rasmus-kirk / nixarr Goto Github PK
View Code? Open in Web Editor NEWThe Media Server Nixos Module
Home Page: https://nixarr.rasmuskirk.com/
License: GNU General Public License v3.0
The Media Server Nixos Module
Home Page: https://nixarr.rasmuskirk.com/
License: GNU General Public License v3.0
Would be nice to support a few DDNS sites
The import of Maroka's VPN submodule broke the documentation, since nixarr/default.nix
is now a function, not a module
systemd-tmpfiles
is busting my balls, need to do some testing/research to figure out what to do.
I have updated the documentation describing the issue.
Tempoary fix: Don't set mediaDir
and stateDir
to home! If in doubt, just don't set them at all, that works perfectly fine ATM
So far, DNS seems safe, the vpn-test-service
seems to work, but it would be nice to have the firewall catch and block requests to unsafe DNS servers (any ips not set in the wg.conf).
Any fix should be upstream: Maroka-chan/VPN-Confinement#4
Using buildarr would allow setup services to integrate with each other upon
activation with no user input, definitely nice.
Doesn't have support for all the *Arrs, not even the upcoming SonarrV4, and it hasn't been updated for some months.
Needs to be added to nixpkgs, not too hard, but is not worth it if the
project is abandoned.
In the ideal case, buildarr would run only once after initial build to
avoid overwriting user configuration. Otherwise overwriting should be okay,
as the buildarr configuration is designed to be lean. I would possibly also
like to expose the buildarr configuration using extraSettings
, but the
setup is the main desired feature here.
Shouldn't be hard to fix, just haven't had the time to look at this yet. Just start the wg.service
and restart VPN-proxied services, for the moment.
Will allow users to host services (jellyfin only atm, the others are sketchy to expose at all). Something like jellyfin.vpn.exposeWebOnPort
with type port
Prevent DNS leaks without using containerization, as is currently done. No
idea how this could be done, but would simplify things a lot.
The VPN submodule is very messy. Clean it up.
Currently, there is very little error handling on "obvious" invalid configurations. For example if nixarr.vpn.enable
is set and nixarr.vpn.wgConf
is unset, a clear error message should be shown to the user.
Is your feature request related to a problem? Please describe.
Certain VPNs, in my case Private Internet Access, randomly choose the port forwarded everytime you connect. It would be cool if there was some way to automatically configure a service (at least transmission) and open the port in the firewall to use this port upon connection.
Describe the solution you'd like
I doubt the port could be written into the configuration file at runtime. I am not sure if transmission provides a method of changing the port while it is running (with the rest of the configuration file being untouched).
Describe alternatives you've considered
None
Additional context
Private internet access provides custom scripts which set up wg-quick configs. You must leave the script running to keep the forwarded port active. See here: https://github.com/pia-foss/manual-connections
There is no firewall for the services running in the VPN-namespace. I would expect something where all ports are blocked, except those where it is explicitly opened.
Is your feature request related to a problem? Please describe.
I would like to use this single solution to manage my media server, but since I am not a torrent but a usenet user, I need to configure additional packages within nix.
Describe the solution you'd like
Since the transmission module is already part of this module, an option for usenet users would be appreciated. I'm not opinionated on any particular downloader, but there are options like sabnzbd or nzbget
Describe alternatives you've considered
Additional context
It would be nice to add a wiki to the site that answers most questions of new users. This is postponed until there are enough early users, so that I can grasp what people struggle with.
Some ideas:
wg.conf
file from VPN providerThe Transmission submodule doesn't have an RPC-whitelist enabled by default, as this breaks ssh-tunneling for some reason. This is considered a bug, as I would really like for both to work.
If you don't use SSH-tunneling, and you want the extra security, a tempoary workaround is to set nixarr.transmission.extraSettings
to:
nixarr.transmission.extraSettings = {
rpc-whitelist-enabled = false;
rpc-whitelist = "192.168.15.1,127.0.0.1,192.168.1.*,192.168.0.*";
Replace with your allowed IP's. The 192.168.15.1
IP is the VPN-namespace.
The state of all services must be handled in a simple centralized location. This already works for most usecases.
services.transmission.dataDir
is set.b2ff3bb
If I build with the wgConf
set and without the --impure
flag for nixos-rebuild
I get the following error:
error: access to absolute path '/run/agenix/airvpn-wg' is forbidden in pure eval mode (use '--impure' to override)
Hard to do without fixing #1
A common usecase is to allow SSH access to the server from remote locations, an easy way to do this, if you're already running a VPN anyways is to simply run the sshd service through the VPN and port forward through your VPN provider. Something like:
nixarr.sshd.vpn.enable = true;
Is your feature request related to a problem? Please describe.
Not a problem, but a convenience.
Describe the solution you'd like
nixarr.jellyseerr.enable = true;
# other networking options
Describe alternatives you've considered
Overseerr, but it's not as well integrated with Jellyfin.
Additional context
It's a popular addition to Jellyfin.
Create support for the cross-seed service.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.