titaniumtown/arr-init
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

servarr: add configXml option with preStart hook

Browse Source 
Adds services.arrInit.<name>.configXml for declaratively ensuring XML
elements exist in a Servarr config.xml before the service starts.

Generates a preStart hook on the main service that runs a Python helper
to patch or create config.xml. Undeclared elements are preserved;
declared elements are written with exact values.

Primary use case: preventing recurring Prowlarr 'not listening on port'
failures when config.xml loses the <Port> element — now guaranteed to
exist before Prowlarr starts.

Hardening:
- Atomic writes (tmp + rename): power loss cannot corrupt config.xml
- Malformed XML recovery: fresh <Config> root instead of blocking boot
- Secure default mode (0600) for new files containing ApiKey
- Preserves existing file mode on rewrite
- Assertion against duplicate serviceName targeting

Tests (10 subtests): creates-from-missing, patches-existing, preserves-
undeclared, corrects-tampered, idempotent, malformed-recovery,
ownership-preserved, not-world-readable.
This commit is contained in:
Simon Gardling
2026-04-17 00:38:32 -04:00
parent a1ae022dc3
commit 6dde2a3e0d
14 changed files with 684 additions and 212 deletions
Download Patch File Download Diff File Expand all files Collapse all files

197
tests/network-namespace.nix
View File

@@ -1,100 +1,113 @@
{ pkgs, lib, self }:
{
pkgs,
lib,
self,
}:
pkgs.testers.runNixOSTest {
name = "arr-init-network-namespace";
nodes.machine = { pkgs, lib, ... }: {
imports = [ self.nixosModules.default ];
system.stateVersion = "24.11";
virtualisation.memorySize = 2048;
environment.systemPackages = with pkgs; [ curl jq gnugrep iproute2 ];
nodes.machine =
{ pkgs, lib, ... }:
{
imports = [ self.nixosModules.default ];
system.stateVersion = "24.11";
virtualisation.memorySize = 2048;
environment.systemPackages = with pkgs; [
curl
jq
gnugrep
iproute2
];
# Create the network namespace with loopback
systemd.services.create-netns = {
description = "Create test network namespace";
wantedBy = [ "multi-user.target" ];
before = [ "mock-sonarr.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.iproute2}/bin/ip netns add test-ns";
ExecStartPost = "${pkgs.iproute2}/bin/ip netns exec test-ns ${pkgs.iproute2}/bin/ip link set lo up";
ExecStop = "${pkgs.iproute2}/bin/ip netns delete test-ns";
# Create the network namespace with loopback
systemd.services.create-netns = {
description = "Create test network namespace";
wantedBy = [ "multi-user.target" ];
before = [ "mock-sonarr.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.iproute2}/bin/ip netns add test-ns";
ExecStartPost = "${pkgs.iproute2}/bin/ip netns exec test-ns ${pkgs.iproute2}/bin/ip link set lo up";
ExecStop = "${pkgs.iproute2}/bin/ip netns delete test-ns";
};
};
# Mock Servarr API running inside the namespace
systemd.services.mock-sonarr =
let
mockScript = pkgs.writeScript "mock-sonarr-ns.py" ''
import json
from http.server import HTTPServer, BaseHTTPRequestHandler
from urllib.parse import urlparse
DOWNLOAD_CLIENTS = []
ROOT_FOLDERS = []
class MockArr(BaseHTTPRequestHandler):
def _respond(self, code=200, body=b"", content_type="application/json"):
self.send_response(code)
self.send_header("Content-Type", content_type)
self.end_headers()
self.wfile.write(body if isinstance(body, bytes) else body.encode())
def do_GET(self):
path = urlparse(self.path).path
if path == "/api/v3/system/status":
self._respond(200, json.dumps({"version": "4.0.0"}).encode())
elif path == "/api/v3/downloadclient":
