felix/nixos
1
0
Fork 0
mirror of https://github.com/Stunkymonkey/nixos.git synced 2025-05-24 09:54:40 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

service/exportarr: fix apikey

Browse source
This commit is contained in:
Felix Buehler 2023-07-25 22:20:49 +02:00
parent 724ca9dc1a
commit e4d8129873
7 changed files with 97 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

10
machines/serverle/secrets.yaml
View file

@ -18,6 +18,12 @@ acme:
inwx: ENC[AES256_GCM,data:yf1Xi0YOSUMfTd91NCjMUD7uMPzFjK7wfsxnDeIXBfd1U0hopemF6KBDYVLIP7NrTDz+wGWCqvgO3w8FjfWjCgtcqw==,iv:4HOFyvuhCDTSFGgEqbdVmC8pDpf/CpapDaSUwwRZOGI=,tag:ynQxQS1VzpqCJZOfUP0Bwg==,type:str] inwx: ENC[AES256_GCM,data:yf1Xi0YOSUMfTd91NCjMUD7uMPzFjK7wfsxnDeIXBfd1U0hopemF6KBDYVLIP7NrTDz+wGWCqvgO3w8FjfWjCgtcqw==,iv:4HOFyvuhCDTSFGgEqbdVmC8pDpf/CpapDaSUwwRZOGI=,tag:ynQxQS1VzpqCJZOfUP0Bwg==,type:str]
dyndns: dyndns:
password: ENC[AES256_GCM,data:WsgT4Un6/yirszfONzhYQDT66arEdmzkeA==,iv:9IbyEwX8DvJMfW3XaUaObmsD8mZCr1eQo7MglGn8dl0=,tag:XM0Qf4KbdkercBvpEwJdtg==,type:str] password: ENC[AES256_GCM,data:WsgT4Un6/yirszfONzhYQDT66arEdmzkeA==,iv:9IbyEwX8DvJMfW3XaUaObmsD8mZCr1eQo7MglGn8dl0=,tag:XM0Qf4KbdkercBvpEwJdtg==,type:str]
radarr:
apikey: ENC[AES256_GCM,data:vyv5PRvNhJ0MxszGa0dQPIhlPdDqEV1Vm0QRCPKmY6k=,iv:tY159K+FqR6eqHYPR6uEveD7V8QZDJidxT0ms81kEew=,tag:tX1fA6BLHq3b4AwfD8L1Ag==,type:str]
sonarr:
apikey: ENC[AES256_GCM,data:gnqWrd3FAqR49Q3LJfVk0DtSa9Oo5qR8BguI7qhF62Q=,iv:mmSHSV74EHtsor3xBU5HL7DtVXk3SKu5KjV2DglWgNI=,tag:1jlDMaYp2zu4B1EpfeL9nQ==,type:str]
prowlarr:
apikey: ENC[AES256_GCM,data:5H3aZEaa7trPgwo7CKnryhMUdZ+UP+a9UBNbeLNHqxk=,iv:OE5/q4HRIhoB/ZK4ic2nC63t5nNyJi2AZsP4JYuxaW0=,tag:l5IFkGCmam+f3dFgKM1Rwg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -42,8 +48,8 @@ sops:
a1BjcjVaM01UV0o5bTFTVTE5QUZKMmsKPAGYDf1FVtp4+Z/KUrI6z0aZYEwN1DYa a1BjcjVaM01UV0o5bTFTVTE5QUZKMmsKPAGYDf1FVtp4+Z/KUrI6z0aZYEwN1DYa
jKtA1IUXrmdaRllN0SfC+YjMXTk7IoJvrjagCv9Zo0zEKasfO8PL4g== jKtA1IUXrmdaRllN0SfC+YjMXTk7IoJvrjagCv9Zo0zEKasfO8PL4g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-06-04T14:25:20Z" lastmodified: "2023-07-25T19:49:06Z"
mac: ENC[AES256_GCM,data:vHbLSsIFoathXRhvEIlJZyPQr/nKguel72hiaCP0Z/jjrtr+2imFWTPzi4BxRIHJwybITh59ytxDBm3cxXuN0GbBsSVHjYAp5oLqiQHWyjWQsJpE8ITP/0W61lNGeVAzixntgz/QJKqavXs0duEDSqqw+7+fULo6Xzx794vnY1M=,iv:MTpTnDRRhPnV2e6xX42juXciWIbYtbIzy6GC+aYj9Gc=,tag:8e3uGqwW2CZnrQartHb5DQ==,type:str] mac: ENC[AES256_GCM,data:YJDe8T2DljJZX80Q5dMgh5nn+oNO5f9lU8KxbjtfMdXsu5aFCB/IykSMXLO9Yji4QeUMdiTsmAhDl+xWonK7BjDorNF7Culq3zo/g36WkAekGFlgp4i0lnHf182noX46sApwFDj9gRx+Ozhn/BsoVADhNkOfP91XJH09UOLyHxM=,iv:qWnS2m9ifuLKdX2+7b053/OHNgIjb9GK7EIft00Qu7E=,tag:XAtQdRP5pEP3xYoGLqbnNA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.7.3

