From 84303df9a43b89462b576af357b0ce52342f0d0c Mon Sep 17 00:00:00 2001 From: rasmus-kirk Date: Tue, 27 Feb 2024 18:07:36 +0100 Subject: [PATCH] Added rest of assertions and fixed docs issue --- nixarr/default.nix | 13 ++++++++++++- nixarr/jellyfin/default.nix | 16 ++++++++-------- nixarr/lidarr/default.nix | 12 +++++++++++- nixarr/openssh/default.nix | 14 +++++++++++++- nixarr/prowlarr/default.nix | 12 +++++++++++- nixarr/radarr/default.nix | 12 +++++++++++- nixarr/readarr/default.nix | 12 +++++++++++- nixarr/sonarr/default.nix | 12 +++++++++++- nixarr/transmission/default.nix | 14 ++++++++++++-- 9 files changed, 100 insertions(+), 17 deletions(-) diff --git a/nixarr/default.nix b/nixarr/default.nix index 06e4da3..e9d05a9 100644 --- a/nixarr/default.nix +++ b/nixarr/default.nix @@ -73,7 +73,7 @@ in { type = types.bool; default = false; description = '' - **Required options:** [`nixarr.vpn.wgConf`](/options.html#nixarr.vpn.wgConf) + **Required options:** [`nixarr.vpn.wgConf`](#nixarr.vpn.wgconf) Whether or not to enable VPN support for the services that nixarr supports. @@ -137,6 +137,16 @@ in { }; config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.vpn.enable && !cfg.vpn.wgConf; + message = '' + The nixarr.vpn.enable option requires the nixarr.vpn.wgConf option + to be set, but it was not. + ''; + } + ]; + users.groups = { media.gid = 992; prowlarr = {}; @@ -146,6 +156,7 @@ in { # TODO: This is BAD. But seems necessary when using containers. # The prefered solution is to just remove containerization. # Look at https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/misc/ids.nix + # See also issue: https://github.com/rasmus-kirk/nixarr/issues/1 users.users = { streamer = { isSystemUser = true; diff --git a/nixarr/jellyfin/default.nix b/nixarr/jellyfin/default.nix index aff654b..da45c4e 100644 --- a/nixarr/jellyfin/default.nix +++ b/nixarr/jellyfin/default.nix @@ -22,8 +22,8 @@ in with lib; { type = types.bool; default = false; description = '' - **Required options:** [`nixarr.vpn.enable`](/options.html#nixarr.vpn.enable) - **Conflicting options:** [`nixarr.jellyfin.expose.https.enable`](/options.html#nixarr.jellyfin.expose.https.enable) + **Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable) + **Conflicting options:** [`nixarr.jellyfin.expose.https.enable`](#nixarr.jellyfin.expose.https.enable) Route Jellyfin traffic through the VPN. ''; @@ -37,9 +37,9 @@ in with lib; { description = '' **Required options:** - - [`nixarr.jellyfin.vpn.enable`](/options.html#nixarr.jellyfin.vpn.enable) - - [`nixarr.jellyfin.expose.vpn.port`](/options.html#nixarr.jellyfin.expose.vpn.port) - - [`nixarr.jellyfin.expose.vpn.accessibleFrom`](/options.html#nixarr.jellyfin.expose.vpn.accessibleFrom) + - [`nixarr.jellyfin.vpn.enable`](#nixarr.jellyfin.vpn.enable) + - [`nixarr.jellyfin.expose.vpn.port`](#nixarr.jellyfin.expose.vpn.port) + - [`nixarr.jellyfin.expose.vpn.accessibleFrom`](#nixarr.jellyfin.expose.vpn.accessiblefrom) Expose the Jellyfin web service to the internet, allowing anyone to access it. @@ -75,10 +75,10 @@ in with lib; { description = '' **Required options:** - - [`nixarr.jellyfin.expose.https.acmeMail`](/options.html#nixarr.jellyfin.expose.https.acmeMail) - - [`nixarr.jellyfin.expose.https.domainName`](/options.html#nixarr.jellyfin.expose.https.domainName) + - [`nixarr.jellyfin.expose.https.acmeMail`](#nixarr.jellyfin.expose.https.acmemail) + - [`nixarr.jellyfin.expose.https.domainName`](#nixarr.jellyfin.expose.https.domainname) - **Conflicting options:** [`nixarr.jellyfin.vpn.enable`](/options.html#nixarr.jellyfin.vpn.enable) + **Conflicting options:** [`nixarr.jellyfin.vpn.enable`](#nixarr.jellyfin.vpn.enable) Expose the Jellyfin web service to the internet with https support, allowing anyone to access it. diff --git a/nixarr/lidarr/default.nix b/nixarr/lidarr/default.nix index 8bf0417..07ffcc1 100644 --- a/nixarr/lidarr/default.nix +++ b/nixarr/lidarr/default.nix @@ -21,7 +21,7 @@ in { type = types.bool; default = false; description = '' - **Required options:** [`nixarr.vpn.enable`](/options.html#nixarr.vpn.enable) + **Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable) Route Lidarr traffic through the VPN. ''; @@ -29,6 +29,16 @@ in { }; config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.vpn.enable && !nixarr.vpn.enable; + message = '' + The nixarr.lidarr.vpn.enable option requires the + nixarr.vpn.enable option to be set, but it was not. + ''; + } + ]; + systemd.tmpfiles.rules = [ "d '${cfg.stateDir}' 0700 lidarr root - -" ]; diff --git a/nixarr/openssh/default.nix b/nixarr/openssh/default.nix index 4a8161c..9692c44 100644 --- a/nixarr/openssh/default.nix +++ b/nixarr/openssh/default.nix @@ -11,7 +11,7 @@ in { type = types.bool; default = false; description = '' - **Required