Merge branch 'dev'

rasmus-kirk · Jun 24, 2024 · e62ea54 · e62ea54
2 parents fd8d424 + 8b1e2a8
commit e62ea54
Show file tree

Hide file tree

Showing 13 changed files with 216 additions and 39 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## 2024-06-11
+
+Updated:
+- VPNConfinement submodule
+
+
 ## 2024-03-12
 
 Added:

diff --git a/flake.lock b/flake.lock
diff --git a/nixarr/bazarr/default.nix b/nixarr/bazarr/default.nix
@@ -12,7 +12,16 @@ in {
   ];
 
   options.nixarr.bazarr = {
-    enable = mkEnableOption "the bazarr service.";
+    enable = mkOption {
+      type = types.bool;
+      default = false;
+      example = true;
+      description = ''
+        Whether or not to enable the Bazarr service.
+
+        **Required options:** [`nixarr.enable`](#nixarr.enable)
+      '';
+    };
 
     stateDir = mkOption {
       type = types.path;
@@ -62,6 +71,13 @@ in {
           nixarr.vpn.enable option to be set, but it was not.
         '';
       }
+      {
+        assertion = cfg.enable -> nixarr.enable;
+        message = ''
+          The nixarr.bazarr.enable option requires the nixarr.enable option
+          to be set, but it was not.
+        '';
+      }
     ];
 
     util-nixarr.services.bazarr = {

diff --git a/nixarr/ddns/default.nix b/nixarr/ddns/default.nix
@@ -6,6 +6,7 @@
 }:
 with lib; let
   cfg = config.nixarr.ddns;
+  nixarr = config.nixarr;
   ddns-njalla = pkgs.writeShellApplication {
     name = "ddns-njalla";
 
@@ -44,6 +45,7 @@ in {
           description = ''
             **Required options:**
 
+            - [`nixarr.enable`](#nixarr.enable)
             - [`nixarr.ddns.njalla.keysFile`](#nixarr.ddns.njalla.keysfile)
             - [`nixarr.vpn.enable`](#nixarr.vpn.enable)
 
@@ -73,6 +75,7 @@ in {
         description = ''
           **Required options:**
 
+          - [`nixarr.enable`](#nixarr.enable)
           - [`nixarr.ddns.njalla.keysFile`](#nixarr.ddns.njalla.keysfile)
 
           Whether or not to enable DDNS for a [Njalla](https://njal.la/)
@@ -118,16 +121,31 @@ in {
         '';
       }
       {
-        assertion =
-          cfg.njalla.vpn.enable
-          -> (
-            cfg.njalla.vpn.keysFile
-            != null
-            && config.nixarr.vpn.enable
-          );
+        assertion = cfg.njalla.enable -> nixarr.enable;
         message = ''
-          The nixarr.ddns.njalla.enable option requires the
-          nixarr.vpn.enable option to be set, but it was not.
+          The nixarr.ddns.njalla.enable option requires the nixarr.enable
+          option to be set, but it was not.
+        '';
+      }
+      {
+        assertion = cfg.njalla.vpn.enable -> nixarr.enable;
+        message = ''
+          The nixarr.ddns.njalla.vpn.enable option requires the nixarr.enable
+          option to be set, but it was not.
+        '';
+      }
+      {
+        assertion = cfg.njalla.vpn.enable -> cfg.njalla.vpn.keysFile != null;
+        message = ''
+          The nixarr.ddns.njalla.enable option requires the nixarr.vpn.keysFile
+          option to be set (not null), but it was not.
+        '';
+      }
+      {
+        assertion = cfg.njalla.vpn.enable -> config.nixarr.vpn.enable;
+        message = ''
+          The nixarr.ddns.njalla.enable option requires the nixarr.vpn.enable
+          option to be set, but it was not.
         '';
       }
     ];

diff --git a/nixarr/jellyfin/default.nix b/nixarr/jellyfin/default.nix
@@ -9,7 +9,16 @@
 in
   with lib; {
     options.nixarr.jellyfin = {
-      enable = mkEnableOption "the Jellyfin service.";
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        example = true;
+        description = ''
+          Whether or not to enable the Jellyfin service.
+
+          **Required options:** [`nixarr.enable`](#nixarr.enable)
+        '';
+      };
 
       stateDir = mkOption {
         type = types.path;
@@ -143,6 +152,13 @@ in
               nixarr.vpn.enable option to be set, but it was not.
             '';
           }
+          {
+            assertion = cfg.enable -> nixarr.enable;
+            message = ''
+              The nixarr.jellyfin.enable option requires the nixarr.enable
+              option to be set, but it was not.
+            '';
+          }
           {
             assertion = !(cfg.vpn.enable && cfg.expose.https.enable);
             message = ''

