Disable auth in arr suite if SSO is enabled (#221)
This commit is contained in:
parent
5179f7fc90
commit
b9db764a8b
1 changed files with 66 additions and 31 deletions
|
@ -382,7 +382,12 @@ in
|
||||||
options.shb.arr = lib.listToAttrs (lib.mapAttrsToList appOption apps);
|
options.shb.arr = lib.listToAttrs (lib.mapAttrsToList appOption apps);
|
||||||
|
|
||||||
config = lib.mkMerge ([
|
config = lib.mkMerge ([
|
||||||
(lib.mkIf cfg.radarr.enable ({
|
(lib.mkIf cfg.radarr.enable (
|
||||||
|
let
|
||||||
|
cfg' = cfg.radarr;
|
||||||
|
isSSOEnabled = !(isNull cfg'.authEndpoint);
|
||||||
|
in
|
||||||
|
{
|
||||||
services.nginx.enable = true;
|
services.nginx.enable = true;
|
||||||
|
|
||||||
services.radarr = {
|
services.radarr = {
|
||||||
|
@ -395,22 +400,31 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.radarr.preStart = shblib.replaceSecrets {
|
systemd.services.radarr.preStart = shblib.replaceSecrets {
|
||||||
userConfig = cfg.radarr.settings;
|
userConfig = cfg'.settings
|
||||||
|
// (lib.optionalAttrs isSSOEnabled {
|
||||||
|
AuthenticationRequired = "DisabledForLocalAddresses";
|
||||||
|
AuthenticationMethod = "External";
|
||||||
|
});
|
||||||
resultPath = "${config.services.radarr.dataDir}/config.xml";
|
resultPath = "${config.services.radarr.dataDir}/config.xml";
|
||||||
generator = apps.radarr.settingsFormat.generate;
|
generator = apps.radarr.settingsFormat.generate;
|
||||||
};
|
};
|
||||||
|
|
||||||
shb.nginx.autheliaProtect = [ (autheliaProtect {} config.shb.arr.radarr) ];
|
shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ];
|
||||||
|
|
||||||
shb.backup.instances.radarr = cfg.radarr.backupCfg // {
|
shb.backup.instances.radarr = cfg'.backupCfg // {
|
||||||
sourceDirectories = [
|
sourceDirectories = [
|
||||||
config.shb.arr.radarr.dataDir
|
cfg'.dataDir
|
||||||
];
|
];
|
||||||
excludePatterns = [".db-shm" ".db-wal" ".mono"];
|
excludePatterns = [".db-shm" ".db-wal" ".mono"];
|
||||||
};
|
};
|
||||||
} // backup "radarr"))
|
} // backup "radarr"))
|
||||||
|
|
||||||
(lib.mkIf cfg.sonarr.enable ({
|
(lib.mkIf cfg.sonarr.enable (
|
||||||
|
let
|
||||||
|
cfg' = cfg.sonarr;
|
||||||
|
isSSOEnabled = !(isNull cfg'.authEndpoint);
|
||||||
|
in
|
||||||
|
{
|
||||||
services.nginx.enable = true;
|
services.nginx.enable = true;
|
||||||
|
|
||||||
services.sonarr = {
|
services.sonarr = {
|
||||||
|
@ -420,47 +434,60 @@ in
|
||||||
users.users.sonarr = {
|
users.users.sonarr = {
|
||||||
extraGroups = [ "media" ];
|
extraGroups = [ "media" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.sonarr.preStart = shblib.replaceSecrets {
|
systemd.services.sonarr.preStart = shblib.replaceSecrets {
|
||||||
userConfig = cfg.sonarr.settings;
|
userConfig = cfg'.settings
|
||||||
|
// (lib.optionalAttrs isSSOEnabled {
|
||||||
|
AuthenticationRequired = "DisabledForLocalAddresses";
|
||||||
|
AuthenticationMethod = "External";
|
||||||
|
});
|
||||||
resultPath = "${config.services.sonarr.dataDir}/config.xml";
|
resultPath = "${config.services.sonarr.dataDir}/config.xml";
|
||||||
generator = apps.sonarr.settingsFormat.generate;
|
generator = apps.sonarr.settingsFormat.generate;
|
||||||
};
|
};
|
||||||
|
|
||||||
shb.nginx.autheliaProtect = [ (autheliaProtect {} config.shb.arr.sonarr) ];
|
shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ];
