updated assertions

nixarr/default.nix

@@ -12,6 +12,7 @@ in {
     ./lidarr
     ./readarr
     ./sonarr
+    ./openssh
     ./prowlarr
     ./transmission
     ../util
@@ -139,7 +140,7 @@ in {
   config = mkIf cfg.enable {
     assertions = [
       {
-        assertion = cfg.vpn.enable && (cfg.vpn.wgConf == null);
+        assertion = cfg.vpn.enable -> cfg.vpn.wgConf != null;
         message = ''
           The nixarr.vpn.enable option requires the nixarr.vpn.wgConf option
           to be set, but it was not.
@@ -221,7 +222,7 @@ in {
       ];
       dnsServers = cfg.vpn.dnsServers;
       wireguardAddressPath = cfg.vpn.wgAddress;
-      wireguardConfigFile = cfg.vpn.wgConf;
+      wireguardConfigFile = if cfg.vpn.wgConf != null then cfg.vpn.wgConf else "";
       vpnTestService = {
         enable = cfg.vpn.vpnTestService.enable;
         port = cfg.vpn.vpnTestService.port;

nixarr/jellyfin/default.nix

@@ -110,7 +110,7 @@ in with lib; {
     {
       assertions = [
         {
-          assertion = cfg.vpn.enable && !nixarr.vpn.enable;
+          assertion = cfg.vpn.enable -> nixarr.vpn.enable;
           message = ''
             The nixarr.jellyfin.vpn.enable option requires the
             nixarr.vpn.enable option to be set, but it was not.
@@ -138,7 +138,7 @@ in with lib; {
         }
         {
           assertion = cfg.expose.vpn.enable -> (
-            !cfg.vpn.enable && 
+            cfg.vpn.enable && 
             (cfg.expose.vpn.port != null) && 
             (cfg.expose.vpn.accessibleFrom != null)
           );
@@ -211,7 +211,7 @@ in with lib; {
           };
         })
         (mkIf cfg.expose.vpn.enable {
-          virtualHosts."${cfg.expose.vpn.accessibleFrom}:${builtins.toString cfg.expose.vpn.port}" = {
+          virtualHosts."${builtins.toString cfg.expose.vpn.accessibleFrom}:${builtins.toString cfg.expose.vpn.port}" = {
             enableACME = true;
             forceSSL = true;
             locations."/" = {

nixarr/lidarr/default.nix

@@ -31,7 +31,7 @@ in {
   config = mkIf cfg.enable {
     assertions = [
       {
-        assertion = cfg.vpn.enable && !nixarr.vpn.enable;
+        assertion = cfg.vpn.enable -> nixarr.vpn.enable;
         message = ''
           The nixarr.lidarr.vpn.enable option requires the
           nixarr.vpn.enable option to be set, but it was not.

nixarr/openssh/default.nix

@@ -6,8 +6,9 @@
 }:
 with lib; let
   cfg = config.nixarr.openssh;
+  nixarr = config.nixarr;
 in {
-  options.nixarr.openssh.vpn.enable = {
+  options.nixarr.openssh.vpn.enable = mkOption {
     type = types.bool;
     default = false;
     description = ''
@@ -27,23 +28,42 @@ in {
         };
 
         users.extraUsers.username.openssh.authorizedKeys.keyFiles = [
-          ./path/to/public/key/machine.pub}
+          ./path/to/public/key/machine.pub
         ];
       ```
     '';
   };
 
-  config = mkIf (cfg.vpn.enable && config.services.openssh.enable) {
+  config = mkIf cfg.vpn.enable {
     assertions = [
       {
-        assertion = cfg.vpn.enable && !nixarr.vpn.enable;
+        assertion = cfg.vpn.enable -> nixarr.vpn.enable;
         message = ''
           The nixarr.openssh.vpn.enable option requires the
           nixarr.vpn.enable option to be set, but it was not.
         '';
       }
     ];
 
+    warnings = if config.services.openssh.enable then [
+      ''
+        nixarr.openssh.vpn.enable is set, but openssh is not enabled on your
+        system, so the openssh server is not running. This is probably not
+        what you wanted. You can add the following lines to enable it:
+
+        services.openssh = {
+          enable = true;
+          settings.PasswordAuthentication = false;
+          # Get this port from your VPN provider
+          ports [ 12345 ];
+        };
+
+        users.extraUsers.username.openssh.authorizedKeys.keyFiles = [
+          ./path/to/public/key/machine.pub
+        ];
+      ''
+    ] else [];
+
     util-nixarr.vpnnamespace = {
       portMappings = builtins.map (x: { From = x; To = x; }) config.services.openssh.ports;
       openUdpPorts = config.services.openssh.ports;

nixarr/prowlarr/default.nix

@@ -37,7 +37,7 @@ in {
   config = mkIf cfg.enable {
       assertions = [
         {
-          assertion = cfg.vpn.enable && !nixarr.vpn.enable;
+          assertion = cfg.vpn.enable -> nixarr.vpn.enable;
           message = ''
             The nixarr.prowlarr.vpn.enable option requires the
             nixarr.vpn.enable option to be set, but it was not.

nixarr/radarr/default.nix

@@ -33,7 +33,7 @@ in {
   config = mkIf cfg.enable {
     assertions = [
       {
-        assertion = cfg.vpn.enable && !nixarr.vpn.enable;
+        assertion = cfg.vpn.enable -> nixarr.vpn.enable;
         message = ''
           The nixarr.radarr.vpn.enable option requires the
           nixarr.vpn.enable option to be set, but it was not.

nixarr/readarr/default.nix

@@ -31,7 +31,7 @@ in {
   config = mkIf cfg.enable {
     assertions = [
       {
-        assertion = cfg.vpn.enable && !nixarr.vpn.enable;
+        assertion = cfg.vpn.enable -> nixarr.vpn.enable;
         message = ''
           The nixarr.readarr.vpn.enable option requires the
           nixarr.vpn.enable option to be set, but it was not.

nixarr/sonarr/default.nix

@@ -37,7 +37,7 @@ in {
   config = mkIf cfg.enable {
     assertions = [
       {
-        assertion = cfg.vpn.enable && !nixarr.vpn.enable;
+        assertion = cfg.vpn.enable -> nixarr.vpn.enable;
         message = ''
           The nixarr.sonarr.vpn.enable option requires the
           nixarr.vpn.enable option to be set, but it was not.

nixarr/transmission/default.nix

@@ -97,7 +97,7 @@ in {
   config = mkIf cfg.enable {
     assertions = [
       {
-        assertion = cfg.vpn.enable && !nixarr.vpn.enable;
+        assertion = cfg.vpn.enable -> nixarr.vpn.enable;
         message = ''
           The nixarr.transmission.vpn.enable option requires the
           nixarr.vpn.enable option to be set, but it was not.