pazpi/nix
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

nix fmt with "nixfmt-rfc-style"

Browse source
This commit is contained in:
pazpi 2024-08-27 09:46:44 +02:00
parent 4a39b2cbfd
commit eb9f742b1e
26 changed files with 460 additions and 267 deletions
Download patch file Download diff file Expand all files Collapse all files

193
modules/services/download-pod-old.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let
cfg = config.download-pod-old;
in
@ -37,103 +42,113 @@ in
};
config = lib.mkIf cfg.enable
{
podman.enable = true;
config = lib.mkIf cfg.enable {
podman.enable = true;
systemd.services.pod-download = {
description = "Start podman 'download' pod";
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
requiredBy = [
"podman-jackett.service"
"podman-radarr.service"
"podman-sabnzbd.service"
"podman-sonarr.service"
systemd.services.pod-download = {
description = "Start podman 'download' pod";
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
requiredBy = [
"podman-jackett.service"
"podman-radarr.service"
"podman-sabnzbd.service"
"podman-sonarr.service"
];
unitConfig = {
RequiresMountsFor = "/run/containers";
};
serviceConfig = {
Type = "oneshot";
ExecStart = "-${pkgs.podman}/bin/podman pod create -p 9117:9117 -p 7878:7878 -p 8080:8080 -p 8989:8989 download";
}; # -p 9117:9117 -p 7878:7878 -p 8080:8080 -p 8989:8989
#--share cgroup,ipc,uts
path = [ pkgs.podman ];
};
virtualisation.oci-containers.containers = {
jackett = {
image = "linuxserver/jackett";
autoStart = true;
user = "1000:100";
ports = [ "9117:9117" ];
extraOptions = [
"--init=true"
"--pod=download"
];
volumes = [
"jackett_config:/config"
"${cfg.dataDir}:/data"
];
unitConfig = {
RequiresMountsFor = "/run/containers";
};
serviceConfig = {
Type = "oneshot";
ExecStart = "-${pkgs.podman}/bin/podman pod create -p 9117:9117 -p 7878:7878 -p 8080:8080 -p 8989:8989 download";
}; # -p 9117:9117 -p 7878:7878 -p 8080:8080 -p 8989:8989
#--share cgroup,ipc,uts
path = [ pkgs.podman ];
};
virtualisation.oci-containers.containers = {
jackett = {
image = "linuxserver/jackett";
autoStart = true;
user = "1000:100";
ports = [ "9117:9117" ];
extraOptions = [
"--init=true"
"--pod=download"
];
volumes = [ "jackett_config:/config" "${cfg.dataDir}:/data" ];
};
radarr = {
image = "linuxserver/radarr";
autoStart = true;
user = "1000:100";
ports = [ "7878:7878" ];
extraOptions = [
"--init=true"
"--pod=download"
];
volumes = [ "radarr_config:/config" "${cfg.dataDir}:/data" ];
};
sabnzbd = {
image = "linuxserver/sabnzbd";
autoStart = true;
user = "1000:100";
ports = [ "8080:8080" ];
extraOptions = [
"--init=true"
"--pod=download"
];
volumes = [ "sabnzbd_config:/config" "${cfg.dataDir}:/data" ];
};
sonarr = {
image = "linuxserver/sonarr";
autoStart = true;
user = "1000:100";
ports = [ "8989:8989" ];
extraOptions = [
"--init=true"
"--pod=download"
];
volumes = [ "sonarr_config:/config" "${cfg.dataDir}:/data" ];
};
radarr = {
image = "linuxserver/radarr";
autoStart = true;
user = "1000:100";
ports = [ "7878:7878" ];
extraOptions = [
"--init=true"
"--pod=download"
];
volumes = [
"radarr_config:/config"
"${cfg.dataDir}:/data"
];
};
services.caddy = lib.mkIf cfg.proxy.enable {
enable = true;
enableReload = false;
virtualHosts = {
"jackett.${cfg.proxy.hostName}".extraConfig = ''
reverse_proxy http://${cfg.proxy.serverName}:9117
'';
"radarr.${cfg.proxy.hostName}".extraConfig = ''
reverse_proxy http://${cfg.proxy.serverName}:7878
'';
"sabnzbd.${cfg.proxy.hostName}".extraConfig = ''
reverse_proxy http://${cfg.proxy.serverName}:8080
'';
"sonarr.${cfg.proxy.hostName}".extraConfig = ''
reverse_proxy http://${cfg.proxy.serverName}:8989
'';
};
sabnzbd = {
image = "linuxserver/sabnzbd";
autoStart = true;
user = "1000:100";
ports = [ "8080:8080" ];
extraOptions = [
"--init=true"
"--pod=download"
];
volumes = [
"sabnzbd_config:/config"
"${cfg.dataDir}:/data"
];
};
sonarr = {
image = "linuxserver/sonarr";
autoStart = true;
user = "1000:100";
ports = [ "8989:8989" ];
extraOptions = [
"--init=true"
"--pod=download"
];
volumes = [
"sonarr_config:/config"
"${cfg.dataDir}:/data"
];
};
};
services.caddy = lib.mkIf cfg.proxy.enable {
enable = true;
enableReload = false;
virtualHosts = {
"jackett.${cfg.proxy.hostName}".extraConfig = ''
reverse_proxy http://${cfg.proxy.serverName}:9117
'';
"radarr.${cfg.proxy.hostName}".extraConfig = ''
reverse_proxy http://${cfg.proxy.serverName}:7878
'';
"sabnzbd.${cfg.proxy.hostName}".extraConfig = ''
reverse_proxy http://${cfg.proxy.serverName}:8080
'';
"sonarr.${cfg.proxy.hostName}".extraConfig = ''
reverse_proxy http://${cfg.proxy.serverName}:8989
'';
};
};
};
}

