big restructure, wrappers

modules/homelab/services/arr.bak/bazarr/default.nix

@@ -0,0 +1,74 @@
+{ pkgs, config, lib, ... }:
+
+let
+  cfg = config.modules.services.bazarr;
+  ids = 2706;
+  default_port = 6767;
+  data_dir = "/var/lib/bazarr";
+in
+{
+  options.modules.services.bazarr = {
+    enable = lib.mkEnableOption "enables bazarr";
+
+    # set port options
+    port = lib.mkOption {
+      type = lib.types.int;
+      default = 7106;
+      description = "set port for bazarr (default: ${toString default_port}";
+    };
+
+    backup = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "enable backups for bazarr";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    
+    # declare bazarr group
+    users.groups.bazarr = { gid = ids; };
+
+    # declare bazarr user
+    users.users.bazarr = {
+      description = "bazarr server user";
+      uid = ids;
+      isSystemUser = true;
+      home = "/var/lib/bazarr";
+      createHome = false;
+      group = "bazarr";
+      extraGroups = [ "media" ];
+    };
+
+    # enable the bazarr service
+    services.bazarr = {
+      enable = true;
+      openFirewall = true;
+      user = "bazarr";
+      group = "bazarr";
+      listenPort = cfg.port;
+    };
+
+    # override systemd service
+    systemd.services.bazarr.serviceConfig = {
+      UMask = lib.mkForce "0007";
+    };
+
+#    # open firewall
+#    networking.firewall.allowedTCPPorts = [ cfg.port ];
+
+    # internal reverse proxy entry
+    services.nginx.virtualHosts."bazarr.snowbelle.lan" = {
+      enableACME = false;
+      forceSSL = true;
+      sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
+      sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${toString cfg.port}";
+      };
+    };
+
+     # add to backups
+     modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
+  };
+}

modules/homelab/services/arr.bak/flaresolverr/default.nix

@@ -0,0 +1,68 @@
+{ pkgs, config, lib, ... }:
+
+let
+  cfg = config.modules.services.flaresolverr;
+  ids = 2008;
+  default_port = 8189;
+in
+{
+  options.modules.services.flaresolverr = {
+    enable = lib.mkEnableOption "enables flaresolverr";
+
+    # set port options
+    port = lib.mkOption {
+      type = lib.types.int;
+      default = 7105;
+      description = "set port for flaresolverr (default: ${toString default_port}";
+    };
+
+    backup = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "enable backups for flaresolverr";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    
+    # declare flaresolverr group
+    users.groups.flaresolverr = { gid = ids; };
+
+    # declare flaresolverr user
+    users.users.flaresolverr = {
+      description = "flaresolverr server user";
+      uid = ids;
+      isSystemUser = true;
+      createHome = false;
+      group = "flaresolverr";
+      extraGroups = [];
+    };
+
+    # enable the flaresolverr service
+    services.flaresolverr = {
+      enable = true;
+      openFirewall = true;
+      port = cfg.port;
+    };
+
+    # override umask to make permissions work out
+    systemd.services.flaresolverr.serviceConfig = { 
+      User = "flaresolverr";
+      Group = "flaresolverr";
+      };
+
+#    # open firewall
+#    networking.firewall.allowedTCPPorts = [ cfg.port ];
+
+    # internal reverse proxy entry
+    services.nginx.virtualHosts."flaresolverr.snowbelle.lan" = {
+      enableACME = false;
+      forceSSL = true;
+      sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
+      sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${toString cfg.port}";
+      };
+    };
+  };
+}

modules/homelab/services/arr.bak/prowlarr/default.nix

@@ -0,0 +1,76 @@
+{ pkgs, config, lib, ... }:
+
+let
+  cfg = config.modules.services.prowlarr;
+  ids = 2004;
+  default_port = 9696;
+  data_dir = "/var/lib/private";
+in
+{
+  options.modules.services.prowlarr = {
+    enable = lib.mkEnableOption "enables prowlarr";
+
+    # set port options
+    port = lib.mkOption {
+      type = lib.types.int;
+      default = 7104;
+      description = "set port for prowlarr (default: ${toString default_port}";
+    };
+
+    backup = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "enable backups for prowlarr";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    
+    # declare prowlarr group
+    users.groups.prowlarr = { gid = ids; };
+
+    # declare prowlarr user
+    users.users.prowlarr = {
+      description = "prowlarr server user";
+      uid = ids;
+      isSystemUser = true;
+      home = "/var/lib/prowlarr";
+      createHome = true;
+      group = "prowlarr";
+      extraGroups = [ "media" ];
+    };
+
+    # enable the prowlarr service
+    services.prowlarr = {
+      enable = true;
+      openFirewall = true;
+      settings = {
+        server.port = cfg.port;
+      };
+    };
+
+    # override umask to make permissions work out
+    systemd.services.prowlarr.serviceConfig = { 
+      UMask = lib.mkForce "0007";
+      User = "prowlarr";
+      Group = "prowlarr";
+    };
+
+#    # open firewall
+#    networking.firewall.allowedTCPPorts = [ cfg.port ];
+
+    # internal reverse proxy entry
+    services.nginx.virtualHosts."prowlarr.snowbelle.lan" = {
+      enableACME = false;
+      forceSSL = true;
+      sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
+      sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${toString cfg.port}";
+      };
+    };
+
+     # add to backups
+     modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
+  };
+}

