwzZtS/mSpN4=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "92d295f588631b0db2da509f381b4fb1e74173c5", "rev": "3bcedce9f4de37570242faf16e1e143583407eab",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -122,11 +143,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1711963903, "lastModified": 1717850719,
"narHash": "sha256-N3QDhoaX+paWXHbEXZapqd1r95mdshxToGowtjtYkGI=", "narHash": "sha256-npYqVg+Wk4oxnWrnVG7416fpfrlRhp/lQ6wQ4DHI8YE=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "49dc4a92b02b8e68798abd99184f228243b6e3ac", "rev": "4fc1c45a5f50169f9f29f6a98a438fb910b834ed",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -137,16 +158,17 @@
}, },
"vpnconfinement": { "vpnconfinement": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1711570356, "lastModified": 1718094603,
"narHash": "sha256-SiOKmuE+ezmmZlIbjwtl9BPtT0M/T1X0f/mQwynZRTE=", "narHash": "sha256-1XhMelD62FU3Us3BGzH1VQTIqN2eeMmkM69NNowD5/8=",
"owner": "Maroka-chan", "owner": "Maroka-chan",
"repo": "VPN-Confinement", "repo": "VPN-Confinement",
"rev": "7f35705087b742e22f3fb07704c04c4818fff2c7", "rev": "9ff61662f1a167b53897bd120811dd7ec22a1b88",
"type": "github" "type": "github"
}, },
"original": { "original": {
nixarr/bazarr/default.nix
+17 -1
View File
@@ -12,7 +12,16 @@ in {
]; ];
options.nixarr.bazarr = { options.nixarr.bazarr = {
enable = mkEnableOption "the bazarr service."; enable = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Whether or not to enable the Bazarr service.
**Required options:** [`nixarr.enable`](#nixarr.enable)
'';
};
stateDir = mkOption { stateDir = mkOption {
type = types.path; type = types.path;
@@ -62,6 +71,13 @@ in {
nixarr.vpn.enable option to be set, but it was not. nixarr.vpn.enable option to be set, but it was not.
''; '';
} }
{
assertion = cfg.enable -> nixarr.enable;
message = ''
The nixarr.bazarr.enable option requires the nixarr.enable option
to be set, but it was not.
'';
}
]; ];
util-nixarr.services.bazarr = { util-nixarr.services.bazarr = {
nixarr/ddns/default.nix
+27 -9
View File
@@ -6,6 +6,7 @@
}: }:
with lib; let with lib; let
cfg = config.nixarr.ddns; cfg = config.nixarr.ddns;
nixarr = config.nixarr;
ddns-njalla = pkgs.writeShellApplication { ddns-njalla = pkgs.writeShellApplication {
name = "ddns-njalla"; name = "ddns-njalla";
@@ -44,6 +45,7 @@ in {
description = '' description = ''
**Required options:** **Required options:**
- [`nixarr.enable`](#nixarr.enable)
- [`nixarr.ddns.njalla.keysFile`](#nixarr.ddns.njalla.keysfile) - [`nixarr.ddns.njalla.keysFile`](#nixarr.ddns.njalla.keysfile)
- [`nixarr.vpn.enable`](#nixarr.vpn.enable) - [`nixarr.vpn.enable`](#nixarr.vpn.enable)
@@ -73,6 +75,7 @@ in {
description = '' description = ''
**Required options:** **Required options:**
- [`nixarr.enable`](#nixarr.enable)
- [`nixarr.ddns.njalla.keysFile`](#nixarr.ddns.njalla.keysfile) - [`nixarr.ddns.njalla.keysFile`](#nixarr.ddns.njalla.keysfile)
Whether or not to enable DDNS for a [Njalla](https://njal.la/) Whether or not to enable DDNS for a [Njalla](https://njal.la/)
@@ -118,16 +121,31 @@ in {
''; '';
} }
{ {
assertion = assertion = cfg.njalla.enable -> nixarr.enable;
cfg.njalla.vpn.enable
-> (
cfg.njalla.vpn.keysFile
!= null
&& config.nixarr.vpn.enable
);
message = '' message = ''
The nixarr.ddns.njalla.enable option requires the The nixarr.ddns.njalla.enable option requires the nixarr.enable
nixarr.vpn.enable option to be set, but it was not. option to be set, but it was not.
'';
}
{
assertion = cfg.njalla.vpn.enable -> nixarr.enable;
message = ''
The nixarr.ddns.njalla.vpn.enable option requires the nixarr.enable
option to be set, but it was not.
'';
}
{
assertion = cfg.njalla.vpn.enable -> cfg.njalla.vpn.keysFile != null;
message = ''
The nixarr.ddns.njalla.enable option requires the nixarr.vpn.keysFile
option to be set (not null), but it was not.
