diff --git a/CHANGELOG.md b/CHANGELOG.md index 2590634..d3dc21f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,11 +1,19 @@ # Changelog +## 2024-09-19 + +Added: +- Options to control the package of each service +- sub-merge package to systemPkgs + +Updated: +- All submodules (notably VPNConfinement) + ## 2024-06-11 Updated: - VPNConfinement submodule - ## 2024-03-12 Added: diff --git a/flake.lock b/flake.lock index 5ac15ac..9388169 100644 --- a/flake.lock +++ b/flake.lock @@ -2,17 +2,16 @@ "nodes": { "devshell": { "inputs": { - "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1717408969, - "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=", + "lastModified": 1722113426, + "narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=", "owner": "numtide", "repo": "devshell", - "rev": "1ebbe68d57457c8cae98145410b164b5477761f4", + "rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae", "type": "github" }, "original": { @@ -28,11 +27,11 @@ ] }, "locked": { - "lastModified": 1717285511, - "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", + "lastModified": 1726153070, + "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", + "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", "type": "github" }, "original": { @@ -64,11 +63,11 @@ }, "flake-root": { "locked": { - "lastModified": 1713493429, - "narHash": "sha256-ztz8JQkI08tjKnsTpfLqzWoKFQF4JGu2LRz8bkdnYUk=", + "lastModified": 1723604017, + "narHash": "sha256-rBtQ8gg+Dn4Sx/s+pvjdq3CB2wQNzx9XGFq/JVGCB6k=", "owner": "srid", "repo": "flake-root", - "rev": "bc748b93b86ee76e2032eecda33440ceb2532fcd", + "rev": "b759a56851e10cb13f6b8e5698af7b59c44be26e", "type": "github" }, "original": { @@ -77,31 +76,13 @@ "type": "github" } }, - "flake-utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "nixpkgs": { "locked": { - "lastModified": 1717893485, - "narHash": "sha256-WMU6ZRZrBgEUDIF0siu2aIyVAXcxfElSwzZtS/mSpN4=", + "lastModified": 1726583932, + "narHash": "sha256-zACxiQx8knB3F8+Ze+1BpiYrI+CbhxyWpcSID9kVhkQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3bcedce9f4de37570242faf16e1e143583407eab", + "rev": "658e7223191d2598641d50ee4e898126768fe847", "type": "github" }, "original": { @@ -117,22 +98,50 @@ "flake-parts": "flake-parts", "flake-root": "flake-root", "nixpkgs": "nixpkgs", + "sub-merge": "sub-merge", "treefmt-nix": "treefmt-nix", "vpnconfinement": "vpnconfinement" } }, - "systems": { + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "sub-merge", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1726626348, + "narHash": "sha256-sYV7e1B1yLcxo8/h+/hTwzZYmaju2oObNiy5iRI0C30=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "6fd52ad8bd88f39efb2c999cc971921c2fb9f3a2", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "sub-merge": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "lastModified": 1726777757, + "narHash": "sha256-erzx+U/itU8MmIj1lhYoKHElCWaHJetsUihTlfW2OrQ=", + "owner": "rasmus-kirk", + "repo": "sub-merge", + "rev": "01e8d59a07a6841a2ac17f5cf73f077e47bf2ec4", "type": "github" }, "original": { - "owner": "nix-systems", - "repo": "default", + "owner": "rasmus-kirk", + "repo": "sub-merge", "type": "github" } }, @@ -143,11 +152,11 @@ ] }, "locked": { - "lastModified": 1717850719, - "narHash": "sha256-npYqVg+Wk4oxnWrnVG7416fpfrlRhp/lQ6wQ4DHI8YE=", + "lastModified": 1726734507, + "narHash": "sha256-VUH5O5AcOSxb0uL/m34dDkxFKP6WLQ6y4I1B4+N3L2w=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "4fc1c45a5f50169f9f29f6a98a438fb910b834ed", + "rev": "ee41a466c2255a3abe6bc50fc6be927cdee57a9f", "type": "github" }, "original": { @@ -164,11 +173,11 @@ ] }, "locked": { - "lastModified": 1718094603, - "narHash": "sha256-1XhMelD62FU3Us3BGzH1VQTIqN2eeMmkM69NNowD5/8=", + "lastModified": 1725824375, + "narHash": "sha256-c0nVYn1Jcjqt7XLXRM7jBmkvwMu+qcUVO7AL8+ZwiaQ=", "owner": "Maroka-chan", "repo": "VPN-Confinement", - "rev": "9ff61662f1a167b53897bd120811dd7ec22a1b88", + "rev": "0fc1023446e906094fef69ccd6991d8659b34d42", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index c689280..dff46b5 100644 --- a/flake.nix +++ b/flake.nix @@ -28,12 +28,12 @@ treefmt-nix.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = inputs @ { + outputs = { flake-parts, vpnconfinement, sub-merge, ... - }: + } @ inputs: flake-parts.lib.mkFlake { inherit inputs; } { @@ -48,9 +48,9 @@ flake = { nixosModules = rec { - nixarr = import ./nixarr vpnconfinement; + nixarr = import ./nixarr sub-merge vpnconfinement; imports = [ vpnconfinement.nixosModules.default ]; - specialArgs = { inherit inputs; }; + #specialArgs = { inherit sub-merge; }; default = nixarr; }; }; diff --git a/nixarr/bazarr/bazarr-module/default.nix b/nixarr/bazarr/bazarr-module/default.nix index adb72aa..27441ef 100644 --- a/nixarr/bazarr/bazarr-module/default.nix +++ b/nixarr/bazarr/bazarr-module/default.nix @@ -11,6 +11,8 @@ in { util-nixarr.services.bazarr = { enable = mkEnableOption "bazarr, a subtitle manager for Sonarr and Radarr"; + package = mkPackageOption pkgs "bazarr" { }; + openFirewall = mkOption { type = types.bool; default = false; diff --git a/nixarr/bazarr/default.nix b/nixarr/bazarr/default.nix index b364b0f..a84961d 100644 --- a/nixarr/bazarr/default.nix +++ b/nixarr/bazarr/default.nix @@ -1,6 +1,7 @@ { config, lib, + pkgs, ... }: with lib; let @@ -23,6 +24,8 @@ in { ''; }; + package = mkPackageOption pkgs "bazarr" { }; + stateDir = mkOption { type = types.path; default = "${nixarr.stateDir}/bazarr"; @@ -82,6 +85,7 @@ in { util-nixarr.services.bazarr = { enable = cfg.enable; + package = cfg.package; user = "bazarr"; group = "media"; openFirewall = cfg.openFirewall; @@ -89,14 +93,14 @@ in { }; # Enable and specify VPN namespace to confine service in. - systemd.services.bazarr.vpnconfinement = mkIf cfg.vpn.enable { + systemd.services.bazarr.vpnConfinement = mkIf cfg.vpn.enable { enable = true; - vpnnamespace = "wg"; + vpnNamespace = "wg"; }; # Port mappings # TODO: openports - vpnnamespaces.wg = mkIf cfg.vpn.enable { + vpnNamespaces.wg = mkIf cfg.vpn.enable { portMappings = [ { from = config.bazarr.listenPort; diff --git a/nixarr/ddns/default.nix b/nixarr/ddns/default.nix index 0835a05..4824511 100644 --- a/nixarr/ddns/default.nix +++ b/nixarr/ddns/default.nix @@ -196,9 +196,9 @@ in { ddnsNjallaVpn = { description = "Sets the Njalla DDNS records over VPN"; - vpnconfinement = { + vpnConfinement = { enable = true; - vpnnamespace = "wg"; + vpnNamespace = "wg"; }; serviceConfig = { diff --git a/nixarr/default.nix b/nixarr/default.nix index 82bddf5..1fe4919 100644 --- a/nixarr/default.nix +++ b/nixarr/default.nix @@ -1,6 +1,8 @@ -vpnconfinement: {...}: { +sub-merge: vpnconfinement: { pkgs, ... }: { imports = [ vpnconfinement.nixosModules.default ./nixarr.nix ]; + + config.environment.systemPackages = [ sub-merge.packages."