nixos/recyclarr: init module #374070
nixos/recyclarr: init module #374070
Conversation
github-actions
bot
added
6.topic: nixos
| ... | ||
| }: | ||
|
|
||
| with lib; |
| options.services.recyclarr = { | ||
| enable = mkEnableOption "recyclarr service"; | ||
|
|
||
| package = mkOption { |
| description = "The recyclarr command to run (e.g., sync)."; | ||
| }; | ||
|
|
||
| configFile = mkOption { |
There was a problem hiding this comment.
Use RFC-42-style settings please. If you're worried about secrets, I'd recommend using utils.genJqSecretsReplacementSnippet.
There was a problem hiding this comment.
Would the expectation be that a YAML file is generated based on the given settings, and its path is passed as the --config argument to the binary?
There was a problem hiding this comment.
Yeah, you can look at the PR I made to nginx-sso as an example.
There was a problem hiding this comment.
With this approach, the file generation is moved into the service and out of the user's hands, making it cumbersome to use tools like SOPS or similar that are way better at managing secrets. Are we sure this is the correct solution in this case?
There was a problem hiding this comment.
That's the opposite: using utils.genJqSecretsReplacementSnippet makes it very easy to integrate with agenix/sops-nix to both set the configuration in nix while leaving secret handling to those tools.
I'm not sure I follow what is troubling you about it.
There was a problem hiding this comment.
The lack of documentation and examples regarding the use of genJqSecretsReplacementSnippet made it unclear how it works. I will apply the change and conduct a test usage.
There was a problem hiding this comment.
Yeah, not sure why its documentation isn't surfaced in the manual/better documented. If the current usage in other modules isn't enough "documentation", I can walk you through its usage
There was a problem hiding this comment.
I applied the change and verified that the service is still working. I had to loosen some security permissions, but nothing major.
| ''; | ||
| }; | ||
|
|
||
| workingDir = mkOption { |
There was a problem hiding this comment.
Is there a use case for changing it?
There was a problem hiding this comment.
If not specified, the recyclarr executable will use the directory where the binary file is located as the working directory. I assumed that if a specify location is defined, users should have the option to change it.
| description = "Working directory for recyclarr."; | ||
| }; | ||
|
|
||
| schedule = mkOption { |
There was a problem hiding this comment.
I believe there is a type for systemd timer strings, though I can't remember it nor look it up on my phone.
|
|
||
| schedule = mkOption { | ||
| type = types.str; | ||
| default = "*-*-* 04:00:00"; # Every day at 4 AM |
There was a problem hiding this comment.
I'd use daily for an easy default instead of the cron-style way.
There was a problem hiding this comment.
Also, it probably could use the random delay, persistence, etc... options that usually go with a timer.
There was a problem hiding this comment.
Had those in my systemd.timers definition below; I will move them to the option.
There was a problem hiding this comment.
After searching for examples, I only found restic pursuing this approach. Other services typically expect just the interval, for simplicity, I would suggest keeping the current option definition. WDYT?
| ${cfg.group} = { }; | ||
| }; | ||
|
|
||
| systemd.tmpfiles.rules = [ |
There was a problem hiding this comment.
Use systemd.tmpfiles.settings.
|
|
||
| systemd.services.recyclarr = { | ||
| description = "Recyclarr Service"; | ||
| after = [ "network.target" ]; |
There was a problem hiding this comment.
I think this isn't necessary nor really useful.
| systemd.services.recyclarr = { | ||
| description = "Recyclarr Service"; | ||
| after = [ "network.target" ]; | ||
| path = [ cfg.package ]; |
There was a problem hiding this comment.
No, it was remnant before using lib.getExe.
omares
force-pushed
the
add-recycalrr-service
branch
3 times, most recently
from
7367b64 to
e370ce0
Compare
In theory, that should be possible, but I am not a fan of being unable to pin the UID and GID to ensure consistency across multiple system when needed and therefore tend to use specific user and group options. |
IMO this is a downstream consumer thing you could handle in your own configuration, though I don't have very strong feelings about it. |
omares
force-pushed
the
add-recycalrr-service
branch
from
e370ce0 to
06c83d5
Compare
Adds a service definition that allows to run Recyclarr (nixos packge) periodically.
Executing the sync regularly ensures that the Sonarr and Radarr instances stay updated with the latest configurations from the TRaSH guides
Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)Add a 👍 reaction to pull requests you find important.