Skip to content

Commit

Permalink
Updated docs
Browse files Browse the repository at this point in the history
  • Loading branch information
rasmus-kirk committed Aug 8, 2024
1 parent dd769cc commit 6eefc2c
Show file tree
Hide file tree
Showing 17 changed files with 147 additions and 145 deletions.
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -108,8 +108,8 @@ forwarding. I suggest [AirVpn](https://airvpn.org/), since they support
static port forwarding, support wg-quick configurations and accept Monero,
but you can use whatever you want.

**Notice:** There is [an open](https://github.com/rasmus-kirk/nixarr/issues/27)
issue regarding the DNS servers of AirVPN.
> **Notice:** There is [an open](https://github.com/rasmus-kirk/nixarr/issues/27)
> issue regarding the DNS servers of AirVPN.
## Domain Registrars

Expand Down
2 changes: 1 addition & 1 deletion docs/wiki/examples/example-2/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ example does the following:
outside your home network
- Runs all the supported "*Arrs"

**Warning:** This is largely untested ATM!
> **Warning:** This is largely untested ATM!
```nix {.numberLines}
nixarr = {
Expand Down
2 changes: 1 addition & 1 deletion docs/wiki/expose/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ up, of your server. This lets you access the services on `localhost:6001`
through `localhost:6007`. [Example 2](/wiki/examples/example-2) has an
example configuration for this.

**Warning:** Disable password authentication if you use SSH, it's insecure!
> **Warning:** Disable password authentication if you use SSH, it's insecure!
## Without Authentication

Expand Down
10 changes: 5 additions & 5 deletions docs/wiki/secrets/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ config in `/nix/store` somewhere (_Not good!_). The way to solve this is to
keep your secrets in files and pass these to nix. Below, I will present two
ways of accomplishing this.

**Warning:** Do _not_ let secrets live in your configuration directory either!
> **Warning:** Do _not_ let secrets live in your configuration directory either!
## The simple way

Expand Down Expand Up @@ -37,10 +37,10 @@ And set the accompanying Nixarr option:
};
```

**Note:** This is "impure", meaning that since the file is not part of the nix
store, a nixos rollback will not restore a previous secret (not a big problem
if the secrets are not changed often). This also means you have to rebuild Nixos
using the `--impure` flag set.
> **Note:** This is "impure", meaning that since the file is not part of the nix
> store, a nixos rollback will not restore a previous secret (not a big problem
> if the secrets are not changed often). This also means you have to rebuild Nixos
> using the `--impure` flag set.
## Agenix - A Path to Purity

Expand Down
4 changes: 2 additions & 2 deletions docs/wiki/vpn/uncovered-services/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,8 @@ through a VPN, then you could use the following configuration:
};
```

**Note:** that the submodule supports more namespaces than just one, but Nixarr
uses the name `wg`, so you should use that too.
> **Note:** that the submodule supports more namespaces than just one, but Nixarr
> uses the name `wg`, so you should use that too.
Services running over the VPN will have address `192.168.15.1` instead of
`127.0.0.1`. For more options and information on the VPN-submodule, check out
Expand Down
16 changes: 8 additions & 8 deletions nixarr/bazarr/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -31,14 +31,14 @@ in {
description = ''
The location of the state directory for the Bazarr service.
**Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example:
```nix
stateDir = /home/user/nixarr/.state/bazarr
```
Is not supported, because `/home/user` is owned by `user`.
> **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example:
>
> ```nix
> stateDir = /home/user/nixarr/.state/bazarr
> ```
>
> Is not supported, because `/home/user` is owned by `user`.
'';
};

Expand Down
4 changes: 2 additions & 2 deletions nixarr/ddns/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -54,8 +54,8 @@ in {
the public ip of your VPN. Useful if you're running services
over VPN and want a domain that points to the corresponding ip.
**Note:** You can enable both this and the regular njalla DDNS
service.
> **Note:** You can enable both this and the regular njalla DDNS
> service.
'';
};

Expand Down
12 changes: 6 additions & 6 deletions nixarr/jellyfin/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,8 @@ in
description = ''
The location of the state directory for the Jellyfin service.
**Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example:
> **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example:
```nix
stateDir = /home/user/nixarr/.state/jellyfin
Expand Down Expand Up @@ -76,8 +76,8 @@ in
Expose the Jellyfin web service to the internet, allowing anyone to
access it.
**Warning:** Do _not_ enable this without setting up Jellyfin
authentication through localhost first!
> **Warning:** Do _not_ enable this without setting up Jellyfin
> authentication through localhost first!
'';
};

