From 5fe4d29ce162a88f32962c05aca2b27ab854c865 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= Date: Thu, 15 May 2025 12:25:14 +0200 Subject: [PATCH 1/4] Add prometheus exporter for nixarr --- flake.nix | 17 ++++++++ secrets.nix | 4 ++ secrets/nixarr-bazarr-apiKeyFile.age | 13 +++++++ secrets/nixarr-prowlarr-apiKeyFile.age | 12 ++++++ secrets/nixarr-radarr-apiKeyFile.age | 12 ++++++ secrets/nixarr-sonarr-apiKeyFile.age | 13 +++++++ services/nixarr/default.nix | 54 +++++++++++++++++++++++++- 7 files changed, 124 insertions(+), 1 deletion(-) create mode 100644 secrets/nixarr-bazarr-apiKeyFile.age create mode 100644 secrets/nixarr-prowlarr-apiKeyFile.age create mode 100644 secrets/nixarr-radarr-apiKeyFile.age create mode 100644 secrets/nixarr-sonarr-apiKeyFile.age diff --git a/flake.nix b/flake.nix index 07d1005..d911b62 100644 --- a/flake.nix +++ b/flake.nix @@ -136,6 +136,23 @@ } ]; }; + nixarr = nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { inherit inputs; }; + modules = [ + agenix.nixosModules.default + crowdsec.nixosModules.crowdsec-firewall-bouncer + "${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-image.nix" + "${inputs.self}/systems/minimalVMConfig.nix" + "${inputs.self}/services" + "${inputs.self}/modules" + { + services.vm_nixarr = { + enable = true; + }; + } + ]; + }; redis = nixpkgs.lib.nixosSystem { inherit system; specialArgs = { inherit inputs; }; diff --git a/secrets.nix b/secrets.nix index 5c8f1d6..f774c4c 100644 --- a/secrets.nix +++ b/secrets.nix @@ -47,4 +47,8 @@ in { "secrets/docker-lapi-key.age".publicKeys = [tbarnouin qbittorrent-vpn]; "secrets/nixarr-lapi-key.age".publicKeys = [tbarnouin nixarr]; + "secrets/nixarr-radarr-apiKeyFile.age".publicKeys = [tbarnouin nixarr]; + "secrets/nixarr-prowlarr-apiKeyFile.age".publicKeys = [tbarnouin nixarr]; + "secrets/nixarr-sonarr-apiKeyFile.age".publicKeys = [tbarnouin nixarr]; + "secrets/nixarr-bazarr-apiKeyFile.age".publicKeys = [tbarnouin nixarr]; } diff --git a/secrets/nixarr-bazarr-apiKeyFile.age b/secrets/nixarr-bazarr-apiKeyFile.age new file mode 100644 index 0000000..9b2c19a --- /dev/null +++ b/secrets/nixarr-bazarr-apiKeyFile.age @@ -0,0 +1,13 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBlKyty +ZFB3cFBMb01vanh0UFFMT0ZNa0pZOWN6dEtQNTRYYWQrVVk3ZVdZCjZWVnlmY0Jw +Ym45TjhLbTJjQlNzaGYrTEZ2QS90YWN4RGRnTGJkYTZQODgKLT4gc3NoLWVkMjU1 +MTkgSEdqU05RIEZWVDVjMkJVUmFFVS8yOU9tUHlvYjlxdzEwNXFWVGVnV0JsZ3JY +VjFFWEUKZG1iK0V4M2l3VklHcEk1NlNqU0dXdW5HeS9wK29ZWEIwZ3ZkaEY4aWVR +ZwotPiBafE0hRGhpLWdyZWFzZSBjX3k1TWMtJyB4QGhhdUtrIDg4dlphNQpqTjFX +N2FDTHBzbXgxQURZc2k4R2hYSWtTLzZCRWg4YlNsR0ZiMzZ6YmVSR2JHd2JNcUZD +ZkJuNUV6ZEJwK2VKCjVMazArcTNKQ0RnZjJienY3OGgzSE9LRVJ1WmJMRjZNU0hV +ZTUrZWQ0YTMxWE9yRXRnCi0tLSBSZ0RyK1pZbnFjNmRZSy9GZzhxUU92NDlCbDV4 +K0xVVGk1VHlmTTY5SE5ZCpc/ePpwM5Np36Uo/Hc3eh7uff7eQlsvgPoxFb9gHM42 +tk54R+vRrW1GgnpRlTBaYReY5o3fLxYrUSQwc2nyJqxC +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/nixarr-prowlarr-apiKeyFile.age b/secrets/nixarr-prowlarr-apiKeyFile.age new file mode 100644 index 0000000..4230ac7 --- /dev/null +++ b/secrets/nixarr-prowlarr-apiKeyFile.age @@ -0,0 +1,12 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyA4MUh2 +K09FcTdoM0JMVnpMZlhwb3hST0lMVW1RSzgwMzZjamZyWHQ0cndrCnBzckV4WktQ +OHdXOUJxRmJ1eGZwaFBHa1JkZVoxOGI4L0IzQVFXcHFTRmcKLT4gc3NoLWVkMjU1 +MTkgSEdqU05RIGhsbzdTQzlrcW5ueXRpeHlkM003cTlMOTVvS2p0Rk4vL01rQldX +ZEZmeEkKWXNlQU1QK3lvdXJZNnJ5dWFLMy9TbzMvTExPVFE2UDNpTnRmbWJwNFpL +YwotPiAwO3h6az08LWdyZWFzZSBDQ24gImlDbi5AWyBAClE4eWpaOWV2bXdRanMx +THU2TVgwU09FYWxNVXVGNENaOVpldmd6SUdpNVBaanJVRGxuSUJ3aTIvcGhsdGla +M1QKSm9Hb3RsM1VvZFEKLS0tIGtnYTEzekM3UUZEZ0xnRWcxVld0UEh0dWJaOGZv +U08wUUVzUUFvaGFoTVEKh033iwhL8dE+b7uPvwElu1YMQBlDyq2ibVRLKqisEbDv +6SM4z2k1f+h2zGsXXlljrggUa3sb8HWrTi0pNBmV7p8= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/nixarr-radarr-apiKeyFile.age b/secrets/nixarr-radarr-apiKeyFile.age new file mode 100644 index 0000000..2b467a1 --- /dev/null +++ b/secrets/nixarr-radarr-apiKeyFile.age @@ -0,0 +1,12 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBJKzdV +SVNDMnNwT1F4dk5vTmE2MFY0SitjeXk5NjBINHNIbnk4TTk4d2hnCktwb05zUTM5 +cWFqOGtqUFQxN3dSajQwSzVTYXZmZUMvRTNYL1NteWpySmMKLT4gc3NoLWVkMjU1 +MTkgSEdqU05RIGFMU1JPTmFlc0svTVVSbkJmTFVIR2V3VXBTMFpEVXphVThod2VP +NTMybEEKTVlGZ1JlR2hyaGtSMjlnVTJMM3kyM21oQzFaanAybjEwTFhGY2s0OXRH +SQotPiB4LWdyZWFzZSBeMDNpciBnIFVQKiZxLSBmeTwKdnZEY04rcC9ESFI0MVlH +ZGRMSUswSUpBckZ2SjhUc2lvTk1zTENWa3ZvZHViUUhISHVQUzdFYXp1eE1jaWcK +LS0tIE54bUdjWllHMjhLYzR0czRuajl2elQ0N1VIVHlEbnV1TUR4OFh0NDhnSXMK +TJX+I+txB5DrrtRHplZc3J5JwH3XZb4HYLAFhTq0bEhhzTcZMJRWFQ/cPYtl0ftJ +T+y5x6p1DGaVqRleQR3Zz2I= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/nixarr-sonarr-apiKeyFile.age b/secrets/nixarr-sonarr-apiKeyFile.age new file mode 100644 index 0000000..4dc680d --- /dev/null +++ b/secrets/nixarr-sonarr-apiKeyFile.age @@ -0,0 +1,13 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBqelly +QzlVSis2SEVrTXZTOENtYXJxd1pNNDBYdXlnbXRKb09sc3ZLZ1VVCjR4cUVHa2Nm +SFJVTkl0akk4cll0UUZycTJrR0w1RFJ1VStjWXNzaSs0eGsKLT4gc3NoLWVkMjU1 +MTkgSEdqU05RIFdQeFdiOWdGUXRIK2J4NGZVaEl2djlrcVYrNWhOelpRYUpsZ3px +MHk4WFkKYnhQaTJVSE5Obkp1cnorY0x6TkxwYUZncjMxc0lla2FqV0pGa09CUDBo +UQotPiBFaUIqQE96LWdyZWFzZSA2NEc7YShtIFFzOXFmJiByQ3RNbApPbEdQa2dN +c2g2VWlTTUxRY3J4K2xPSkNXV3hTTzRBOWxGR0ZzVDNaa3Q5OGtHdCs3cVhtcmF5 +WGZONTdzQzBnClhlVXRkT1pPemxTdEMxQXBlYVRnUUlZeEFlMFZjWmYwZ0lQVCsx +OUZMTUNoNTYxdC9RSTdNNStYS2syNwotLS0gTDZpZDhXT00rcFg2S2k4eWMrVkR2 +a28xbjl3THBHRFB6ZWh0VXNMWEU1cwqxxGl+m5eG0bc+VnI80eeO/BmtCcFoPl9T +iStAXbiX5bXsQnLhpgH8AZR1x2oM3VZ4NbfdEolv32sflyQrasjkIw== +-----END AGE ENCRYPTED FILE----- diff --git a/services/nixarr/default.nix b/services/nixarr/default.nix index 2ab63d1..2377680 100644 --- a/services/nixarr/default.nix +++ b/services/nixarr/default.nix @@ -15,6 +15,30 @@ in { file = ../../secrets/nixarr-lapi-key.age; owner = "crowdsec"; }; + nixarr-radarr-apiKeyFile = { + file = ../../secrets/nixarr-radarr-apiKeyFile.age; + owner = "exportarr-radarr-exporter"; + }; + nixarr-prowlarr-apiKeyFile = { + file = ../../secrets/nixarr-prowlarr-apiKeyFile.age; + owner = "exportarr-prowlarr-exporter"; + }; + nixarr-bazarr-apiKeyFile = { + file = ../../secrets/nixarr-bazarr-apiKeyFile.age; + owner = "exportarr-bazarr-exporter"; + }; + nixarr-sonarr-apiKeyFile = { + file = ../../secrets/nixarr-sonarr-apiKeyFile.age; + owner = "exportarr-sonarr-exporter"; + }; + }; + fileSystems."