From 283761bd0e23ee77eaeb6f510cad38c79296e811 Mon Sep 17 00:00:00 2001 From: blake Date: Thu, 9 Oct 2025 12:02:47 -0500 Subject: [PATCH] 150 current 2025-10-09 11:52:30 25.05.20251006.20c4598 6.12.50 * --- .../homelab/services/arr/bazarr/default.nix | 74 --------------- .../services/arr/flaresolverr/default.nix | 68 -------------- .../homelab/services/arr/prowlarr/default.nix | 69 ++++++++------ .../homelab/services/arr/radarr/default.nix | 93 +++++++++++++------ modules/homelab/services/default.nix | 4 +- modules/homelab/services/default_temp.nix | 2 +- 6 files changed, 107 insertions(+), 203 deletions(-) delete mode 100644 modules/homelab/services/arr/bazarr/default.nix delete mode 100644 modules/homelab/services/arr/flaresolverr/default.nix diff --git a/modules/homelab/services/arr/bazarr/default.nix b/modules/homelab/services/arr/bazarr/default.nix deleted file mode 100644 index d93c3db..0000000 --- a/modules/homelab/services/arr/bazarr/default.nix +++ /dev/null @@ -1,74 +0,0 @@ -{ pkgs, config, lib, ... }: - -let - cfg = config.modules.services.bazarr; - ids = 2706; - default_port = 6767; - data_dir = "/var/lib/bazarr"; -in -{ - options.modules.services.bazarr = { - enable = lib.mkEnableOption "enables bazarr"; - - # set port options - port = lib.mkOption { - type = lib.types.int; - default = 7106; - description = "set port for bazarr (default: ${toString default_port}"; - }; - - backup = lib.mkOption { - type = lib.types.bool; - default = true; - description = "enable backups for bazarr"; - }; - }; - - config = lib.mkIf cfg.enable { - - # declare bazarr group - users.groups.bazarr = { gid = ids; }; - - # declare bazarr user - users.users.bazarr = { - description = "bazarr server user"; - uid = ids; - isSystemUser = true; - home = "/var/lib/bazarr"; - createHome = false; - group = "bazarr"; - extraGroups = [ "media" ]; - }; - - # enable the bazarr service - services.bazarr = { - enable = true; - openFirewall = true; - user = "bazarr"; - group = "bazarr"; - listenPort = cfg.port; - }; - - # override systemd service - systemd.services.bazarr.serviceConfig = { - UMask = lib.mkForce "0007"; - }; - -# # open firewall -# networking.firewall.allowedTCPPorts = [ cfg.port ]; - - # internal reverse proxy entry - services.nginx.virtualHosts."bazarr.snowbelle.lan" = { - enableACME = false; - forceSSL = true; - sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path; - sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString cfg.port}"; - }; - }; - - # add to backups - modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ]; - }; -} diff --git a/modules/homelab/services/arr/flaresolverr/default.nix b/modules/homelab/services/arr/flaresolverr/default.nix deleted file mode 100644 index eebbe1c..0000000 --- a/modules/homelab/services/arr/flaresolverr/default.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ pkgs, config, lib, ... }: - -let - cfg = config.modules.services.flaresolverr; - ids = 2008; - default_port = 8189; -in -{ - options.modules.services.flaresolverr = { - enable = lib.mkEnableOption "enables flaresolverr"; - - # set port options - port = lib.mkOption { - type = lib.types.int; - default = 7105; - description = "set port for flaresolverr (default: ${toString default_port}"; - }; - - backup = lib.mkOption { - type = lib.types.bool; - default = true; - description = "enable backups for flaresolverr"; - }; - }; - - config = lib.mkIf cfg.enable { - - # declare flaresolverr group - users.groups.flaresolverr = { gid = ids; }; - - # declare flaresolverr user - users.users.flaresolverr = { - description = "flaresolverr server user"; - uid = ids; - isSystemUser = true; - createHome = false; - group = "flaresolverr"; - extraGroups = []; - }; - - # enable the flaresolverr service - services.flaresolverr = { - enable = true; - openFirewall = true; - port = cfg.port; - }; - - # override umask to make permissions work out - systemd.services.flaresolverr.serviceConfig = { - User = "flaresolverr"; - Group = "flaresolverr"; - }; - -# # open firewall -# networking.firewall.allowedTCPPorts = [ cfg.port ]; - - # internal reverse proxy entry - services.nginx.virtualHosts."flaresolverr.snowbelle.lan" = { - enableACME = false; - forceSSL = true; - sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path; - sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString cfg.port}"; - }; - }; - }; -} diff --git a/modules/homelab/services/arr/prowlarr/default.nix b/modules/homelab/services/arr/prowlarr/default.nix index 4cd2f27..cd628d2 100644 --- a/modules/homelab/services/arr/prowlarr/default.nix +++ b/modules/homelab/services/arr/prowlarr/default.nix @@ -1,47 +1,61 @@ { pkgs, config, lib, ... }: let - cfg = config.modules.services.prowlarr; - ids = 2004; - default_port = 9696; - data_dir = "/var/lib/private"; + service = ""; + cfg = config.modules.services.${service}; + sec = config.sops.secrets; + homelab = config.modules.homelab; in { - options.modules.services.prowlarr = { - enable = lib.mkEnableOption "enables prowlarr"; + options.modules.services.${service} = { + enable = lib.mkEnableOption "enables ${service}"; # set port options port = lib.mkOption { type = lib.types.int; - default = 7104; - description = "set port for prowlarr (default: ${toString default_port}"; + default = ; + description = "set port for ${service} (default: ${toString cfg.port}"; + }; + url = lib.mkOption { + type = lib.types.str; + default = "${service}.${homelab.base_domain}"; + description = "set domain for ${service}"; + }; + data_dir = lib.mkOption { + type = lib.types.str; + default = "/var/lib/${service}"; + description = "set data directory for ${service}"; + }; + ids = lib.mkOption { + type = lib.types.int; + default = cfg.port; + description = "set uid and pid of ${service} user (matches port by default)"; }; - backup = lib.mkOption { type = lib.types.bool; default = true; - description = "enable backups for prowlarr"; + description = "enable backups for ${service}"; }; }; config = lib.mkIf cfg.enable { - # declare prowlarr group - users.groups.prowlarr = { gid = ids; }; + # declare ${service} group + users.groups.${service} = { gid = lib.mkForce cfg.ids; }; - # declare prowlarr user - users.users.prowlarr = { - description = "prowlarr server user"; - uid = ids; + # declare ${service} user + users.users.${service} = { + description = "${service} server user"; + uid = lib.mkForce cfg.ids; isSystemUser = true; - home = "/var/lib/prowlarr"; + home = cfg.data_dir; createHome = true; - group = "prowlarr"; + group = "${service}"; extraGroups = [ "media" ]; }; - # enable the prowlarr service - services.prowlarr = { + # enable the ${service} service + services.${service} = { enable = true; openFirewall = true; settings = { @@ -50,27 +64,26 @@ in }; # override umask to make permissions work out - systemd.services.prowlarr.serviceConfig = { + systemd.services.${service}.serviceConfig = { UMask = lib.mkForce "0007"; - User = "prowlarr"; - Group = "prowlarr"; + User = "${service}"; + Group = "${service}"; }; # # open firewall # networking.firewall.allowedTCPPorts = [ cfg.port ]; # internal reverse proxy entry - services.nginx.virtualHosts."prowlarr.snowbelle.lan" = { - enableACME = false; + services.nginx.virtualHosts."${cfg.url}" = { forceSSL = true; - sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path; - sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path; + sslCertificate = sec."ssl_blakedheld_crt".path; + sslCertificateKey = sec."ssl_blakedheld_key".path; locations."/" = { proxyPass = "http://127.0.0.1:${toString cfg.port}"; }; }; # add to backups - modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ]; + modules.system.backups.paths = lib.mkIf cfg.backup [ cfg.data_dir ]; }; } diff --git a/modules/homelab/services/arr/radarr/default.nix b/modules/homelab/services/arr/radarr/default.nix index b91a418..46c79e6 100644 --- a/modules/homelab/services/arr/radarr/default.nix +++ b/modules/homelab/services/arr/radarr/default.nix @@ -1,75 +1,108 @@ { pkgs, config, lib, ... }: let - cfg = config.modules.services.radarr; - ids = lib.mkForce 2006; - default_port = 7878; - data_dir = "/var/lib/radarr"; + service = "radarr"; + cfg = config.modules.services.${service}; + sec = config.sops.secrets; + homelab = config.modules.homelab; in { - options.modules.services.radarr = { - enable = lib.mkEnableOption "enables radarr"; + options.modules.services.