Added rest of assertions and fixed docs issue

rasmus-kirk · Feb 27, 2024 · 84303df · 84303df
1 parent 5d6ee98
commit 84303df
Show file tree

Hide file tree

Showing 9 changed files with 100 additions and 17 deletions.
diff --git a/nixarr/default.nix b/nixarr/default.nix
@@ -73,7 +73,7 @@ in {
         type = types.bool;
         default = false;
         description = ''
-          **Required options:** [`nixarr.vpn.wgConf`](/options.html#nixarr.vpn.wgConf)
+          **Required options:** [`nixarr.vpn.wgConf`](#nixarr.vpn.wgconf)
 
           Whether or not to enable VPN support for the services that nixarr
           supports.
@@ -137,6 +137,16 @@ in {
   };
 
   config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.vpn.enable && !cfg.vpn.wgConf;
+        message = ''
+          The nixarr.vpn.enable option requires the nixarr.vpn.wgConf option
+          to be set, but it was not.
+        '';
+      }
+    ];
+
     users.groups = {
       media.gid = 992;
       prowlarr = {};
@@ -146,6 +156,7 @@ in {
     # TODO: This is BAD. But seems necessary when using containers.
     # The prefered solution is to just remove containerization.
     # Look at https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/misc/ids.nix
+    # See also issue: https://github.com/rasmus-kirk/nixarr/issues/1
     users.users = {
       streamer = {
         isSystemUser = true;

diff --git a/nixarr/jellyfin/default.nix b/nixarr/jellyfin/default.nix
@@ -22,8 +22,8 @@ in with lib; {
       type = types.bool;
       default = false;
       description = ''
-        **Required options:** [`nixarr.vpn.enable`](/options.html#nixarr.vpn.enable)
-        **Conflicting options:** [`nixarr.jellyfin.expose.https.enable`](/options.html#nixarr.jellyfin.expose.https.enable)
+        **Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable)
+        **Conflicting options:** [`nixarr.jellyfin.expose.https.enable`](#nixarr.jellyfin.expose.https.enable)
 
         Route Jellyfin traffic through the VPN.
       '';
@@ -37,9 +37,9 @@ in with lib; {
           description = ''
             **Required options:** 
         
-            - [`nixarr.jellyfin.vpn.enable`](/options.html#nixarr.jellyfin.vpn.enable)
-            - [`nixarr.jellyfin.expose.vpn.port`](/options.html#nixarr.jellyfin.expose.vpn.port)
-            - [`nixarr.jellyfin.expose.vpn.accessibleFrom`](/options.html#nixarr.jellyfin.expose.vpn.accessibleFrom)
+            - [`nixarr.jellyfin.vpn.enable`](#nixarr.jellyfin.vpn.enable)
+            - [`nixarr.jellyfin.expose.vpn.port`](#nixarr.jellyfin.expose.vpn.port)
+            - [`nixarr.jellyfin.expose.vpn.accessibleFrom`](#nixarr.jellyfin.expose.vpn.accessiblefrom)
 
             Expose the Jellyfin web service to the internet, allowing anyone to
             access it.
@@ -75,10 +75,10 @@ in with lib; {
           description = ''
             **Required options:** 
         
-            - [`nixarr.jellyfin.expose.https.acmeMail`](/options.html#nixarr.jellyfin.expose.https.acmeMail)
-            - [`nixarr.jellyfin.expose.https.domainName`](/options.html#nixarr.jellyfin.expose.https.domainName)
+            - [`nixarr.jellyfin.expose.https.acmeMail`](#nixarr.jellyfin.expose.https.acmemail)
+            - [`nixarr.jellyfin.expose.https.domainName`](#nixarr.jellyfin.expose.https.domainname)
 
-            **Conflicting options:** [`nixarr.jellyfin.vpn.enable`](/options.html#nixarr.jellyfin.vpn.enable)
+            **Conflicting options:** [`nixarr.jellyfin.vpn.enable`](#nixarr.jellyfin.vpn.enable)
 
             Expose the Jellyfin web service to the internet with https support,
             allowing anyone to access it.

diff --git a/nixarr/lidarr/default.nix b/nixarr/lidarr/default.nix
@@ -21,14 +21,24 @@ in {
       type = types.bool;
       default = false;
       description = ''
-        **Required options:** [`nixarr.vpn.enable`](/options.html#nixarr.vpn.enable)
+        **Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable)
 
         Route Lidarr traffic through the VPN.
       '';
     };
   };
 
   config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.vpn.enable && !nixarr.vpn.enable;
+        message = ''
+          The nixarr.lidarr.vpn.enable option requires the
+          nixarr.vpn.enable option to be set, but it was not.
+        '';
+      }
+    ];
+
     systemd.tmpfiles.rules = [
       "d '${cfg.stateDir}' 0700 lidarr root - -"
     ];

diff --git a/nixarr/openssh/default.nix b/nixarr/openssh/default.nix
@@ -11,7 +11,7 @@ in {
     type = types.bool;
     default = false;
     description = ''
-      **Required options:** [`nixarr.vpn.enable`](/options.html#nixarr.vpn.enable)
+      **Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable)
 
       Run the openssh service through a vpn.
       