/downloads" = { + device = "192.168.1.125:/BIGDATA"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + ]; }; services = { crowdsec = { @@ -54,7 +78,35 @@ in { enable = true; openFirewall = true; }; + prometheus.exporters = { + exportarr-prowlarr = { + enable = true; + apiKeyFile = "${config.age.secrets.nixarr-prowlarr-apiKeyFile.path}"; + openFirewall = true; + }; + exportarr-bazarr = { + enable = true; + apiKeyFile = "${config.age.secrets.nixarr-bazarr-apiKeyFile.path}"; + openFirewall = true; + }; + exportarr-sonarr = { + enable = true; + apiKeyFile = "${config.age.secrets.nixarr-sonarr-apiKeyFile.path}"; + openFirewall = true; + }; + exportarr-radarr = { + enable = true; + apiKeyFile = "${config.age.secrets.nixarr-radarr-apiKeyFile.path}"; + openFirewall = true; + }; + }; + }; + networking = { + firewall.allowedTCPPorts = [3000 9708]; + extraHosts = '' + 188.114.96.2 www.yggtorrent.top + 188.114.97.2 www.yggtorrent.top + ''; }; - networking.firewall.allowedTCPPorts = [3000]; }; } From 9b2625830907d60163e1d2b84c5df1629f73f639 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= Date: Thu, 15 May 2025 13:42:19 +0200 Subject: [PATCH 2/4] Bug in exportarr --- services/nixarr/default.nix | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/services/nixarr/default.nix b/services/nixarr/default.nix index 2377680..4d66383 100644 --- a/services/nixarr/default.nix +++ b/services/nixarr/default.nix @@ -17,21 +17,29 @@ in { }; nixarr-radarr-apiKeyFile = { file = ../../secrets/nixarr-radarr-apiKeyFile.age; - owner = "exportarr-radarr-exporter"; + owner = "exportarr"; + group = "users"; }; nixarr-prowlarr-apiKeyFile = { file = ../../secrets/nixarr-prowlarr-apiKeyFile.age; - owner = "exportarr-prowlarr-exporter"; + owner = "exportarr"; + group = "users"; }; nixarr-bazarr-apiKeyFile = { file = ../../secrets/nixarr-bazarr-apiKeyFile.age; - owner = "exportarr-bazarr-exporter"; + owner = "exportarr"; + group = "users"; }; nixarr-sonarr-apiKeyFile = { file = ../../secrets/nixarr-sonarr-apiKeyFile.age; - owner = "exportarr-sonarr-exporter"; + owner = "exportarr"; + group = "users"; }; }; + users.users.exportarr = { + isNormalUser = true; + extraGroups = ["users"]; + }; fileSystems."/downloads" = { device = "192.168.1.125:/BIGDATA"; fsType = "nfs"; From 0ff8bea1aae10bfdcb0c51dc30d286cd8a74ad4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= Date: Thu, 15 May 2025 13:56:26 +0200 Subject: [PATCH 3/4] Bug in exportarr --- services/nixarr/default.nix | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/services/nixarr/default.nix b/services/nixarr/default.nix index 4d66383..89c25ea 100644 --- a/services/nixarr/default.nix +++ b/services/nixarr/default.nix @@ -89,22 +89,45 @@ in { prometheus.exporters = { exportarr-prowlarr = { enable = true; - apiKeyFile = "${config.age.secrets.nixarr-prowlarr-apiKeyFile.path}"; + user = "exportarr"; + group = "users"; + environment = { + API_KEY_FILE = "/run/agenix/nixarr-prowlarr-apiKeyFile"; + }; + apiKeyFile = "/run/agenix/nixarr-prowlarr-apiKeyFile"; + extraFlags = [ + "--api-key-file /run/agenix/nixarr-prowlarr-apiKeyFile" + ]; openFirewall = true; }; exportarr-bazarr = { enable = true; - apiKeyFile = "${config.age.secrets.nixarr-bazarr-apiKeyFile.path}"; + user = "exportarr"; + group = "users"; + apiKeyFile = "/run/agenix/nixarr-bazarr-apiKeyFile"; + extraFlags = [ + "--api-key-file /run/agenix/nixarr-bazarr-apiKeyFile" + ]; openFirewall = true; }; exportarr-sonarr = { enable = true; - apiKeyFile = "${config.age.secrets.nixarr-sonarr-apiKeyFile.path}"; + user = "exportarr"; + group = "users"; + apiKeyFile = "/run/agenix/nixarr-sonarr-apiKeyFile"; + extraFlags = [ + "--api-key-file /run/agenix/nixarr-sonarr-apiKeyFile" + ]; openFirewall = true; }; exportarr-radarr = { enable = true; - apiKeyFile = "${config.age.secrets.nixarr-radarr-apiKeyFile.path}"; + user = "exportarr"; + group = "users"; + apiKeyFile = "/run/agenix/nixarr-radarr-apiKeyFile"; + extraFlags = [ + "--api-key-file /run/agenix/nixarr-radarr-apiKeyFile" + ]; openFirewall = true; }; }; From de19bc40ce1ba71e9fbdf517418ca466124e702a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9o=20Barnouin?= Date: Thu, 15 May 2025 14:11:29 +0200 Subject: [PATCH 4/4] Give up on exportarr --- services/nixarr/default.nix | 69 ------------------------------------- 1 file changed, 69 deletions(-) diff --git a/services/nixarr/default.nix b/services/nixarr/default.nix index 89c25ea..2a0f6b7 100644 --- a/services/nixarr/default.nix +++ b/services/nixarr/default.nix @@ -15,30 +15,6 @@ in { file = ../../secrets/nixarr-lapi-key.age; owner = "crowdsec"; }; - nixarr-radarr-apiKeyFile = { - file = ../../secrets/nixarr-radarr-apiKeyFile.age; - owner = "exportarr"; - group = "users"; - }; - nixarr-prowlarr-apiKeyFile = { - file = ../../secrets/nixarr-prowlarr-apiKeyFile.age; - owner = "exportarr"; - group = "users"; - }; - nixarr-bazarr-apiKeyFile = { - file = ../../secrets/nixarr-bazarr-apiKeyFile.age; - owner = "exportarr"; - group = "users"; - }; - nixarr-sonarr-apiKeyFile = { - file = ../../secrets/nixarr-sonarr-apiKeyFile.age; - owner = "exportarr"; - group = "users"; - }; - }; - users.users.exportarr = { - isNormalUser = true; - extraGroups = ["users"]; }; fileSystems."/downloads" = { device = "192.168.1.125:/BIGDATA"; @@ -86,51 +62,6 @@ in { enable = true; openFirewall = true; }; - prometheus.exporters = { - exportarr-prowlarr = { - enable = true; - user = "exportarr"; - group = "users"; - environment = { - API_KEY_FILE = "/run/agenix/nixarr-prowlarr-apiKeyFile"; - }; - apiKeyFile = "/run/agenix/nixarr-prowlarr-apiKeyFile"; - extraFlags = [ - "--api-key-file /run/agenix/nixarr-prowlarr-apiKeyFile" - ]; - openFirewall = true; - }; - exportarr-bazarr = { - enable = true; - user = "exportarr"; - group = "users"; - apiKeyFile = "/run/agenix/nixarr-bazarr-apiKeyFile"; - extraFlags = [ - "--api-key-file /run/agenix/nixarr-bazarr-apiKeyFile" - ]; - openFirewall = true; - }; - exportarr-sonarr = { - enable = true; - user = "exportarr"; - group = "users"; - apiKeyFile = "/run/agenix/nixarr-sonarr-apiKeyFile"; - extraFlags = [ - "--api-key-file /run/agenix/nixarr-sonarr-apiKeyFile" - ]; - openFirewall = true; - }; - exportarr-radarr = { - enable = true; - user = "exportarr"; - group = "users"; - apiKeyFile = "/run/agenix/nixarr-radarr-apiKeyFile"; - extraFlags = [ - "--api-key-file /run/agenix/nixarr-radarr-apiKeyFile" - ]; - openFirewall = true; - }; - }; }; networking = { firewall.allowedTCPPorts = [3000 9708];