hosting/selfhostblocks
1
0
Fork 0
Code Issues Activity

fix backup and authelia rules for arr suite

Browse source
This commit is contained in:
ibizaman 2023-09-26 20:13:08 -07:00
parent fda0daf6d3
commit e2b69a36f7
3 changed files with 91 additions and 60 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
modules/arr.nix
View file

@ -63,18 +63,25 @@ in
{ {
options.shb.arr = lib.listToAttrs (lib.mapAttrsToList appOption apps); options.shb.arr = lib.listToAttrs (lib.mapAttrsToList appOption apps);
config = { config = lib.mkMerge ([
{
# Listens on port 7878 # Listens on port 7878
services.radarr = lib.mkIf cfg.radarr.enable { services.radarr = lib.mkIf cfg.radarr.enable {
enable = true; enable = true;
dataDir = "/var/lib/radarr"; dataDir = "/var/lib/radarr";
}; };
users.users.radarr = {
extraGroups = [ "media" ];
};
# Listens on port 8989 # Listens on port 8989
services.sonarr = lib.mkIf cfg.sonarr.enable { services.sonarr = lib.mkIf cfg.sonarr.enable {
enable = true; enable = true;
dataDir = "/var/lib/sonarr"; dataDir = "/var/lib/sonarr";
}; };
users.users.sonarr = {
extraGroups = [ "media" ];
};
services.bazarr = lib.mkIf cfg.bazarr.enable { services.bazarr = lib.mkIf cfg.bazarr.enable {
enable = true; enable = true;
@ -102,11 +109,20 @@ in
{ {
inherit (c) subdomain domain oidcEndpoint; inherit (c) subdomain domain oidcEndpoint;
upstream = "http://127.0.0.1:${toString c.port}"; upstream = "http://127.0.0.1:${toString c.port}";
autheliaRule = { autheliaRules = [
{
domain = "${c.subdomain}.${c.domain}";
policy = "bypass";
resources = [
"^/api.*"
];
}
{
domain = "${c.subdomain}.${c.domain}"; domain = "${c.subdomain}.${c.domain}";
policy = "two_factor"; policy = "two_factor";
subject = ["group:arr_user"]; subject = ["group:arr_user"];
}; }
];
}; };
in in
lib.mapAttrsToList appProtectConfig apps; lib.mapAttrsToList appProtectConfig apps;
@ -118,9 +134,24 @@ in
sourceDirectories = [ sourceDirectories = [
config.shb.arr.${name}.dataDir config.shb.arr.${name}.dataDir
]; ];
excludePatterns = [".db-shm" ".db-wal" ".mono"];
}; };
}; };
in in
lib.mkMerge (lib.mapAttrsToList backupConfig apps); lib.mkMerge (lib.mapAttrsToList backupConfig apps);
}
] ++ map (name: {
systemd.tmpfiles.rules = lib.mkIf (lib.hasAttr "dataDir" config.services.${name}) [
"d '${config.services.${name}.dataDir}' 0750 ${config.services.${name}.user} ${config.services.${name}.group} - -"
];
users.groups.${name} = {
members = [ "backup" ];
}; };
systemd.services.${name}.serviceConfig = {
# Setup permissions needed for backups, as the backup user is member of the jellyfin group.
UMask = lib.mkForce "0027";
StateDirectoryMode = lib.mkForce "0750";
};
}) (lib.attrNames apps));
} }

4
modules/deluge.nix
View file

@ -114,11 +114,11 @@ in
{ {
inherit (cfg) subdomain domain oidcEndpoint; inherit (cfg) subdomain domain oidcEndpoint;
upstream = "http://127.0.0.1:${toString config.services.deluge.web.port}"; upstream = "http://127.0.0.1:${toString config.services.deluge.web.port}";
autheliaRule = { autheliaRules = [{
domain = fqdn; domain = fqdn;
policy = "two_factor"; policy = "two_factor";
subject = ["group:deluge_user"]; subject = ["group:deluge_user"];
}; }];
} }
]; ];

12
modules/nginx.nix
View file

@ -31,13 +31,13 @@ let
example = "http://127.0.0.1:1234"; example = "http://127.0.0.1:1234";
}; };
autheliaRule = lib.mkOption { autheliaRules = lib.mkOption {
type = lib.types.attrsOf lib.types.anything; type = lib.types.listOf (lib.types.attrsOf lib.types.anything);
description = "Authelia rule configuration"; description = "Authelia rule configuration";
example = lib.literalExpression ''{ example = lib.literalExpression ''[{
policy = "two_factor"; policy = "two_factor";
subject = ["group:service_user"]; subject = ["group:service_user"];
}''; }]'';
}; };
}; };
}; };
@ -173,8 +173,8 @@ in
shb.authelia.rules = shb.authelia.rules =
let let
authConfig = c: c.autheliaRule // { domain = fqdn c; }; authConfig = c: map (r: r // { domain = fqdn c; }) c.autheliaRules;
in in
map authConfig cfg.autheliaProtect; lib.flatten (map authConfig cfg.autheliaProtect);
}; };
} }