From 93a7645d3f7355eec2f153f843fc91372592ebc1 Mon Sep 17 00:00:00 2001 From: Simon Gardling Date: Wed, 18 Feb 2026 03:06:06 -0500 Subject: [PATCH] feat(media): add arr stack (sonarr, radarr, bazarr, prowlarr, jellyseerr) --- configuration.nix | 7 +++++++ flake.nix | 30 ++++++++++++++++++++++++++++ services/bazarr.nix | 34 ++++++++++++++++++++++++++++++++ services/jellyseerr.nix | 43 +++++++++++++++++++++++++++++++++++++++++ services/prowlarr.nix | 26 +++++++++++++++++++++++++ services/radarr.nix | 36 ++++++++++++++++++++++++++++++++++ services/sonarr.nix | 42 ++++++++++++++++++++++++++++++++++++++++ 7 files changed, 218 insertions(+) create mode 100644 services/bazarr.nix create mode 100644 services/jellyseerr.nix create mode 100644 services/prowlarr.nix create mode 100644 services/radarr.nix create mode 100644 services/sonarr.nix diff --git a/configuration.nix b/configuration.nix index 07a1713..80b212e 100644 --- a/configuration.nix +++ b/configuration.nix @@ -32,6 +32,12 @@ ./services/jellyfin-qbittorrent-monitor.nix ./services/bitmagnet.nix + ./services/prowlarr.nix + ./services/sonarr.nix + ./services/radarr.nix + ./services/bazarr.nix + ./services/jellyseerr.nix + ./services/soulseek.nix ./services/ups.nix @@ -192,6 +198,7 @@ hostName = hostname; hostId = "0f712d56"; firewall.enable = true; + firewall.trustedInterfaces = [ "wg-br" ]; useDHCP = false; enableIPv6 = false; diff --git a/flake.nix b/flake.nix index 5d84f04..c71e3fe 100644 --- a/flake.nix +++ b/flake.nix @@ -125,6 +125,11 @@ ntfy = 2586; livekit = 7880; lk_jwt = 8081; + prowlarr = 9696; + sonarr = 8989; + radarr = 7878; + bazarr = 6767; + jellyseerr = 5055; }; https = { @@ -193,6 +198,31 @@ signalBackupDir = "/${zpool_ssds}/bak/signal"; grayjayBackupDir = "/${zpool_ssds}/bak/grayjay"; }; + + sonarr = { + dataDir = services_dir + "/sonarr"; + }; + + radarr = { + dataDir = services_dir + "/radarr"; + }; + + prowlarr = { + dataDir = services_dir + "/prowlarr"; + }; + + bazarr = { + dataDir = services_dir + "/bazarr"; + }; + + jellyseerr = { + configDir = services_dir + "/jellyseerr"; + }; + + media = { + moviesDir = torrents_path + "/media/movies"; + tvDir = torrents_path + "/media/tv"; + }; }; pkgs = import nixpkgs { diff --git a/services/bazarr.nix b/services/bazarr.nix new file mode 100644 index 0000000..c857ad6 --- /dev/null +++ b/services/bazarr.nix @@ -0,0 +1,34 @@ +{ + pkgs, + config, + service_configs, + lib, + ... +}: +{ + imports = [ + (lib.serviceMountWithZpool "bazarr" service_configs.zpool_ssds [ + service_configs.bazarr.dataDir + ]) + (lib.serviceMountWithZpool "bazarr" service_configs.zpool_hdds [ + service_configs.torrents_path + ]) + (lib.serviceFilePerms "bazarr" [ + "Z ${service_configs.bazarr.dataDir} 0700 ${config.services.bazarr.user} ${config.services.bazarr.group}" + ]) + ]; + + services.bazarr = { + enable = true; + listenPort = service_configs.ports.bazarr; + }; + + services.caddy.virtualHosts."bazarr.${service_configs.https.domain}".extraConfig = '' + import ${config.age.secrets.caddy_auth.path} + reverse_proxy :${builtins.toString service_configs.ports.bazarr} + ''; + + users.users.${config.services.bazarr.user}.extraGroups = [ + service_configs.media_group + ]; +} diff --git a/services/jellyseerr.nix b/services/jellyseerr.nix new file mode 100644 index 0000000..916eb8e --- /dev/null +++ b/services/jellyseerr.nix @@ -0,0 +1,43 @@ +{ + pkgs, + config, + service_configs, + lib, + ... +}: +{ + imports = [ + (lib.serviceMountWithZpool "jellyseerr" service_configs.zpool_ssds [ + service_configs.jellyseerr.configDir + ]) + (lib.serviceFilePerms "jellyseerr" [ + "Z ${service_configs.jellyseerr.configDir} 0700 jellyseerr jellyseerr" + ]) + ]; + + services.jellyseerr = { + enable = true; + port = service_configs.ports.jellyseerr; + configDir = service_configs.jellyseerr.configDir; + }; + + systemd.services.jellyseerr.serviceConfig = { + DynamicUser = lib.mkForce false; + User = "jellyseerr"; + Group = "jellyseerr"; + ReadWritePaths = [ service_configs.jellyseerr.configDir ]; + }; + + users.users.jellyseerr = { + isSystemUser = true; + group = "jellyseerr"; + home = service_configs.jellyseerr.configDir; + }; + + users.groups.jellyseerr = { }; + + services.caddy.virtualHosts."jellyseerr.