150 current 2025-10-09 11:52:30 25.05.20251006.20c4598 6.12.50 *
This commit is contained in:
@@ -1,74 +0,0 @@
|
||||
{ pkgs, config, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.modules.services.bazarr;
|
||||
ids = 2706;
|
||||
default_port = 6767;
|
||||
data_dir = "/var/lib/bazarr";
|
||||
in
|
||||
{
|
||||
options.modules.services.bazarr = {
|
||||
enable = lib.mkEnableOption "enables bazarr";
|
||||
|
||||
# set port options
|
||||
port = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
default = 7106;
|
||||
description = "set port for bazarr (default: ${toString default_port}";
|
||||
};
|
||||
|
||||
backup = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
description = "enable backups for bazarr";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
||||
# declare bazarr group
|
||||
users.groups.bazarr = { gid = ids; };
|
||||
|
||||
# declare bazarr user
|
||||
users.users.bazarr = {
|
||||
description = "bazarr server user";
|
||||
uid = ids;
|
||||
isSystemUser = true;
|
||||
home = "/var/lib/bazarr";
|
||||
createHome = false;
|
||||
group = "bazarr";
|
||||
extraGroups = [ "media" ];
|
||||
};
|
||||
|
||||
# enable the bazarr service
|
||||
services.bazarr = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
user = "bazarr";
|
||||
group = "bazarr";
|
||||
listenPort = cfg.port;
|
||||
};
|
||||
|
||||
# override systemd service
|
||||
systemd.services.bazarr.serviceConfig = {
|
||||
UMask = lib.mkForce "0007";
|
||||
};
|
||||
|
||||
# # open firewall
|
||||
# networking.firewall.allowedTCPPorts = [ cfg.port ];
|
||||
|
||||
# internal reverse proxy entry
|
||||
services.nginx.virtualHosts."bazarr.snowbelle.lan" = {
|
||||
enableACME = false;
|
||||
forceSSL = true;
|
||||
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
|
||||
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString cfg.port}";
|
||||
};
|
||||
};
|
||||
|
||||
# add to backups
|
||||
modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
|
||||
};
|
||||
}
|
||||
@@ -1,68 +0,0 @@
|
||||
{ pkgs, config, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.modules.services.flaresolverr;
|
||||
ids = 2008;
|
||||
default_port = 8189;
|
||||
in
|
||||
{
|
||||
options.modules.services.flaresolverr = {
|
||||
enable = lib.mkEnableOption "enables flaresolverr";
|
||||
|
||||
# set port options
|
||||
port = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
default = 7105;
|
||||
description = "set port for flaresolverr (default: ${toString default_port}";
|
||||
};
|
||||
|
||||
backup = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
description = "enable backups for flaresolverr";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
||||
# declare flaresolverr group
|
||||
users.groups.flaresolverr = { gid = ids; };
|
||||
|
||||
# declare flaresolverr user
|
||||
users.users.flaresolverr = {
|
||||
description = "flaresolverr server user";
|
||||
uid = ids;
|
||||
isSystemUser = true;
|
||||
createHome = false;
|
||||
group = "flaresolverr";
|
||||
extraGroups = [];
|
||||
};
|
||||
|
||||
# enable the flaresolverr service
|
||||
services.flaresolverr = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
port = cfg.port;
|
||||
};
|
||||
|
||||
# override umask to make permissions work out
|
||||
systemd.services.flaresolverr.serviceConfig = {
|
||||
User = "flaresolverr";
|
||||
Group = "flaresolverr";
|
||||
};
|
||||
|
||||
# # open firewall
|
||||
# networking.firewall.allowedTCPPorts = [ cfg.port ];
|
||||
|
||||
# internal reverse proxy entry
|
||||
services.nginx.virtualHosts."flaresolverr.snowbelle.lan" = {
|
||||
enableACME = false;
|
||||
forceSSL = true;
|
||||
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
|
||||
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString cfg.port}";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,47 +1,61 @@
|
||||
{ pkgs, config, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.modules.services.prowlarr;
|
||||
ids = 2004;
|
||||
default_port = 9696;
|
||||
data_dir = "/var/lib/private";
|
||||
service = "";
|
||||
cfg = config.modules.services.${service};
|
||||
sec = config.sops.secrets;
|
||||
homelab = config.modules.homelab;
