diff --git a/modules/homelab/services/arr/radarr/default.nix b/modules/homelab/services/arr/radarr/default.nix new file mode 100644 index 0000000..0955b8f --- /dev/null +++ b/modules/homelab/services/arr/radarr/default.nix @@ -0,0 +1,76 @@ +{ pkgs, config, lib, ... }: + +let + cfg = config.modules.services.radarr; + ids = 2006; + default_port = 7878; + data_dir = "/var/lib/radarr"; +in +{ + options.modules.services.radarr = { + enable = lib.mkEnableOption "enables radarr"; + + # set port options + port = lib.mkOption { + type = lib.types.int; + default = 7106; + description = "set port for radarr (default: ${toString default_port}"; + }; + + backup = lib.mkOption { + type = lib.types.bool; + default = true; + description = "enable backups for radarr"; + }; + }; + + config = lib.mkIf cfg.enable { + + # declare radarr group + users.groups.radarr = { gid = ids; }; + + # declare radarr user + users.users.radarr = { + description = "radarr server user"; + uid = ids; + isSystemUser = true; + home = "/var/lib/radarr"; + createHome = true; + group = "radarr"; + extraGroups = [ "media" ]; + }; + + # enable the radarr service + services.radarr = { + enable = true; + openFirewall = true; + user = "radarr"; + group = "radarr"; + dataDir = data_dir; + settings = { + server.port = cfg.port; + }; + }; + + # override umask to make permissions work out + systemd.services.radarr.serviceConfig = { UMask = lib.mkForce "0007"; }; + +# # open firewall +# networking.firewall.allowedTCPPorts = [ cfg.port ]; + + # internal reverse proxy entry + services.nginx.virtualHosts."radarr.snowbelle.lan" = { + enableACME = false; + forceSSL = true; + sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path; + sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString cfg.port}"; + }; + }; + + # add to backups + modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ]; + }; + }; +}