47 current 2025-10-07 20:17:37 25.05.20251001.5b5be50 6.12.49 *

2025-10-07 20:39:28 -05:00
parent 8eb387ffd6
commit 1c0f348a2f
2 changed files with 6 additions and 24 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -1,6 +1,6 @@
 # flake for blakes nixos config
 # define new devices in outputs
-# generation: 46 current  2025-10-07 20:04:53  25.05.20251001.5b5be50  6.12.49                          *
+# generation: 47 current  2025-10-07 20:17:37  25.05.20251001.5b5be50  6.12.49                          *
 {
  description = "blakes nix config";
  inputs = {
--- a/modules/homelab/services/arr/prowlarr/default.nix
+++ b/modules/homelab/services/arr/prowlarr/default.nix
@@ -2,9 +2,8 @@

 let
  cfg = config.modules.services.prowlarr;
-  ids = 2004;
  default_port = 9696;
-  data_dir = "/var/lib/prowlarr";
+  data_dir = "/var/lib/private/prowlarr";
 in
 {
  options.modules.services.prowlarr = {
@@ -26,20 +25,6 @@ in

  config = lib.mkIf cfg.enable {
    
-    # declare prowlarr group
-    users.groups.prowlarr = { gid = ids; };
-
-    # declare prowlarr user
-    users.users.prowlarr = {
-      description = "prowlarr server user";
-      uid = ids;
-      isSystemUser = true;
-      #home = "/var/lib/prowlarr";
-      #createHome = true;
-      group = "prowlarr";
-      extraGroups = [ "media" ];
-    };
-
    # enable the prowlarr service
    services.prowlarr = {
      enable = true;
@@ -49,18 +34,15 @@ in
      };
    };

-    # override umask to make permissions work out
-    systemd.services.prowlarr.serviceConfig = { UMask = lib.mkForce "0007"; };
-
 #    # open firewall
 #    networking.firewall.allowedTCPPorts = [ cfg.port ];

    # internal reverse proxy entry
    services.nginx.virtualHosts."prowlarr.snowbelle.lan" = {
-      enableACME = false;
-      forceSSL = true;
-      sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
-      sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
+      enableACME = true;
+      forceSSL = false;
+      #sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
+      #sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
      locations."/" = {
        proxyPass = "http://127.0.0.1:${toString cfg.port}";
      };