'';
}
{
assertion = cfg.njalla.vpn.enable -> config.nixarr.vpn.enable;
message = ''
The nixarr.ddns.njalla.enable option requires the nixarr.vpn.enable
option to be set, but it was not.
''; '';
} }
]; ];
nixarr/jellyfin/default.nix
+17 -1
View File
@@ -9,7 +9,16 @@
in in
with lib; { with lib; {
options.nixarr.jellyfin = { options.nixarr.jellyfin = {
enable = mkEnableOption "the Jellyfin service."; enable = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Whether or not to enable the Jellyfin service.
**Required options:** [`nixarr.enable`](#nixarr.enable)
'';
};
stateDir = mkOption { stateDir = mkOption {
type = types.path; type = types.path;
@@ -143,6 +152,13 @@ in
nixarr.vpn.enable option to be set, but it was not. nixarr.vpn.enable option to be set, but it was not.
''; '';
} }
{
assertion = cfg.enable -> nixarr.enable;
message = ''
The nixarr.jellyfin.enable option requires the nixarr.enable
option to be set, but it was not.
'';
}
{ {
assertion = !(cfg.vpn.enable && cfg.expose.https.enable); assertion = !(cfg.vpn.enable && cfg.expose.https.enable);
message = '' message = ''
nixarr/lidarr/default.nix
+17 -1
View File
@@ -9,7 +9,16 @@ with lib; let
defaultPort = 8686; defaultPort = 8686;
in { in {
options.nixarr.lidarr = { options.nixarr.lidarr = {
enable = mkEnableOption "the Lidarr service."; enable = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Whether or not to enable the Lidarr service.
**Required options:** [`nixarr.enable`](#nixarr.enable)
'';
};
stateDir = mkOption { stateDir = mkOption {
type = types.path; type = types.path;
@@ -52,6 +61,13 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [ assertions = [
{
assertion = cfg.enable -> nixarr.enable;
message = ''
The nixarr.lidarr.enable option requires the nixarr.enable option
to be set, but it was not.
'';
}
{ {
assertion = cfg.vpn.enable -> nixarr.vpn.enable; assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = '' message = ''
nixarr/nixarr.nix
+3 -5
View File
@@ -267,7 +267,6 @@ in {
fix-permissions fix-permissions
]; ];
# TODO: wtf to do about openports
vpnnamespaces.wg = mkIf cfg.vpn.enable { vpnnamespaces.wg = mkIf cfg.vpn.enable {
enable = true; enable = true;
openVPNPorts = optional cfg.vpn.vpnTestService.enable { openVPNPorts = optional cfg.vpn.vpnTestService.enable {
@@ -301,6 +300,9 @@ in {
'' ''
cd "$(mktemp -d)" cd "$(mktemp -d)"
# DNS information
dig google.com
# Print resolv.conf # Print resolv.conf
echo "/etc/resolv.conf contains:" echo "/etc/resolv.conf contains:"
cat /etc/resolv.conf cat /etc/resolv.conf
@@ -329,10 +331,6 @@ in {
); );
}; };
in "${vpn-test}/bin/vpn-test"; in "${vpn-test}/bin/vpn-test";
bindsTo = ["netns@wg.service"];
requires = ["network-online.target"];
after = ["wg.service"];
}; };
}; };
} }
nixarr/openssh/default.nix
+10 -1
View File
@@ -12,7 +12,9 @@ in {
default = false; default = false;
example = true; example = true;
description = '' description = ''
**Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable) **Required options:**
- [`nixarr.vpn.enable`](#nixarr.vpn.enable)
- [`nixarr.enable`](#nixarr.enable)
Run the openssh service through a vpn, exposing it to the internet. Run the openssh service through a vpn, exposing it to the internet.
@@ -44,6 +46,13 @@ in {
config = mkIf cfg.expose.vpn.enable { config = mkIf cfg.expose.vpn.enable {
assertions = [ assertions = [
{
assertion = cfg.expose.vpn.enable -> nixarr.enable;
message = ''
The nixarr.openssh.expose.vpn.enable option requires the
nixarr.enable option to be set, but it was not.
'';
}
{ {
assertion = cfg.expose.vpn.enable -> nixarr.vpn.enable; assertion = cfg.expose.vpn.enable -> nixarr.vpn.enable;
message = '' message = ''
nixarr/prowlarr/default.nix
+17 -1
View File
@@ -14,7 +14,16 @@ in {
]; ];
options.nixarr.prowlarr = { options.nixarr.prowlarr = {
enable = mkEnableOption "the Prowlarr service."; enable = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Whether or not to enable the Prowlarr service.
