From 7e045b5eb1e3673f13e1d18c62ee4792e38e93a4 Mon Sep 17 00:00:00 2001
From: Simon Gardling <titaniumtown@proton.me>
Date: Thu, 19 Feb 2026 18:26:21 -0500
Subject: [PATCH] prowlarr: init

---
 configuration.nix         | 12 ++++++++++++
 flake.nix                 |  5 +++++
 services/arr/prowlarr.nix | 26 ++++++++++++++++++++++++++
 3 files changed, 43 insertions(+)
 create mode 100644 services/arr/prowlarr.nix

diff --git a/configuration.nix b/configuration.nix
index 07a1713..36ead2d 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -19,6 +19,7 @@
     ./modules/secureboot.nix
     ./modules/no-rgb.nix
     ./modules/security.nix
+    ./modules/arr-init.nix
 
     ./services/postgresql.nix
     ./services/jellyfin.nix
@@ -32,6 +33,16 @@
     ./services/jellyfin-qbittorrent-monitor.nix
     ./services/bitmagnet.nix
 
+    ./services/arr/prowlarr.nix
+
+    ./services/arr/prowlarr.nix
+    ./services/arr/sonarr.nix
+    ./services/arr/radarr.nix
+    ./services/arr/bazarr.nix
+    ./services/arr/jellyseerr.nix
+    ./services/arr/recyclarr.nix
+    ./services/arr/init.nix
+
     ./services/soulseek.nix
 
     ./services/ups.nix
@@ -192,6 +203,7 @@
     hostName = hostname;
     hostId = "0f712d56";
     firewall.enable = true;
+    firewall.trustedInterfaces = [ "wg-br" ];
     useDHCP = false;
     enableIPv6 = false;
 
diff --git a/flake.nix b/flake.nix
index 5d84f04..4b55d0c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -125,6 +125,7 @@
           ntfy = 2586;
           livekit = 7880;
           lk_jwt = 8081;
+          prowlarr = 9696;
         };
 
         https = {
@@ -192,6 +193,10 @@
           dataDir = services_dir + "/syncthing";
           signalBackupDir = "/${zpool_ssds}/bak/signal";
           grayjayBackupDir = "/${zpool_ssds}/bak/grayjay";
+
+        prowlarr = {
+          dataDir = services_dir + "/prowlarr";
+        };
         };
       };
 
diff --git a/services/arr/prowlarr.nix b/services/arr/prowlarr.nix
new file mode 100644
index 0000000..c5e9c69
--- /dev/null
+++ b/services/arr/prowlarr.nix
@@ -0,0 +1,26 @@
+{
+  pkgs,
+  service_configs,
+  config,
+  lib,
+  ...
+}:
+{
+  imports = [
+    (lib.serviceMountWithZpool "prowlarr" service_configs.zpool_ssds [
+      service_configs.prowlarr.dataDir
+    ])
+    (lib.vpnNamespaceOpenPort service_configs.ports.prowlarr "prowlarr")
+  ];
+
+  services.prowlarr = {
+    enable = true;
+    dataDir = service_configs.prowlarr.dataDir;
+    settings.server.port = service_configs.ports.prowlarr;
+  };
+
+  services.caddy.virtualHosts."prowlarr.${service_configs.https.domain}".extraConfig = ''
+    import ${config.age.secrets.caddy_auth.path}
+    reverse_proxy ${config.vpnNamespaces.wg.namespaceAddress}:${builtins.toString service_configs.ports.prowlarr}
+  '';
+}