40
modules/services/download-pod.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.download-pod;
in
@ -73,45 +78,47 @@ in
jackett = {
image = "linuxserver/jackett";
autoStart = true;
extraOptions = [
"--pod=my-pod"
extraOptions = [ "--pod=my-pod" ];
volumes = [
"jackett_config:/config"
"jackett_data:/data"
];
volumes = [ "jackett_config:/config" "jackett_data:/data" ];
};
radarr = {
image = "linuxserver/radarr";
autoStart = true;
extraOptions = [
"--pod=download"
extraOptions = [ "--pod=download" ];
volumes = [
"radarr_config:/config"
"radarr_data:/data"
];
volumes = [ "radarr_config:/config" "radarr_data:/data" ];
};
sabnzbd = {
image = "linuxserver/sabnzbd";
autoStart = true;
extraOptions = [
"--pod=download"
extraOptions = [ "--pod=download" ];
volumes = [
"sabnzbd_config:/config"
"sabnzbd_data:/data"
];
volumes = [ "sabnzbd_config:/config" "sabnzbd_data:/data" ];
};
sonarr = {
image = "linuxserver/sonarr";
autoStart = true;
extraOptions = [
"--pod=download"
extraOptions = [ "--pod=download" ];
volumes = [
"sonarr_config:/config"
"sonarr_data:/data"
];
volumes = [ "sonarr_config:/config" "sonarr_data:/data" ];
};
prowlarr = {
image = "linuxserver/prowlarr";
autoStart = true;
extraOptions = [
"--pod=download"
];
extraOptions = [ "--pod=download" ];
volumes = [ "prowlarr_config:/config" ];
};
@ -139,5 +146,4 @@ in
};
}

7
modules/services/nextcloud-podman.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let
cfg = config.nextcloud-pd;
in

72
modules/services/rutorrent.nix
View file

@ -1,22 +1,40 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.services.rutorrent;
rutorrentPkgs = import ../packages/rutorrent.nix { inherit pkgs; inherit lib; };
rutorrentPkgs = import ../packages/rutorrent.nix {
inherit pkgs;
inherit lib;
};
rtorrentPluginDependencies = with pkgs; {
_task = [ procps ];
unpack = [ unzip unrar ];
unpack = [
unzip
unrar
];
rss = [ curl ];
mediainfo = [ mediainfo ];
spectrogram = [ sox ];
screenshots = [ ffmpeg ];
};
python = with pkgs; (python312.withPackages (p: with p; [ cloudscraper cfscrape ]));
python =
with pkgs;
(python312.withPackages (
p: with p; [
cloudscraper
cfscrape
]
));
phpPluginDependencies = with pkgs; {
_cloudflare = [ python ];
@ -77,7 +95,13 @@ in
};
poolSettings = mkOption {
type = with types; attrsOf (oneOf [ str int bool ]);
type =
with types;
attrsOf (oneOf [
str
int
bool
]);
default = {
"pm" = "dynamic";
"pm.max_children" = 32;
@ -118,7 +142,10 @@ in
{
assertions =
let
usedRpcPlugins = intersectLists cfg.plugins [ "httprpc" "rpc" ];
usedRpcPlugins = intersectLists cfg.plugins [
"httprpc"
"rpc"
];
in
[
{
@ -136,11 +163,17 @@ in
nginxVhostCfg = config.services.nginx.virtualHosts."${cfg.hostName}";
in
[ ]
++ (optional (cfg.nginx.exposeInsecureRPC2mount && (nginxVhostCfg.basicAuth == { } || nginxVhostCfg.basicAuthFile == null)) ''
You are using exposeInsecureRPC2mount without using basic auth on the virtual host. The exposed rpc mount allow for remote command execution.
++ (optional
(
cfg.nginx.exposeInsecureRPC2mount
&& (nginxVhostCfg.basicAuth == { } || nginxVhostCfg.basicAuthFile == null)
)
''
You are using exposeInsecureRPC2mount without using basic auth on the virtual host. The exposed rpc mount allow for remote command execution.
Please make sure it is not accessible from the outside.
'');
Please make sure it is not accessible from the outside.
''
);
systemd = {
services = {
@ -229,8 +262,11 @@ in
cp -r ${rutorrentPkgs}/php ${cfg.dataDir}/
${optionalString (cfg.plugins != [])
''cp -r ${concatMapStringsSep " " (p: "${rutorrentPkgs}/plugins/${p}") cfg.plugins} ${cfg.dataDir}/plugins/''}
${optionalString (cfg.plugins != [ ])
''cp -r ${
concatMapStringsSep " " (p: "${rutorrentPkgs}/plugins/${p}") cfg.plugins
} ${cfg.dataDir}/plugins/''
}
chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}/{conf,share,logs,plugins}
chmod -R 755 ${cfg.dataDir}/{conf,share,logs,plugins}
@ -263,7 +299,10 @@ in
{
networking.firewall = {
allowedTCPPorts = [ 80 443 ];
allowedTCPPorts = [
80
443
];
};
services = {
@ -303,11 +342,12 @@ in
pool = {
user = cfg.user;
group = config.services.rtorrent.group;
settings = mapAttrs (name: mkDefault)
{
settings =
mapAttrs (name: mkDefault) {
"listen.owner" = config.services.nginx.user;
"listen.group" = config.services.nginx.group;
} // cfg.poolSettings;
}
// cfg.poolSettings;
};
in
if (envPath == "") then pool else pool // { phpEnv.PATH = envPath; };