refactor: split module.nix into per-service modules

Replace the 1301-line monolithic module.nix with focused modules: - modules/servarr.nix (Sonarr/Radarr/Prowlarr) - modules/bazarr.nix (Bazarr provider connections) - modules/jellyseerr.nix (Jellyseerr quality profiles) - modules/default.nix (import aggregator) Python scripts (from prior commit) are referenced as standalone files via PYTHONPATH, with config passed as a JSON file argument. New options: - Add bindAddress option to all services (default 127.0.0.1) - Replace hardcoded wg.service dependency with configurable networkNamespaceService option - Add systemd hardening: PrivateTmp, NoNewPrivileges, ProtectHome, ProtectKernelTunables/Modules, ProtectControlGroups, RestrictSUIDSGID, SystemCallArchitectures=native Test updates: - Extract mock qBittorrent/SABnzbd servers into tests/lib/mocks.nix - Fix duplicate wait_for_unit calls in integration test
2026-04-16 17:29:25 -04:00
parent a7d9b269df
commit 948c9e3a38
12 changed files with 952 additions and 1705 deletions
--- a/tests/integration.nix
+++ b/tests/integration.nix
@@ -9,6 +9,9 @@ pkgs.testers.runNixOSTest {

  nodes.machine =
    { pkgs, lib, ... }:
+    let
+      mocks = import ./lib/mocks.nix { inherit pkgs; };
+    in
    {
      imports = [ self.nixosModules.default ];

@@ -22,81 +25,13 @@ pkgs.testers.runNixOSTest {
        gnugrep
      ];

-      systemd.services.mock-qbittorrent =
-        let
-          mockQbitScript = pkgs.writeScript "mock-qbittorrent.py" ''
-            import json
-            from http.server import HTTPServer, BaseHTTPRequestHandler
-            from urllib.parse import parse_qs, urlparse
-
-
-            CATEGORIES = {
-                "tv": {"name": "tv", "savePath": "/downloads"},
-                "movies": {"name": "movies", "savePath": "/downloads"},
-            }
-
-
-            class QBitMock(BaseHTTPRequestHandler):
-                def _respond(self, code=200, body=b"Ok.", content_type="text/plain"):
-                    self.send_response(code)
-                    self.send_header("Content-Type", content_type)
-                    self.send_header("Set-Cookie", "SID=mock_session_id; Path=/")
-                    self.end_headers()
-                    self.wfile.write(body if isinstance(body, bytes) else body.encode())
-
-                def do_GET(self):
-                    path = self.path.split("?")[0]
-                    if path == "/api/v2/app/webapiVersion":
-                        self._respond(body=b"2.9.3")
-                    elif path == "/api/v2/app/version":
-                        self._respond(body=b"v5.0.0")
-                    elif path == "/api/v2/torrents/info":
-                        self._respond(body=b"[]", content_type="application/json")
-                    elif path == "/api/v2/torrents/categories":
-                        body = json.dumps(CATEGORIES).encode()
-                        self._respond(body=body, content_type="application/json")
-                    elif path == "/api/v2/app/preferences":
-                        body = json.dumps({"save_path": "/tmp"}).encode()
-                        self._respond(body=body, content_type="application/json")
-                    else:
-                        self._respond()
-
-                def do_POST(self):
-                    content_length = int(self.headers.get("Content-Length", 0))
-                    body = self.rfile.read(content_length).decode()
-                    path = urlparse(self.path).path
-                    query = parse_qs(urlparse(self.path).query)
-                    form = parse_qs(body)
-                    params = {**query, **form}
-                    if path == "/api/v2/torrents/createCategory":
-                        name = params.get("category", [""])[0]
-                        save_path = params.get("savePath", params.get("save_path", [""]))[0] or "/downloads"
-                        if name:
-                            CATEGORIES[name] = {"name": name, "savePath": save_path}
-                    if path in ["/api/v2/torrents/editCategory", "/api/v2/torrents/removeCategory"]:
-                        self._respond()
-                        return
-                    self._respond()
-
-                def log_message(self, format, *args):
-                    pass
-
-
-            HTTPServer(("0.0.0.0", 6011), QBitMock).serve_forever()
-          '';
-        in
-        {
-          description = "Mock qBittorrent API";
-          wantedBy = [ "multi-user.target" ];
-          before = [
-            "sonarr-init.service"
-            "radarr-init.service"
-          ];
-          serviceConfig = {
-            ExecStart = "${pkgs.python3}/bin/python3 ${mockQbitScript}";
-            Type = "simple";
-          };
+      systemd.services.mock-qbittorrent = mocks.mkMockQbittorrent {
+        initialCategories = {
+          tv = { name = "tv"; savePath = "/downloads"; };
+          movies = { name = "movies"; savePath = "/downloads"; };
        };
+        before = [ "sonarr-init.service" "radarr-init.service" ];
+      };

      systemd.tmpfiles.rules = [
        "d /media/tv 0755 sonarr sonarr -"
@@ -255,10 +190,6 @@ pkgs.testers.runNixOSTest {
    machine.wait_for_unit("sonarr-init.service")
    machine.wait_for_unit("radarr-init.service")

-    # Wait for init services to complete
-    machine.wait_for_unit("sonarr-init.service")
-    machine.wait_for_unit("radarr-init.service")
-
    # Verify Sonarr download clients
    machine.succeed(
        "API_KEY=$(grep -oP '(?<=<ApiKey>)[^<]+' /var/lib/sonarr/.config/NzbDrone/config.xml) && "