@@ -22,6 +22,8 @@ in {
         services.openssh = {
           enable = true;
           settings.PasswordAuthentication = false;
+          # Get this port from your VPN provider
+          ports [ 12345 ];
         };
 
         users.extraUsers.username.openssh.authorizedKeys.keyFiles = [
@@ -32,6 +34,16 @@ in {
   };
 
   config = mkIf (cfg.vpn.enable && config.services.openssh.enable) {
+    assertions = [
+      {
+        assertion = cfg.vpn.enable && !nixarr.vpn.enable;
+        message = ''
+          The nixarr.openssh.vpn.enable option requires the
+          nixarr.vpn.enable option to be set, but it was not.
+        '';
+      }
+    ];
+
     util-nixarr.vpnnamespace = {
       portMappings = builtins.map (x: { From = x; To = x; }) config.services.openssh.ports;
       openUdpPorts = config.services.openssh.ports;

diff --git a/nixarr/prowlarr/default.nix b/nixarr/prowlarr/default.nix
@@ -27,14 +27,24 @@ in {
       type = types.bool;
       default = false;
       description = ''
-        **Required options:** [`nixarr.vpn.enable`](/options.html#nixarr.vpn.enable)
+        **Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable)
 
         Route Prowlarr traffic through the VPN.
       '';
     };
   };
 
   config = mkIf cfg.enable {
+      assertions = [
+        {
+          assertion = cfg.vpn.enable && !nixarr.vpn.enable;
+          message = ''
+            The nixarr.prowlarr.vpn.enable option requires the
+            nixarr.vpn.enable option to be set, but it was not.
+          '';
+        }
+      ];
+
     systemd.tmpfiles.rules = [
       "d '${cfg.stateDir}' 0700 prowlarr root - -"
     ];

diff --git a/nixarr/radarr/default.nix b/nixarr/radarr/default.nix
@@ -23,14 +23,24 @@ in {
       type = types.bool;
       default = false;
       description = ''
-        **Required options:** [`nixarr.vpn.enable`](/options.html#nixarr.vpn.enable)
+        **Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable)
 
         Route Radarr traffic through the VPN.
       '';
     };
   };
 
   config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.vpn.enable && !nixarr.vpn.enable;
+        message = ''
+          The nixarr.radarr.vpn.enable option requires the
+          nixarr.vpn.enable option to be set, but it was not.
+        '';
+      }
+    ];
+
     systemd.tmpfiles.rules = [
       "d '${cfg.stateDir}' 0700 radarr root - -"
     ];

diff --git a/nixarr/readarr/default.nix b/nixarr/readarr/default.nix
@@ -21,14 +21,24 @@ in {
       type = types.bool;
       default = false;
       description = ''
-        **Required options:** [`nixarr.vpn.enable`](/options.html#nixarr.vpn.enable)
+        **Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable)
 
         Route Readarr traffic through the VPN.
       '';
     };
   };
 
   config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.vpn.enable && !nixarr.vpn.enable;
+        message = ''
+          The nixarr.readarr.vpn.enable option requires the
+          nixarr.vpn.enable option to be set, but it was not.
+        '';
+      }
+    ];
+
     systemd.tmpfiles.rules = [
       "d '${cfg.stateDir}' 0700 readarr root - -"
     ];

diff --git a/nixarr/sonarr/default.nix b/nixarr/sonarr/default.nix
@@ -27,14 +27,24 @@ in {
       type = types.bool;
       default = false;
       description = ''
-        **Required options:** [`nixarr.vpn.enable`](/options.html#nixarr.vpn.enable)
+        **Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable)
 
         Route Sonarr traffic through the VPN.
       '';
     };
   };
 
   config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.vpn.enable && !nixarr.vpn.enable;
+        message = ''
+          The nixarr.sonarr.vpn.enable option requires the
+          nixarr.vpn.enable option to be set, but it was not.
+        '';
+      }
+    ];
+
     systemd.tmpfiles.rules = [
       "d '${cfg.stateDir}' 0700 sonarr root - -"
     ];

diff --git a/nixarr/transmission/default.nix b/nixarr/transmission/default.nix
@@ -33,7 +33,7 @@ in {
       type = types.bool;
       default = false;
       description = ''
-        **Required options:** [`nixarr.vpn.enable`](/options.html#nixarr.vpn.enable)
+        **Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable)
 
         **Recommended:** Route Transmission traffic through the VPN.
       '';
@@ -95,9 +95,19 @@ in {
   };
 
   config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.vpn.enable && !nixarr.vpn.enable;
+        message = ''
+          The nixarr.transmission.vpn.enable option requires the
+          nixarr.vpn.enable option to be set, but it was not.
+        '';
+      }
+    ];
+
     systemd.tmpfiles.rules = [
       "d '${cfg.stateDir}'                             0700 torrenter root - -"
-      # This is fixes a bug in nixpks TODO: create nixpkgs issue
+      # This is fixes a bug in nixpks (https://github.com/NixOS/nixpkgs/issues/291883)
       "d '${cfg.stateDir}/.config/transmission-daemon' 0700 torrenter root - -"
     ];