${service} = { + enable = lib.mkEnableOption "enables ${service}"; # set port options port = lib.mkOption { type = lib.types.int; - default = 7108; - description = "set port for radarr (default: ${toString default_port}"; + default = ; + description = "set port for ${service} (default: ${toString cfg.port}"; + }; + url = lib.mkOption { + type = lib.types.str; + default = "${service}.${homelab.base_domain}"; + description = "set domain for ${service}"; + }; + data_dir = lib.mkOption { + type = lib.types.str; + default = "/var/lib/${service}"; + description = "set data directory for ${service}"; + }; + ids = lib.mkOption { + type = lib.types.int; + default = cfg.port; + description = "set uid and pid of ${service} user (matches port by default)"; }; - backup = lib.mkOption { type = lib.types.bool; default = true; - description = "enable backups for radarr"; + description = "enable backups for ${service}"; }; }; config = lib.mkIf cfg.enable { - # declare radarr group - users.groups.radarr = { gid = ids; }; + # declare ${service} group + users.groups.${service} = { gid = lib.mkForce cfg.ids; }; - # declare radarr user - users.users.radarr = { - description = "radarr server user"; - uid = ids; + # declare ${service} user + users.users.${service} = { + description = "${service} server user"; + uid = lib.mkForce cfg.ids; isSystemUser = true; - home = "/var/lib/radarr"; + home = cfg.data_dir; createHome = true; - group = "radarr"; + group = "${service}"; extraGroups = [ "media" ]; }; - # enable the radarr service - services.radarr = { + # enable the ${service} service + services.${service} = { enable = true; openFirewall = true; - user = "radarr"; - group = "radarr"; - dataDir = data_dir; + user = "${service}"; + group = "${service}"; + dataDir = cfg.data_dir; settings = { server.port = cfg.port; }; }; # override umask to make permissions work out - systemd.services.radarr.serviceConfig = { UMask = lib.mkForce "0007"; }; + systemd.services.${service}.serviceConfig = { + UMask = lib.mkForce "0007"; +# User = "${service}"; +# Group = "${service}"; + }; # # open firewall # networking.firewall.allowedTCPPorts = [ cfg.port ]; # internal reverse proxy entry - services.nginx.virtualHosts."radarr.snowbelle.lan" = { - enableACME = false; + services.nginx.virtualHosts."${cfg.url}" = { forceSSL = true; - sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path; - sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path; + sslCertificate = sec."ssl_blakedheld_crt".path; + sslCertificateKey = sec."ssl_blakedheld_key".path; locations."/" = { proxyPass = "http://127.0.0.1:${toString cfg.port}"; }; }; +# # external reverse proxy entry +# services.nginx.virtualHosts."${service}.blakedheld.xyz" = { +# forceSSL = true; +# sslCertificate = sec."ssl_blakedheld_crt".path; +# sslCertificateKey = sec."ssl_blakedheld_key".path; +# locations."/" = { +# proxyPass = "http://127.0.0.1:${toString cfg.port}"; +# }; +# }; - # add to backups - modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ]; + sops.secrets = { + "${service}_" = { + owner = "${service}"; + group = "${service}"; + }; }; + + # add to backups + modules.system.backups.paths = lib.mkIf cfg.backup [ cfg.data_dir ]; + }; } diff --git a/modules/homelab/services/default.nix b/modules/homelab/services/default.nix index d5ee08c..66a5576 100644 --- a/modules/homelab/services/default.nix +++ b/modules/homelab/services/default.nix @@ -9,11 +9,11 @@ ./gitea ./qbittorrent ./nginx-proxy -# ./arr/prowlarr + ./arr/prowlarr # ./arr/flaresolverr # ./arr/bazarr ./arr/sonarr -# ./arr/radarr + ./arr/radarr ]; } diff --git a/modules/homelab/services/default_temp.nix b/modules/homelab/services/default_temp.nix index aadc695..32a6c55 100644 --- a/modules/homelab/services/default_temp.nix +++ b/modules/homelab/services/default_temp.nix @@ -77,7 +77,7 @@ in # networking.firewall.allowedTCPPorts = [ cfg.port ]; # internal reverse proxy entry - services.nginx.virtualHosts."${url}" = { + services.nginx.virtualHosts."${cfg.url}" = { forceSSL = true; sslCertificate = sec."ssl_blakedheld_crt".path; sslCertificateKey = sec."ssl_blakedheld_key".path;