diff --git a/README.md b/README.md index 674cffd..cc890b3 100644 --- a/README.md +++ b/README.md @@ -38,12 +38,12 @@ To run services through a VPN, you must provide a wg-quick config file, that is provided by most VPN providers: ```nix {.numberLines} -nixarr.vpn = { - enable = true; - # IMPORTANT: This file must _not_ be in the config git directory - # You can usually get this wireguard file from your VPN provider - wgConf = "/data/.secret/wg.conf"; -} + nixarr.vpn = { + enable = true; + # IMPORTANT: This file must _not_ be in the config git directory + # You can usually get this wireguard file from your VPN provider + wgConf = "/data/.secret/wg.conf"; + } ``` It is possible, _but not recommended_, to run the "*Arrs" behind a VPN, @@ -64,33 +64,33 @@ If you want to know how to setup DDNS with Njalla, or how to manage secrets in n To use this module, add it to your flake inputs in your nix flake file, like shown in this example flake: ```nix {.numberLines} -{ - description = "Your nix flake"; + { + description = "Your nix flake"; - inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - nixarr.url = "github:rasmus-kirk/nixarr"; - }; + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixarr.url = "github:rasmus-kirk/nixarr"; + }; - outputs = { - nixpkgs, - nixarr, - ... - }@inputs: { - nixosConfigurations = { - servarr = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - - modules = [ - ./nixos/servarr/configuration.nix - nixarr.nixosModules.default - ]; - - specialArgs = { inherit inputs; }; + outputs = { + nixpkgs, + nixarr, + ... + }@inputs: { + nixosConfigurations = { + servarr = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + + modules = [ + ./nixos/servarr/configuration.nix + nixarr.nixosModules.default + ]; + + specialArgs = { inherit inputs; }; + }; }; }; - }; -} + } ``` ## Examples @@ -102,45 +102,45 @@ This example does the following: - Runs all "*Arrs" supported by this module ```nix {.numberLines} -nixarr = { - enable = true; - # These two values are also the default, but you can set them to whatever - # else you want - mediaDir = "/data/media"; - stateDir = "/data/media/.state"; - - vpn = { + nixarr = { enable = true; - # IMPORTANT: This file must _not_ be in the config git directory - # You can usually get this wireguard file from your VPN provider - wgConf = "/data/.secret/wg.conf"; - }; + # These two values are also the default, but you can set them to whatever + # else you want + mediaDir = "/data/media"; + stateDir = "/data/media/.state"; - jellyfin = { - enable = true; - # These options set up a nginx HTTPS reverse proxy, so you can access - # Jellyfin on your domain with HTTPS - expose.https = { + vpn = { enable = true; - domainName = "your.domain.com"; - acmeMail = "your@email.com"; # Required for ACME-bot + # IMPORTANT: This file must _not_ be in the config git directory + # You can usually get this wireguard file from your VPN provider + wgConf = "/data/.secret/wg.conf"; }; - }; - transmission = { - enable = true; - vpn.enable = true; - peerPort = 50000; # Set this to the port forwarded by your VPN - }; + jellyfin = { + enable = true; + # These options set up a nginx HTTPS reverse proxy, so you can access + # Jellyfin on your domain with HTTPS + expose.https = { + enable = true; + domainName = "your.domain.com"; + acmeMail = "your@email.com"; # Required for ACME-bot + }; + }; - # It is possible for this module to run the *Arrs through a VPN, but it - # is generally not recommended, as it can cause rate-limiting issues. - sonarr.enable = true; - radarr.enable = true; - prowlarr.enable = true; - readarr.enable = true; - lidarr.enable = true; -}; + transmission = { + enable = true; + vpn.enable = true; + peerPort = 50000; # Set this to the port forwarded by your VPN + }; + + # It is possible for this module to run the *Arrs through a VPN, but it + # is generally not recommended, as it can cause rate-limiting issues. + sonarr.enable = true; + radarr.enable = true; + prowlarr.enable = true; + readarr.enable = true; + lidarr.enable = true; + }; ``` Another example where port forwarding is not an option. This is useful if, @@ -153,56 +153,56 @@ example does the following: - Runs all the supported "*Arrs" ```nix {.numberLines} -nixarr = { - enable = true; - - vpn = { + nixarr = { enable = true; - wgConf = "/data/.secret/wg.conf"; - }; - jellyfin = { - enable = true; - vpn.enable = true; + vpn = { + enable = true; + wgConf = "/data/.secret/wg.conf"; + }; - # Access the Jellyfin web-ui from the internet. - # Get this port from your VPN provider - expose.vpn = { + jellyfin = { enable = true; - port = 12345; + vpn.enable = true; + + # Access the Jellyfin web-ui from the internet. + # Get this port from your VPN provider + expose.vpn = { + enable = true; + port = 12345; + }; }; - }; - # Setup SSH service that runs through VPN. - # Lets you connect