Expand Down Expand Up @@ -117,8 +117,8 @@ in
Expose the Jellyfin web service to the internet with https support,
allowing anyone to access it.
**Warning:** Do _not_ enable this without setting up Jellyfin
authentication through localhost first!
> **Warning:** Do _not_ enable this without setting up Jellyfin
> authentication through localhost first!
'';
};

Expand Down
16 changes: 8 additions & 8 deletions nixarr/lidarr/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -28,14 +28,14 @@ in {
description = ''
The location of the state directory for the Lidarr service.
**Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example:
```nix
stateDir = /home/user/nixarr/.state/lidarr
```
Is not supported, because `/home/user` is owned by `user`.
> **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example:
>
> ```nix
> stateDir = /home/user/nixarr/.state/lidarr
> ```
>
> Is not supported, because `/home/user` is owned by `user`.
'';
};

Expand Down
32 changes: 16 additions & 16 deletions nixarr/nixarr.nix
Original file line number Diff line number Diff line change
Expand Up @@ -132,14 +132,14 @@ in {
description = ''
The location of the media directory for the services.
**Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example:
```nix
mediaDir = /home/user/nixarr
```
Is not supported, because `/home/user` is owned by `user`.
> **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example:
>
> ```nix
> mediaDir = /home/user/nixarr
> ```
>
> Is not supported, because `/home/user` is owned by `user`.
'';
};

Expand All @@ -150,14 +150,14 @@ in {
description = ''
The location of the state directory for the services.
**Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example:
```nix
stateDir = /home/user/nixarr/.state
```
Is not supported, because `/home/user` is owned by `user`.
> **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example:
>
> ```nix
> stateDir = /home/user/nixarr/.state
> ```
>
> Is not supported, because `/home/user` is owned by `user`.
'';
};

Expand Down
44 changes: 22 additions & 22 deletions nixarr/openssh/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -18,29 +18,29 @@ in {
Run the openssh service through a vpn, exposing it to the internet.
**Warning:** This lets anyone on the internet connect through SSH,
make sure the SSH configuration is secure! Disallowing password
authentication and only allowing SSH-keys is considered secure.
> **Warning:** This lets anyone on the internet connect through SSH,
> make sure the SSH configuration is secure! Disallowing password
> authentication and only allowing SSH-keys is considered secure.
**Note:** This option does _not_ enable the SSHD service you still
need to setup sshd in your nixos configuration, fx:
```nix
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
# Get this port from your VPN provider
ports [ 12345 ];
};
users.extraUsers.username.openssh.authorizedKeys.keyFiles = [
./path/to/public/key/machine.pub
];
```
Then replace `username` with your username and the `keyFiles` path to a
ssh public key file from the machine that you want to have access. Don't
use password authentication as it is insecure!
> **Note:** This option does _not_ enable the SSHD service you still
> need to setup sshd in your nixos configuration, fx:
>
> ```nix
> services.openssh = {
> enable = true;
> settings.PasswordAuthentication = false;
> # Get this port from your VPN provider
> ports [ 12345 ];
> };
>
> users.extraUsers.username.openssh.authorizedKeys.keyFiles = [
> ./path/to/public/key/machine.pub
> ];
> ```
>
> Then replace `username` with your username and the `keyFiles` path to a
> ssh public key file from the machine that you want to have access. Don't
> use password authentication as it is insecure!
'';
};