modules/homelab/services/arr.bak/radarr/default.nix

@@ -0,0 +1,75 @@
+{ pkgs, config, lib, ... }:
+
+let
+  cfg = config.modules.services.radarr;
+  ids = lib.mkForce 2006;
+  default_port = 7878;
+  data_dir = "/var/lib/radarr";
+in
+{
+  options.modules.services.radarr = {
+    enable = lib.mkEnableOption "enables radarr";
+
+    # set port options
+    port = lib.mkOption {
+      type = lib.types.int;
+      default = 7108;
+      description = "set port for radarr (default: ${toString default_port}";
+    };
+
+    backup = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "enable backups for radarr";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    
+    # declare radarr group
+    users.groups.radarr = { gid = ids; };
+
+    # declare radarr user
+    users.users.radarr = {
+      description = "radarr server user";
+      uid = ids;
+      isSystemUser = true;
+      home = "/var/lib/radarr";
+      createHome = true;
+      group = "radarr";
+      extraGroups = [ "media" ];
+    };
+
+    # enable the radarr service
+    services.radarr = {
+      enable = true;
+      openFirewall = true;
+      user = "radarr";
+      group = "radarr";
+      dataDir = data_dir;
+      settings = {
+        server.port = cfg.port;
+      };
+    };
+
+    # override umask to make permissions work out
+    systemd.services.radarr.serviceConfig = { UMask = lib.mkForce "0007"; };
+
+#    # open firewall
+#    networking.firewall.allowedTCPPorts = [ cfg.port ];
+
+    # internal reverse proxy entry
+    services.nginx.virtualHosts."radarr.snowbelle.lan" = {
+      enableACME = false;
+      forceSSL = true;
+      sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
+      sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${toString cfg.port}";
+      };
+    };
+
+    # add to backups
+     modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
+    };
+}

modules/homelab/services/arr.bak/sonarr/default.nix

@@ -0,0 +1,74 @@
+{ pkgs, config, lib, ... }:
+
+let
+  cfg = config.modules.services.sonarr;
+  ids = lib.mkForce 2005;
+  default_port = 8989;
+  data_dir = "/var/lib/sonarr";
+in
+{
+  options.modules.services.sonarr = {
+    enable = lib.mkEnableOption "enables sonarr";
+
+    port = lib.mkOption {
+      type = lib.types.int;
+      default = 7107;
+      description = "set port for sonarr (${toString default_port})";
+    };
+
+    backup = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+    };
+
+  };
+
+  config = lib.mkIf cfg.enable {
+    
+    # declare sonarr group
+    users.groups.sonarr = { gid = ids; };
+
+    # declare sonarr user
+    users.users.sonarr = {
+      description = "sonarr server user";
+      uid = ids;
+      isSystemUser = true;
+      home = "/var/lib/sonarr";
+      createHome = true;
+      group = "sonarr";
+      extraGroups = [ "media" ];
+    };
+
+    # enable the sonarr service
+    services.sonarr = {
+      enable = true;
+      openFirewall = true;          
+      user = "sonarr";              
+      group = "sonarr";             
+      dataDir = data_dir;  
+      settings = {
+        server.port = cfg.port;    # default: 8989
+      };
+    };
+
+    # override umask to make permissions work out
+    systemd.services.sonarr.serviceConfig = { UMask = lib.mkForce "0007"; };
+
+    # open firewall
+    #networking.firewall.allowedTCPPorts = [ cfg.port ];
+
+    # reverse proxy entryo
+    services.nginx.virtualHosts."sonarr.snowbelle.lan" = {
+      enableACME = false;
+      forceSSL = true;
+      sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
+      sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${toString cfg.port}";
+      };
+    };
+
+    # add to backups
+    modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
+  };
+}