20 current 2025-10-07 00:49:35 25.05.20251001.5b5be50 6.12.49 *

2025-10-07 00:57:41 -05:00
parent 8bce12250b
commit 386b9ea6a7
3 changed files with 17 additions and 12 deletions
--- a/modules/homelab/services/arr/sonarr/default.nix
+++ b/modules/homelab/services/arr/sonarr/default.nix
@@ -11,7 +11,7 @@ in
    port = lib.mkOption {
      type = lib.types.int;
      default = 7105;
-      description = "define port for sonarr";
+      description = "set port for sonarr";
    };

  };
@@ -57,7 +57,7 @@ in
      sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
      sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
      locations."/" = {
-        proxyPass = "http://127.0.0.1:7105";
+        proxyPass = "http://127.0.0.1:${toString port}";
      };
    };
  };
--- a/modules/homelab/services/default.nix.template
+++ b/modules/homelab/services/default.nix.template
@@ -7,11 +7,12 @@ in
 {
  options.modules.services.<service_name> = {
    enable = lib.mkEnableOption "enables <service_name>";
-#    extra options
-#    mode = lib.mkOption {
-#      type = lib.types.enum [ "server" "client" ];
-#      default = "client";
-#      description = "whether syncthing should run as a client (user) or server (system-wide).";
+
+#    set port options
+#    port = lib.mkOption {
+#      type = lib.types.int;
+#      default = <port_number>;
+#      description = "set port for <service_name> (default: <port_number>";
 #    };

  };
@@ -29,7 +30,7 @@ in
      home = "/var/lib/<service_name>";
      createHome = true;
      group = "<service_name>";
-      extraGroups = [ "media" "video" "render" ];
+      extraGroups = [ "media" ];
    };

    # enable the <service_name> service
@@ -39,22 +40,26 @@ in
      user = "<service_name>";          # Default: <service_name>
      group = "<service_name>";         # Default: <service_name>
      dataDir = "/var/lib/<service_name>"; # Config + metadata storage
+      dataDir = "/var/lib/<service_name>"; # Config + metadata storage
+#      settings = {
+#        server.port = cfg.port;
+#      };
    };

    # override umask to make permissions work out
    systemd.services.<service_name>.serviceConfig = { UMask = lib.mkForce "0007"; };

    # open firewall
-    #networking.firewall.allowedTCPPorts = [ 8096 ];
+    #networking.firewall.allowedTCPPorts = [ <port_number> ];

    # reverse proxy entryo
-    services.nginx.virtualHosts."media.blakedheld.xyz" = {
+    services.nginx.virtualHosts."<service_name>.snowbelle.lan" = {
      enableACME = false;
      forceSSL = true;
      sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
      sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
      locations."/" = {
-        proxyPass = "http://127.0.0.1:8096";
+        proxyPass = "http://127.0.0.1:<port_number>";
      };
    };
  };