diff --git a/configuration.nix b/configuration.nix index 410a496..4e29949 100644 --- a/configuration.nix +++ b/configuration.nix @@ -36,6 +36,7 @@ ./services/arr/sonarr.nix ./services/arr/radarr.nix ./services/arr/bazarr.nix + ./services/arr/jellyseerr.nix ./services/soulseek.nix diff --git a/flake.nix b/flake.nix index 5ad7173..2919f8f 100644 --- a/flake.nix +++ b/flake.nix @@ -129,6 +129,7 @@ sonarr = 8989; radarr = 7878; bazarr = 6767; + jellyseerr = 5055; }; https = { @@ -213,6 +214,10 @@ bazarr = { dataDir = services_dir + "/bazarr"; }; + + jellyseerr = { + configDir = services_dir + "/jellyseerr"; + }; }; pkgs = import nixpkgs { diff --git a/services/arr/jellyseerr.nix b/services/arr/jellyseerr.nix new file mode 100644 index 0000000..6433d04 --- /dev/null +++ b/services/arr/jellyseerr.nix @@ -0,0 +1,43 @@ +{ + pkgs, + config, + service_configs, + lib, + ... +}: +{ + imports = [ + (lib.serviceMountWithZpool "jellyseerr" service_configs.zpool_ssds [ + service_configs.jellyseerr.configDir + ]) + (lib.serviceFilePerms "jellyseerr" [ + "Z ${service_configs.jellyseerr.configDir} 0700 jellyseerr jellyseerr" + ]) + ]; + + services.jellyseerr = { + enable = true; + port = service_configs.ports.jellyseerr; + configDir = service_configs.jellyseerr.configDir; + }; + + systemd.services.jellyseerr.serviceConfig = { + DynamicUser = lib.mkForce false; + User = "jellyseerr"; + Group = "jellyseerr"; + ReadWritePaths = [ service_configs.jellyseerr.configDir ]; + }; + + users.users.jellyseerr = { + isSystemUser = true; + group = "jellyseerr"; + home = service_configs.jellyseerr.configDir; + }; + + users.groups.jellyseerr = { }; + + services.caddy.virtualHosts."jellyseerr.${service_configs.https.domain}".extraConfig = '' + # import ${config.age.secrets.caddy_auth.path} + reverse_proxy :${builtins.toString service_configs.ports.jellyseerr} + ''; +}