nixos-config/machines/orbi/media-arr.nix

{
  config,
  lib,
  pkgs,
  ...
}:
{
  networking.firewall.interfaces.wg0.allowedTCPPorts = [
    7878
    8989
    8686
  ];

  verify.closed.public.ports.arr = [
    7878
    8989
    8686
  ];
  verify.localCommands =
    let
      curl = lib.getExe pkgs.curl;
      grep = lib.getExe pkgs.gnugrep;

      command = domain: grepString: ''
        if ${curl} -s -o /dev/null -w "%{http_code}" ${domain} | ${grep} -q "200"; then
          if ${curl} -s ${domain} | ${grep} -q "${grepString}"; then
            echo "[ OK ] Die Seite hat Statuscode 200 und enthält den String '${grepString}'."
          else
            echo "[Fail] Der Statuscode ist 200, aber die Seite enthält den String '${grepString}' nicht."
          fi
        else
          echo "[Fail] Die Seite hat keinen Statuscode 200."
        fi
      '';
    in
    {
      sonarr = command "sonarr.ingolf-wagner.de" "Sonarr";
      radarr = command "radarr.ingolf-wagner.de" "Radarr";
    };

  # download series
  services.sonarr = {
    enable = true;
    group = "media";
    user = "media";
  };

  # download movies
  services.radarr = {
    enable = true;
    group = "media";
    user = "media";
  };

  # download music
  services.lidarr = {
    enable = true;
    group = "media";
    user = "media";
  };

  # better indexer apis
  services.prowlarr = {
    enable = true;
    #group = "media";
    #user = "media";
  };

  services.jellyseerr = {
    enable = true;
  };

  services.permown."/media/arr" = {
    owner = "media";
    group = "media";
    directory-mode = "770";
    file-mode = "770";
  };

  services.nginx.virtualHosts = {
    "radarr.${config.networking.hostName}.private" = {
      serverAliases = [ "radarr.ingolf-wagner.de" ];
      extraConfig = ''
        allow ${config.tinc.private.subnet};
        allow ${config.wireguard.wg0.subnet};
        deny all;
      '';
      locations."/" = {
        proxyPass = "http://localhost:7878";
        proxyWebsockets = true;
      };
    };
    "sonarr.${config.networking.hostName}.private" = {
      serverAliases = [ "sonarr.ingolf-wagner.de" ];
      extraConfig = ''
        allow ${config.tinc.private.subnet};
        allow ${config.wireguard.wg0.subnet};
        deny all;
      '';
      locations."/" = {
        proxyPass = "http://localhost:8989";
        proxyWebsockets = true;
      };
    };
    "lidarr.${config.networking.hostName}.private" = {
      serverAliases = [ "lidarr.ingolf-wagner.de" ];
      extraConfig = ''
        allow ${config.tinc.private.subnet};
        allow ${config.wireguard.wg0.subnet};
        deny all;
      '';
      locations."/" = {
        proxyPass = "http://localhost:8686";
        proxyWebsockets = true;
      };
    };
    "prowlarr.${config.networking.hostName}.private" = {
      extraConfig = ''
        allow ${config.tinc.private.subnet};
        deny all;
      '';
      locations."/" = {
        proxyPass = "http://localhost:9696";
        proxyWebsockets = true;
      };
    };
    "jellyseerr.${config.networking.hostName}.private" = {
      extraConfig = ''
        allow ${config.tinc.private.subnet};
        deny all;
      '';
      locations."/" = {
        proxyPass = "http://localhost:${toString config.services.jellyseerr.port}";
        proxyWebsockets = true;
      };
    };
  };

}
:white_check_mark: add some smoke tests. 2024-09-15 02:22:02 +02:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}:`
update robi and started with orbi 2023-12-09 17:15:50 +01:00			`{`
nix fmt 2024-08-29 03:26:04 +02:00			`networking.firewall.interfaces.wg0.allowedTCPPorts = [`
			`7878`
			`8989`
			`8686`
			`];`
update robi and started with orbi 2023-12-09 17:15:50 +01:00
:recycle: refactor the options interface 2024-09-14 01:02:32 +02:00			`verify.closed.public.ports.arr = [`
:construction: poc of rustscan script generator 2024-09-13 09:32:10 +02:00			`7878`
			`8989`
			`8686`
			`];`
:white_check_mark: add some smoke tests. 2024-09-15 02:22:02 +02:00			`verify.localCommands =`
			`let`
			`curl = lib.getExe pkgs.curl;`
			`grep = lib.getExe pkgs.gnugrep;`

