Skip to content

Commit

Permalink
updated assertions
Browse files Browse the repository at this point in the history
  • Loading branch information
rasmus-kirk committed Feb 28, 2024
1 parent 4dc515d commit 7da46a1
Show file tree
Hide file tree
Showing 9 changed files with 44 additions and 16 deletions.
5 changes: 3 additions & 2 deletions nixarr/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ in {
./lidarr
./readarr
./sonarr
./openssh
./prowlarr
./transmission
../util
Expand Down Expand Up @@ -139,7 +140,7 @@ in {
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.vpn.enable && (cfg.vpn.wgConf == null);
assertion = cfg.vpn.enable -> cfg.vpn.wgConf != null;
message = ''
The nixarr.vpn.enable option requires the nixarr.vpn.wgConf option
to be set, but it was not.
Expand Down Expand Up @@ -221,7 +222,7 @@ in {
];
dnsServers = cfg.vpn.dnsServers;
wireguardAddressPath = cfg.vpn.wgAddress;
wireguardConfigFile = cfg.vpn.wgConf;
wireguardConfigFile = if cfg.vpn.wgConf != null then cfg.vpn.wgConf else "";
vpnTestService = {
enable = cfg.vpn.vpnTestService.enable;
port = cfg.vpn.vpnTestService.port;
Expand Down
6 changes: 3 additions & 3 deletions nixarr/jellyfin/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ in with lib; {
{
assertions = [
{
assertion = cfg.vpn.enable && !nixarr.vpn.enable;
assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = ''
The nixarr.jellyfin.vpn.enable option requires the
nixarr.vpn.enable option to be set, but it was not.
Expand Down Expand Up @@ -138,7 +138,7 @@ in with lib; {
}
{
assertion = cfg.expose.vpn.enable -> (
!cfg.vpn.enable &&
cfg.vpn.enable &&
(cfg.expose.vpn.port != null) &&
(cfg.expose.vpn.accessibleFrom != null)
);
Expand Down Expand Up @@ -211,7 +211,7 @@ in with lib; {
};
})
(mkIf cfg.expose.vpn.enable {
virtualHosts."${cfg.expose.vpn.accessibleFrom}:${builtins.toString cfg.expose.vpn.port}" = {
virtualHosts."${builtins.toString cfg.expose.vpn.accessibleFrom}:${builtins.toString cfg.expose.vpn.port}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
Expand Down
2 changes: 1 addition & 1 deletion nixarr/lidarr/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ in {
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.vpn.enable && !nixarr.vpn.enable;
assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = ''
The nixarr.lidarr.vpn.enable option requires the
nixarr.vpn.enable option to be set, but it was not.
Expand Down
37 changes: 32 additions & 5 deletions nixarr/openssh/default.nix
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
# TODO: Dir creation and file permissions in nix
{
config,
lib,
...
}:
with lib; let
cfg = config.nixarr.openssh;
nixarr = config.nixarr;
in {
options.nixarr.openssh.vpn.enable = {
options.nixarr.openssh.vpn.enable = mkOption {
type = types.bool;
default = false;
description = ''
Expand All @@ -27,23 +27,50 @@ in {
};
users.extraUsers.username.openssh.authorizedKeys.keyFiles = [
./path/to/public/key/machine.pub}
./path/to/public/key/machine.pub
];
Then replace username with your username and the keyFiles path
to a ssh public key file from the machine that you want to have
access. Don't use password authentication as it is insecure!
```
'';
};

config = mkIf (cfg.vpn.enable && config.services.openssh.enable) {
config = mkIf cfg.vpn.enable {
assertions = [
{
assertion = cfg.vpn.enable && !nixarr.vpn.enable;
assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = ''
The nixarr.openssh.vpn.enable option requires the
nixarr.vpn.enable option to be set, but it was not.
'';
}
];

warnings = if config.services.openssh.enable then [
''
nixarr.openssh.vpn.enable is set, but openssh is not enabled on your
system, so the openssh server is not running. This is probably not
what you wanted. You can add the following lines to enable it:
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
# Get this port from your VPN provider
ports [ 12345 ];
};
users.extraUsers.username.openssh.authorizedKeys.keyFiles = [
./path/to/public/key/machine.pub
];
Then replace username with your username and the keyFiles path
to a ssh public key file from the machine that you want to have
access. Don't use password authentication as it is insecure!
''
] else [];

util-nixarr.vpnnamespace = {
portMappings = builtins.map (x: { From = x; To = x; }) config.services.openssh.ports;
openUdpPorts = config.services.openssh.ports;
Expand Down
2 changes: 1 addition & 1 deletion nixarr/prowlarr/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ in {
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.vpn.enable && !nixarr.vpn.enable;
assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = ''
The nixarr.prowlarr.vpn.enable option requires the
nixarr.vpn.enable option to be set, but it was not.
Expand Down
2 changes: 1 addition & 1 deletion nixarr/radarr/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ in {
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.vpn.enable && !nixarr.vpn.enable;
assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = ''
The nixarr.radarr.vpn.enable option requires the
nixarr.vpn.enable option to be set, but it was not.
Expand Down
2 changes: 1 addition & 1 deletion nixarr/readarr/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ in {
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.vpn.enable && !nixarr.vpn.enable;
assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = ''
The nixarr.readarr.vpn.enable option requires the
nixarr.vpn.enable option to be set, but it was not.
Expand Down
2 changes: 1 addition & 1 deletion nixarr/sonarr/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ in {
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.vpn.enable && !nixarr.vpn.enable;
assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = ''
The nixarr.sonarr.vpn.enable option requires the
nixarr.vpn.enable option to be set, but it was not.
Expand Down
2 changes: 1 addition & 1 deletion nixarr/transmission/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ in {
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.vpn.enable && !nixarr.vpn.enable;
assertion = cfg.vpn.enable -> nixarr.vpn.enable;
message = ''
The nixarr.transmission.vpn.enable option requires the
nixarr.vpn.enable option to be set, but it was not.
Expand Down

0 comments on commit 7da46a1

Please sign in to comment.