diff options
| -rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/services/misc/nzbhydra2.nix | 78 | ||||
| -rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
| -rw-r--r-- | nixos/tests/nzbhydra2.nix | 17 | ||||
| -rw-r--r-- | pkgs/servers/nzbhydra2/default.nix | 32 | ||||
| -rw-r--r-- | pkgs/top-level/all-packages.nix | 2 |
6 files changed, 131 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 8fd5d4519fdd..c2a9e0f32015 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -492,6 +492,7 @@ ./services/misc/nix-ssh-serve.nix ./services/misc/novacomd.nix ./services/misc/nzbget.nix + ./services/misc/nzbhydra2.nix ./services/misc/octoprint.nix ./services/misc/osrm.nix ./services/misc/packagekit.nix diff --git a/nixos/modules/services/misc/nzbhydra2.nix b/nixos/modules/services/misc/nzbhydra2.nix new file mode 100644 index 000000000000..c396b4b8f6e9 --- /dev/null +++ b/nixos/modules/services/misc/nzbhydra2.nix @@ -0,0 +1,78 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let cfg = config.services.nzbhydra2; + +in { + options = { + services.nzbhydra2 = { + enable = mkEnableOption "NZBHydra2"; + + dataDir = mkOption { + type = types.str; + default = "/var/lib/nzbhydra2"; + description = "The directory where NZBHydra2 stores its data files."; + }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = + "Open ports in the firewall for the NZBHydra2 web interface."; + }; + + package = mkOption { + type = types.package; + default = pkgs.nzbhydra2; + defaultText = "pkgs.nzbhydra2"; + description = "NZBHydra2 package to use."; + }; + }; + }; + + config = mkIf cfg.enable { + systemd.tmpfiles.rules = + [ "d '${cfg.dataDir}' 0700 nzbhydra2 nzbhydra2 - -" ]; + + systemd.services.nzbhydra2 = { + description = "NZBHydra2"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "simple"; + User = "nzbhydra2"; + Group = "nzbhydra2"; + ExecStart = + "${cfg.package}/bin/nzbhydra2 --nobrowser --datafolder '${cfg.dataDir}'"; + Restart = "on-failure"; + # Hardening + NoNewPrivileges = true; + PrivateTmp = true; + PrivateDevices = true; + DevicePolicy = "closed"; + ProtectSystem = "strict"; + ReadWritePaths = cfg.dataDir; + ProtectHome = "read-only"; + ProtectControlGroups = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + RestrictAddressFamilies ="AF_UNIX AF_INET AF_INET6 AF_NETLINK"; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + LockPersonality = true; + }; + }; + + networking.firewall = mkIf cfg.openFirewall { allowedTCPPorts = [ 5076 ]; }; + + users.users.nzbhydra2 = { + group = "nzbhydra2"; + isSystemUser = true; + }; + + users.groups.nzbhydra2 = {}; + }; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 8d04f10157e7..d53c6f6511e3 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -274,6 +274,7 @@ in novacomd = handleTestOn ["x86_64-linux"] ./novacomd.nix {}; nsd = handleTest ./nsd.nix {}; nzbget = handleTest ./nzbget.nix {}; + nzbhydra2 = handleTest ./nzbhydra2.nix {}; oh-my-zsh = handleTest ./oh-my-zsh.nix {}; openarena = handleTest ./openarena.nix {}; openldap = handleTest ./openldap.nix {}; diff --git a/nixos/tests/nzbhydra2.nix b/nixos/tests/nzbhydra2.nix new file mode 100644 index 000000000000..c82c756c3a1c --- /dev/null +++ b/nixos/tests/nzbhydra2.nix @@ -0,0 +1,17 @@ +import ./make-test-python.nix ({ lib, ... }: + + with lib; + + { + name = "nzbhydra2"; + meta.maintainers = with maintainers; [ jamiemagee ]; + + nodes.machine = { pkgs, ... }: { services.nzbhydra2.enable = true; }; + + testScript = '' + machine.start() + machine.wait_for_unit("nzbhydra2.service") + machine.wait_for_open_port(5076) + machine.succeed("curl --fail http://localhost:5076/") + ''; + }) diff --git a/pkgs/servers/nzbhydra2/default.nix b/pkgs/servers/nzbhydra2/default.nix new file mode 100644 index 000000000000..3ba758c10885 --- /dev/null +++ b/pkgs/servers/nzbhydra2/default.nix @@ -0,0 +1,32 @@ +{ lib, stdenv, fetchzip, makeWrapper, jre, python3, unzip }: + +stdenv.mkDerivation rec { + pname = "nzbhydra2"; + version = "3.8.0"; + + src = fetchzip { + url = "https://github.com/theotherp/${pname}/releases/download/v${version}/${pname}-${version}-linux.zip"; + sha512 = "1gybricq26hixr5cmw1iwyax7h17d0n5wqzhrx727xda1x35jfjp5ynjdkxzysbfhs1za6vy54bpm0sda4nkrh16p0xqnz3nsd4hvzh"; + stripRoot = false; + }; + + nativeBuildInputs = [ jre makeWrapper unzip ]; + + installPhase = '' + install -d -m 755 "$out/lib/${pname}" + cp -dpr --no-preserve=ownership "lib" "readme.md" "$out/lib/nzbhydra2" + install -D -m 755 "nzbhydra2wrapperPy3.py" "$out/lib/nzbhydra2/nzbhydra2wrapperPy3.py" + + makeWrapper ${python3}/bin/python $out/bin/nzbhydra2 \ + --add-flags "$out/lib/nzbhydra2/nzbhydra2wrapperPy3.py" \ + --prefix PATH ":" ${jre}/bin + ''; + + meta = with stdenv.lib; { + description = "Usenet meta search"; + homepage = "https://github.com/theotherp/nzbhydra2"; + license = licenses.asl20; + maintainers = with maintainers; [ jamiemagee ]; + platforms = with platforms; linux; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index c05b23df5793..b07391328dd5 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6297,6 +6297,8 @@ in nzbget = callPackage ../tools/networking/nzbget { }; + nzbhydra2 = callPackage ../servers/nzbhydra2 { }; + oathToolkit = callPackage ../tools/security/oath-toolkit { }; oatpp = callPackage ../development/libraries/oatpp { }; |