47 current 2025-10-07 20:17:37 25.05.20251001.5b5be50 6.12.49 *

modules/homelab/services/arr/prowlarr/default.nix

@@ -2,9 +2,8 @@
 
 let
   cfg = config.modules.services.prowlarr;
-  ids = 2004;
   default_port = 9696;
-  data_dir = "/var/lib/prowlarr";
+  data_dir = "/var/lib/private/prowlarr";
 in
 {
   options.modules.services.prowlarr = {
@@ -26,20 +25,6 @@ in
 
   config = lib.mkIf cfg.enable {
     
-    # declare prowlarr group
-    users.groups.prowlarr = { gid = ids; };
-
-    # declare prowlarr user
-    users.users.prowlarr = {
-      description = "prowlarr server user";
-      uid = ids;
-      isSystemUser = true;
-      #home = "/var/lib/prowlarr";
-      #createHome = true;
-      group = "prowlarr";
-      extraGroups = [ "media" ];
-    };
-
     # enable the prowlarr service
     services.prowlarr = {
       enable = true;
@@ -49,18 +34,15 @@ in
       };
     };
 
-    # override umask to make permissions work out
-    systemd.services.prowlarr.serviceConfig = { UMask = lib.mkForce "0007"; };
-
 #    # open firewall
 #    networking.firewall.allowedTCPPorts = [ cfg.port ];
 
     # internal reverse proxy entry
     services.nginx.virtualHosts."prowlarr.snowbelle.lan" = {
-      enableACME = false;
-      forceSSL = true;
-      sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
-      sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
+      enableACME = true;
+      forceSSL = false;
+      #sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
+      #sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
       locations."/" = {
         proxyPass = "http://127.0.0.1:${toString cfg.port}";
       };