add bazarr

add flaresolverr
80 current 2025-10-08 10:53:26 25.05.20251001.5b5be50 6.12.49 *
2025-10-08 11:06:57 -05:00 · 2025-10-08 11:06:45 -05:00 · 2025-10-08 11:01:11 -05:00 · 2025-10-08 10:54:27 -05:00 · 2025-10-08 10:53:28 -05:00 · 2025-10-08 10:52:48 -05:00
9 changed files with 253 additions and 24 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -1,6 +1,6 @@
 # flake for blakes nixos config
 # define new devices in outputs
-# generation: 77 current  2025-10-08 00:10:23  25.05.20251001.5b5be50  6.12.49                          *
+# generation: 80 current  2025-10-08 10:53:26  25.05.20251001.5b5be50  6.12.49                          *
 {
  description = "blakes nix config";
  inputs = {
--- a/hosts/snowbelle/configuration.nix
+++ b/hosts/snowbelle/configuration.nix
@@ -32,10 +32,10 @@
      jellyfin.enable = true;
      vaultwarden.enable = true;
      gitea.enable = true;
-      sonarr.enable = true;
-      sonarr.port = 7105;
      prowlarr.enable = true;
-      prowlarr.port = 7104;
+      radarr.enable = true;
+      sonarr.enable = true;
+      flaresolverr.enable = true;
    };
  };

@@ -70,6 +70,7 @@
  # package install list
  environment.systemPackages = with pkgs; [
    vim 
+    lf
    rsync
    wget
    git
@@ -78,7 +79,6 @@
    neofetch
    btop
    age
-    nvidia-container-toolkit
  ];


@@ -111,10 +111,10 @@
    7102    # srv - yacreader
    7103    # srv - qbittorrent
    7104    # srv - prowlarr
-    7105    # srv - sonarr
-    7106    # srv - radarr
-    7107    # srv - bazarr
-    7108    # srv - flaresolverr
+    7105    # srv - flaresolverr
+    7106    # srv - bazarr
+    7107    # srv - sonarr
+    7108    # srv - radarr
    5701    # srv - archivebox
    7502    # srv - kiwix
    7567    # srv - gitea ssh
--- a/modules/homelab/services/arr/bazarr/default.nix
+++ b/modules/homelab/services/arr/bazarr/default.nix
@@ -0,0 +1,75 @@
+{ pkgs, config, lib, ... }:
+
+let
+  cfg = config.modules.services.bazarr;
+  ids = 2706;
+  default_port = 6767;
+  data_dir = "/var/lib/bazarr";
+in
+{
+  options.modules.services.bazarr = {
+    enable = lib.mkEnableOption "enables bazarr";
+
+    # set port options
+    port = lib.mkOption {
+      type = lib.types.int;
+      default = 7106;
+      description = "set port for bazarr (default: ${toString default_port}";
+    };
+
+    backup = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "enable backups for bazarr";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    
+    # declare bazarr group
+    users.groups.bazarr = { gid = ids; };
+
+    # declare bazarr user
+    users.users.bazarr = {
+      description = "bazarr server user";
+      uid = ids;
+      isSystemUser = true;
+      home = "/var/lib/bazarr";
+      createHome = false;
+      group = "bazarr";
+      extraGroups = [ "media" ];
+    };
+
+    # enable the bazarr service
+    services.bazarr = {
+      enable = true;
+      openFirewall = true;
+      user = "bazarr";
+      group = "bazarr";
+      dataDir = data_dir;
+      listenPort = cfg.port;
+    };
+
+    # override systemd service
+    systemd.services.bazarr.serviceConfig = {
+      UMask = lib.mkForce "0007";
+    };
+
+#    # open firewall
+#    networking.firewall.allowedTCPPorts = [ cfg.port ];
+
+    # internal reverse proxy entry
+    services.nginx.virtualHosts."bazarr.snowbelle.lan" = {
+      enableACME = false;
+      forceSSL = true;
+      sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
+      sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${toString cfg.port}";
+      };
+    };
+
+     # add to backups
+     modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
+  };
+}
--- a/modules/homelab/services/arr/flaresolverr/default.nix
+++ b/modules/homelab/services/arr/flaresolverr/default.nix
@@ -0,0 +1,72 @@
+{ pkgs, config, lib, ... }:
+
+let
+  cfg = config.modules.services.flaresolverr;
+  ids = 2008;
+  default_port = 8189;
+  data_dir = null;  # flaresolverr has no persistence
+in
+{
+  options.modules.services.flaresolverr = {
+    enable = lib.mkEnableOption "enables flaresolverr";
+
+    # set port options
+    port = lib.mkOption {
+      type = lib.types.int;
+      default = 7105;
+      description = "set port for flaresolverr (default: ${toString default_port}";
+    };
+
+    backup = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "enable backups for flaresolverr";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    
+    # declare flaresolverr group
+    users.groups.flaresolverr = { gid = ids; };
+
+    # declare flaresolverr user
+    users.users.flaresolverr = {
+      description = "flaresolverr server user";
+      uid = ids;
+      isSystemUser = true;
+      createHome = false;
+      group = "flaresolverr";
+      extraGroups = [];
+    };
+
+    # enable the flaresolverr service
+    services.flaresolverr = {
+      enable = true;
+      openFirewall = true;
+      port = cfg.port;
+    };
+
+    # override umask to make permissions work out
+    systemd.services.flaresolverr.serviceConfig = { 
+      User = "flaresolverr";
+      Group = "flaresolverr";
+      };
+
+#    # open firewall
+#    networking.firewall.allowedTCPPorts = [ cfg.port ];
+
+    # internal reverse proxy entry
+    services.nginx.virtualHosts."flaresolverr.snowbelle.lan" = {
+      enableACME = false;
+      forceSSL = true;
+      sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
+      sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${toString cfg.port}";
+      };
+    };
+
+     # add to backups
+     modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
+  };
+}
--- a/modules/homelab/services/arr/prowlarr/default.nix
+++ b/modules/homelab/services/arr/prowlarr/default.nix
@@ -13,7 +13,7 @@ in
    # set port options
    port = lib.mkOption {
      type = lib.types.int;
-      default = default_port;
+      default = 7104;
      description = "set port for prowlarr (default: ${toString default_port}";
    };