|
||||
in
|
||||
{
|
||||
options.modules.services.prowlarr = {
|
||||
enable = lib.mkEnableOption "enables prowlarr";
|
||||
options.modules.services.${service} = {
|
||||
enable = lib.mkEnableOption "enables ${service}";
|
||||
|
||||
# set port options
|
||||
port = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
default = 7104;
|
||||
description = "set port for prowlarr (default: ${toString default_port}";
|
||||
default = <port>;
|
||||
description = "set port for ${service} (default: ${toString cfg.port}";
|
||||
};
|
||||
url = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "${service}.${homelab.base_domain}";
|
||||
description = "set domain for ${service}";
|
||||
};
|
||||
data_dir = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "/var/lib/${service}";
|
||||
description = "set data directory for ${service}";
|
||||
};
|
||||
ids = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
default = cfg.port;
|
||||
description = "set uid and pid of ${service} user (matches port by default)";
|
||||
};
|
||||
|
||||
backup = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
description = "enable backups for prowlarr";
|
||||
description = "enable backups for ${service}";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
||||
# declare prowlarr group
|
||||
users.groups.prowlarr = { gid = ids; };
|
||||
# declare ${service} group
|
||||
users.groups.${service} = { gid = lib.mkForce cfg.ids; };
|
||||
|
||||
# declare prowlarr user
|
||||
users.users.prowlarr = {
|
||||
description = "prowlarr server user";
|
||||
uid = ids;
|
||||
# declare ${service} user
|
||||
users.users.${service} = {
|
||||
description = "${service} server user";
|
||||
uid = lib.mkForce cfg.ids;
|
||||
isSystemUser = true;
|
||||
home = "/var/lib/prowlarr";
|
||||
home = cfg.data_dir;
|
||||
createHome = true;
|
||||
group = "prowlarr";
|
||||
group = "${service}";
|
||||
extraGroups = [ "media" ];
|
||||
};
|
||||
|
||||
# enable the prowlarr service
|
||||
services.prowlarr = {
|
||||
# enable the ${service} service
|
||||
services.${service} = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
settings = {
|
||||
@@ -50,27 +64,26 @@ in
|
||||
};
|
||||
|
||||
# override umask to make permissions work out
|
||||
systemd.services.prowlarr.serviceConfig = {
|
||||
systemd.services.${service}.serviceConfig = {
|
||||
UMask = lib.mkForce "0007";
|
||||
User = "prowlarr";
|
||||
Group = "prowlarr";
|
||||
User = "${service}";
|
||||
Group = "${service}";
|
||||
};
|
||||
|
||||
# # open firewall
|
||||
# networking.firewall.allowedTCPPorts = [ cfg.port ];
|
||||
|
||||
# internal reverse proxy entry
|
||||
services.nginx.virtualHosts."prowlarr.snowbelle.lan" = {
|
||||
enableACME = false;
|
||||
services.nginx.virtualHosts."${cfg.url}" = {
|
||||
forceSSL = true;
|
||||
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
|
||||
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
|
||||
sslCertificate = sec."ssl_blakedheld_crt".path;
|
||||
sslCertificateKey = sec."ssl_blakedheld_key".path;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString cfg.port}";
|
||||
};
|
||||
};
|
||||
|
||||
# add to backups
|
||||
modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
|
||||
modules.system.backups.paths = lib.mkIf cfg.backup [ cfg.data_dir ];
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,75 +1,108 @@
|
||||
{ pkgs, config, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.modules.services.radarr;
|
||||
ids = lib.mkForce 2006;
|
||||
default_port = 7878;
|
||||
data_dir = "/var/lib/radarr";
|
||||
service = "radarr";
|
||||
cfg = config.modules.services.${service};
|
||||
sec = config.sops.secrets;
|
||||
homelab = config.modules.homelab;
|
||||
in
|
||||
{
|
||||
options.modules.services.radarr = {
|
||||
enable = lib.mkEnableOption "enables radarr";
|
||||
options.modules.services.${service} = {
|
||||
enable = lib.mkEnableOption "enables ${service}";
|
||||
|
||||
# set port options
|
||||
port = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
default = 7108;
|
||||
description = "set port for radarr (default: ${toString default_port}";
|
||||
default = <port>;
|
||||
