diff --git a/lib/default.nix b/lib/default.nix index 611e0a8..0d26ebf 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -4,7 +4,7 @@ rec { let configWithTemplates = withReplacements userConfig; - nonSecretConfigFile = pkgs.writeText "${resultPath}.template" (generator configWithTemplates); + nonSecretConfigFile = pkgs.writeText "${resultPath}.template" (generator "template" configWithTemplates); replacements = getReplacements userConfig; in @@ -13,7 +13,11 @@ rec { inherit resultPath replacements; }; - template = file: newPath: replacements: replaceSecretsScript { inherit file replacements; resultPath = newPath; }; + template = file: newPath: replacements: replaceSecretsScript { + inherit file replacements; + resultPath = newPath; + }; + replaceSecretsScript = { file, resultPath, replacements }: let templatePath = resultPath + ".template"; @@ -25,7 +29,11 @@ rec { mkdir -p $(dirname ${templatePath}) ln -fs ${file} ${templatePath} rm -f ${resultPath} - ${pkgs.gnused}/bin/sed ${sedPatterns} ${templatePath} > ${resultPath} + if [ -z "${sedPatterns}" ]; then + cat ${templatePath} > ${resultPath} + else + ${pkgs.gnused}/bin/sed ${sedPatterns} ${templatePath} > ${resultPath} + fi ''; secretFileType = lib.types.submodule { diff --git a/modules/blocks/authelia.nix b/modules/blocks/authelia.nix index af3928d..ac7d26a 100644 --- a/modules/blocks/authelia.nix +++ b/modules/blocks/authelia.nix @@ -341,7 +341,7 @@ in identity_providers.oidc.clients = clients; }; resultPath = "/var/lib/authelia-${fqdn}/oidc_clients.yaml"; - generator = lib.generators.toYAML {}; + generator = name: value: lib.generators.toYAML {} value; }; in lib.mkBefore (mkCfg cfg.oidcClients); diff --git a/modules/services/arr.nix b/modules/services/arr.nix index 895d0c1..8567a5c 100644 --- a/modules/services/arr.nix +++ b/modules/services/arr.nix @@ -306,7 +306,7 @@ let }; in valueType; - generate = value: builtins.readFile (pkgs.callPackage ({ runCommand, python3 }: runCommand "config" { + generate = name: value: builtins.readFile (pkgs.callPackage ({ runCommand, python3 }: runCommand "config" { value = builtins.toJSON {Config = value;}; passAsFile = [ "value" ]; } (pkgs.writers.writePython3 "dict2xml" { @@ -381,7 +381,7 @@ in { options.shb.arr = lib.listToAttrs (lib.mapAttrsToList appOption apps); - config = lib.mkMerge ([ + config = lib.mkMerge [ (lib.mkIf cfg.radarr.enable ( let cfg' = cfg.radarr; @@ -395,10 +395,6 @@ in dataDir = "/var/lib/radarr"; }; - users.users.radarr = { - extraGroups = [ "media" ]; - }; - systemd.services.radarr.preStart = shblib.replaceSecrets { userConfig = cfg'.settings // (lib.optionalAttrs isSSOEnabled { @@ -417,7 +413,8 @@ in ]; excludePatterns = [".db-shm" ".db-wal" ".mono"]; }; - } // backup "radarr")) + })) + (lib.mkIf cfg.radarr.enable (backup "radarr")) (lib.mkIf cfg.sonarr.enable ( let @@ -453,11 +450,13 @@ in ]; excludePatterns = [".db-shm" ".db-wal" ".mono"]; }; - } // backup "sonarr")) + })) + (lib.mkIf cfg.sonarr.enable (backup "sonarr")) (lib.mkIf cfg.bazarr.enable ( let cfg' = cfg.bazarr; + isSSOEnabled = !(isNull cfg'.authEndpoint); in { services.bazarr = { @@ -468,8 +467,12 @@ in extraGroups = [ "media" ]; }; systemd.services.bazarr.preStart = shblib.replaceSecrets { - userConfig = cfg'.settings; - resultPath = "/var/lib/${config.systemd.services.bazarr.serviceConfig.StateDirectory}/config.xml"; + userConfig = cfg'.settings + // (lib.optionalAttrs isSSOEnabled { + AuthenticationRequired = "DisabledForLocalAddresses"; + AuthenticationMethod = "External"; + }); + resultPath = "/var/lib/bazarr/config.xml"; generator = apps.bazarr.settingsFormat.generate; }; @@ -481,7 +484,8 @@ in ]; excludePatterns = [".db-shm" ".db-wal" ".mono"]; }; - } // backup "bazarr")) + })) + (lib.mkIf cfg.bazarr.enable (backup "sonarr")) (lib.mkIf cfg.readarr.enable ( let @@ -509,11 +513,13 @@ in ]; excludePatterns = [".db-shm" ".db-wal" ".mono"]; }; - } // backup "readarr")) + })) + (lib.mkIf cfg.readarr.enable (backup "bazarr")) (lib.mkIf cfg.lidarr.enable ( let cfg' = cfg.lidarr; + isSSOEnabled = !