--- a/modules/homelab/services/arr/radarr/default.nix
+++ b/modules/homelab/services/arr/radarr/default.nix
@@ -0,0 +1,75 @@
+{ pkgs, config, lib, ... }:
+
+let
+  cfg = config.modules.services.radarr;
+  ids = lib.mkForce 2006;
+  default_port = 7878;
+  data_dir = "/var/lib/radarr";
+in
+{
+  options.modules.services.radarr = {
+    enable = lib.mkEnableOption "enables radarr";
+
+    # set port options
+    port = lib.mkOption {
+      type = lib.types.int;
+      default = 7108;
+      description = "set port for radarr (default: ${toString default_port}";
+    };
+
+    backup = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "enable backups for radarr";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    
+    # declare radarr group
+    users.groups.radarr = { gid = ids; };
+
+    # declare radarr user
+    users.users.radarr = {
+      description = "radarr server user";
+      uid = ids;
+      isSystemUser = true;
+      home = "/var/lib/radarr";
+      createHome = true;
+      group = "radarr";
+      extraGroups = [ "media" ];
+    };
+
+    # enable the radarr service
+    services.radarr = {
+      enable = true;
+      openFirewall = true;
+      user = "radarr";
+      group = "radarr";
+      dataDir = data_dir;
+      settings = {
+        server.port = cfg.port;
+      };
+    };
+
+    # override umask to make permissions work out
+    systemd.services.radarr.serviceConfig = { UMask = lib.mkForce "0007"; };
+
+#    # open firewall
+#    networking.firewall.allowedTCPPorts = [ cfg.port ];
+
+    # internal reverse proxy entry
+    services.nginx.virtualHosts."radarr.snowbelle.lan" = {
+      enableACME = false;
+      forceSSL = true;
+      sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
+      sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${toString cfg.port}";
+      };
+    };
+
+    # add to backups
+     modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
+    };
+}
--- a/modules/homelab/services/arr/sonarr/default.nix
+++ b/modules/homelab/services/arr/sonarr/default.nix
@@ -12,7 +12,7 @@ in

    port = lib.mkOption {
      type = lib.types.int;
-      default = default_port;
+      default = 7107;
      description = "set port for sonarr (${toString default_port})";
    };