6
machines/serverle/services.nix
View file

@ -11,6 +11,9 @@ in
sops.secrets."sso/auth-key" = { }; sops.secrets."sso/auth-key" = { };
sops.secrets."sso/felix/password-hash" = { }; sops.secrets."sso/felix/password-hash" = { };
sops.secrets."sso/felix/totp-secret" = { }; sops.secrets."sso/felix/totp-secret" = { };
sops.secrets."prowlarr/apikey" = { };
sops.secrets."radarr/apikey" = { };
sops.secrets."sonarr/apikey" = { };
# List services that you want to enable: # List services that you want to enable:
my.services = { my.services = {
@ -32,12 +35,15 @@ in
prowlarr = { prowlarr = {
enable = true; enable = true;
apiKeyFile = secrets."prowlarr/apikey".path;
}; };
radarr = { radarr = {
enable = true; enable = true;
apiKeyFile = secrets."radarr/apikey".path;
}; };
sonarr = { sonarr = {
enable = true; enable = true;
apiKeyFile = secrets."sonarr/apikey".path;
}; };
bazarr = { bazarr = {
enable = true; enable = true;

5
modules/services/bazarr/default.nix
View file

@ -26,11 +26,6 @@ in
} }
]; ];
my.services.exportarr.bazarr = {
port = port + 1;
url = "http://127.0.0.1:${toString port}";
};
webapps.apps.bazarr = { webapps.apps.bazarr = {
dashboard = { dashboard = {
name = "Subtitles"; name = "Subtitles";

29
modules/services/exportarr/default.nix
View file

@ -4,16 +4,17 @@ let
mkExportarrService = name: conf: mkExportarrService = name: conf:
let let
exportarrEnvironment = { exportarrEnvironment = (
lib.mapAttrs (_: toString) conf.environment
) // {
PORT = toString conf.port; PORT = toString conf.port;
URL = conf.url; URL = conf.url;
} // ( API_KEY_FILE = lib.mkIf (conf.apiKeyFile != null) "%d/api-key";
lib.mapAttrs (_: toString) conf.environment };
);
in in
lib.nameValuePair "exportarr-${name}" { lib.nameValuePair "exportarr-${name}" {
description = "Exportarr Service ${name}"; description = "Exportarr Service ${name}";
script = ''exec ${conf.package}/bin/exportarr "$@"''; script = ''exec ${conf.package}/bin/exportarr ${name} "$@"'';
serviceConfig = { serviceConfig = {
Restart = "on-failure"; Restart = "on-failure";
User = "exportarr-${name}"; User = "exportarr-${name}";
@ -23,6 +24,9 @@ let
WorkingDirectory = "/var/lib/exportarr-${name}"; WorkingDirectory = "/var/lib/exportarr-${name}";
RuntimeDirectory = "exportarr-${name}"; RuntimeDirectory = "exportarr-${name}";
LoadCredential = lib.optionalString (conf.apiKeyFile != null)
"api-key:${conf.apiKeyFile}";
CapabilityBoundingSet = ""; CapabilityBoundingSet = "";
LockPersonality = true; LockPersonality = true;
PrivateDevices = true; PrivateDevices = true;
@ -88,6 +92,14 @@ in
''; '';
}; };
apiKeyFile = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
description = lib.mdDoc ''
File containing the api-key.
'';
};
package = lib.mkPackageOptionMD pkgs "exportarr" { }; package = lib.mkPackageOptionMD pkgs "exportarr" { };
environment = lib.mkOption { environment = lib.mkOption {
@ -97,7 +109,6 @@ in
See [the configuration guide](https://github.com/onedr0p/exportarr#configuration) for available options. See [the configuration guide](https://github.com/onedr0p/exportarr#configuration) for available options.
''; '';
example = { example = {
API_KEY_FILE = "/run/secrets/exportarr";
PROWLARR__BACKFILL = true; PROWLARR__BACKFILL = true;
}; };
}; };
@ -107,6 +118,12 @@ in
}; };
config = lib.mkIf (cfg != { }) { config = lib.mkIf (cfg != { }) {
assertions = lib.mapAttrsToList
(name: config: {
assertion = builtins.elem name [ "sonarr" "radarr" "lidarr" "prowlarr" "readarr" "sabnzbd" ];
message = "exportarr does not support this service.";
})
cfg;
systemd.services = lib.mapAttrs' mkExportarrService cfg; systemd.services = lib.mapAttrs' mkExportarrService cfg;
}; };
} }