(isNull cfg'.authEndpoint); in { services.lidarr = { @@ -524,7 +530,11 @@ in extraGroups = [ "media" ]; }; systemd.services.lidarr.preStart = shblib.replaceSecrets { - userConfig = cfg'.settings; + userConfig = cfg'.settings + // (lib.optionalAttrs isSSOEnabled { + AuthenticationRequired = "DisabledForLocalAddresses"; + AuthenticationMethod = "External"; + }); resultPath = "${config.services.lidarr.dataDir}/config.xml"; generator = apps.lidarr.settingsFormat.generate; }; @@ -537,7 +547,8 @@ in ]; excludePatterns = [".db-shm" ".db-wal" ".mono"]; }; - } // backup "lidarr")) + })) + (lib.mkIf cfg.lidarr.enable (backup "readarr")) (lib.mkIf cfg.jackett.enable ( let @@ -553,7 +564,7 @@ in }; systemd.services.jackett.preStart = shblib.replaceSecrets { userConfig = cfg'.settings; - resultPath = "${config.services.jackett.dataDir}/config.xml"; + resultPath = "${config.services.jackett.dataDir}/ServerConfig.json"; generator = apps.jackett.settingsFormat.generate; }; @@ -567,6 +578,7 @@ in ]; excludePatterns = [".db-shm" ".db-wal" ".mono"]; }; - } // backup "jackett")) - ]); + })) + (lib.mkIf cfg.jackett.enable (backup "lidarr")) + ]; } diff --git a/modules/services/home-assistant.nix b/modules/services/home-assistant.nix index 6790c10..4593469 100644 --- a/modules/services/home-assistant.nix +++ b/modules/services/home-assistant.nix @@ -299,7 +299,7 @@ in '' + shblib.replaceSecrets { userConfig = cfg.config; resultPath = "${config.services.home-assistant.configDir}/secrets.yaml"; - generator = lib.generators.toYAML {}; + generator = name: value: lib.generators.toYAML {} value; }); systemd.tmpfiles.rules = [ diff --git a/modules/services/vaultwarden.nix b/modules/services/vaultwarden.nix index dc9d83c..dde963a 100644 --- a/modules/services/vaultwarden.nix +++ b/modules/services/vaultwarden.nix @@ -155,7 +155,7 @@ in SMTP_PASSWORD.source = cfg.smtp.passwordFile; }; resultPath = "/var/lib/bitwarden_rs/vaultwarden.env"; - generator = v: lib.generators.toINIWithGlobalSection {} { globalSection = v; }; + generator = name: v: lib.generators.toINIWithGlobalSection {} { globalSection = v; }; }; shb.nginx.autheliaProtect = [ diff --git a/test/modules/arr.nix b/test/modules/arr.nix index cb4ea2f..2fbe58f 100644 --- a/test/modules/arr.nix +++ b/test/modules/arr.nix @@ -126,7 +126,7 @@ in enable = true; authEndpoint = "https://oidc.example.com"; settings = { - APIKeyFile = "/run/radarr/apikey"; + APIKey.source = pkgs.writeText "key" "/run/radarr/apikey"; }; }; }; @@ -199,7 +199,7 @@ in enable = true; authEndpoint = "https://oidc.example.com"; settings = { - APIKeyFile = "/run/radarr/apikey"; + APIKey.source = pkgs.writeText "key" "/run/radarr/apikey"; }; backupCfg = { enable = true; diff --git a/test/vm/lib.nix b/test/vm/lib.nix index 8ee7db1..681e89e 100644 --- a/test/vm/lib.nix +++ b/test/vm/lib.nix @@ -39,7 +39,7 @@ in replaceInTemplate2 = shblib.replaceSecrets { inherit userConfig; resultPath = "/var/lib/config2.yaml"; - generator = lib.generators.toJSON {}; + generator = name: value: lib.generators.toJSON {} value; }; in pkgs.testers.runNixOSTest {