**Required options:** [`nixarr.enable`](#nixarr.enable)
'';
};
stateDir = mkOption { stateDir = mkOption {
type = types.path; type = types.path;
@@ -57,6 +66,13 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [ assertions = [
{
assertion = cfg.enable -> nixarr.enable;
message = ''
The nixarr.prowlarr.enable option requires the
nixarr.enable option to be set, but it was not.
'';
}
{ {
assertion = cfg.vpn.enable -> nixarr.vpn.enable; assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = '' message = ''
nixarr/radarr/default.nix
+17 -1
View File
@@ -10,7 +10,16 @@ with lib; let
nixarr = config.nixarr; nixarr = config.nixarr;
in { in {
options.nixarr.radarr = { options.nixarr.radarr = {
enable = mkEnableOption "Enable the Radarr service."; enable = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Whether or not to enable the Radarr service.
**Required options:** [`nixarr.enable`](#nixarr.enable)
'';
};
stateDir = mkOption { stateDir = mkOption {
type = types.path; type = types.path;
@@ -53,6 +62,13 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [ assertions = [
{
assertion = cfg.enable -> nixarr.enable;
message = ''
The nixarr.radarr.enable option requires the
nixarr.enable option to be set, but it was not.
'';
}
{ {
assertion = cfg.vpn.enable -> nixarr.vpn.enable; assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = '' message = ''
nixarr/readarr/default.nix
+17 -1
View File
@@ -8,7 +8,16 @@ with lib; let
nixarr = config.nixarr; nixarr = config.nixarr;
in { in {
options.nixarr.readarr = { options.nixarr.readarr = {
enable = mkEnableOption "Enable the Readarr service"; enable = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Whether or not to enable the Readarr service.
**Required options:** [`nixarr.enable`](#nixarr.enable)
'';
};
stateDir = mkOption { stateDir = mkOption {
type = types.path; type = types.path;
@@ -51,6 +60,13 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [ assertions = [
{
assertion = cfg.enable -> nixarr.enable;
message = ''
The nixarr.readarr.enable option requires the
nixarr.enable option to be set, but it was not.
'';
}
{ {
assertion = cfg.vpn.enable -> nixarr.vpn.enable; assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = '' message = ''
nixarr/sonarr/default.nix
+13 -1
View File
@@ -13,7 +13,12 @@ in {
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = "Enable the Sonarr service."; example = true;
description = ''
Whether or not to enable the Sonarr service.
**Required options:** [`nixarr.enable`](#nixarr.enable)
'';
}; };
stateDir = mkOption { stateDir = mkOption {
@@ -57,6 +62,13 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [ assertions = [
{
assertion = cfg.enable -> nixarr.enable;
message = ''
The nixarr.sonarr.enable option requires the
nixarr.enable option to be set, but it was not.
'';
}
{ {
assertion = cfg.vpn.enable -> nixarr.vpn.enable; assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = '' message = ''
nixarr/transmission/default.nix
+18 -2
View File
@@ -16,7 +16,7 @@ with lib; let
runtimeInputs = with pkgs; [curl]; runtimeInputs = with pkgs; [curl];
text = '' text = ''
PROWLARR_API_KEY=$(cat prowlarr-api-key) PROWLARR_API_KEY=$(cat ${cfg.stateDir}/prowlarr-api-key)
curl -XPOST http://localhost:2468/api/webhook?apikey="$PROWLARR_API_KEY" --data-urlencode "infoHash=$TR_TORRENT_HASH" curl -XPOST http://localhost:2468/api/webhook?apikey="$PROWLARR_API_KEY" --data-urlencode "infoHash=$TR_TORRENT_HASH"
''; '';
}; };
@@ -65,7 +65,16 @@ with lib; let
}; };
in { in {
options.nixarr.transmission = { options.nixarr.transmission = {
enable = mkEnableOption "the Transmission service."; enable = mkOption {
type = types.bool;
default = false;
example = true;
description = ''
Whether or not to enable the Transmission service.
**Required options:** [`nixarr.enable`](#nixarr.enable)
'';
};
stateDir = mkOption { stateDir = mkOption {
type = types.path; type = types.path;
@@ -254,6 +263,13 @@ in {
nixarr.vpn.enable option to be set, but it was not. nixarr.vpn.enable option to be set, but it was not.
''; '';
} }
{
assertion = cfg.enable -> nixarr.enable;
message = ''
The nixarr.transmission.enable option requires the nixarr.enable
option to be set, but it was not.
'';
}
{ {
assertion = cfg-cross-seed.enable -> nixarr.prowlarr.enable; assertion = cfg-cross-seed.enable -> nixarr.prowlarr.enable;
message = '' message = ''