titaniumtown/arr-init
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

servarr: add configXml option with preStart hook

Browse Source 
Adds services.arrInit.<name>.configXml for declaratively ensuring XML
elements exist in a Servarr config.xml before the service starts.

Generates a preStart hook on the main service that runs a Python helper
to patch or create config.xml. Undeclared elements are preserved;
declared elements are written with exact values.

Primary use case: preventing recurring Prowlarr 'not listening on port'
failures when config.xml loses the <Port> element — now guaranteed to
exist before Prowlarr starts.

Hardening:
- Atomic writes (tmp + rename): power loss cannot corrupt config.xml
- Malformed XML recovery: fresh <Config> root instead of blocking boot
- Secure default mode (0600) for new files containing ApiKey
- Preserves existing file mode on rewrite
- Assertion against duplicate serviceName targeting

Tests (10 subtests): creates-from-missing, patches-existing, preserves-
undeclared, corrects-tampered, idempotent, malformed-recovery,
ownership-preserved, not-world-readable.
This commit is contained in:
Simon Gardling
2026-04-17 00:38:32 -04:00
parent a1ae022dc3
commit 6dde2a3e0d
14 changed files with 684 additions and 212 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
modules/bazarr.nix
View File

@@ -127,12 +127,11 @@ let
configFile = pkgs.writeText "bazarr-init-config.json" mkBazarrInitConfig;
bazarrDeps =
[
"bazarr.service"
]
++ (lib.optional cfg.sonarr.enable "${cfg.sonarr.serviceName}.service")
++ (lib.optional cfg.radarr.enable "${cfg.radarr.serviceName}.service");
bazarrDeps = [
"bazarr.service"
]
++ (lib.optional cfg.sonarr.enable "${cfg.sonarr.serviceName}.service")
++ (lib.optional cfg.radarr.enable "${cfg.radarr.serviceName}.service");
hardeningConfig = {
PrivateTmp = true;
@@ -168,15 +167,14 @@ in
StartLimitIntervalSec = 5 * (cfg.apiTimeout + 30);
StartLimitBurst = 5;
};
serviceConfig =
{
Type = "oneshot";
RemainAfterExit = true;
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${pythonEnv}/bin/python3 ${scriptDir}/bazarr_init.py ${configFile}";
}
// hardeningConfig;
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${pythonEnv}/bin/python3 ${scriptDir}/bazarr_init.py ${configFile}";
}
// hardeningConfig;
};
};
}