			`command = domain: grepString: ''`
			`if ${curl} -s -o /dev/null -w "%{http_code}" ${domain} \| ${grep} -q "200"; then`
			`if ${curl} -s ${domain} \| ${grep} -q "${grepString}"; then`
			`echo "[ OK ] Die Seite hat Statuscode 200 und enthält den String '${grepString}'."`
			`else`
			`echo "[Fail] Der Statuscode ist 200, aber die Seite enthält den String '${grepString}' nicht."`
			`fi`
			`else`
			`echo "[Fail] Die Seite hat keinen Statuscode 200."`
			`fi`
			`'';`
			`in`
			`{`
			`sonarr = command "sonarr.ingolf-wagner.de" "Sonarr";`
			`radarr = command "radarr.ingolf-wagner.de" "Radarr";`
			`};`
:construction: poc of rustscan script generator 2024-09-13 09:32:10 +02:00
update robi and started with orbi 2023-12-09 17:15:50 +01:00			`# download series`
			`services.sonarr = {`
			`enable = true;`
			`group = "media";`
			`user = "media";`
			`};`

			`# download movies`
			`services.radarr = {`
			`enable = true;`
			`group = "media";`
			`user = "media";`
			`};`

add lidarr 2024-08-05 16:56:42 +02:00			`# download music`
			`services.lidarr = {`
			`enable = true;`
			`group = "media";`
			`user = "media";`
			`};`

update robi and started with orbi 2023-12-09 17:15:50 +01:00			`# better indexer apis`
			`services.prowlarr = {`
			`enable = true;`
			`#group = "media";`
			`#user = "media";`
			`};`

			`services.jellyseerr = {`
			`enable = true;`
			`};`

			`services.permown."/media/arr" = {`
			`owner = "media";`
			`group = "media";`
			`directory-mode = "770";`
			`file-mode = "770";`
			`};`

			`services.nginx.virtualHosts = {`
			`"radarr.${config.networking.hostName}.private" = {`
migrate media to orbi 2024-04-06 10:34:54 +02:00			`serverAliases = [ "radarr.ingolf-wagner.de" ];`
update robi and started with orbi 2023-12-09 17:15:50 +01:00			`extraConfig = ''`
			`allow ${config.tinc.private.subnet};`
migrate media to orbi 2024-04-06 10:34:54 +02:00			`allow ${config.wireguard.wg0.subnet};`
update robi and started with orbi 2023-12-09 17:15:50 +01:00			`deny all;`
			`'';`
			`locations."/" = {`
			`proxyPass = "http://localhost:7878";`
			`proxyWebsockets = true;`
			`};`
			`};`
			`"sonarr.${config.networking.hostName}.private" = {`
migrate media to orbi 2024-04-06 10:34:54 +02:00			`serverAliases = [ "sonarr.ingolf-wagner.de" ];`
update robi and started with orbi 2023-12-09 17:15:50 +01:00			`extraConfig = ''`
			`allow ${config.tinc.private.subnet};`
migrate media to orbi 2024-04-06 10:34:54 +02:00			`allow ${config.wireguard.wg0.subnet};`
update robi and started with orbi 2023-12-09 17:15:50 +01:00			`deny all;`
			`'';`
			`locations."/" = {`
			`proxyPass = "http://localhost:8989";`
			`proxyWebsockets = true;`
			`};`
			`};`
add lidarr 2024-08-05 16:56:42 +02:00			`"lidarr.${config.networking.hostName}.private" = {`
			`serverAliases = [ "lidarr.ingolf-wagner.de" ];`
			`extraConfig = ''`
			`allow ${config.tinc.private.subnet};`
			`allow ${config.wireguard.wg0.subnet};`
			`deny all;`
			`'';`
			`locations."/" = {`
			`proxyPass = "http://localhost:8686";`
			`proxyWebsockets = true;`
			`};`
			`};`
update robi and started with orbi 2023-12-09 17:15:50 +01:00			`"prowlarr.${config.networking.hostName}.private" = {`
			`extraConfig = ''`
			`allow ${config.tinc.private.subnet};`
			`deny all;`
			`'';`
			`locations."/" = {`
			`proxyPass = "http://localhost:9696";`
			`proxyWebsockets = true;`
			`};`
			`};`
			`"jellyseerr.${config.networking.hostName}.private" = {`
			`extraConfig = ''`
			`allow ${config.tinc.private.subnet};`
			`deny all;`
			`'';`
			`locations."/" = {`
			`proxyPass = "http://localhost:${toString config.services.jellyseerr.port}";`
			`proxyWebsockets = true;`
			`};`
			`};`
			`};`

			`}`