--- a/modules/homelab/services/default.nix
+++ b/modules/homelab/services/default.nix
@@ -9,6 +9,8 @@
    ./gitea/default.nix
    ./arr/prowlarr/default.nix
    ./arr/sonarr/default.nix
+    ./arr/radarr/default.nix
+    ./arr/flaresolverr/default.nix
  ];


@@ -17,4 +19,6 @@
  modules.services.gitea.enable = lib.mkDefault false;
  modules.services.prowlarr.enable = lib.mkDefault false;
  modules.services.sonarr.enable = lib.mkDefault false;
+  modules.services.radarr.enable = lib.mkDefault false;
+  modules.services.flaresolverr.enable = lib.mkDefault false;
 }
--- a/modules/homelab/services/default.nix.template
+++ b/modules/homelab/services/default.nix.template
@@ -13,7 +13,7 @@ in
    # set port options
    port = lib.mkOption {
      type = lib.types.int;
-      default = default_port;
+      default = <port>;
      description = "set port for <service_name> (default: ${toString default_port}";
    };

@@ -53,7 +53,11 @@ in
    };

    # override umask to make permissions work out
-    systemd.services.<service_name>.serviceConfig = { UMask = lib.mkForce "0007"; };
+    systemd.services.<service_name>.serviceConfig = {
+      UMask = lib.mkForce "0007";
+#      User = "<service_name>";
+#      Group = "<service_name>";
+    };

 #    # open firewall
 #    networking.firewall.allowedTCPPorts = [ cfg.port ];
@@ -68,16 +72,16 @@ in
        proxyPass = "http://127.0.0.1:${toString cfg.port}";
      };
    };
-     # external reverse proxy entry
-     services.nginx.virtualHosts."<service_name>.blakedheld.xyz" = {
-      enableACME = false;
-      forceSSL = true;
-      sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
-      sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:${toString cfg.port}";
-      };
-    };
+#     # external reverse proxy entry
+#     services.nginx.virtualHosts."<service_name>.blakedheld.xyz" = {
+#      enableACME = false;
+#      forceSSL = true;
+#      sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
+#      sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
+#      locations."/" = {
+#        proxyPass = "http://127.0.0.1:${toString cfg.port}";
+#      };
+#    };

    sops.secrets = {
      "<service_name>_" = {
@@ -89,5 +93,4 @@ in
     # add to backups
     modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
  };
-  };
 }
Author	SHA1	Message	Date
blake	50601eba60	add bazarr	2025-10-08 11:06:57 -05:00
blake	9415ada261	add flaresolverr	2025-10-08 11:06:45 -05:00
blake	0229b200ea	80 current 2025-10-08 10:53:26 25.05.20251001.5b5be50 6.12.49 *	2025-10-08 11:01:11 -05:00
blake	f3e024cefc	add flaresolverr	2025-10-08 10:54:27 -05:00
blake	ae8894372a	79 current 2025-10-08 00:28:08 25.05.20251001.5b5be50 6.12.49 *	2025-10-08 10:53:28 -05:00
blake	57977e72cd	79 current 2025-10-08 00:28:08 25.05.20251001.5b5be50 6.12.49 *	2025-10-08 10:52:48 -05:00
blake	c43605f627	79 current 2025-10-08 00:28:08 25.05.20251001.5b5be50 6.12.49 *	2025-10-08 10:52:06 -05:00
blake	f80ed87358	add flaresolverr	2025-10-08 10:49:53 -05:00
blake	8bb1fe39b8	refactored port layout	2025-10-08 10:49:38 -05:00
blake	dcc1b675bb	79 current 2025-10-08 00:28:08 25.05.20251001.5b5be50 6.12.49 *	2025-10-08 00:41:39 -05:00
blake	5c5851a48d	78 current 2025-10-08 00:16:03 25.05.20251001.5b5be50 6.12.49 *	2025-10-08 00:28:11 -05:00
blake	e7f072c3d2	78 current 2025-10-08 00:16:03 25.05.20251001.5b5be50 6.12.49 *	2025-10-08 00:26:55 -05:00
blake	7a47bbcd46	add radarr	2025-10-08 00:25:53 -05:00
blake	bf3b8b3270	78 current 2025-10-08 00:16:03 25.05.20251001.5b5be50 6.12.49 *	2025-10-08 00:25:27 -05:00