1
0
Fork 0

Disable auth in arr suite if SSO is enabled (#221)

This commit is contained in:
Pierre Penninckx 2024-04-09 07:16:50 -07:00 committed by GitHub
parent 5179f7fc90
commit b9db764a8b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -382,7 +382,12 @@ in
options.shb.arr = lib.listToAttrs (lib.mapAttrsToList appOption apps); options.shb.arr = lib.listToAttrs (lib.mapAttrsToList appOption apps);
config = lib.mkMerge ([ config = lib.mkMerge ([
(lib.mkIf cfg.radarr.enable ({ (lib.mkIf cfg.radarr.enable (
let
cfg' = cfg.radarr;
isSSOEnabled = !(isNull cfg'.authEndpoint);
in
{
services.nginx.enable = true; services.nginx.enable = true;
services.radarr = { services.radarr = {
@ -395,22 +400,31 @@ in
}; };
systemd.services.radarr.preStart = shblib.replaceSecrets { systemd.services.radarr.preStart = shblib.replaceSecrets {
userConfig = cfg.radarr.settings; userConfig = cfg'.settings
// (lib.optionalAttrs isSSOEnabled {
AuthenticationRequired = "DisabledForLocalAddresses";
AuthenticationMethod = "External";
});
resultPath = "${config.services.radarr.dataDir}/config.xml"; resultPath = "${config.services.radarr.dataDir}/config.xml";
generator = apps.radarr.settingsFormat.generate; generator = apps.radarr.settingsFormat.generate;
}; };
shb.nginx.autheliaProtect = [ (autheliaProtect {} config.shb.arr.radarr) ]; shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ];
shb.backup.instances.radarr = cfg.radarr.backupCfg // { shb.backup.instances.radarr = cfg'.backupCfg // {
sourceDirectories = [ sourceDirectories = [
config.shb.arr.radarr.dataDir cfg'.dataDir
]; ];
excludePatterns = [".db-shm" ".db-wal" ".mono"]; excludePatterns = [".db-shm" ".db-wal" ".mono"];
}; };
} // backup "radarr")) } // backup "radarr"))
(lib.mkIf cfg.sonarr.enable ({ (lib.mkIf cfg.sonarr.enable (
let
cfg' = cfg.sonarr;
isSSOEnabled = !(isNull cfg'.authEndpoint);
in
{
services.nginx.enable = true; services.nginx.enable = true;
services.sonarr = { services.sonarr = {
@ -420,47 +434,60 @@ in
users.users.sonarr = { users.users.sonarr = {
extraGroups = [ "media" ]; extraGroups = [ "media" ];
}; };
systemd.services.sonarr.preStart = shblib.replaceSecrets { systemd.services.sonarr.preStart = shblib.replaceSecrets {
userConfig = cfg.sonarr.settings; userConfig = cfg'.settings
// (lib.optionalAttrs isSSOEnabled {
AuthenticationRequired = "DisabledForLocalAddresses";
AuthenticationMethod = "External";
});
resultPath = "${config.services.sonarr.dataDir}/config.xml"; resultPath = "${config.services.sonarr.dataDir}/config.xml";
generator = apps.sonarr.settingsFormat.generate; generator = apps.sonarr.settingsFormat.generate;
}; };
shb.nginx.autheliaProtect = [ (autheliaProtect {} config.shb.arr.sonarr) ]; shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ];
shb.backup.instances.sonarr = cfg.sonarr.backupCfg // { shb.backup.instances.sonarr = cfg'.backupCfg // {
sourceDirectories = [ sourceDirectories = [
config.shb.arr.sonarr.dataDir cfg'.dataDir
]; ];
excludePatterns = [".db-shm" ".db-wal" ".mono"]; excludePatterns = [".db-shm" ".db-wal" ".mono"];
}; };
} // backup "sonarr")) } // backup "sonarr"))
(lib.mkIf cfg.bazarr.enable ({ (lib.mkIf cfg.bazarr.enable (
let
cfg' = cfg.bazarr;
in
{
services.bazarr = { services.bazarr = {
enable = true; enable = true;
listenPort = cfg.bazarr.settings.Port; listenPort = cfg'.settings.Port;
}; };
users.users.bazarr = { users.users.bazarr = {
extraGroups = [ "media" ]; extraGroups = [ "media" ];
}; };
systemd.services.bazarr.preStart = shblib.replaceSecrets { systemd.services.bazarr.preStart = shblib.replaceSecrets {
userConfig = cfg.bazarr.settings; userConfig = cfg'.settings;
resultPath = "/var/lib/${config.systemd.services.bazarr.serviceConfig.StateDirectory}/config.xml"; resultPath = "/var/lib/${config.systemd.services.bazarr.serviceConfig.StateDirectory}/config.xml";
generator = apps.bazarr.settingsFormat.generate; generator = apps.bazarr.settingsFormat.generate;
}; };
shb.nginx.autheliaProtect = [ (autheliaProtect {} config.shb.arr.bazarr) ]; shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ];