${pkgs.system}".default ]; } diff --git a/nixarr/jellyfin/default.nix b/nixarr/jellyfin/default.nix index de19ef1..0ad04bd 100644 --- a/nixarr/jellyfin/default.nix +++ b/nixarr/jellyfin/default.nix @@ -1,6 +1,7 @@ { config, lib, + pkgs, ... }: let cfg = config.nixarr.jellyfin; @@ -20,6 +21,8 @@ in ''; }; + package = mkPackageOption pkgs "jellyfin" { }; + stateDir = mkOption { type = types.path; default = "${nixarr.stateDir}/jellyfin"; @@ -224,6 +227,7 @@ in services.jellyfin = { enable = cfg.enable; + package = cfg.package; user = "streamer"; group = "media"; openFirewall = cfg.openFirewall; @@ -295,14 +299,14 @@ in }; # Enable and specify VPN namespace to confine service in. - systemd.services.jellyfin.vpnconfinement = mkIf cfg.vpn.enable { + systemd.services.jellyfin.vpnConfinement = mkIf cfg.vpn.enable { enable = true; - vpnnamespace = "wg"; + vpnNamespace = "wg"; }; # Port mappings # TODO: openports if expose.vpn - vpnnamespaces.wg = mkIf cfg.vpn.enable { + vpnNamespaces.wg = mkIf cfg.vpn.enable { portMappings = [ { from = defaultPort; diff --git a/nixarr/lidarr/default.nix b/nixarr/lidarr/default.nix index e987b5c..17146e2 100644 --- a/nixarr/lidarr/default.nix +++ b/nixarr/lidarr/default.nix @@ -1,6 +1,7 @@ { config, lib, + pkgs, ... }: with lib; let @@ -9,16 +10,18 @@ with lib; let defaultPort = 8686; in { options.nixarr.lidarr = { - enable = mkOption { - type = types.bool; - default = false; - example = true; - description = '' - Whether or not to enable the Lidarr service. + enable = mkOption { + type = types.bool; + default = false; + example = true; + description = '' + Whether or not to enable the Lidarr service. - **Required options:** [`nixarr.enable`](#nixarr.enable) - ''; - }; + **Required options:** [`nixarr.enable`](#nixarr.enable) + ''; + }; + + package = mkPackageOption pkgs "lidarr" { }; stateDir = mkOption { type = types.path; @@ -79,6 +82,7 @@ in { services.lidarr = { enable = cfg.enable; + package = cfg.package; user = "lidarr"; group = "media"; openFirewall = cfg.openFirewall; @@ -86,14 +90,14 @@ in { }; # Enable and specify VPN namespace to confine service in. - systemd.services.lidarr.vpnconfinement = mkIf cfg.vpn.enable { + systemd.services.lidarr.vpnConfinement = mkIf cfg.vpn.enable { enable = true; - vpnnamespace = "wg"; + vpnNamespace = "wg"; }; # Port mappings # TODO: openports - vpnnamespaces.wg = mkIf cfg.vpn.enable { + vpnNamespaces.wg = mkIf cfg.vpn.enable { portMappings = [ { from = defaultPort; diff --git a/nixarr/nixarr.nix b/nixarr/nixarr.nix index 36419eb..0769cc4 100644 --- a/nixarr/nixarr.nix +++ b/nixarr/nixarr.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - inputs, ... }: with lib; let @@ -241,13 +240,12 @@ in { ]; environment.systemPackages = with pkgs; [ - inputs.sub-merge.packages."${system}".default jdupes list-unlinked fix-permissions ]; - vpnnamespaces.wg = mkIf cfg.vpn.enable { + vpnNamespaces.wg = mkIf cfg.vpn.enable { enable = true; openVPNPorts = optional (cfg.vpn.vpnTestService.port != null) { port = cfg.vpn.vpnTestService.port; @@ -264,9 +262,9 @@ in { systemd.services.vpn-test-service = mkIf cfg.vpn.vpnTestService.enable { enable = true; - vpnconfinement = { + vpnConfinement = { enable = true; - vpnnamespace = "wg"; + vpnNamespace = "wg"; }; script = let diff --git a/nixarr/openssh/default.nix b/nixarr/openssh/default.nix index 80e0e24..669ffd9 100644 --- a/nixarr/openssh/default.nix +++ b/nixarr/openssh/default.nix @@ -89,13 +89,13 @@ in { else []; # Enable and specify VPN namespace to confine service in. - systemd.services.openssh.vpnconfinement = { + systemd.services.openssh.vpnConfinement = { enable = true; - vpnnamespace = "wg"; + vpnNamespace = "wg"; }; # Port mappings - vpnnamespaces.wg = { + vpnNamespaces.wg = { portMappings = [ { From = defaultPort; diff --git a/nixarr/prowlarr/default.nix b/nixarr/prowlarr/default.nix index 8243082..6a5c575 100644 --- a/nixarr/prowlarr/default.nix +++ b/nixarr/prowlarr/default.nix @@ -1,7 +1,7 @@ -# TODO: Dir creation and file permissions in nix { config, lib, + pkgs, ... }: with lib; let @@ -25,6 +25,8 @@ in { ''; }; + package = mkPackageOption pkgs "prowlarr" { }; + stateDir = mkOption { type = types.path; default = "${nixarr.stateDir}/prowlarr"; @@ -84,18 +86,19 @@ in { util-nixarr.services.prowlarr = { enable = true; + package = cfg.package; openFirewall = cfg.openFirewall; dataDir = cfg.stateDir; }; # Enable and specify VPN namespace to confine service in. - systemd.services.prowlarr.vpnconfinement = mkIf cfg.vpn.enable { + systemd.services.prowlarr.vpnConfinement = mkIf cfg.vpn.enable { enable = true; - vpnnamespace = "wg"; + vpnNamespace = "wg"; }; # Port mappings - vpnnamespaces.wg = mkIf cfg.vpn.enable { + vpnNamespaces.wg = mkIf cfg.vpn.enable { portMappings = [ { from = defaultPort; diff --git a/nixarr/radarr/default.nix b/nixarr/radarr/default.nix index ddc41aa..6d79a54 100644 --- a/nixarr/radarr/default.nix +++ b/nixarr/radarr/default.nix @@ -1,7 +1,7 @@ -# TODO: Dir creation and file permissions in nix { config, lib, + pkgs, ... }: with lib; let @@ -21,6 +21,8 @@ in { ''; }; + package = mkPackageOption pkgs "radarr" { }; + stateDir = mkOption { type = types.path; default = "${nixarr.stateDir}/radarr"; @@ -80,6 +82,7 @@ in { services.radarr = { enable = cfg.enable; + package = cfg.package; user = "radarr"; group = "media"; openFirewall = cfg.openFirewall; @@ -87,13 +90,13 @@ in { }; # Enable and specify VPN namespace to confine service in. - systemd.services.radarr.vpnconfinement = mkIf cfg.vpn.enable { + systemd.services.radarr.vpnConfinement = mkIf cfg.vpn.enable { enable = true; - vpnnamespace = "wg"; + vpnNamespace = "wg"; }; # Port mappings - vpnnamespaces.wg = mkIf cfg.vpn.enable { + vpnNamespaces.wg = mkIf cfg.vpn.enable { portMappings = [ { from = defaultPort; diff --git a/nixarr/readarr/default.nix b/nixarr/readarr/default.nix index b407bbd..c56b263 100644 --- a/nixarr/readarr/default.nix +++ b/nixarr/readarr/default.nix @@ -1,6 +1,7 @@ { config, lib, + pkgs, ... }: with lib; let @@ -20,6 +21,8 @@ in { ''; }; + package = mkPackageOption pkgs "readarr" { }; + stateDir = mkOption { type = types.path; default = "${nixarr.stateDir}/readarr"; @@ -79,6 +82,7 @@ in { services.readarr = { enable = cfg.enable; + package = cfg.package; user = "readarr"; group = "media"; openFirewall = cfg.openFirewall; @@ -86,13 +90,13 @@ in { }; # Enable and specify VPN namespace to confine service in. - systemd.services.readarr.vpnconfinement = mkIf cfg.vpn.enable { + systemd.services.readarr.vpnConfinement = mkIf cfg.vpn.enable { enable = true; - vpnnamespace = "wg"; + vpnNamespace = "wg"; }; # Port mappings - vpnnamespaces.wg = mkIf cfg.vpn.enable { + vpnNamespaces.wg = mkIf cfg.vpn.enable { portMappings = [ { from = defaultPort; diff --git a/nixarr/sabnzbd/default.nix b/nixarr/sabnzbd/default.nix index 09413a5..2727a1b 100644 --- a/nixarr/sabnzbd/default.nix +++ b/nixarr/sabnzbd/default.nix @@ -30,6 +30,8 @@ in { ''; }; + package = mkPackageOption pkgs "sabnzbd" { }; + guiPort = mkOption { type = types.port; default = 8080; @@ -195,6 +197,7 @@ in { services.sabnzbd = { enable = true; + package = cfg.package; user = "usenet"; group = "media"; configFile = "${cfg.stateDir}/sabnzbd.ini"; @@ -212,13 +215,13 @@ in { }; # Enable and specify VPN namespace to confine service in. - systemd.services.sabnzbd.vpnconfinement = mkIf cfg.vpn.enable { + systemd.services.sabnzbd.vpnConfinement = mkIf cfg.vpn.enable { enable = true; - vpnnamespace = "wg"; + vpnNamespace = "wg"; }; # Port mappings - vpnnamespaces.wg = mkIf cfg.vpn.enable { + vpnNamespaces.wg = mkIf cfg.vpn.enable { portMappings = [ { from = cfg.guiPort; diff --git a/nixarr/sonarr/default.nix b/nixarr/sonarr/default.nix index cc8bd2f..c18233c 100644 --- a/nixarr/sonarr/default.nix +++ b/nixarr/sonarr/default.nix @@ -1,7 +1,7 @@ -# TODO: Dir creation and file permissions in nix { config, lib, + pkgs, ... }: with lib; let @@ -21,6 +21,8 @@ in { ''; }; + package = mkPackageOption pkgs "sonarr" { }; + stateDir = mkOption { type = types.path; default = "${nixarr.stateDir}/sonarr"; @@ -80,6 +82,7 @@ in { services.sonarr = { enable = cfg.enable; + package = cfg.package; user = "sonarr"; group = "media"; openFirewall = cfg.openFirewall; @@ -87,13 +90,13 @@ in { }; # Enable and specify VPN namespace to confine service in. - systemd.services.sonarr.vpnconfinement = mkIf cfg.vpn.enable { + systemd.services.sonarr.vpnConfinement = mkIf cfg.vpn.enable { enable = true; - vpnnamespace = "wg"; + vpnNamespace = "wg"; }; # Port mappings - vpnnamespaces.wg = mkIf cfg.vpn.enable { + vpnNamespaces.wg = mkIf cfg.vpn.enable { portMappings = [ { from = defaultPort; diff --git a/nixarr/transmission/cross-seed/default.nix b/nixarr/transmission/cross-seed/default.nix index 1ef39f6..24a12a1 100644 --- a/nixarr/transmission/cross-seed/default.nix +++ b/nixarr/transmission/cross-seed/default.nix @@ -22,20 +22,6 @@ with lib; let // Parse the JSON content into a JavaScript object let config = JSON.parse(configFileContent); - // Function to recursively replace null values with undefined - /* - function replaceNullWithUndefined(obj) { - Object.keys(obj).forEach(key => { - if (obj[key] === null) { - obj[key] = undefined; - } else if (typeof obj[key] === 'object') { - replaceNullWithUndefined(obj[key]); - } - }); - } - replaceNullWithUndefined(config); - */ - // Export the configuration object module.exports = config; ''; @@ -52,19 +38,19 @@ in { delay = 10; } ''; - description = "cross-seed config"; # TODO: todo + description = "Settings for cross-seed"; }; dataDir = mkOption { type = types.path; default = "/var/lib/cross-seed"; - description = "cross-seed dataDir"; # TODO: todo + description = "The cross-seed dataDir"; }; credentialsFile = mkOption { type = types.path; default = "/run/secrets/cross-seed/credentialsFile.json"; - description = "cross-seed dataDir"; # TODO: todo + description = "Secret options to be merged into the cross-seed config"; }; user = mkOption { diff --git a/nixarr/transmission/default.nix b/nixarr/transmission/default.nix index eeabdc4..c09d9ba 100644 --- a/nixarr/transmission/default.nix +++ b/nixarr/transmission/default.nix @@ -431,13 +431,13 @@ in { }; # Enable and specify VPN namespace to confine service in. - systemd.services.transmission.vpnconfinement = mkIf cfg.vpn.enable { + systemd.services.transmission.vpnConfinement = mkIf cfg.vpn.enable { enable = true; - vpnnamespace = "wg"; + vpnNamespace = "wg"; }; # Port mappings - vpnnamespaces.wg = mkIf cfg.vpn.enable { + vpnNamespaces.wg = mkIf cfg.vpn.enable { portMappings = [ { from = cfg.uiPort;