Expand Down
16 changes: 8 additions & 8 deletions nixarr/prowlarr/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -33,14 +33,14 @@ in {
description = ''
The location of the state directory for the Prowlarr service.
**Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example:
```nix
stateDir = /home/user/nixarr/.state/prowlarr
```
Is not supported, because `/home/user` is owned by `user`.
> **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example:
>
> ```nix
> stateDir = /home/user/nixarr/.state/prowlarr
> ```
>
> Is not supported, because `/home/user` is owned by `user`.
'';
};

Expand Down
16 changes: 8 additions & 8 deletions nixarr/radarr/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -29,14 +29,14 @@ in {
description = ''
The location of the state directory for the Radarr service.
**Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example:
```nix
stateDir = /home/user/nixarr/.state/radarr
```
Is not supported, because `/home/user` is owned by `user`.
> **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example:
>
> ```nix
> stateDir = /home/user/nixarr/.state/radarr
> ```
>
> Is not supported, because `/home/user` is owned by `user`.
'';
};

Expand Down
16 changes: 8 additions & 8 deletions nixarr/readarr/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -27,14 +27,14 @@ in {
description = ''
The location of the state directory for the Readarr service.
**Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example:
```nix
stateDir = /home/user/nixarr/.state/readarr
```
Is not supported, because `/home/user` is owned by `user`.
> **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example:
>
> ```nix
> stateDir = /home/user/nixarr/.state/readarr
> ```
>
> Is not supported, because `/home/user` is owned by `user`.
'';
};

Expand Down
50 changes: 26 additions & 24 deletions nixarr/sabnzbd/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -19,14 +19,14 @@ in {
description = ''
The location of the state directory for the SABnzbd service.
**Warning:** Setting this to any path, where the subpath is not
owned by root, will fail! For example:
```nix
stateDir = /home/user/nixarr/.state/sabnzbd
```
Is not supported, because `/home/user` is owned by `user`.
> **Warning:** Setting this to any path, where the subpath is not
> owned by root, will fail! For example:
>
> ```nix
> stateDir = /home/user/nixarr/.state/sabnzbd
> ```
>
> Is not supported, because `/home/user` is owned by `user`.
'';
};

Expand All @@ -41,7 +41,7 @@ in {

openFirewall = mkOption {
type = types.bool;
defaultText = literalExpression ''!nixarr.SABnzbd.vpn.enable'';
defaultText = literalExpression ''!nixarr.sabnzbd.vpn.enable'';
default = !cfg.vpn.enable;
example = true;
description = "Open firewall for SABnzbd";
Expand All @@ -50,29 +50,31 @@ in {
whitelistHostnames = mkOption {
type = types.listOf types.str;
default = [config.networking.hostName];
defaultText = "[ config.networking.hostName ]";
example = ''[ "mediaserv" "media.example.com" ]'';
defaultText = literalExpression ''[ config.networking.hostName ]'';
example = literalExpression ''[ "mediaserv" "media.example.com" ]'';
description = ''
A list that specifies what URLs that are allowed to represent your
SABnzbd instance. If you see an error message like this when
trying to connect to SABnzbd from another device...
```
Refused connection with hostname "your.hostname.com"
```
...then you should add your hostname(s) to this list.
SABnzbd only allows connections matching these URLs in order to prevent
DNS hijacking. See <https://sabnzbd.org/wiki/extra/hostname-check.html>
for more info.
SABnzbd instance.
> **Note:** If you see an error message like this when trying to connect to
> SABnzbd from another device:
>
> ```
> Refused connection with hostname "your.hostname.com"
> ```
>
> Then you should add your hostname ("`hostname.com`" above) to
> this list.
>
> SABnzbd only allows connections matching these URLs in order to prevent
> DNS hijacking. See <https://sabnzbd.org/wiki/extra/hostname-check.html>
> for more info.
'';
};

whitelistRanges = mkOption {
type = types.listOf types.str;
default = [];
defaultText = "[ ]";
example = ''[ "192.168.1.0/24" "10.0.0.0/23" ]'';
description = ''
A list of IP ranges that will be allowed to connect to SABnzbd's
Expand Down
Loading

0 comments on commit 6eefc2c

Please sign in to comment.