77 lines
1.9 KiB
Nix
77 lines
1.9 KiB
Nix
{ pkgs, config, lib, ... }:
|
|
|
|
let
|
|
cfg = config.modules.services.prowlarr;
|
|
ids = 2004;
|
|
default_port = 9696;
|
|
data_dir = "/var/lib/prowlarr";
|
|
in
|
|
{
|
|
options.modules.services.prowlarr = {
|
|
enable = lib.mkEnableOption "enables prowlarr";
|
|
|
|
# set port options
|
|
port = lib.mkOption {
|
|
type = lib.types.int;
|
|
default = cfg.default_port;
|
|
description = "set port for prowlarr (default: ${toString default_port}";
|
|
};
|
|
|
|
backup = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = true;
|
|
description = "enable backups for prowlarr";
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
|
|
# declare prowlarr group
|
|
users.groups.prowlarr = { gid = ids; };
|
|
|
|
# declare prowlarr user
|
|
users.users.prowlarr = {
|
|
description = "prowlarr server user";
|
|
uid = ids;
|
|
isSystemUser = true;
|
|
home = "/var/lib/prowlarr";
|
|
createHome = true;
|
|
group = "prowlarr";
|
|
extraGroups = [ "media" ];
|
|
};
|
|
|
|
# enable the prowlarr service
|
|
services.prowlarr = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
settings = {
|
|
server.port = cfg.port;
|
|
};
|
|
};
|
|
|
|
# override umask to make permissions work out
|
|
systemd.services.prowlarr.serviceConfig = {
|
|
UMask = lib.mkForce "0007";
|
|
User = "prowlarr";
|
|
Group = "prowlarr";
|
|
};
|
|
|
|
# # open firewall
|
|
# networking.firewall.allowedTCPPorts = [ cfg.port ];
|
|
|
|
# internal reverse proxy entry
|
|
services.nginx.virtualHosts."prowlarr.snowbelle.lan" = {
|
|
enableACME = false;
|
|
forceSSL = true;
|
|
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
|
|
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:${toString cfg.port}";
|
|
};
|
|
};
|
|
|
|
# add to backups
|
|
modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
|
|
};
|
|
}
|