diff --git a/nixarr/default.nix b/nixarr/default.nix index 08091fe..4107a43 100644 --- a/nixarr/default.nix +++ b/nixarr/default.nix @@ -12,6 +12,7 @@ in { ./lidarr ./readarr ./sonarr + ./openssh ./prowlarr ./transmission ../util @@ -139,7 +140,7 @@ in { config = mkIf cfg.enable { assertions = [ { - assertion = cfg.vpn.enable && (cfg.vpn.wgConf == null); + assertion = cfg.vpn.enable -> cfg.vpn.wgConf != null; message = '' The nixarr.vpn.enable option requires the nixarr.vpn.wgConf option to be set, but it was not. @@ -221,7 +222,7 @@ in { ]; dnsServers = cfg.vpn.dnsServers; wireguardAddressPath = cfg.vpn.wgAddress; - wireguardConfigFile = cfg.vpn.wgConf; + wireguardConfigFile = if cfg.vpn.wgConf != null then cfg.vpn.wgConf else ""; vpnTestService = { enable = cfg.vpn.vpnTestService.enable; port = cfg.vpn.vpnTestService.port; diff --git a/nixarr/jellyfin/default.nix b/nixarr/jellyfin/default.nix index 30a4e7d..1cd5c56 100644 --- a/nixarr/jellyfin/default.nix +++ b/nixarr/jellyfin/default.nix @@ -110,7 +110,7 @@ in with lib; { { assertions = [ { - assertion = cfg.vpn.enable && !nixarr.vpn.enable; + assertion = cfg.vpn.enable -> nixarr.vpn.enable; message = '' The nixarr.jellyfin.vpn.enable option requires the nixarr.vpn.enable option to be set, but it was not. @@ -138,7 +138,7 @@ in with lib; { } { assertion = cfg.expose.vpn.enable -> ( - !cfg.vpn.enable && + cfg.vpn.enable && (cfg.expose.vpn.port != null) && (cfg.expose.vpn.accessibleFrom != null) ); @@ -211,7 +211,7 @@ in with lib; { }; }) (mkIf cfg.expose.vpn.enable { - virtualHosts."${cfg.expose.vpn.accessibleFrom}:${builtins.toString cfg.expose.vpn.port}" = { + virtualHosts."${builtins.toString cfg.expose.vpn.accessibleFrom}:${builtins.toString cfg.expose.vpn.port}" = { enableACME = true; forceSSL = true; locations."/" = { diff --git a/nixarr/lidarr/default.nix b/nixarr/lidarr/default.nix index 07ffcc1..41e5a6e 100644 --- a/nixarr/lidarr/default.nix +++ b/nixarr/lidarr/default.nix @@ -31,7 +31,7 @@ in { config = mkIf cfg.enable { assertions = [ { - assertion = cfg.vpn.enable && !nixarr.vpn.enable; + assertion = cfg.vpn.enable -> nixarr.vpn.enable; message = '' The nixarr.lidarr.vpn.enable option requires the nixarr.vpn.enable option to be set, but it was not. diff --git a/nixarr/openssh/default.nix b/nixarr/openssh/default.nix index 9692c44..b6aa0e9 100644 --- a/nixarr/openssh/default.nix +++ b/nixarr/openssh/default.nix @@ -6,8 +6,9 @@ }: with lib; let cfg = config.nixarr.openssh; + nixarr = config.nixarr; in { - options.nixarr.openssh.vpn.enable = { + options.nixarr.openssh.vpn.enable = mkOption { type = types.bool; default = false; description = '' @@ -27,16 +28,16 @@ in { }; users.extraUsers.username.openssh.authorizedKeys.keyFiles = [ - ./path/to/public/key/machine.pub} + ./path/to/public/key/machine.pub ]; ``` ''; }; - config = mkIf (cfg.vpn.enable && config.services.openssh.enable) { + config = mkIf cfg.vpn.enable { assertions = [ { - assertion = cfg.vpn.enable && !nixarr.vpn.enable; + assertion = cfg.vpn.enable -> nixarr.vpn.enable; message = '' The