options:** [`nixarr.vpn.enable`](/options.html#nixarr.vpn.enable) + **Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable) Run the openssh service through a vpn. @@ -22,6 +22,8 @@ in { services.openssh = { enable = true; settings.PasswordAuthentication = false; + # Get this port from your VPN provider + ports [ 12345 ]; }; users.extraUsers.username.openssh.authorizedKeys.keyFiles = [ @@ -32,6 +34,16 @@ in { }; config = mkIf (cfg.vpn.enable && config.services.openssh.enable) { + assertions = [ + { + assertion = cfg.vpn.enable && !nixarr.vpn.enable; + message = '' + The nixarr.openssh.vpn.enable option requires the + nixarr.vpn.enable option to be set, but it was not. + ''; + } + ]; + util-nixarr.vpnnamespace = { portMappings = builtins.map (x: { From = x; To = x; }) config.services.openssh.ports; openUdpPorts = config.services.openssh.ports; diff --git a/nixarr/prowlarr/default.nix b/nixarr/prowlarr/default.nix index d4e0c72..553b20b 100644 --- a/nixarr/prowlarr/default.nix +++ b/nixarr/prowlarr/default.nix @@ -27,7 +27,7 @@ in { type = types.bool; default = false; description = '' - **Required options:** [`nixarr.vpn.enable`](/options.html#nixarr.vpn.enable) + **Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable) Route Prowlarr traffic through the VPN. ''; @@ -35,6 +35,16 @@ in { }; config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.vpn.enable && !nixarr.vpn.enable; + message = '' + The nixarr.prowlarr.vpn.enable option requires the + nixarr.vpn.enable option to be set, but it was not. + ''; + } + ]; + systemd.tmpfiles.rules = [ "d '${cfg.stateDir}' 0700 prowlarr root - -" ]; diff --git a/nixarr/radarr/default.nix b/nixarr/radarr/default.nix index 4878692..451d6d9 100644 --- a/nixarr/radarr/default.nix +++ b/nixarr/radarr/default.nix @@ -23,7 +23,7 @@ in { type = types.bool; default = false; description = '' - **Required options:** [`nixarr.vpn.enable`](/options.html#nixarr.vpn.enable) + **Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable) Route Radarr traffic through the VPN. ''; @@ -31,6 +31,16 @@ in { }; config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.vpn.enable && !nixarr.vpn.enable; + message = '' + The nixarr.radarr.vpn.enable option requires the + nixarr.vpn.enable option to be set, but it was not. + ''; + } + ]; + systemd.tmpfiles.rules = [ "d '${cfg.stateDir}' 0700 radarr root - -" ]; diff --git a/nixarr/readarr/default.nix b/nixarr/readarr/default.nix index d6a07ca..2f54147 100644 --- a/nixarr/readarr/default.nix +++ b/nixarr/readarr/default.nix @@ -21,7 +21,7 @@ in { type = types.bool; default = false; description = '' - **Required options:** [`nixarr.vpn.enable`](/options.html#nixarr.vpn.enable) + **Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable) Route Readarr traffic through the VPN. ''; @@ -29,6 +29,16 @@ in { }; config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.vpn.enable && !nixarr.vpn.enable; + message = '' + The nixarr.readarr.vpn.enable option requires the + nixarr.vpn.enable option to be set, but it was not. + ''; + } + ]; + systemd.tmpfiles.rules = [ "d '${cfg.stateDir}' 0700 readarr root - -" ]; diff --git a/nixarr/sonarr/default.nix b/nixarr/sonarr/default.nix index 3aa6ef5..c7a3233 100644 --- a/nixarr/sonarr/default.nix +++ b/nixarr/sonarr/default.nix @@ -27,7 +27,7 @@ in { type = types.bool; default = false; description = '' - **Required options:** [`nixarr.vpn.enable`](/options.html#nixarr.vpn.enable) + **Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable) Route Sonarr traffic through the VPN. ''; @@ -35,6 +35,16 @@ in { }; config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.vpn.enable && !nixarr.vpn.enable; + message = '' + The nixarr.sonarr.vpn.enable option requires the + nixarr.vpn.enable option to be set, but it was not. + ''; + } + ]; + systemd.tmpfiles.rules = [ "d '${cfg.stateDir}' 0700 sonarr root - -" ]; diff --git a/nixarr/transmission/default.nix b/nixarr/transmission/default.nix index a4d197e..c3cee66 100644 --- a/nixarr/transmission/default.nix +++ b/nixarr/transmission/default.nix @@ -33,7 +33,7 @@ in { type = types.bool; default = false; description = '' - **Required options:** [`nixarr.vpn.enable`](/options.html#nixarr.vpn.enable) + **Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable) **Recommended:** Route Transmission traffic through the VPN. ''; @@ -95,9 +95,19 @@ in { }; config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.vpn.enable && !nixarr.vpn.enable; + message = '' + The nixarr.transmission.vpn.enable option requires the + nixarr.vpn.enable option to be set, but it was not. + ''; + } + ]; + systemd.tmpfiles.rules = [ "d '${cfg.stateDir}' 0700 torrenter root - -" - # This is fixes a bug in nixpks TODO: create nixpkgs issue + # This is fixes a bug in nixpks (https://github.com/NixOS/nixpkgs/issues/291883) "d '${cfg.stateDir}/.config/transmission-daemon' 0700 torrenter root - -" ];