|
||||||
|
|
||||||
shb.backup.instances.sonarr = cfg.sonarr.backupCfg // {
|
shb.backup.instances.sonarr = cfg'.backupCfg // {
|
||||||
sourceDirectories = [
|
sourceDirectories = [
|
||||||
config.shb.arr.sonarr.dataDir
|
cfg'.dataDir
|
||||||
];
|
];
|
||||||
excludePatterns = [".db-shm" ".db-wal" ".mono"];
|
excludePatterns = [".db-shm" ".db-wal" ".mono"];
|
||||||
};
|
};
|
||||||
} // backup "sonarr"))
|
} // backup "sonarr"))
|
||||||
|
|
||||||
(lib.mkIf cfg.bazarr.enable ({
|
(lib.mkIf cfg.bazarr.enable (
|
||||||
|
let
|
||||||
|
cfg' = cfg.bazarr;
|
||||||
|
in
|
||||||
|
{
|
||||||
services.bazarr = {
|
services.bazarr = {
|
||||||
enable = true;
|
enable = true;
|
||||||
listenPort = cfg.bazarr.settings.Port;
|
listenPort = cfg'.settings.Port;
|
||||||
};
|
};
|
||||||
users.users.bazarr = {
|
users.users.bazarr = {
|
||||||
extraGroups = [ "media" ];
|
extraGroups = [ "media" ];
|
||||||
};
|
};
|
||||||
systemd.services.bazarr.preStart = shblib.replaceSecrets {
|
systemd.services.bazarr.preStart = shblib.replaceSecrets {
|
||||||
userConfig = cfg.bazarr.settings;
|
userConfig = cfg'.settings;
|
||||||
resultPath = "/var/lib/${config.systemd.services.bazarr.serviceConfig.StateDirectory}/config.xml";
|
resultPath = "/var/lib/${config.systemd.services.bazarr.serviceConfig.StateDirectory}/config.xml";
|
||||||
generator = apps.bazarr.settingsFormat.generate;
|
generator = apps.bazarr.settingsFormat.generate;
|
||||||
};
|
};
|
||||||
|
|
||||||
shb.nginx.autheliaProtect = [ (autheliaProtect {} config.shb.arr.bazarr) ];
|
shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ];
|
||||||
|
|
||||||
shb.backup.instances.bazarr = cfg.bazarr.backupCfg // {
|
shb.backup.instances.bazarr = cfg'.backupCfg // {
|
||||||
sourceDirectories = [
|
sourceDirectories = [
|
||||||
config.shb.arr.bazarr.dataDir
|
cfg'.dataDir
|
||||||
];
|
];
|
||||||
excludePatterns = [".db-shm" ".db-wal" ".mono"];
|
excludePatterns = [".db-shm" ".db-wal" ".mono"];
|
||||||
};
|
};
|
||||||
} // backup "bazarr"))
|
} // backup "bazarr"))
|
||||||
|
|
||||||
(lib.mkIf cfg.readarr.enable ({
|
(lib.mkIf cfg.readarr.enable (
|
||||||
|
let
|
||||||
|
cfg' = cfg.readarr;
|
||||||
|
in
|
||||||
|
{
|
||||||
services.readarr = {
|
services.readarr = {
|
||||||
enable = true;
|
enable = true;
|
||||||
dataDir = "/var/lib/readarr";
|
dataDir = "/var/lib/readarr";
|
||||||
|
@ -469,22 +496,26 @@ in
|
||||||
extraGroups = [ "media" ];
|
extraGroups = [ "media" ];
|
||||||
};
|
};
|
||||||
systemd.services.readarr.preStart = shblib.replaceSecrets {
|
systemd.services.readarr.preStart = shblib.replaceSecrets {
|
||||||
userConfig = cfg.readarr.settings;
|
userConfig = cfg'.settings;
|
||||||
resultPath = "${config.services.readarr.dataDir}/config.xml";
|
resultPath = "${config.services.readarr.dataDir}/config.xml";
|
||||||
generator = apps.readarr.settingsFormat.generate;
|
generator = apps.readarr.settingsFormat.generate;
|
||||||
};
|
};
|
||||||
|
|
||||||
shb.nginx.autheliaProtect = [ (autheliaProtect {} config.shb.arr.readarr) ];
|
shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ];
|
||||||
|
|
||||||
shb.backup.instances.readarr = cfg.readarr.backupCfg // {
|
shb.backup.instances.readarr = cfg'.backupCfg // {
|
||||||
sourceDirectories = [
|
sourceDirectories = [
|
