From ef9d27acdfffcca68ab204ecb4660207eb26d392 Mon Sep 17 00:00:00 2001 From: rasmus-kirk Date: Tue, 11 Jun 2024 10:02:22 +0200 Subject: [PATCH 1/2] updated vpn-submodule --- CHANGELOG.md | 6 ++++++ flake.lock | 52 +++++++++++++++++++++++++++++++++-------------- nixarr/nixarr.nix | 7 +------ 3 files changed, 44 insertions(+), 21 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 001b2fd..2590634 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## 2024-06-11 + +Updated: +- VPNConfinement submodule + + ## 2024-03-12 Added: diff --git a/flake.lock b/flake.lock index 8a50391..5ac15ac 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ ] }, "locked": { - "lastModified": 1713532798, - "narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=", + "lastModified": 1717408969, + "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=", "owner": "numtide", "repo": "devshell", - "rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40", + "rev": "1ebbe68d57457c8cae98145410b164b5477761f4", "type": "github" }, "original": { @@ -28,11 +28,32 @@ ] }, "locked": { - "lastModified": 1712014858, - "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", + "lastModified": 1717285511, + "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9126214d0a59633752a136528f5f3b9aa8565b7d", + "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "vpnconfinement", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717285511, + "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", "type": "github" }, "original": { @@ -76,11 +97,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1713562564, - "narHash": "sha256-NQpYhgoy0M89g9whRixSwsHb8RFIbwlxeYiVSDwSXJg=", + "lastModified": 1717893485, + "narHash": "sha256-WMU6ZRZrBgEUDIF0siu2aIyVAXcxfElSwzZtS/mSpN4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "92d295f588631b0db2da509f381b4fb1e74173c5", + "rev": "3bcedce9f4de37570242faf16e1e143583407eab", "type": "github" }, "original": { @@ -122,11 +143,11 @@ ] }, "locked": { - "lastModified": 1711963903, - "narHash": "sha256-N3QDhoaX+paWXHbEXZapqd1r95mdshxToGowtjtYkGI=", + "lastModified": 1717850719, + "narHash": "sha256-npYqVg+Wk4oxnWrnVG7416fpfrlRhp/lQ6wQ4DHI8YE=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "49dc4a92b02b8e68798abd99184f228243b6e3ac", + "rev": "4fc1c45a5f50169f9f29f6a98a438fb910b834ed", "type": "github" }, "original": { @@ -137,16 +158,17 @@ }, "vpnconfinement": { "inputs": { + "flake-parts": "flake-parts_2", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1711570356, - "narHash": "sha256-SiOKmuE+ezmmZlIbjwtl9BPtT0M/T1X0f/mQwynZRTE=", + "lastModified": 1718094603, + "narHash": "sha256-1XhMelD62FU3Us3BGzH1VQTIqN2eeMmkM69NNowD5/8=", "owner": "Maroka-chan", "repo": "VPN-Confinement", - "rev": "7f35705087b742e22f3fb07704c04c4818fff2c7", + "rev": "9ff61662f1a167b53897bd120811dd7ec22a1b88", "type": "github" }, "original": { diff --git a/nixarr/nixarr.nix b/nixarr/nixarr.nix index a9db14d..ddbd1b0 100644 --- a/nixarr/nixarr.nix +++ b/nixarr/nixarr.nix @@ -267,7 +267,6 @@ in { fix-permissions ]; - # TODO: wtf to do about openports vpnnamespaces.wg = mkIf cfg.vpn.enable { enable = true; openVPNPorts = optional cfg.vpn.vpnTestService.enable { @@ -301,7 +300,7 @@ in { '' cd "$(mktemp -d)" - ping google.com + dig google.com # Print resolv.conf echo "/etc/resolv.conf contains:" @@ -331,10 +330,6 @@ in { ); }; in "${vpn-test}/bin/vpn-test"; - - bindsTo = ["netns@wg.service"]; - requires = ["network-online.target"]; - after = ["wg.service"]; }; }; } From 8b1e2a8c1f816e6d0e09fa48eb8ad14ed1f2721d Mon Sep 17 00:00:00 2001 From: rasmus-kirk Date: Mon, 24 Jun 2024 12:15:46 +0200 Subject: [PATCH 2/2] Added assertions --- nixarr/bazarr/default.nix | 18 ++++++++++++++++- nixarr/ddns/default.nix | 36 ++++++++++++++++++++++++--------- nixarr/jellyfin/default.nix | 18 ++++++++++++++++- nixarr/lidarr/default.nix | 18 ++++++++++++++++- nixarr/openssh/default.nix | 11 +++++++++- nixarr/prowlarr/default.nix | 18 ++++++++++++++++- nixarr/radarr/default.nix | 18 ++++++++++++++++- nixarr/readarr/default.nix | 18 ++++++++++++++++- nixarr/sonarr/default.nix | 14 ++++++++++++- nixarr/transmission/default.nix | 20 ++++++++++++++++-- 10 files changed, 170 insertions(+), 19 deletions(-) diff --git a/nixarr/bazarr/default.nix b/nixarr/bazarr/default.nix index a053ab2..d47f403 100644 --- a/nixarr/bazarr/default.nix +++ b/nixarr/bazarr/default.nix @@ -12,7 +12,16 @@ in { ]; options.nixarr.bazarr = { - enable = mkEnableOption "the bazarr service."; + enable = mkOption { + type = types.bool; + default = false; + example = true; + description = '' + Whether or not to enable the Bazarr service. + + **Required options:** [`nixarr.enable`](#nixarr.enable) + ''; + }; stateDir = mkOption { type = types.path; @@ -62,6 +71,13 @@ in { nixarr.vpn.enable option to be set, but it was not. ''; } + { + assertion = cfg.enable -> nixarr.enable; + message = '' + The nixarr.bazarr.enable option requires the nixarr.enable option + to be set, but it was not. + ''; + } ]; util-nixarr.services.bazarr = { diff --git a/nixarr/ddns/default.nix b/nixarr/ddns/default.nix index 979ca04..58fb234 100644 --- a/nixarr/ddns/default.nix +++ b/nixarr/ddns/default.nix @@ -6,6 +6,7 @@ }: with lib; let cfg = config.nixarr.ddns; + nixarr = config.nixarr; ddns-njalla = pkgs.writeShellApplication { name = "ddns-njalla"; @@ -44,6 +45,7 @@ in { description = '' **Required options:** + - [`nixarr.enable`](#nixarr.enable) - [`nixarr.ddns.njalla.keysFile`](#nixarr.ddns.njalla.keysfile) - [`nixarr.vpn.enable`](#nixarr.vpn.enable) @@ -73,6 +75,7 @@ in { description = '' **Required options:** + - [`nixarr.enable`](#nixarr.enable) - [`nixarr.ddns.njalla.keysFile`](#nixarr.ddns.njalla.keysfile) Whether or not to enable DDNS for a [Njalla](https://njal.la/) @@ -118,16 +121,31 @@ in { ''; } { - assertion = - cfg.njalla.vpn.enable - -> ( - cfg.njalla.vpn.keysFile - != null - && config.nixarr.vpn.enable - ); + assertion = cfg.njalla.enable -> nixarr.enable; message = '' - The nixarr.ddns.njalla.enable option requires the - nixarr.vpn.enable option to be set, but it was not. + The nixarr.ddns.njalla.enable option requires the nixarr.enable + option to be set, but it was not. + ''; + } + { + assertion = cfg.njalla.vpn.enable -> nixarr.enable; + message = '' + The nixarr.ddns.njalla.vpn.enable option requires the nixarr.enable + option to be set, but it was not. + ''; + } + { + assertion = cfg.njalla.vpn.enable -> cfg.njalla.vpn.keysFile != null; + message = '' + The nixarr.ddns.njalla.enable option requires the nixarr.vpn.keysFile + option to be set (not null), but it was not. + ''; + } + { + assertion = cfg.njalla.vpn.enable -> config.nixarr.vpn.enable; + message = '' + The nixarr.ddns.njalla.enable option requires the nixarr.vpn.enable + option to be set, but it was not. ''; } ]; diff --git a/nixarr/jellyfin/default.nix b/nixarr/jellyfin/default.nix index bf291a7..c80a317 100644 --- a/nixarr/jellyfin/default.nix +++ b/nixarr/jellyfin/default.nix @@ -9,7 +9,16 @@ in with lib; { options.nixarr.jellyfin = { - enable = mkEnableOption "the Jellyfin service."; + enable = mkOption { + type = types.bool; + default = false; + example = true; + description = '' + Whether or not to enable the Jellyfin service. + + **Required options:** [`nixarr.enable`](#nixarr.enable) + ''; + }; stateDir = mkOption { type = types.path; @@ -143,6 +152,13 @@ in nixarr.vpn.enable option to be set, but it was not. ''; } + { + assertion = cfg.enable -> nixarr.enable; + message = '' + The nixarr.jellyfin.enable option requires the nixarr.enable + option to be set, but it was not. + ''; + } { assertion = !(cfg.vpn.enable && cfg.expose.https.enable); message = '' diff --git a/nixarr/lidarr/default.nix b/nixarr/lidarr/default.nix index 42629f8..ebeeb93 100644 --- a/nixarr/lidarr/default.nix +++ b/nixarr/lidarr/default.nix @@ -9,7 +9,16 @@ with lib; let defaultPort = 8686; in { options.nixarr.lidarr = { - enable = mkEnableOption "the Lidarr service."; + enable = mkOption { + type = types.bool; + default = false; + example = true; + description = '' + Whether or not to enable the Lidarr service. + + **Required options:** [`nixarr.enable`](#nixarr.enable) + ''; + }; stateDir = mkOption { type = types.path; @@ -52,6 +61,13 @@ in { config = mkIf cfg.enable { assertions = [ + { + assertion = cfg.enable -> nixarr.enable; + message = '' + The nixarr.lidarr.enable option requires the nixarr.enable option + to be set, but it was not. + ''; + } { assertion = cfg.vpn.enable -> nixarr.vpn.enable; message = '' diff --git a/nixarr/openssh/default.nix b/nixarr/openssh/default.nix index 66ce8d0..8263fc2 100644 --- a/nixarr/openssh/default.nix +++ b/nixarr/openssh/default.nix @@ -12,7 +12,9 @@ in { default = false; example = true; description = '' - **Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable) + **Required options:** + - [`nixarr.vpn.enable`](#nixarr.vpn.enable) + - [`nixarr.enable`](#nixarr.enable) Run the openssh service through a vpn, exposing it to the internet. @@ -44,6 +46,13 @@ in { config = mkIf cfg.expose.vpn.enable { assertions = [ + { + assertion = cfg.expose.vpn.enable -> nixarr.enable; + message = '' + The nixarr.openssh.expose.vpn.enable option requires the + nixarr.enable option to be set, but it was not. + ''; + } { assertion = cfg.expose.vpn.enable -> nixarr.vpn.enable; message = '' diff --git a/nixarr/prowlarr/default.nix b/nixarr/prowlarr/default.nix index 88b44fe..7802ccd 100644 --- a/nixarr/prowlarr/default.nix +++ b/nixarr/prowlarr/default.nix @@ -14,7 +14,16 @@ in { ]; options.nixarr.prowlarr = { - enable = mkEnableOption "the Prowlarr service."; + enable = mkOption { + type = types.bool; + default = false; + example = true; + description = '' + Whether or not to enable the Prowlarr service. + + **Required options:** [`nixarr.enable`](#nixarr.enable) + ''; + }; stateDir = mkOption { type = types.path; @@ -57,6 +66,13 @@ in { config = mkIf cfg.enable { assertions = [ + { + assertion = cfg.enable -> nixarr.enable; + message = '' + The nixarr.prowlarr.enable option requires the + nixarr.enable option to be set, but it was not. + ''; + } { assertion = cfg.vpn.enable -> nixarr.vpn.enable; message = '' diff --git a/nixarr/radarr/default.nix b/nixarr/radarr/default.nix index b2c50f8..a3be5f5 100644 --- a/nixarr/radarr/default.nix +++ b/nixarr/radarr/default.nix @@ -10,7 +10,16 @@ with lib; let nixarr = config.nixarr; in { options.nixarr.radarr = { - enable = mkEnableOption "Enable the Radarr service."; + enable = mkOption { + type = types.bool; + default = false; + example = true; + description = '' + Whether or not to enable the Radarr service. + + **Required options:** [`nixarr.enable`](#nixarr.enable) + ''; + }; stateDir = mkOption { type = types.path; @@ -53,6 +62,13 @@ in { config = mkIf cfg.enable { assertions = [ + { + assertion = cfg.enable -> nixarr.enable; + message = '' + The nixarr.radarr.enable option requires the + nixarr.enable option to be set, but it was not. + ''; + } { assertion = cfg.vpn.enable -> nixarr.vpn.enable; message = '' diff --git a/nixarr/readarr/default.nix b/nixarr/readarr/default.nix index c42854f..61fd523 100644 --- a/nixarr/readarr/default.nix +++ b/nixarr/readarr/default.nix @@ -8,7 +8,16 @@ with lib; let nixarr = config.nixarr; in { options.nixarr.readarr = { - enable = mkEnableOption "Enable the Readarr service"; + enable = mkOption { + type = types.bool; + default = false; + example = true; + description = '' + Whether or not to enable the Readarr service. + + **Required options:** [`nixarr.enable`](#nixarr.enable) + ''; + }; stateDir = mkOption { type = types.path; @@ -51,6 +60,13 @@ in { config = mkIf cfg.enable { assertions = [ + { + assertion = cfg.enable -> nixarr.enable; + message = '' + The nixarr.readarr.enable option requires the + nixarr.enable option to be set, but it was not. + ''; + } { assertion = cfg.vpn.enable -> nixarr.vpn.enable; message = '' diff --git a/nixarr/sonarr/default.nix b/nixarr/sonarr/default.nix index e2c75bb..ee0daf0 100644 --- a/nixarr/sonarr/default.nix +++ b/nixarr/sonarr/default.nix @@ -13,7 +13,12 @@ in { enable = mkOption { type = types.bool; default = false; - description = "Enable the Sonarr service."; + example = true; + description = '' + Whether or not to enable the Sonarr service. + + **Required options:** [`nixarr.enable`](#nixarr.enable) + ''; }; stateDir = mkOption { @@ -57,6 +62,13 @@ in { config = mkIf cfg.enable { assertions = [ + { + assertion = cfg.enable -> nixarr.enable; + message = '' + The nixarr.sonarr.enable option requires the + nixarr.enable option to be set, but it was not. + ''; + } { assertion = cfg.vpn.enable -> nixarr.vpn.enable; message = '' diff --git a/nixarr/transmission/default.nix b/nixarr/transmission/default.nix index e689022..d98eef3 100644 --- a/nixarr/transmission/default.nix +++ b/nixarr/transmission/default.nix @@ -16,7 +16,7 @@ with lib; let runtimeInputs = with pkgs; [curl]; text = '' - PROWLARR_API_KEY=$(cat prowlarr-api-key) + PROWLARR_API_KEY=$(cat ${cfg.stateDir}/prowlarr-api-key) curl -XPOST http://localhost:2468/api/webhook?apikey="$PROWLARR_API_KEY" --data-urlencode "infoHash=$TR_TORRENT_HASH" ''; }; @@ -65,7 +65,16 @@ with lib; let }; in { options.nixarr.transmission = { - enable = mkEnableOption "the Transmission service."; + enable = mkOption { + type = types.bool; + default = false; + example = true; + description = '' + Whether or not to enable the Transmission service. + + **Required options:** [`nixarr.enable`](#nixarr.enable) + ''; + }; stateDir = mkOption { type = types.path; @@ -254,6 +263,13 @@ in { nixarr.vpn.enable option to be set, but it was not. ''; } + { + assertion = cfg.enable -> nixarr.enable; + message = '' + The nixarr.transmission.enable option requires the nixarr.enable + option to be set, but it was not. + ''; + } { assertion = cfg-cross-seed.enable -> nixarr.prowlarr.enable; message = ''