nixarr.openssh.vpn.enable option requires the nixarr.vpn.enable option to be set, but it was not. @@ -44,6 +45,25 @@ in { } ]; + warnings = if config.services.openssh.enable then [ + '' + nixarr.openssh.vpn.enable is set, but openssh is not enabled on your + system, so the openssh server is not running. This is probably not + what you wanted. You can add the following lines to enable it: + + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + # Get this port from your VPN provider + ports [ 12345 ]; + }; + + users.extraUsers.username.openssh.authorizedKeys.keyFiles = [ + ./path/to/public/key/machine.pub + ]; + '' + ] else []; + util-nixarr.vpnnamespace = { portMappings = builtins.map (x: { From = x; To = x; }) config.services.openssh.ports; openUdpPorts = config.services.openssh.ports; diff --git a/nixarr/prowlarr/default.nix b/nixarr/prowlarr/default.nix index 553b20b..de90471 100644 --- a/nixarr/prowlarr/default.nix +++ b/nixarr/prowlarr/default.nix @@ -37,7 +37,7 @@ in { config = mkIf cfg.enable { assertions = [ { - assertion = cfg.vpn.enable && !nixarr.vpn.enable; + assertion = cfg.vpn.enable -> nixarr.vpn.enable; message = '' The nixarr.prowlarr.vpn.enable option requires the nixarr.vpn.enable option to be set, but it was not. diff --git a/nixarr/radarr/default.nix b/nixarr/radarr/default.nix index 451d6d9..85aad5f 100644 --- a/nixarr/radarr/default.nix +++ b/nixarr/radarr/default.nix @@ -33,7 +33,7 @@ in { config = mkIf cfg.enable { assertions = [ { - assertion = cfg.vpn.enable && !nixarr.vpn.enable; + assertion = cfg.vpn.enable -> nixarr.vpn.enable; message = '' The nixarr.radarr.vpn.enable option requires the nixarr.vpn.enable option to be set, but it was not. diff --git a/nixarr/readarr/default.nix b/nixarr/readarr/default.nix index 2f54147..5691a95 100644 --- a/nixarr/readarr/default.nix +++ b/nixarr/readarr/default.nix @@ -31,7 +31,7 @@ in { config = mkIf cfg.enable { assertions = [ { - assertion = cfg.vpn.enable && !nixarr.vpn.enable; + assertion = cfg.vpn.enable -> nixarr.vpn.enable; message = '' The nixarr.readarr.vpn.enable option requires the nixarr.vpn.enable option to be set, but it was not. diff --git a/nixarr/sonarr/default.nix b/nixarr/sonarr/default.nix index c7a3233..5c285a4 100644 --- a/nixarr/sonarr/default.nix +++ b/nixarr/sonarr/default.nix @@ -37,7 +37,7 @@ in { config = mkIf cfg.enable { assertions = [ { - assertion = cfg.vpn.enable && !nixarr.vpn.enable; + assertion = cfg.vpn.enable -> nixarr.vpn.enable; message = '' The nixarr.sonarr.vpn.enable option requires the nixarr.vpn.enable option to be set, but it was not. diff --git a/nixarr/transmission/default.nix b/nixarr/transmission/default.nix index c3cee66..9fcbcce 100644 --- a/nixarr/transmission/default.nix +++ b/nixarr/transmission/default.nix @@ -97,7 +97,7 @@ in { config = mkIf cfg.enable { assertions = [ { - assertion = cfg.vpn.enable && !nixarr.vpn.enable; + assertion = cfg.vpn.enable -> nixarr.vpn.enable; message = '' The nixarr.transmission.vpn.enable option requires the nixarr.vpn.enable option to be set, but it was not.