diff --git a/flake.nix b/flake.nix index 7cb984b..38274b6 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ # flake for blakes nixos config # define new devices in outputs -# generation: 46 current 2025-10-07 20:04:53 25.05.20251001.5b5be50 6.12.49 * +# generation: 47 current 2025-10-07 20:17:37 25.05.20251001.5b5be50 6.12.49 * { description = "blakes nix config"; inputs = { diff --git a/modules/homelab/services/arr/prowlarr/default.nix b/modules/homelab/services/arr/prowlarr/default.nix index cb88639..a14055a 100644 --- a/modules/homelab/services/arr/prowlarr/default.nix +++ b/modules/homelab/services/arr/prowlarr/default.nix @@ -2,9 +2,8 @@ let cfg = config.modules.services.prowlarr; - ids = 2004; default_port = 9696; - data_dir = "/var/lib/prowlarr"; + data_dir = "/var/lib/private/prowlarr"; in { options.modules.services.prowlarr = { @@ -26,20 +25,6 @@ in config = lib.mkIf cfg.enable { - # declare prowlarr group - users.groups.prowlarr = { gid = ids; }; - - # declare prowlarr user - users.users.prowlarr = { - description = "prowlarr server user"; - uid = ids; - isSystemUser = true; - #home = "/var/lib/prowlarr"; - #createHome = true; - group = "prowlarr"; - extraGroups = [ "media" ]; - }; - # enable the prowlarr service services.prowlarr = { enable = true; @@ -49,18 +34,15 @@ in }; }; - # override umask to make permissions work out - systemd.services.prowlarr.serviceConfig = { UMask = lib.mkForce "0007"; }; - # # open firewall # networking.firewall.allowedTCPPorts = [ cfg.port ]; # internal reverse proxy entry services.nginx.virtualHosts."prowlarr.snowbelle.lan" = { - enableACME = false; - forceSSL = true; - sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path; - sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path; + enableACME = true; + forceSSL = false; + #sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path; + #sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path; locations."/" = { proxyPass = "http://127.0.0.1:${toString cfg.port}"; };