diff --git a/modules/homelab/services/arr/bazarr/default.nix b/modules/homelab/services/arr/bazarr/default.nix new file mode 100644 index 0000000..a192e94 --- /dev/null +++ b/modules/homelab/services/arr/bazarr/default.nix @@ -0,0 +1,75 @@ +{ pkgs, config, lib, ... }: + +let + cfg = config.modules.services.bazarr; + ids = 2706; + default_port = 6767; + data_dir = "/var/lib/bazarr"; +in +{ + options.modules.services.bazarr = { + enable = lib.mkEnableOption "enables bazarr"; + + # set port options + port = lib.mkOption { + type = lib.types.int; + default = 7106; + description = "set port for bazarr (default: ${toString default_port}"; + }; + + backup = lib.mkOption { + type = lib.types.bool; + default = true; + description = "enable backups for bazarr"; + }; + }; + + config = lib.mkIf cfg.enable { + + # declare bazarr group + users.groups.bazarr = { gid = ids; }; + + # declare bazarr user + users.users.bazarr = { + description = "bazarr server user"; + uid = ids; + isSystemUser = true; + home = "/var/lib/bazarr"; + createHome = false; + group = "bazarr"; + extraGroups = [ "media" ]; + }; + + # enable the bazarr service + services.bazarr = { + enable = true; + openFirewall = true; + user = "bazarr"; + group = "bazarr"; + dataDir = data_dir; + listenPort = cfg.port; + }; + + # override systemd service + systemd.services.bazarr.serviceConfig = { + UMask = lib.mkForce "0007"; + }; + +# # open firewall +# networking.firewall.allowedTCPPorts = [ cfg.port ]; + + # internal reverse proxy entry + services.nginx.virtualHosts."bazarr.snowbelle.lan" = { + enableACME = false; + forceSSL = true; + sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path; + sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString cfg.port}"; + }; + }; + + # add to backups + modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ]; + }; +}