From f835deedd3cc3892b3084f0646c12aef3a269d05 Mon Sep 17 00:00:00 2001 From: Richard Carter Date: Sat, 11 May 2024 18:22:42 -0400 Subject: [PATCH] move default config generation to separate module --- nixarr/sabnzbd/base-config.ini | 319 +++++++++++++++++++++++++++++++++ nixarr/sabnzbd/config.nix | 86 +++++++++ nixarr/sabnzbd/default.nix | 79 +------- 3 files changed, 406 insertions(+), 78 deletions(-) create mode 100644 nixarr/sabnzbd/base-config.ini create mode 100644 nixarr/sabnzbd/config.nix diff --git a/nixarr/sabnzbd/base-config.ini b/nixarr/sabnzbd/base-config.ini new file mode 100644 index 0000000..49bbbce --- /dev/null +++ b/nixarr/sabnzbd/base-config.ini @@ -0,0 +1,319 @@ +__version__ = 19 +__encoding__ = utf-8 +[misc] +helpful_warnings = 1 +queue_complete = "" +queue_complete_pers = 0 +bandwidth_perc = 100 +refresh_rate = 0 +interface_settings = "" +queue_limit = 20 +config_lock = 0 +fixed_ports = 1 +notified_new_skin = 0 +direct_unpack_tested = 0 +sorters_converted = 1 +check_new_rel = 1 +auto_browser = 0 +language = en +enable_https_verification = 1 +host = 127.0.0.1 +port = 8080 +https_port = "" +username = "" +password = "" +bandwidth_max = "" +cache_limit = 1G +web_dir = Glitter +web_color = Auto +https_cert = server.cert +https_key = server.key +https_chain = "" +enable_https = 0 +inet_exposure = 0 +api_key = 7e5bba66499740fb99c069230cd750b7 +nzb_key = 17f2984c97be487283c5a8bb00896415 +socks5_proxy_url = "" +permissions = "" +download_dir = Downloads/incomplete +download_free = "" +complete_dir = Downloads/complete +complete_free = "" +fulldisk_autoresume = 0 +script_dir = "" +nzb_backup_dir = "" +admin_dir = admin +backup_dir = "" +dirscan_dir = "" +dirscan_speed = 5 +password_file = "" +log_dir = logs +max_art_tries = 3 +top_only = 0 +sfv_check = 1 +script_can_fail = 0 +enable_recursive = 1 +flat_unpack = 0 +par_option = "" +pre_check = 0 +nice = "" +win_process_prio = 3 +ionice = "" +fail_hopeless_jobs = 1 +fast_fail = 1 +auto_disconnect = 1 +pre_script = None +end_queue_script = None +no_dupes = 0 +no_series_dupes = 0 +no_smart_dupes = 0 +dupes_propercheck = 1 +pause_on_pwrar = 1 +ignore_samples = 0 +deobfuscate_final_filenames = 1 +auto_sort = "" +direct_unpack = 0 +propagation_delay = 0 +folder_rename = 1 +replace_spaces = 0 +replace_underscores = 0 +replace_dots = 0 +safe_postproc = 1 +pause_on_post_processing = 0 +enable_all_par = 0 +sanitize_safe = 0 +cleanup_list = , +unwanted_extensions = , +action_on_unwanted_extensions = 0 +unwanted_extensions_mode = 0 +new_nzb_on_failure = 0 +history_retention = "" +history_retention_option = all +history_retention_number = 0 +quota_size = "" +quota_day = "" +quota_resume = 0 +quota_period = m +enable_tv_sorting = 0 +tv_sort_string = "" +tv_categories = tv, +enable_movie_sorting = 0 +movie_sort_string = "" +movie_sort_extra = -cd%1 +movie_categories = movies, +enable_date_sorting = 0 +date_sort_string = "" +date_categories = tv, +schedlines = , +rss_rate = 60 +ampm = 0 +start_paused = 0 +preserve_paused_state = 0 +enable_par_cleanup = 1 +process_unpacked_par2 = 1 +enable_multipar = 1 +enable_unrar = 1 +enable_7zip = 1 +enable_filejoin = 1 +enable_tsjoin = 1 +overwrite_files = 0 +ignore_unrar_dates = 0 +backup_for_duplicates = 0 +empty_postproc = 0 +wait_for_dfolder = 0 +rss_filenames = 0 +api_logging = 1 +html_login = 1 +warn_dupl_jobs = 0 +keep_awake = 1 +tray_icon = 1 +allow_incomplete_nzb = 0 +enable_broadcast = 1 +ipv6_hosting = 0 +ipv6_staging = 