diff --git a/nixarr/lidarr/default.nix b/nixarr/lidarr/default.nix
@@ -9,7 +9,16 @@ with lib; let
   defaultPort = 8686;
 in {
   options.nixarr.lidarr = {
-    enable = mkEnableOption "the Lidarr service.";
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        example = true;
+        description = ''
+          Whether or not to enable the Lidarr service.
+
+          **Required options:** [`nixarr.enable`](#nixarr.enable)
+        '';
+      };
 
     stateDir = mkOption {
       type = types.path;
@@ -52,6 +61,13 @@ in {
 
   config = mkIf cfg.enable {
     assertions = [
+      {
+        assertion = cfg.enable -> nixarr.enable;
+        message = ''
+          The nixarr.lidarr.enable option requires the nixarr.enable option
+          to be set, but it was not.
+        '';
+      }
       {
         assertion = cfg.vpn.enable -> nixarr.vpn.enable;
         message = ''

diff --git a/nixarr/nixarr.nix b/nixarr/nixarr.nix
@@ -267,7 +267,6 @@ in {
       fix-permissions
     ];
 
-    # TODO: wtf to do about openports
     vpnnamespaces.wg = mkIf cfg.vpn.enable {
       enable = true;
       openVPNPorts = optional cfg.vpn.vpnTestService.enable {
@@ -301,6 +300,9 @@ in {
             ''
               cd "$(mktemp -d)"
 
+              # DNS information
+              dig google.com
+
               # Print resolv.conf
               echo "/etc/resolv.conf contains:"
               cat /etc/resolv.conf
@@ -329,10 +331,6 @@ in {
             );
         };
       in "${vpn-test}/bin/vpn-test";
-
-      bindsTo = ["[email protected]"];
-      requires = ["network-online.target"];
-      after = ["wg.service"];
     };
   };
 }
diff --git a/nixarr/openssh/default.nix b/nixarr/openssh/default.nix
@@ -12,7 +12,9 @@ in {
     default = false;
     example = true;
     description = ''
-      **Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable)
+      **Required options:**
+        - [`nixarr.vpn.enable`](#nixarr.vpn.enable)
+        - [`nixarr.enable`](#nixarr.enable)
 
       Run the openssh service through a vpn, exposing it to the internet.
 
@@ -44,6 +46,13 @@ in {
 
   config = mkIf cfg.expose.vpn.enable {
     assertions = [
+      {
+        assertion = cfg.expose.vpn.enable -> nixarr.enable;
+        message = ''
+          The nixarr.openssh.expose.vpn.enable option requires the
+          nixarr.enable option to be set, but it was not.
+        '';
+      }
       {
         assertion = cfg.expose.vpn.enable -> nixarr.vpn.enable;
         message = ''

diff --git a/nixarr/prowlarr/default.nix b/nixarr/prowlarr/default.nix
@@ -14,7 +14,16 @@ in {
   ];
 
   options.nixarr.prowlarr = {
-    enable = mkEnableOption "the Prowlarr service.";
+    enable = mkOption {
+      type = types.bool;
+      default = false;
+      example = true;
+      description = ''
+        Whether or not to enable the Prowlarr service.
+
+        **Required options:** [`nixarr.enable`](#nixarr.enable)
+      '';
+    };
 
     stateDir = mkOption {
       type = types.path;
@@ -57,6 +66,13 @@ in {
 
   config = mkIf cfg.enable {
     assertions = [
+      {
+        assertion = cfg.enable -> nixarr.enable;
+        message = ''
+          The nixarr.prowlarr.enable option requires the
+          nixarr.enable option to be set, but it was not.
+        '';
+      }
       {
         assertion = cfg.vpn.enable -> nixarr.vpn.enable;
         message = ''

diff --git a/nixarr/radarr/default.nix b/nixarr/radarr/default.nix
@@ -10,7 +10,16 @@ with lib; let
   nixarr = config.nixarr;
 in {
   options.nixarr.radarr = {
-    enable = mkEnableOption "Enable the Radarr service.";
+    enable = mkOption {
+      type = types.bool;
+      default = false;
+      example = true;
+      description = ''
+        Whether or not to enable the Radarr service.
+
+        **Required options:** [`nixarr.enable`](#nixarr.enable)
+      '';
+    };
 
     stateDir = mkOption {
       type = types.path;
@@ -53,6 +62,13 @@ in {
 
   config = mkIf cfg.enable {
     assertions = [
+      {
+        assertion = cfg.enable -> nixarr.enable;
+        message = ''
+          The nixarr.radarr.enable option requires the
+          nixarr.enable option to be set, but it was not.
+        '';
+      }
       {
         assertion = cfg.vpn.enable -> nixarr.vpn.enable;
         message = ''