20
modules/services/prowlarr/default.nix
View file

@ -8,6 +8,13 @@ in
{ {
options.my.services.prowlarr = with lib; { options.my.services.prowlarr = with lib; {
enable = mkEnableOption "Prowlarr for indexing"; enable = mkEnableOption "Prowlarr for indexing";
apiKeyFile = lib.mkOption {
type = lib.types.path;
description = lib.mdDoc ''
File containing the api-key.
'';
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
@ -39,8 +46,21 @@ in
my.services.exportarr.prowlarr = { my.services.exportarr.prowlarr = {
port = port + 1; port = port + 1;
url = "http://127.0.0.1:${toString port}"; url = "http://127.0.0.1:${toString port}";
apiKeyFile = cfg.apiKeyFile;
}; };
services.prometheus.scrapeConfigs = [
{
job_name = "prowlarr";
static_configs = [{
targets = [ "127.0.0.1:${toString port + 1}" ];
labels = {
instance = config.networking.hostName;
};
}];
}
];
webapps.apps.prowlarr = { webapps.apps.prowlarr = {
dashboard = { dashboard = {
name = "Indexer"; name = "Indexer";

20
modules/services/radarr/default.nix
View file

@ -8,6 +8,13 @@ in
{ {
options.my.services.radarr = with lib; { options.my.services.radarr = with lib; {
enable = mkEnableOption "Sonarr for films management"; enable = mkEnableOption "Sonarr for films management";
apiKeyFile = lib.mkOption {
type = lib.types.path;
description = lib.mdDoc ''
File containing the api-key.
'';
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
@ -29,8 +36,21 @@ in
my.services.exportarr.radarr = { my.services.exportarr.radarr = {
port = port + 1; port = port + 1;
url = "http://127.0.0.1:${toString port}"; url = "http://127.0.0.1:${toString port}";
apiKeyFile = cfg.apiKeyFile;
}; };
services.prometheus.scrapeConfigs = [
{
job_name = "radarr";
static_configs = [{
targets = [ "127.0.0.1:${toString port + 1}" ];
labels = {
instance = config.networking.hostName;
};
}];
}
];
webapps.apps.radarr = { webapps.apps.radarr = {
dashboard = { dashboard = {
name = "Movies"; name = "Movies";

20
modules/services/sonarr/default.nix
View file

@ -8,6 +8,13 @@ in
{ {
options.my.services.sonarr = with lib; { options.my.services.sonarr = with lib; {
enable = mkEnableOption "Sonarr for series management"; enable = mkEnableOption "Sonarr for series management";
apiKeyFile = lib.mkOption {
type = lib.types.path;
description = lib.mdDoc ''
File containing the api-key.
'';
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
@ -29,8 +36,21 @@ in
my.services.exportarr.sonarr = { my.services.exportarr.sonarr = {
port = port + 1; port = port + 1;
url = "http://127.0.0.1:${toString port}"; url = "http://127.0.0.1:${toString port}";
apiKeyFile = cfg.apiKeyFile;
}; };
services.prometheus.scrapeConfigs = [
{
job_name = "sonarr";
static_configs = [{
targets = [ "127.0.0.1:${toString port + 1}" ];
labels = {
instance = config.networking.hostName;
};
}];
}
];
webapps.apps.sonarr = { webapps.apps.sonarr = {
dashboard = { dashboard = {
name = "Series"; name = "Series";