shb.backup.instances.bazarr = cfg.bazarr.backupCfg // { shb.backup.instances.bazarr = cfg'.backupCfg // {
sourceDirectories = [ sourceDirectories = [
config.shb.arr.bazarr.dataDir cfg'.dataDir
]; ];
excludePatterns = [".db-shm" ".db-wal" ".mono"]; excludePatterns = [".db-shm" ".db-wal" ".mono"];
}; };
} // backup "bazarr")) } // backup "bazarr"))
(lib.mkIf cfg.readarr.enable ({ (lib.mkIf cfg.readarr.enable (
let
cfg' = cfg.readarr;
in
{
services.readarr = { services.readarr = {
enable = true; enable = true;
dataDir = "/var/lib/readarr"; dataDir = "/var/lib/readarr";
@ -469,22 +496,26 @@ in
extraGroups = [ "media" ]; extraGroups = [ "media" ];
}; };
systemd.services.readarr.preStart = shblib.replaceSecrets { systemd.services.readarr.preStart = shblib.replaceSecrets {
userConfig = cfg.readarr.settings; userConfig = cfg'.settings;
resultPath = "${config.services.readarr.dataDir}/config.xml"; resultPath = "${config.services.readarr.dataDir}/config.xml";
generator = apps.readarr.settingsFormat.generate; generator = apps.readarr.settingsFormat.generate;
}; };
shb.nginx.autheliaProtect = [ (autheliaProtect {} config.shb.arr.readarr) ]; shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ];
shb.backup.instances.readarr = cfg.readarr.backupCfg // { shb.backup.instances.readarr = cfg'.backupCfg // {
sourceDirectories = [ sourceDirectories = [
config.shb.arr.readarr.dataDir cfg'.dataDir
]; ];
excludePatterns = [".db-shm" ".db-wal" ".mono"]; excludePatterns = [".db-shm" ".db-wal" ".mono"];
}; };
} // backup "readarr")) } // backup "readarr"))
(lib.mkIf cfg.lidarr.enable ({ (lib.mkIf cfg.lidarr.enable (
let
cfg' = cfg.lidarr;
in
{
services.lidarr = { services.lidarr = {
enable = true; enable = true;
dataDir = "/var/lib/lidarr"; dataDir = "/var/lib/lidarr";
@ -493,22 +524,26 @@ in
extraGroups = [ "media" ]; extraGroups = [ "media" ];
}; };
systemd.services.lidarr.preStart = shblib.replaceSecrets { systemd.services.lidarr.preStart = shblib.replaceSecrets {
userConfig = cfg.lidarr.settings; userConfig = cfg'.settings;
resultPath = "${config.services.lidarr.dataDir}/config.xml"; resultPath = "${config.services.lidarr.dataDir}/config.xml";
generator = apps.lidarr.settingsFormat.generate; generator = apps.lidarr.settingsFormat.generate;
}; };
shb.nginx.autheliaProtect = [ (autheliaProtect {} config.shb.arr.lidarr) ]; shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ];
shb.backup.instances.lidarr = cfg.lidarr.backupCfg // { shb.backup.instances.lidarr = cfg'.backupCfg // {
sourceDirectories = [ sourceDirectories = [
config.shb.arr.lidarr.dataDir cfg'.dataDir
]; ];
excludePatterns = [".db-shm" ".db-wal" ".mono"]; excludePatterns = [".db-shm" ".db-wal" ".mono"];
}; };
} // backup "lidarr")) } // backup "lidarr"))
(lib.mkIf cfg.jackett.enable ({ (lib.mkIf cfg.jackett.enable (
let
cfg' = cfg.jackett;
in
{
services.jackett = { services.jackett = {
enable = true; enable = true;
dataDir = "/var/lib/jackett"; dataDir = "/var/lib/jackett";
@ -517,18 +552,18 @@ in
extraGroups = [ "media" ]; extraGroups = [ "media" ];
}; };
systemd.services.jackett.preStart = shblib.replaceSecrets { systemd.services.jackett.preStart = shblib.replaceSecrets {
userConfig = cfg.jackett.settings; userConfig = cfg'.settings;
resultPath = "${config.services.jackett.dataDir}/config.xml"; resultPath = "${config.services.jackett.dataDir}/config.xml";
generator = apps.jackett.settingsFormat.generate; generator = apps.jackett.settingsFormat.generate;
}; };
shb.nginx.autheliaProtect = [ (autheliaProtect { shb.nginx.autheliaProtect = [ (autheliaProtect {
extraBypassResources = [ "^/dl.*" ]; extraBypassResources = [ "^/dl.*" ];
} config.shb.arr.jackett) ]; } cfg') ];
shb.backup.instances.jackett = cfg.jackett.backupCfg // { shb.backup.instances.jackett = cfg'.backupCfg // {
sourceDirectories = [ sourceDirectories = [
config.shb.arr.jackett.dataDir cfg'.dataDir
]; ];
excludePatterns = [".db-shm" ".db-wal" ".mono"]; excludePatterns = [".db-shm" ".db-wal" ".mono"];
}; };