self._respond(200, json.dumps(DOWNLOAD_CLIENTS).encode())
elif path == "/api/v3/rootfolder":
self._respond(200, json.dumps(ROOT_FOLDERS).encode())
else:
self._respond(200, b"{}")
def do_POST(self):
path = urlparse(self.path).path
content_length = int(self.headers.get("Content-Length", 0))
body = self.rfile.read(content_length)
if "/rootfolder" in path:
data = json.loads(body)
data["id"] = len(ROOT_FOLDERS) + 1
ROOT_FOLDERS.append(data)
self._respond(201, json.dumps(data).encode())
else:
self._respond(200, b"{}")
def log_message(self, format, *args):
pass
HTTPServer(("0.0.0.0", 8989), MockArr).serve_forever()
'';
in
{
description = "Mock Sonarr API in network namespace";
after = [ "create-netns.service" ];
requires = [ "create-netns.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.python3}/bin/python3 ${mockScript}";
Type = "simple";
NetworkNamespacePath = "/run/netns/test-ns";
};
};
# Pre-seed config.xml
systemd.tmpfiles.rules = [
"d /var/lib/mock-sonarr 0755 root root -"
"f /var/lib/mock-sonarr/config.xml 0644 root root - <Config><ApiKey>test-api-key-ns</ApiKey></Config>"
"d /media/tv 0755 root root -"
];
services.arrInit.sonarr = {
enable = true;
serviceName = "mock-sonarr";
dataDir = "/var/lib/mock-sonarr";
port = 8989;
networkNamespacePath = "/run/netns/test-ns";
networkNamespaceService = "create-netns";
rootFolders = [ "/media/tv" ];
};
};
# Mock Servarr API running inside the namespace
systemd.services.mock-sonarr = let
mockScript = pkgs.writeScript "mock-sonarr-ns.py" ''
import json
from http.server import HTTPServer, BaseHTTPRequestHandler
from urllib.parse import urlparse
DOWNLOAD_CLIENTS = []
ROOT_FOLDERS = []
class MockArr(BaseHTTPRequestHandler):
def _respond(self, code=200, body=b"", content_type="application/json"):
self.send_response(code)
self.send_header("Content-Type", content_type)
self.end_headers()
self.wfile.write(body if isinstance(body, bytes) else body.encode())
def do_GET(self):
path = urlparse(self.path).path
if path == "/api/v3/system/status":
self._respond(200, json.dumps({"version": "4.0.0"}).encode())
elif path == "/api/v3/downloadclient":
self._respond(200, json.dumps(DOWNLOAD_CLIENTS).encode())
elif path == "/api/v3/rootfolder":
self._respond(200, json.dumps(ROOT_FOLDERS).encode())
else:
self._respond(200, b"{}")
def do_POST(self):
path = urlparse(self.path).path
content_length = int(self.headers.get("Content-Length", 0))
body = self.rfile.read(content_length)
if "/rootfolder" in path:
data = json.loads(body)
data["id"] = len(ROOT_FOLDERS) + 1
ROOT_FOLDERS.append(data)
self._respond(201, json.dumps(data).encode())
else:
self._respond(200, b"{}")
def log_message(self, format, *args):
pass
HTTPServer(("0.0.0.0", 8989), MockArr).serve_forever()
'';
in {
description = "Mock Sonarr API in network namespace";
after = [ "create-netns.service" ];
requires = [ "create-netns.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.python3}/bin/python3 ${mockScript}";
Type = "simple";
NetworkNamespacePath = "/run/netns/test-ns";
};
};
# Pre-seed config.xml
systemd.tmpfiles.rules = [
"d /var/lib/mock-sonarr 0755 root root -"
"f /var/lib/mock-sonarr/config.xml 0644 root root - <Config><ApiKey>test-api-key-ns</ApiKey></Config>"
"d /media/tv 0755 root root -"
];
services.arrInit.sonarr = {
enable = true;
serviceName = "mock-sonarr";
dataDir = "/var/lib/mock-sonarr";
port = 8989;
networkNamespacePath = "/run/netns/test-ns";
networkNamespaceService = "create-netns";
rootFolders = [ "/media/tv" ];
};
};
testScript = ''
start_all()
machine.wait_for_unit("create-netns.service")