nixos-config/machines/orbi/media-arr.nix
2024-09-16 07:06:03 +07:00

129 lines
2.7 KiB
Nix

{
config,
lib,
pkgs,
...
}:
{
networking.firewall.interfaces.wg0.allowedTCPPorts = [
7878
8989
8686
];
verify.closed.public.ports.arr = [
7878
8989
8686
];
verify.http = {
sonarr = {
url = "sonarr.ingolf-wagner.de";
expectedContent = "Sonarr";
};
radarr = {
url = "radarr.ingolf-wagner.de";
expectedContent = "Radarr";
};
};
# download series
services.sonarr = {
enable = true;
group = "media";
user = "media";
};
# download movies
services.radarr = {
enable = true;
group = "media";
user = "media";
};
# download music
services.lidarr = {
enable = true;
group = "media";
user = "media";
};
# better indexer apis
services.prowlarr = {
enable = true;
#group = "media";
#user = "media";
};
services.jellyseerr = {
enable = true;
};
services.permown."/media/arr" = {
owner = "media";
group = "media";
directory-mode = "770";
file-mode = "770";
};
services.nginx.virtualHosts = {
"radarr.${config.networking.hostName}.private" = {
serverAliases = [ "radarr.ingolf-wagner.de" ];
extraConfig = ''
allow ${config.tinc.private.subnet};
allow ${config.wireguard.wg0.subnet};
deny all;
'';
locations."/" = {
proxyPass = "http://localhost:7878";
proxyWebsockets = true;
};
};
"sonarr.${config.networking.hostName}.private" = {
serverAliases = [ "sonarr.ingolf-wagner.de" ];
extraConfig = ''
allow ${config.tinc.private.subnet};
allow ${config.wireguard.wg0.subnet};
deny all;
'';
locations."/" = {
proxyPass = "http://localhost:8989";
proxyWebsockets = true;
};
};
"lidarr.${config.networking.hostName}.private" = {
serverAliases = [ "lidarr.ingolf-wagner.de" ];
extraConfig = ''
allow ${config.tinc.private.subnet};
allow ${config.wireguard.wg0.subnet};
deny all;
'';
locations."/" = {
proxyPass = "http://localhost:8686";
proxyWebsockets = true;
};
};
"prowlarr.${config.networking.hostName}.private" = {
extraConfig = ''
allow ${config.tinc.private.subnet};
deny all;
'';
locations."/" = {
proxyPass = "http://localhost:9696";
proxyWebsockets = true;
};
};
"jellyseerr.${config.networking.hostName}.private" = {
extraConfig = ''
allow ${config.tinc.private.subnet};
deny all;
'';
locations."/" = {
proxyPass = "http://localhost:${toString config.services.jellyseerr.port}";
proxyWebsockets = true;
};
};
};
}