||||||
config.shb.arr.readarr.dataDir
|
cfg'.dataDir
|
||||||
];
|
];
|
||||||
excludePatterns = [".db-shm" ".db-wal" ".mono"];
|
excludePatterns = [".db-shm" ".db-wal" ".mono"];
|
||||||
};
|
};
|
||||||
} // backup "readarr"))
|
} // backup "readarr"))
|
||||||
|
|
||||||
(lib.mkIf cfg.lidarr.enable ({
|
(lib.mkIf cfg.lidarr.enable (
|
||||||
|
let
|
||||||
|
cfg' = cfg.lidarr;
|
||||||
|
in
|
||||||
|
{
|
||||||
services.lidarr = {
|
services.lidarr = {
|
||||||
enable = true;
|
enable = true;
|
||||||
dataDir = "/var/lib/lidarr";
|
dataDir = "/var/lib/lidarr";
|
||||||
|
@ -493,22 +524,26 @@ in
|
||||||
extraGroups = [ "media" ];
|
extraGroups = [ "media" ];
|
||||||
};
|
};
|
||||||
systemd.services.lidarr.preStart = shblib.replaceSecrets {
|
systemd.services.lidarr.preStart = shblib.replaceSecrets {
|
||||||
userConfig = cfg.lidarr.settings;
|
userConfig = cfg'.settings;
|
||||||
resultPath = "${config.services.lidarr.dataDir}/config.xml";
|
resultPath = "${config.services.lidarr.dataDir}/config.xml";
|
||||||
generator = apps.lidarr.settingsFormat.generate;
|
generator = apps.lidarr.settingsFormat.generate;
|
||||||
};
|
};
|
||||||
|
|
||||||
shb.nginx.autheliaProtect = [ (autheliaProtect {} config.shb.arr.lidarr) ];
|
shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ];
|
||||||
|
|
||||||
shb.backup.instances.lidarr = cfg.lidarr.backupCfg // {
|
shb.backup.instances.lidarr = cfg'.backupCfg // {
|
||||||
sourceDirectories = [
|
sourceDirectories = [
|
||||||
config.shb.arr.lidarr.dataDir
|
cfg'.dataDir
|
||||||
];
|
];
|
||||||
excludePatterns = [".db-shm" ".db-wal" ".mono"];
|
excludePatterns = [".db-shm" ".db-wal" ".mono"];
|
||||||
};
|
};
|
||||||
} // backup "lidarr"))
|
} // backup "lidarr"))
|
||||||
|
|
||||||
(lib.mkIf cfg.jackett.enable ({
|
(lib.mkIf cfg.jackett.enable (
|
||||||
|
let
|
||||||
|
cfg' = cfg.jackett;
|
||||||
|
in
|
||||||
|
{
|
||||||
services.jackett = {
|
services.jackett = {
|
||||||
enable = true;
|
enable = true;
|
||||||
dataDir = "/var/lib/jackett";
|
dataDir = "/var/lib/jackett";
|
||||||
|
@ -517,18 +552,18 @@ in
|
||||||
extraGroups = [ "media" ];
|
extraGroups = [ "media" ];
|
||||||
};
|
};
|
||||||
systemd.services.jackett.preStart = shblib.replaceSecrets {
|
systemd.services.jackett.preStart = shblib.replaceSecrets {
|
||||||
userConfig = cfg.jackett.settings;
|
userConfig = cfg'.settings;
|
||||||
resultPath = "${config.services.jackett.dataDir}/config.xml";
|
resultPath = "${config.services.jackett.dataDir}/config.xml";
|
||||||
generator = apps.jackett.settingsFormat.generate;
|
generator = apps.jackett.settingsFormat.generate;
|
||||||
};
|
};
|
||||||
|
|
||||||
shb.nginx.autheliaProtect = [ (autheliaProtect {
|
shb.nginx.autheliaProtect = [ (autheliaProtect {
|
||||||
extraBypassResources = [ "^/dl.*" ];
|
extraBypassResources = [ "^/dl.*" ];
|
||||||
} config.shb.arr.jackett) ];
|
} cfg') ];
|
||||||
|
|
||||||
shb.backup.instances.jackett = cfg.jackett.backupCfg // {
|
shb.backup.instances.jackett = cfg'.backupCfg // {
|
||||||
sourceDirectories = [
|
sourceDirectories = [
|
||||||
config.shb.arr.jackett.dataDir
|
cfg'.dataDir
|
||||||
];
|
];
|
||||||
excludePatterns = [".db-shm" ".db-wal" ".mono"];
|
excludePatterns = [".db-shm" ".db-wal" ".mono"];
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue