Updated documentation and options

rasmus-kirk · Feb 21, 2024 · b78dd21 · b78dd21
1 parent 2220207
commit b78dd21
Show file tree

Hide file tree

Showing 9 changed files with 225 additions and 162 deletions.
diff --git a/nixarr/default.nix b/nixarr/default.nix
@@ -37,26 +37,22 @@ in {
       Remember to read the options.
     '';
 
-    mediaUsers = mkOption {
-      type = with types; listOf str;
-      default = [];
-      description = "Extra users to add the the media group, giving access to the media directory. You probably want to add your own user here.";
-    };
-
     mediaDir = mkOption {
       type = types.path;
       default = "/data/media";
-      description = "The location of the media directory for the services.";
+      description = ''
+        The location of the media directory for the services.
+      '';
     };
 
     stateDir = mkOption {
       type = types.path;
       default = "/data/.state";
-      description = "The location of the state directory for the services.";
+      description = ''
+        The location of the state directory for the services.
+      '';
     };
 
-    upnp.enable = mkEnableOption "Enable automatic port forwarding using UPNP.";
-
     vpn = {
       enable = mkEnableOption ''Enable vpn'';
 
@@ -69,20 +65,23 @@ in {
       dnsServers = mkOption {
         type = with types; nullOr (listOf str);
         default = null;
-        description = lib.mdDoc ''
+        description = ''
           Extra DNS servers for the VPN. If your wg config has a DNS field,
           then this should not be necessary.
         '';
         example = ["1.1.1.2"];
       };
 
       vpnTestService = {
-        enable = mkEnableOption "Enable the vpn test service.";
+        enable = mkEnableOption ''
+          Enable the vpn test service. Useful for testing DNS leaks or VPN
+          port forwarding.
+        '';
 
         port = mkOption {
           type = types.port;
           default = 12300;
-          description = lib.mdDoc ''
+          description = ''
             The port that the vpn test service listens to.
           '';
           example = 58403;
@@ -93,9 +92,9 @@ in {
         type = with types; listOf port;
         default = [];
         description = lib.mdDoc ''
-          What TCP ports to allow incoming traffic from. You might need this
-          if you're port forwarding on your VPN provider and you're setting
-          up services that is not covered in by this module.
+          What TCP ports to allow traffic from. You might need this if you're
+          port forwarding on your VPN provider and you're setting up services
+          not covered in by this module that uses the VPN.
         '';
         example = [46382 38473];
       };
@@ -104,9 +103,9 @@ in {
         type = with types; listOf port;
         default = [];
         description = lib.mdDoc ''
-          What UDP ports to allow incoming traffic from. You might need this
-          if you're port forwarding on your VPN provider and you're setting
-          up services that is not covered in by this module.
+          What UDP ports to allow traffic from. You might need this if you're
+          port forwarding on your VPN provider and you're setting up services
+          not covered in by this module that uses the VPN.
         '';
         example = [46382 38473];
       };
@@ -169,7 +168,7 @@ in {
 
     systemd.tmpfiles.rules = [
       # State dirs
-      "d '${cfg.stateDir}'                        0755 root         root  - -"
+      "d '${cfg.stateDir}'                       0755 root         root  - -"
       "d '${cfg.stateDir}/nixarr'                0755 root         root  - -"
       "d '${cfg.stateDir}/nixarr/jellyfin'       0700 jellyfin     root  - -"
       "d '${cfg.stateDir}/nixarr/transmission'   0700 transmission root  - -"
@@ -196,9 +195,7 @@ in {
       "d '${cfg.mediaDir}/torrents/readarr'       0755 transmission media - -"
     ];
 
-    kirk.upnp.enable = cfg.upnp.enable;
-
-    kirk.vpnnamespace = {
+    util.vpnnamespace = {
       enable = true;
       accessibleFrom = [
         "192.168.1.0/24"

diff --git a/nixarr/jellyfin/default.nix b/nixarr/jellyfin/default.nix
@@ -10,57 +10,68 @@ with lib; let
   dnsServers = config.lib.vpn.dnsServers;
 in {
   options.nixarr.jellyfin = {
-    enable = mkOption {
-      type = types.bool;
-      default = false;
-      description = lib.mdDoc "enable jellyfin";
-    };
+    enable = mkEnableOption "Enable the Jellyfin service.";
 
     stateDir = mkOption {
       type = types.path;
       default = "${nixarr.stateDir}/nixarr/jellyfin";
-      description = lib.mdDoc "The state directory for jellyfin";
+      description = "The state directory for Jellyfin.";
     };
 
-    useVpn = mkOption {
-      type = types.bool;
-      default = false;
-      description = lib.mdDoc "Use VPN with prowlarr";
-    };
+    vpn.enable = mkEnableOption ''
+      Route Jellyfin traffic through the VPN. Requires that `nixarr.vpn`
+      is configured
+    '';
 
-    nginx = {
-      enable = mkEnableOption "Enable nginx for jellyfin";
+    expose = {
+      enable = mkEnableOption ''
+        Enable nginx for Jellyfin, exposing the web service to the internet.
+      '';
+
+      upnp = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Use UPNP to try to open ports 80 and 443 on your router.";
+      };
 
       domainName = mkOption {
         type = types.nullOr types.str;
         default = null;
-        description = "REQUIRED! The domain name to host jellyfin on.";
+        description = "REQUIRED! The domain name to host Jellyfin on.";
       };
 
       acmeMail = mkOption {
         type = types.nullOr types.str;
         default = null;
-        description = "REQUIRED! The ACME mail.";
+        description = "REQUIRED! The ACME mail required for the letsencrypt bot.";
       };
     };
   };
 
   config =
-    #assert (!(cfg.useVpn && cfg.nginx.enable)) || abort "useVpn not compatible with nginx.enable.";
+    # TODO: this doesn't work. I don't know why :(
+    #assert (!(cfg.vpn.enable && cfg.nginx.enable)) || abort "vpn.enable not compatible with nginx.enable.";
     #assert (cfg.nginx.enable -> (cfg.nginx.domainName != null && cfg.nginx.acmeMail != null)) || abort "Both nginx.domain and nginx.acmeMail needs to be set if nginx.enable is set.";
     mkIf cfg.enable
     {
-      services.jellyfin.enable = cfg.enable;
+      services.jellyfin = {
+        enable    = cfg.enable;
+        logDir    = "${cfg.stateDir}/log";
+        cacheDir  = "${cfg.stateDir}/cache";
+        dataDir   = "${cfg.stateDir}/data";
+        configDir = "${cfg.stateDir}/config";
+      };
 
-      networking.firewall.allowedTCPPorts =
-        if cfg.nginx.enable
-        then [
-          80 # http
-          443 # https
-        ]
-        else [];
+      networking.firewall = mkIf cfg.nginx.enable {
+        allowedTCPPorts = [ 80 443 ];
+      };
 
-      services.nginx = mkIf (cfg.nginx.enable || cfg.useVpn) {
+      util.upnp = mkIf cfg.nginx.upnp.enable {
+        enable = true;
+        openTcpPorts = [ 80 443 ];
+      };
+
+      services.nginx = mkIf (cfg.nginx.enable || cfg.vpn.enable) {
         enable = true;
 
         recommendedTlsSettings = true;
@@ -77,7 +88,7 @@ in {
           };
         };
 
-        virtualHosts."127.0.0.1:${builtins.toString defaultPort}" = mkIf cfg.useVpn {
+        virtualHosts."127.0.0.1:${builtins.toString defaultPort}" = mkIf cfg.vpn.enable {
           listen = [
             {
               addr = "0.0.0.0";
@@ -99,14 +110,14 @@ in {
 
       util.vpnnamespace.portMappings = [
         (
-          mkIf cfg.useVpn {
+          mkIf cfg.vpn.enable {
             From = defaultPort;
             To = defaultPort;
           }
         )
       ];
 
-      containers.jellyfin = mkIf cfg.useVpn {
+      containers.jellyfin = mkIf cfg.vpn.enable {
         autoStart = true;
         ephemeral = true;
         extraFlags = ["--network-namespace-path=/var/run/netns/wg"];
@@ -132,8 +143,10 @@ in {
 
           services.jellyfin = {
             enable = true;
-            group = "jellyfin";
-            dataDir = "${cfg.stateDir}";
+            logDir = "${cfg.stateDir}/log";
+            cacheDir = "${cfg.stateDir}/cache";
+            dataDir = "${cfg.stateDir}/data";
+            configDir = "${cfg.stateDir}/config";
           };
 
           system.stateVersion = "23.11";

diff --git a/nixarr/lidarr/default.nix b/nixarr/lidarr/default.nix
@@ -9,23 +9,18 @@ with lib; let
   nixarr = config.nixarr;
 in {
   options.nixarr.lidarr = {
-    enable = mkOption {
-      type = types.bool;
-      default = false;
-      description = lib.mdDoc "Enable lidarr";
-    };
+    enable = mkEnableOption "Enable the Lidarr service.";
 
     stateDir = mkOption {
       type = types.path;
       default = "${nixarr.stateDir}/nixarr/lidarr";
-      description = lib.mdDoc "The state directory for lidarr";
+      description = "The state directory for Lidarr";
     };
 
-    useVpn = mkOption {
-      type = types.bool;
-      default = false;
-      description = lib.mdDoc "Use VPN with prowlarr";
-    };
+    vpn.enable = mkEnableOption ''
+      Route Lidarr traffic through the VPN. Requires that `nixarr.vpn`
+      is configured
+    '';
   };
 
   config = mkIf cfg.enable {
@@ -38,14 +33,14 @@ in {
 
     util.vpnnamespace.portMappings = [
       (
-        mkIf cfg.useVpn {
+        mkIf cfg.vpn.enable {
           From = defaultPort;
           To = defaultPort;
         }
       )
     ];
 
-    containers.lidarr = mkIf cfg.useVpn {
+    containers.lidarr = mkIf cfg.vpn.enable {
       autoStart = true;
       ephemeral = true;
       extraFlags = ["--network-namespace-path=/var/run/netns/wg"];
@@ -81,7 +76,7 @@ in {
       };
     };
 
-    services.nginx = mkIf cfg.useVpn {
+    services.nginx = mkIf cfg.vpn.enable {
       enable = true;
 
       recommendedTlsSettings = true;

diff --git a/nixarr/prowlarr/default.nix b/nixarr/prowlarr/default.nix
@@ -12,53 +12,40 @@ with lib; let
   cfg = config.nixarr.prowlarr;
 in {
   options.nixarr.prowlarr = {
-    enable = mkOption {
-      type = types.bool;
-      default = false;
-      description = lib.mdDoc "Enable prowlarr";
-    };
+    enable = mkEnableOption "Enable the Prowlarr service.";
 
     stateDir = mkOption {
       type = types.path;
       default = "${nixarr.stateDir}/nixarr/prowlarr";
-      description = lib.mdDoc ''
-        The state directory for prowlarr. Currently doesn't work, except with VPN.
-      '';
+      description = "The state directory for Prowlarr.";
     };
 
-    useVpn = mkOption {
-      type = types.bool;
-      default = false;
-      description = lib.mdDoc "Use VPN with prowlarr";
-    };
+    vpn.enable = mkEnableOption ''
+      Route Prowlarr traffic through the VPN. Requires that `nixarr.vpn`
+      is configured.
+    '';
   };
 
   config = mkIf cfg.enable {
-    services.prowlarr = mkIf (!cfg.useVpn) {
+    util.services.prowlarr = mkIf (!cfg.vpn.enable) {
       enable = true;
-      openFirewall = true;
+      dataDir = cfg.statedir;
     };
 
     util.vpnnamespace.portMappings = [
       (
-        mkIf cfg.useVpn {
+        mkIf cfg.vpn.enable {
           From = defaultPort;
           To = defaultPort;
         }
       )
     ];
 
-    containers.prowlarr = mkIf cfg.useVpn {
+    containers.prowlarr = mkIf cfg.vpn.enable {
       autoStart = true;
       ephemeral = true;
       extraFlags = ["--network-namespace-path=/var/run/netns/wg"];
-
-      bindMounts = {
-        "/var/lib/prowlarr" = {
-          hostPath = cfg.stateDir;
-          isReadOnly = false;
-        };
-      };
+      bindMounts."${cfg.statedir}".isReadOnly = false;
 
       config = {
         users.groups.prowlarr = {};
@@ -74,16 +61,16 @@ in {
         services.resolved.enable = true;
         networking.nameservers = dnsServers;
 
-        services.prowlarr = {
+        util.services.prowlarr = {
           enable = true;
-          openFirewall = true;
+          dataDir = cfg.stateDir;
         };
 
         system.stateVersion = "23.11";
       };
     };
 
-    services.nginx = mkIf cfg.useVpn {
+    services.nginx = mkIf cfg.vpn.enable {
       enable = true;
 
       recommendedTlsSettings = true;