nixos/modules/services/misc/autobrr.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / misc / autobrr.nix
at 25.11-pre 2.4 kB view raw
 1{
 2  config,
 3  pkgs,
 4  lib,
 5  ...
 6}:
 7
 8let
 9  cfg = config.services.autobrr;
10  configFormat = pkgs.formats.toml { };
11  configTemplate = configFormat.generate "autobrr.toml" cfg.settings;
12  templaterCmd = ''${lib.getExe pkgs.dasel} put -f '${configTemplate}' -v "$(${config.systemd.package}/bin/systemd-creds cat sessionSecret)" -o %S/autobrr/config.toml "sessionSecret"'';
13in
14{
15  options = {
16    services.autobrr = {
17      enable = lib.mkEnableOption "Autobrr";
18
19      openFirewall = lib.mkOption {
20        type = lib.types.bool;
21        default = false;
22        description = "Open ports in the firewall for the Autobrr web interface.";
23      };
24
25      secretFile = lib.mkOption {
26        type = lib.types.path;
27        description = "File containing the session secret for the Autobrr web interface.";
28      };
29
30      settings = lib.mkOption {
31        type = lib.types.submodule { freeformType = configFormat.type; };
32        default = {
33          host = "127.0.0.1";
34          port = 7474;
35          checkForUpdates = true;
36        };
37        example = {
38          logLevel = "DEBUG";
39        };
40        description = ''
41          Autobrr configuration options.
42
43          Refer to <https://autobrr.com/configuration/autobrr>
44          for a full list.
45        '';
46      };
47
48      package = lib.mkPackageOption pkgs "autobrr" { };
49    };
50  };
51
52  config = lib.mkIf cfg.enable {
53    assertions = [
54      {
55        assertion = !(cfg.settings ? sessionSecret);
56        message = ''
57          Session secrets should not be passed via settings, as
58          these are stored in the world-readable nix store.
59
60          Use the secretFile option instead.'';
61      }
62    ];
63
64    systemd.services.autobrr = {
65      description = "Autobrr";
66      after = [
67        "syslog.target"
68        "network-online.target"
69      ];
70      wants = [ "network-online.target" ];
71      wantedBy = [ "multi-user.target" ];
72
73      serviceConfig = {
74        Type = "simple";
75        DynamicUser = true;
76        LoadCredential = "sessionSecret:${cfg.secretFile}";
77        StateDirectory = "autobrr";
78        ExecStartPre = "${lib.getExe pkgs.bash} -c '${templaterCmd}'";
79        ExecStart = "${lib.getExe cfg.package} --config %S/autobrr";
80        Restart = "on-failure";
81      };
82    };
83
84    networking.firewall = lib.mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.settings.port ]; };
85  };
86}