nixos/autobrr: init

2025-06-12 12:45:27 +03:00 · 2024-02-09 17:55:06 -05:00 · 2024-02-09 17:55:06 -05:00 · 468bfcc486
commit 468bfcc486
parent 445d7f2f82
5 changed files with 114 additions and 0 deletions
--- a/nixos/doc/manual/release-notes/rl-2505.section.md
+++ b/nixos/doc/manual/release-notes/rl-2505.section.md
@ -77,6 +77,8 @@

 - [Whoogle Search](https://github.com/benbusby/whoogle-search), a self-hosted, ad-free, privacy-respecting metasearch engine. Available as [services.whoogle-search](options.html#opt-services.whoogle-search.enable).

+- [autobrr](https://autobrr.com), a modern download automation tool for torrents and usenets. Available as [services.autobrr](#opt-services.autobrr.enable).
+
 - [agorakit](https://github.com/agorakit/agorakit), an organization tool for citizens' collectives. Available with [services.agorakit](options.html#opt-services.agorakit.enable).

 - [vivid](https://github.com/sharkdp/vivid), a generator for LS_COLOR. Available as [programs.vivid](#opt-programs.vivid.enable).
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -747,6 +747,7 @@
  ./services/misc/anki-sync-server.nix
  ./services/misc/apache-kafka.nix
  ./services/misc/atuin.nix
+  ./services/misc/autobrr.nix
  ./services/misc/autofs.nix
  ./services/misc/autorandr.nix
  ./services/misc/autosuspend.nix
--- a/nixos/modules/services/misc/autobrr.nix
+++ b/nixos/modules/services/misc/autobrr.nix
@ -0,0 +1,85 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  cfg = config.services.autobrr;
+  configFormat = pkgs.formats.toml { };
+  configTemplate = configFormat.generate "autobrr.toml" cfg.settings;
+  templaterCmd = "${lib.getExe pkgs.dasel} put -f '${configTemplate}' -v $(cat ${cfg.secretFile}) -o %S/autobrr/config.toml 'sessionSecret'";
+in
+{
+  options = {
+    services.autobrr = {
+      enable = lib.mkEnableOption "Autobrr";
+
+      openFirewall = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = "Open ports in the firewall for the Autobrr web interface.";
+      };
+
+      secretFile = lib.mkOption {
+        type = lib.types.path;
+        description = "File containing the session secret for the Autobrr web interface.";
+      };
+
+      settings = lib.mkOption {
+        type = lib.types.submodule { freeformType = configFormat.type; };
+        default = {
+          host = "127.0.0.1";
+          port = "7474";
+          checkForUpdates = true;
+        };
+        example = {
+          logLevel = "DEBUG";
+        };
+        description = ''
+          Autobrr configuration options.
+
+          Refer to <https://autobrr.com/configuration/autobrr>
+          for a full list.
+        '';
+      };
+
+      package = lib.mkPackageOption pkgs "autobrr" { };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = !(cfg.settings ? sessionSecret);
+        message = ''
+          Session secrets should not be passed via settings, as
+          these are stored in the world-readable nix store.
+
+          Use the secretFile option instead.'';
+      }
+    ];
+
+    systemd.services.autobrr = {
+      description = "Autobrr";
+      after = [
+        "syslog.target"
+        "network-online.target"
+      ];
+      wants = [ "network-online.target" ];
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig = {
+        Type = "simple";
+        DynamicUser = true;
+        StateDirectory = "autobrr";
+        ExecStartPre = "${lib.getExe pkgs.bash} -c '${templaterCmd}'";
+        ExecStart = "${lib.getExe pkgs.autobrr} --config %S/autobrr";
+        Restart = "on-failure";
+      };
+    };
+
+    networking.firewall = lib.mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.settings.port ]; };
+  };
+}
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@ -144,6 +144,7 @@ in {
  auth-mysql = handleTest ./auth-mysql.nix {};
  authelia = handleTest ./authelia.nix {};
  auto-cpufreq = handleTest ./auto-cpufreq.nix {};
+  autobrr = handleTest ./autobrr.nix {};
  avahi = handleTest ./avahi.nix {};
  avahi-with-resolved = handleTest ./avahi.nix { networkd = true; };
  ayatana-indicators = runTest ./ayatana-indicators.nix;
--- a/nixos/tests/autobrr.nix
+++ b/nixos/tests/autobrr.nix
@ -0,0 +1,25 @@
+import ./make-test-python.nix (
+  { lib, ... }:
+
+  {
+    name = "autobrr";
+    meta.maintainers = with lib.maintainers; [ av-gal ];
+
+    nodes.machine =
+      { pkgs, ... }:
+      {
+        services.autobrr = {
+          enable = true;
+          # We create this secret in the Nix store (making it readable by everyone).
+          # DO NOT DO THIS OUTSIDE OF TESTS!!
+          secretFile = pkgs.writeText "session_secret" "not-secret";
+        };
+      };
+
+    testScript = ''
+      machine.wait_for_unit("autobrr.service")
+      machine.wait_for_open_port(7474)
+      machine.succeed("curl --fail http://localhost:7474/")
+    '';
+  }
+)