From c9c14f86dbd8c91eeb7fdc679f1fa3c9b740aba1 Mon Sep 17 00:00:00 2001 From: Pavel Sobolev Date: Fri, 5 Jul 2024 23:06:17 +0300 Subject: [PATCH] nixos/flaresolverr: initial commit --- .../manual/release-notes/rl-2411.section.md | 2 + nixos/modules/module-list.nix | 1 + nixos/modules/services/misc/flaresolverr.nix | 58 +++++++++++++++++++ nixos/tests/all-tests.nix | 1 + nixos/tests/flaresolverr.nix | 22 +++++++ 5 files changed, 84 insertions(+) create mode 100644 nixos/modules/services/misc/flaresolverr.nix create mode 100644 nixos/tests/flaresolverr.nix diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md index 96cc4301851d..38168b312e41 100644 --- a/nixos/doc/manual/release-notes/rl-2411.section.md +++ b/nixos/doc/manual/release-notes/rl-2411.section.md @@ -18,6 +18,8 @@ ## New Services {#sec-release-24.11-new-services} +- [FlareSolverr](https://github.com/FlareSolverr/FlareSolverr), proxy server to bypass Cloudflare protection. Available as [services.flaresolverr](#opt-services.flaresolverr.enable) service. + - [Open-WebUI](https://github.com/open-webui/open-webui), a user-friendly WebUI for LLMs. Available as [services.open-webui](#opt-services.open-webui.enable) service. diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index de15aa8c4be6..14ff9fd8b68f 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -732,6 +732,7 @@ ./services/misc/etesync-dav.nix ./services/misc/evdevremapkeys.nix ./services/misc/felix.nix + ./services/misc/flaresolverr.nix ./services/misc/forgejo.nix ./services/misc/freeswitch.nix ./services/misc/fstrim.nix diff --git a/nixos/modules/services/misc/flaresolverr.nix b/nixos/modules/services/misc/flaresolverr.nix new file mode 100644 index 000000000000..7967580307f9 --- /dev/null +++ b/nixos/modules/services/misc/flaresolverr.nix @@ -0,0 +1,58 @@ +{ + config, + pkgs, + lib, + ... +}: + +let + cfg = config.services.flaresolverr; +in +{ + options = { + services.flaresolverr = { + enable = lib.mkEnableOption "FlareSolverr, a proxy server to bypass Cloudflare protection"; + + package = lib.mkPackageOption pkgs "flaresolverr" { }; + + openFirewall = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Open the port in the firewall for FlareSolverr."; + }; + + port = lib.mkOption { + type = lib.types.port; + default = 8191; + description = "The port on which FlareSolverr will listen for incoming HTTP traffic."; + }; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.services.flaresolverr = { + description = "FlareSolverr"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + environment = { + HOME = "/run/flaresolverr"; + PORT = toString cfg.port; + }; + + serviceConfig = { + SyslogIdentifier = "flaresolverr"; + Restart = "always"; + RestartSec = 5; + Type = "simple"; + DynamicUser = true; + RuntimeDirectory = "flaresolverr"; + WorkingDirectory = "/run/flaresolverr"; + ExecStart = lib.getExe cfg.package; + TimeoutStopSec = 30; + }; + }; + + networking.firewall = lib.mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.port ]; }; + }; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 718aec882b4c..0852f2350e1d 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -332,6 +332,7 @@ in { firewall-nftables = handleTest ./firewall.nix { nftables = true; }; fish = handleTest ./fish.nix {}; flannel = handleTestOn ["x86_64-linux"] ./flannel.nix {}; + flaresolverr = handleTest ./flaresolverr.nix {}; flood = handleTest ./flood.nix {}; floorp = handleTest ./firefox.nix { firefoxPackage = pkgs.floorp; }; fluentd = handleTest ./fluentd.nix {}; diff --git a/nixos/tests/flaresolverr.nix b/nixos/tests/flaresolverr.nix new file mode 100644 index 000000000000..0cec7adf6d6b --- /dev/null +++ b/nixos/tests/flaresolverr.nix @@ -0,0 +1,22 @@ +import ./make-test-python.nix ( + { lib, ... }: + { + name = "flaresolverr"; + meta.maintainers = with lib.maintainers; [ paveloom ]; + + nodes.machine = + { pkgs, ... }: + { + services.flaresolverr = { + enable = true; + port = 8888; + }; + }; + + testScript = '' + machine.wait_for_unit("flaresolverr.service") + machine.wait_for_open_port(8888) + machine.succeed("curl --fail http://localhost:8888/") + ''; + } +)