${service_configs.https.domain}".extraConfig = '' + import ${config.age.secrets.caddy_auth.path} + reverse_proxy :${builtins.toString service_configs.ports.jellyseerr} + ''; +} diff --git a/services/prowlarr.nix b/services/prowlarr.nix new file mode 100644 index 0000000..c5e9c69 --- /dev/null +++ b/services/prowlarr.nix @@ -0,0 +1,26 @@ +{ + pkgs, + service_configs, + config, + lib, + ... +}: +{ + imports = [ + (lib.serviceMountWithZpool "prowlarr" service_configs.zpool_ssds [ + service_configs.prowlarr.dataDir + ]) + (lib.vpnNamespaceOpenPort service_configs.ports.prowlarr "prowlarr") + ]; + + services.prowlarr = { + enable = true; + dataDir = service_configs.prowlarr.dataDir; + settings.server.port = service_configs.ports.prowlarr; + }; + + services.caddy.virtualHosts."prowlarr.${service_configs.https.domain}".extraConfig = '' + import ${config.age.secrets.caddy_auth.path} + reverse_proxy ${config.vpnNamespaces.wg.namespaceAddress}:${builtins.toString service_configs.ports.prowlarr} + ''; +} diff --git a/services/radarr.nix b/services/radarr.nix new file mode 100644 index 0000000..fbd20e6 --- /dev/null +++ b/services/radarr.nix @@ -0,0 +1,36 @@ +{ + pkgs, + config, + service_configs, + lib, + ... +}: +{ + imports = [ + (lib.serviceMountWithZpool "radarr" service_configs.zpool_ssds [ + service_configs.radarr.dataDir + ]) + (lib.serviceMountWithZpool "radarr" service_configs.zpool_hdds [ + service_configs.torrents_path + ]) + (lib.serviceFilePerms "radarr" [ + "Z ${service_configs.radarr.dataDir} 0700 ${config.services.radarr.user} ${config.services.radarr.group}" + ]) + ]; + + services.radarr = { + enable = true; + dataDir = service_configs.radarr.dataDir; + settings.server.port = service_configs.ports.radarr; + settings.update.mechanism = "external"; + }; + + services.caddy.virtualHosts."radarr.${service_configs.https.domain}".extraConfig = '' + import ${config.age.secrets.caddy_auth.path} + reverse_proxy :${builtins.toString service_configs.ports.radarr} + ''; + + users.users.${config.services.radarr.user}.extraGroups = [ + service_configs.media_group + ]; +} diff --git a/services/sonarr.nix b/services/sonarr.nix new file mode 100644 index 0000000..ac3da89 --- /dev/null +++ b/services/sonarr.nix @@ -0,0 +1,42 @@ +{ + pkgs, + config, + service_configs, + lib, + ... +}: +{ + imports = [ + (lib.serviceMountWithZpool "sonarr" service_configs.zpool_ssds [ + service_configs.sonarr.dataDir + ]) + (lib.serviceMountWithZpool "sonarr" service_configs.zpool_hdds [ + service_configs.torrents_path + ]) + (lib.serviceFilePerms "sonarr" [ + "Z ${service_configs.sonarr.dataDir} 0700 ${config.services.sonarr.user} ${config.services.sonarr.group}" + ]) + ]; + + systemd.tmpfiles.rules = [ + "d /torrents/media 2775 root ${service_configs.media_group} -" + "d ${service_configs.media.tvDir} 2775 root ${service_configs.media_group} -" + "d ${service_configs.media.moviesDir} 2775 root ${service_configs.media_group} -" + ]; + + services.sonarr = { + enable = true; + dataDir = service_configs.sonarr.dataDir; + settings.server.port = service_configs.ports.sonarr; + settings.update.mechanism = "external"; + }; + + services.caddy.virtualHosts."sonarr.${service_configs.https.domain}".extraConfig = '' + import ${config.age.secrets.caddy_auth.path} + reverse_proxy :${builtins.toString service_configs.ports.sonarr} + ''; + + users.users.${config.services.sonarr.user}.extraGroups = [ + service_configs.media_group + ]; +}