nixos-config/machines/orbi/media-arr.nix
2024-09-15 07:22:02 +07:00

139 lines
3.2 KiB
Nix

{
config,
lib,
pkgs,
...
}:
{
networking.firewall.interfaces.wg0.allowedTCPPorts = [
7878
8989
8686
];
verify.closed.public.ports.arr = [
7878
8989
8686
];
verify.localCommands =
let
curl = lib.getExe pkgs.curl;
grep = lib.getExe pkgs.gnugrep;
command = domain: grepString: ''
if ${curl} -s -o /dev/null -w "%{http_code}" ${domain} | ${grep} -q "200"; then
if ${curl} -s ${domain} | ${grep} -q "${grepString}"; then
echo "[ OK ] Die Seite hat Statuscode 200 und enthält den String '${grepString}'."
else
echo "[Fail] Der Statuscode ist 200, aber die Seite enthält den String '${grepString}' nicht."
fi
else
echo "[Fail] Die Seite hat keinen Statuscode 200."
fi
'';
in
{
sonarr = command "sonarr.ingolf-wagner.de" "Sonarr";
radarr = command "radarr.ingolf-wagner.de" "Radarr";
};
# download series
services.sonarr = {
enable = true;
group = "media";
user = "media";
};
# download movies
services.radarr = {
enable = true;
group = "media";
user = "media";
};
# download music
services.lidarr = {
enable = true;
group = "media";
user = "media";
};
# better indexer apis
services.prowlarr = {
enable = true;
#group = "media";
#user = "media";
};
services.jellyseerr = {
enable = true;
};
services.permown."/media/arr" = {
owner = "media";
group = "media";
directory-mode = "770";
file-mode = "770";
};
services.nginx.virtualHosts = {
"radarr.${config.networking.hostName}.private" = {
serverAliases = [ "radarr.ingolf-wagner.de" ];
extraConfig = ''
allow ${config.tinc.private.subnet};
allow ${config.wireguard.wg0.subnet};
deny all;
'';
locations."/" = {
proxyPass = "http://localhost:7878";
proxyWebsockets = true;
};
};
"sonarr.${config.networking.hostName}.private" = {
serverAliases = [ "sonarr.ingolf-wagner.de" ];
extraConfig = ''
allow ${config.tinc.private.subnet};
allow ${config.wireguard.wg0.subnet};
deny all;
'';
locations."/" = {
proxyPass = "http://localhost:8989";
proxyWebsockets = true;
};
};
"lidarr.${config.networking.hostName}.private" = {
serverAliases = [ "lidarr.ingolf-wagner.de" ];
extraConfig = ''
allow ${config.tinc.private.subnet};
allow ${config.wireguard.wg0.subnet};
deny all;
'';
locations."/" = {
proxyPass = "http://localhost:8686";
proxyWebsockets = true;
};
};
"prowlarr.${config.networking.hostName}.private" = {
extraConfig = ''
allow ${config.tinc.private.subnet};
deny all;
'';
locations."/" = {
proxyPass = "http://localhost:9696";
proxyWebsockets = true;
};
};
"jellyseerr.${config.networking.hostName}.private" = {
extraConfig = ''
allow ${config.tinc.private.subnet};
deny all;
'';
locations."/" = {
proxyPass = "http://localhost:${toString config.services.jellyseerr.port}";
proxyWebsockets = true;
};
};
};
}