0 +api_warnings = 1 +no_penalties = 0 +x_frame_options = 1 +allow_old_ssl_tls = 0 +enable_season_sorting = 1 +verify_xff_header = 0 +rss_odd_titles = nzbindex.nl/, nzbindex.com/, nzbclub.com/ +quick_check_ext_ignore = nfo, sfv, srr +req_completion_rate = 100.2 +selftest_host = self-test.sabnzbd.org +movie_rename_limit = 100M +episode_rename_limit = 20M +size_limit = 0 +direct_unpack_threads = 3 +history_limit = 10 +wait_ext_drive = 5 +max_foldername_length = 246 +nomedia_marker = "" +ipv6_servers = 1 +url_base = /sabnzbd +host_whitelist = snootflix, +local_ranges = , +max_url_retries = 10 +downloader_sleep_time = 10 +receive_threads = 2 +switchinterval = 0.005 +ssdp_broadcast_interval = 15 +ext_rename_ignore = , +email_server = "" +email_to = , +email_from = "" +email_account = "" +email_pwd = "" +email_endjob = 0 +email_full = 0 +email_dir = "" +email_rss = 0 +email_cats = *, +[logging] +log_level = 1 +max_log_size = 5242880 +log_backups = 5 +[ncenter] +ncenter_enable = 0 +ncenter_cats = *, +ncenter_prio_startup = 0 +ncenter_prio_download = 0 +ncenter_prio_pause_resume = 0 +ncenter_prio_pp = 0 +ncenter_prio_complete = 1 +ncenter_prio_failed = 1 +ncenter_prio_disk_full = 1 +ncenter_prio_new_login = 0 +ncenter_prio_warning = 0 +ncenter_prio_error = 0 +ncenter_prio_queue_done = 0 +ncenter_prio_other = 1 +[acenter] +acenter_enable = 0 +acenter_cats = *, +acenter_prio_startup = 0 +acenter_prio_download = 0 +acenter_prio_pause_resume = 0 +acenter_prio_pp = 0 +acenter_prio_complete = 1 +acenter_prio_failed = 1 +acenter_prio_disk_full = 1 +acenter_prio_new_login = 0 +acenter_prio_warning = 0 +acenter_prio_error = 0 +acenter_prio_queue_done = 0 +acenter_prio_other = 1 +[ntfosd] +ntfosd_enable = 1 +ntfosd_cats = *, +ntfosd_prio_startup = 0 +ntfosd_prio_download = 0 +ntfosd_prio_pause_resume = 0 +ntfosd_prio_pp = 0 +ntfosd_prio_complete = 1 +ntfosd_prio_failed = 1 +ntfosd_prio_disk_full = 1 +ntfosd_prio_new_login = 0 +ntfosd_prio_warning = 0 +ntfosd_prio_error = 0 +ntfosd_prio_queue_done = 0 +ntfosd_prio_other = 1 +[prowl] +prowl_enable = 0 +prowl_cats = *, +prowl_apikey = "" +prowl_prio_startup = -3 +prowl_prio_download = -3 +prowl_prio_pause_resume = -3 +prowl_prio_pp = -3 +prowl_prio_complete = 0 +prowl_prio_failed = 1 +prowl_prio_disk_full = 1 +prowl_prio_new_login = -3 +prowl_prio_warning = -3 +prowl_prio_error = -3 +prowl_prio_queue_done = -3 +prowl_prio_other = 0 +[pushover] +pushover_token = "" +pushover_userkey = "" +pushover_device = "" +pushover_emergency_expire = 3600 +pushover_emergency_retry = 60 +pushover_enable = 0 +pushover_cats = *, +pushover_prio_startup = -3 +pushover_prio_download = -2 +pushover_prio_pause_resume = -2 +pushover_prio_pp = -3 +pushover_prio_complete = -1 +pushover_prio_failed = -1 +pushover_prio_disk_full = 1 +pushover_prio_new_login = -3 +pushover_prio_warning = 1 +pushover_prio_error = 1 +pushover_prio_queue_done = -3 +pushover_prio_other = -1 +[pushbullet] +pushbullet_enable = 0 +pushbullet_cats = *, +pushbullet_apikey = "" +pushbullet_device = "" +pushbullet_prio_startup = 0 +pushbullet_prio_download = 0 +pushbullet_prio_pause_resume = 0 +pushbullet_prio_pp = 0 +pushbullet_prio_complete = 1 +pushbullet_prio_failed = 1 +pushbullet_prio_disk_full = 1 +pushbullet_prio_new_login = 0 +pushbullet_prio_warning = 0 +pushbullet_prio_error = 0 +pushbullet_prio_queue_done = 0 +pushbullet_prio_other = 1 +[apprise] +apprise_enable = 0 +apprise_cats = *, +apprise_urls = "" +apprise_target_startup = "" +apprise_target_startup_enable = 0 +apprise_target_download = "" +apprise_target_download_enable = 0 +apprise_target_pause_resume = "" +apprise_target_pause_resume_enable = 0 +apprise_target_pp = "" +apprise_target_pp_enable = 0 +apprise_target_complete = "" +apprise_target_complete_enable = 1 +apprise_target_failed = "" +apprise_target_failed_enable = 1 +apprise_target_disk_full = "" +apprise_target_disk_full_enable = 0 +apprise_target_new_login = "" +apprise_target_new_login_enable = 1 +apprise_target_warning = "" +apprise_target_warning_enable = 0 +apprise_target_error = "" +apprise_target_error_enable = 0 +apprise_target_queue_done = "" +apprise_target_queue_done_enable = 0 +apprise_target_other = "" +apprise_target_other_enable = 1 +[nscript] +nscript_enable = 0 +nscript_cats = *, +nscript_script = "" +nscript_parameters = "" +nscript_prio_startup = 0 +nscript_prio_download = 0 +nscript_prio_pause_resume = 0 +nscript_prio_pp = 0 +nscript_prio_complete = 1 +nscript_prio_failed = 1 +nscript_prio_disk_full = 1 +nscript_prio_new_login = 0 +nscript_prio_warning = 0 +nscript_prio_error = 0 +nscript_prio_queue_done = 0 +nscript_prio_other = 1 + diff --git a/nixarr/sabnzbd/config.nix b/nixarr/sabnzbd/config.nix new file mode 100644 index 0000000..b45b47c --- /dev/null +++ b/nixarr/sabnzbd/config.nix @@ -0,0 +1,86 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.nixarr.sabnzbd; + nixarr = config.nixarr; + ini-file-target = "${cfg.stateDir}/sabnzbd.ini"; + + concatStringsCommaIfExists = with lib.strings; stringList: ( + optionalString (builtins.length stringList > 0) ( + concatStringsSep "," stringList + ) + ); + + dynamic-configs = { + misc = { + host = if cfg.openFirewall then "0.0.0.0" else "127.0.0.1"; + port = cfg.guiPort; + download_dir = "${nixarr.mediaDir}/usenet/.incomplete"; + complete_dir = "${nixarr.mediaDir}/usenet/manual"; + dirscan_dir = "${nixarr.mediaDir}/usenet/watch"; + host_whitelist = concatStringsCommaIfExists cfg.whitelistHostnames; + local_ranges = concatStringsCommaIfExists cfg.whitelistRanges; + }; + }; + + dynamic-config-set-cmds = with lib.attrsets; mapAttrsToList ( + group-n: group-v: ( + mapAttrsToList ( + n: v: "| initool set - ${group-n} ${n} \"${builtins.toString v}\" \\\n" + ) group-v + ) + ) dynamic-configs; + + apply-dynamic-configs-script = pkgs.writeShellApplication { + name = "sabnzbd-set-dynamic-values"; + runtimeInputs = with pkgs; [initool util-linux]; + text = with lib; '' + if [ ! -f ${ini-file-target} ]; then + echo "FAILURE: Cannot write changes to ${ini-file-target}, file does not exist" + exit 1 + fi + + cp --preserve ${ini-file-target}{,.tmp} + initool set ${ini-file-target} "" __comment__ 'created by nixarr' \ + '' + (strings.concatStrings (lists.flatten dynamic-config-set-cmds)) + + '' + > ${ini-file-target}.tmp && mv -f ${ini-file-target}{.tmp,} + ''; + }; + + bashCheckIfEmptyStr = v: "[[ -z \$${v} || \$${v} == '\"\"' ]]"; + gen-uuids-script = pkgs.writeShellApplication { + name = "sabnzbd-set-random-api-uuids"; + runtimeInputs = with pkgs; [initool util-linux]; + text = '' + if [ ! -f ${ini-file-target} ]; then + echo "FAILURE: ${ini-file-target} does not exist. Cannot generate crypto strings." + exit 1 + fi + + api_key_value=$(initool get ${ini-file-target} misc api_key -v) + nzb_key_value=$(initool get ${ini-file-target} misc nzb_key -v) + + cp --preserve ${ini-file-target}{,.tmp} + if ${bashCheckIfEmptyStr "api_key_value"}; then + api_uuid=$(uuidgen --random | tr -d '-') + initool set ${ini-file-target} misc api_key "$api_uuid" \ + > ${ini-file-target}.tmp + echo "Generated api_key for ${ini-file-target}" + fi + if ${bashCheckIfEmptyStr "nzb_key_value"}; then + nzb_uuid=$(uuidgen --random | tr -d '-') + initool set ${ini-file-target} misc nzb_key "$nzb_uuid" \ + > ${ini-file-target}.tmp + echo "Generated nzb_key for ${ini-file-target}" + fi + mv -f ${ini-file-target}{.tmp,} + ''; + }; +in +{ + systemd.tmpfiles.rules = [ "C ${cfg.stateDir}/sabnzbd.ini - - - - ${./base-config.ini}" ]; + systemd.services.sabnzbd.serviceConfig.ExecStartPre = lib.mkBefore [ + (gen-uuids-script + "/bin/sabnzbd-set-random-api-uuids") + (apply-dynamic-configs-script + "/bin/sabnzbd-set-dynamic-values") + ]; +} diff --git a/nixarr/sabnzbd/default.nix b/nixarr/sabnzbd/default.nix index bfd70b5..264805c 100644 --- a/nixarr/sabnzbd/default.nix +++ b/nixarr/sabnzbd/default.nix @@ -7,72 +7,6 @@ with lib; let cfg = config.nixarr.sabnzbd; nixarr = config.nixarr; - - edited-flag = "edited by nixarr"; - - mkSetHostWhitelistCmd = with lib.strings; (hosts: '' - | initool set - misc host_whitelist ${concatStringsSep "," hosts} \ - ''); - - mkSetRangeWhitelistCmd = with lib.strings; (ranges: '' - | initool set - misc local_ranges ${concatStringsSep "," ranges} \ - ''); - - mkINIInitScript = ( - { - sabnzbd-state-dir, - guiPort, - access-externally ? true, - whitelist-hosts ? [], - whitelist-ranges ? [] - }: - pkgs.writeShellApplication { - name = "set-sabnzbd-ini-values"; - runtimeInputs = with pkgs; [initool sabnzbd sudo coreutils]; - text = with lib.strings; ( - # set download dirs - '' - if [ ! -f ${sabnzbd-state-dir}/sabnzbd.ini ]; then - sudo -u usenet -g media sabnzbd -p -d -f ${sabnzbd-state-dir}/sabnzbd.ini - sab_pid=$! - - until [ -f "${sabnzbd-state-dir}/sabnzbd.ini" ] - do - sleep 1 - done - - kill -INT $sab_pid - fi - - initool set ${sabnzbd-state-dir}/sabnzbd.ini "" __comment__ '${edited-flag}' \ - | initool set - misc download_dir "${nixarr.mediaDir}/usenet/.incomplete" \ - | initool set - misc complete_dir "${nixarr.mediaDir}/usenet/manual" \ - | initool set - misc dirscan_dir "${nixarr.mediaDir}/usenet/.watch" \ - | initool set - misc port "${builtins.toString guiPort}" \ - '' + - - # set host to 0.0.0.0 if remote access needed - optionalString access-externally '' - | initool set - misc host 0.0.0.0 \ - '' + - - # set hostname whitelist - optionalString (builtins.length whitelist-hosts > 0) ( - mkSetHostWhitelistCmd whitelist-hosts - ) + - - # set ip range whitelist - optionalString (builtins.length whitelist-ranges > 0) ( - mkSetRangeWhitelistCmd whitelist-ranges - ) + - - '' - > ${sabnzbd-state-dir}/sabnzbd.ini.tmp \ - && mv ${sabnzbd-state-dir}/sabnzbd.ini{.tmp,} - '' - ); - } - ); in { options.nixarr.sabnzbd = { enable = mkEnableOption "Enable the SABnzbd service."; @@ -159,7 +93,7 @@ in { }; }; - imports = []; + imports = [ ./config.nix ]; config = mkIf cfg.enable { systemd.tmpfiles.rules = [ @@ -176,17 +110,6 @@ in { networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.guiPort ]; systemd.services.sabnzbd.serviceConfig = { - ExecStartPre = mkBefore [ - ( - "+" + mkINIInitScript { - sabnzbd-state-dir = cfg.stateDir; - guiPort = cfg.guiPort; - access-externally = cfg.openFirewall; - whitelist-hosts = cfg.whitelistHostnames; - whitelist-ranges = cfg.whitelistRanges; - } + "/bin/set-sabnzbd-ini-values" - ) - ]; Restart = "on-failure"; StartLimitInterval = 15; StartLimitBurst = 5;