description = "set port for ${service} (default: ${toString cfg.port}";
|
||||
};
|
||||
url = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "${service}.${homelab.base_domain}";
|
||||
description = "set domain for ${service}";
|
||||
};
|
||||
data_dir = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "/var/lib/${service}";
|
||||
description = "set data directory for ${service}";
|
||||
};
|
||||
ids = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
default = cfg.port;
|
||||
description = "set uid and pid of ${service} user (matches port by default)";
|
||||
};
|
||||
|
||||
backup = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
description = "enable backups for radarr";
|
||||
description = "enable backups for ${service}";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
||||
# declare radarr group
|
||||
users.groups.radarr = { gid = ids; };
|
||||
# declare ${service} group
|
||||
users.groups.${service} = { gid = lib.mkForce cfg.ids; };
|
||||
|
||||
# declare radarr user
|
||||
users.users.radarr = {
|
||||
description = "radarr server user";
|
||||
uid = ids;
|
||||
# declare ${service} user
|
||||
users.users.${service} = {
|
||||
description = "${service} server user";
|
||||
uid = lib.mkForce cfg.ids;
|
||||
isSystemUser = true;
|
||||
home = "/var/lib/radarr";
|
||||
home = cfg.data_dir;
|
||||
createHome = true;
|
||||
group = "radarr";
|
||||
group = "${service}";
|
||||
extraGroups = [ "media" ];
|
||||
};
|
||||
|
||||
# enable the radarr service
|
||||
services.radarr = {
|
||||
# enable the ${service} service
|
||||
services.${service} = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
user = "radarr";
|
||||
group = "radarr";
|
||||
dataDir = data_dir;
|
||||
user = "${service}";
|
||||
group = "${service}";
|
||||
dataDir = cfg.data_dir;
|
||||
settings = {
|
||||
server.port = cfg.port;
|
||||
};
|
||||
};
|
||||
|
||||
# override umask to make permissions work out
|
||||
systemd.services.radarr.serviceConfig = { UMask = lib.mkForce "0007"; };
|
||||
systemd.services.${service}.serviceConfig = {
|
||||
UMask = lib.mkForce "0007";
|
||||
# User = "${service}";
|
||||
# Group = "${service}";
|
||||
};
|
||||
|
||||
# # open firewall
|
||||
# networking.firewall.allowedTCPPorts = [ cfg.port ];
|
||||
|
||||
# internal reverse proxy entry
|
||||
services.nginx.virtualHosts."radarr.snowbelle.lan" = {
|
||||
enableACME = false;
|
||||
services.nginx.virtualHosts."${cfg.url}" = {
|
||||
forceSSL = true;
|
||||
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
|
||||
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
|
||||
sslCertificate = sec."ssl_blakedheld_crt".path;
|
||||
sslCertificateKey = sec."ssl_blakedheld_key".path;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString cfg.port}";
|
||||
};
|
||||
};
|
||||
# # external reverse proxy entry
|
||||
# services.nginx.virtualHosts."${service}.blakedheld.xyz" = {
|
||||
# forceSSL = true;
|
||||
# sslCertificate = sec."ssl_blakedheld_crt".path;
|
||||
# sslCertificateKey = sec."ssl_blakedheld_key".path;
|
||||
# locations."/" = {
|
||||
# proxyPass = "http://127.0.0.1:${toString cfg.port}";
|
||||
# };
|
||||
# };
|
||||
|
||||
sops.secrets = {
|
||||
"${service}_" = {
|
||||
owner = "${service}";
|
||||
group = "${service}";
|
||||
};
|
||||
};
|
||||
|
||||
# add to backups
|
||||
modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
|
||||
modules.system.backups.paths = lib.mkIf cfg.backup [ cfg.data_dir ];
|
||||
};
|
||||
}
|
||||
|
||||
@@ -9,11 +9,11 @@
|
||||
./gitea
|
||||
./qbittorrent
|
||||
./nginx-proxy
|
||||
# ./arr/prowlarr
|
||||
./arr/prowlarr
|
||||
# ./arr/flaresolverr
|
||||
# ./arr/bazarr
|
||||
./arr/sonarr
|
||||
# ./arr/radarr
|
||||
./arr/radarr
|
||||
];
|
||||
|
||||
}
|
||||
|
||||
@@ -77,7 +77,7 @@ in
|
||||
# networking.firewall.allowedTCPPorts = [ cfg.port ];
|
||||
|
||||
# internal reverse proxy entry
|
||||
services.nginx.virtualHosts."${url}" = {
|
||||
services.nginx.virtualHosts."${cfg.url}" = {
|
||||
forceSSL = true;
|
||||
sslCertificate = sec."ssl_blakedheld_crt".path;
|
||||
sslCertificateKey = sec."ssl_blakedheld_key".path;
|
||||
|
||||
Reference in New Issue
Block a user