through ssh from the internet without having access to - # port forwarding - openssh.vpn.enable = true; + # Setup SSH service that runs through VPN. + # Lets you connect through ssh from the internet without having access to + # port forwarding + openssh.expose.vpn.enable = true; - transmission = { - enable = true; - vpn.enable = true; - peerPort = 50000; # Set this to the port forwarded by your VPN + transmission = { + enable = true; + vpn.enable = true; + peerPort = 50000; # Set this to the port forwarded by your VPN + }; + + sonarr.enable = true; + radarr.enable = true; + prowlarr.enable = true; + readarr.enable = true; + lidarr.enable = true; }; - sonarr.enable = true; - radarr.enable = true; - prowlarr.enable = true; - readarr.enable = true; - lidarr.enable = true; -}; - -# The `openssh.vpn.enable` option does not enable openssh, so we do that here: -# We disable password authentication as it's generally insecure. -services.openssh = { - enable = true; - settings.PasswordAuthentication = false; - # Get this port from your VPN provider - ports = [ 54321 ] -}; -# Adds your public keys as trusted devices -users.extraUsers.username.openssh.authorizedKeys.keyFiles = [ - ./path/to/public/key/machine.pub} -]; + # The `openssh.vpn.enable` option does not enable openssh, so we do that here: + # We disable password authentication as it's generally insecure. + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + # Get this port from your VPN provider + ports = [ 54321 ] + }; + # Adds your public keys as trusted devices + users.extraUsers.username.openssh.authorizedKeys.keyFiles = [ + ./path/to/public/key/machine.pub} + ]; ``` In both examples, you don't have access to the "*Arrs" or torrent client @@ -210,13 +210,13 @@ without being on your home network or accessing them through localhost. If you have SSH setup you can use SSH tunneling. Simply run: ```sh -ssh -N user@ip \ - -L 6001:localhost:9091 \ - -L 6002:localhost:9696 \ - -L 6003:localhost:8989 \ - -L 6004:localhost:7878 \ - -L 6005:localhost:8686 \ - -L 6006:localhost:8787 + ssh -N user@ip \ + -L 6001:localhost:9091 \ + -L 6002:localhost:9696 \ + -L 6003:localhost:8989 \ + -L 6004:localhost:7878 \ + -L 6005:localhost:8686 \ + -L 6006:localhost:8787 ``` Replace `user` with your user and `ip` with the public ip, or domain if set diff --git a/docs/pandoc/lua/indent-code-blocks.lua b/docs/pandoc/lua/indent-code-blocks.lua new file mode 100644 index 0000000..2ce9353 --- /dev/null +++ b/docs/pandoc/lua/indent-code-blocks.lua @@ -0,0 +1,39 @@ +-- pandoc_indent_nix_blocks.lua +-- This Pandoc Lua filter indents all lines in code blocks by 2 spaces +-- TODO: This indents _all_ code blocks, not just example and default... + +--if dump_debug then +-- local debug_file = io.open("pandoc_debug.log", "a") +--end +-- +--function debug(msg) +-- if debug_file then +-- debug_file:write(msg .. "\n") +-- end +--end + +function CodeBlock(block) + -- Check if the code block language is unmarked + if #block.classes == 0 then + -- Split the block text into lines + local lines = {} + for line in block.text:gmatch("[^\r\n]+") do + table.insert(lines, line) + end + + -- Indent each line by 2 spaces + for i, line in ipairs(lines) do + lines[i] = " " .. line + end + + -- Join the lines back together and update the block text + block.text = table.concat(lines, '\n') + + -- Return the modified block + return block + end +end + +return { + {CodeBlock = CodeBlock} +} diff --git a/mkDocs.nix b/mkDocs.nix index f45c7f1..345b20f 100644 --- a/mkDocs.nix +++ b/mkDocs.nix @@ -53,10 +53,26 @@ in "$file_path" } + # Make home page + pandoc \ + --metadata date="$(date -u '+%Y-%m-%d - %H:%M:%S %Z')" \ + --standalone \ + --highlight-style docs/pandoc/gruvbox.theme \ + --template docs/pandoc/template.html \ + --css docs/pandoc/style.css \ + -V lang=en \ + -V --mathjax \ + -f markdown+smart \ + -o $out/index.html \ + README.md + + # Make wiki pages find docs/wiki -type f -name "*.md" | while IFS= read -r file; do buildwiki "$file" done + # Make options + cd $out pandoc \ --standalone \ --metadata title="Nixarr - Option Documentation" \ @@ -64,6 +80,7 @@ in --highlight-style docs/pandoc/gruvbox.theme \ --template docs/pandoc/template.html \ --css docs/pandoc/style.css \ + --lua-filter docs/pandoc/lua/indent-code-blocks.lua \ --lua-filter docs/pandoc/lua/anchor-links.lua \ --lua-filter docs/pandoc/lua/code-default-to-nix.lua \ --lua-filter docs/pandoc/lua/remove-utils.lua \ @@ -76,17 +93,5 @@ in -f markdown+smart \ -o $out/options.html \ "$tmpdir"/nixos-options.md - - pandoc \ - --metadata date="$(date -u '+%Y-%m-%d - %H:%M:%S %Z')" \ - --standalone \ - --highlight-style docs/pandoc/gruvbox.theme \ - --template docs/pandoc/template.html \ - --css docs/pandoc/style.css \ - -V lang=en \ - -V --mathjax \ - -f markdown+smart \ - -o $out/index.html \ - README.md ''; }