qbittorrent: enable queueing and AutoTMM

modules/arr-init.nix

@@ -6,6 +6,7 @@
 }:
 let
   cfg = config.services.arrInit;
+  bazarrCfg = config.services.bazarrInit;
 
   downloadClientModule = lib.types.submodule {
     options = {
@@ -53,6 +54,69 @@ let
     };
   };
 
+  syncedAppModule = lib.types.submodule {
+    options = {
+      name = lib.mkOption {
+        type = lib.types.str;
+        description = "Display name of the application to sync (e.g. \"Sonarr\").";
+        example = "Sonarr";
+      };
+
+      implementation = lib.mkOption {
+        type = lib.types.str;
+        description = "Implementation identifier for the Prowlarr application API.";
+        example = "Sonarr";
+      };
+
+      configContract = lib.mkOption {
+        type = lib.types.str;
+        description = "Config contract identifier for the Prowlarr application API.";
+        example = "SonarrSettings";
+      };
+
+      syncLevel = lib.mkOption {
+        type = lib.types.str;
+        default = "fullSync";
+        description = "Sync level for the application.";
+      };
+
+      prowlarrUrl = lib.mkOption {
+        type = lib.types.str;
+        description = "URL of the Prowlarr instance.";
+        example = "http://localhost:9696";
+      };
+
+      baseUrl = lib.mkOption {
+        type = lib.types.str;
+        description = "URL of the target application.";
+        example = "http://localhost:8989";
+      };
+
+      apiKeyFrom = lib.mkOption {
+        type = lib.types.str;
+        description = "Path to the config.xml file to read the API key from at runtime.";
+        example = "/services/sonarr/config.xml";
+      };
+
+      syncCategories = lib.mkOption {
+        type = lib.types.listOf lib.types.int;
+        default = [ ];
+        description = "List of sync category IDs for the application.";
+        example = [
+          5000
+          5010
+          5020
+        ];
+      };
+
+      serviceName = lib.mkOption {
+        type = lib.types.str;
+        description = "Name of the systemd service to depend on for reading the API key.";
+        example = "sonarr";
+      };
+    };
+  };
+
   instanceModule = lib.types.submodule {
     options = {
       enable = lib.mkEnableOption "Servarr application API initialization";
@@ -81,6 +145,12 @@ let
         description = "API version string used in the base URL.";
       };
 
+      networkNamespacePath = lib.mkOption {
+        type = lib.types.nullOr lib.types.str;
+        default = null;
+        description = "If set, run this init service inside the given network namespace path (e.g. /run/netns/wg).";
+      };
+
       downloadClients = lib.mkOption {
         type = lib.types.listOf downloadClientModule;
         default = [ ];
@@ -96,6 +166,70 @@ let
           "/media/movies"
         ];
       };
+
+      syncedApps = lib.mkOption {
+        type = lib.types.listOf syncedAppModule;
+        default = [ ];
+        description = "Applications to register for indexer sync (Prowlarr only).";
+      };
+    };
+  };
+
+  bazarrProviderModule = lib.types.submodule {
+    options = {
+      enable = lib.mkEnableOption "provider connection";
+
+      dataDir = lib.mkOption {
+        type = lib.types.str;
+        description = "Path to the provider's data directory containing config.xml.";
+        example = "/services/sonarr";
+      };
+
+      port = lib.mkOption {
+        type = lib.types.port;
+        description = "API port of the provider.";
+        example = 8989;
+      };
+
+      serviceName = lib.mkOption {
+        type = lib.types.str;
+        description = "Name of the systemd service to depend on.";
+        example = "sonarr";
+      };
+    };
+  };
+
+  bazarrInitModule = lib.types.submodule {
+    options = {
+      enable = lib.mkEnableOption "Bazarr API initialization";
+
+      dataDir = lib.mkOption {
+        type = lib.types.str;
+        description = "Path to Bazarr's data directory containing config/config.ini.";
+        example = "/services/bazarr";
+      };
+
+      port = lib.mkOption {
+        type = lib.types.port;
+        default = 6767;
+        description = "API port of Bazarr.";
+      };
+
+      sonarr = lib.mkOption {
+        type = bazarrProviderModule;
+        default = {
+          enable = false;
+        };
+        description = "Sonarr provider configuration.";
+      };
+
+      radarr = lib.mkOption {
+        type = bazarrProviderModule;
+        default = {
+          enable = false;
+        };
+        description = "Radarr provider configuration.";
+      };
     };
   };
 
@@ -151,6 +285,45 @@ let
     fi
   '';
 
+  mkSyncedAppSection = app: ''
+    # Synced app: ${app.name}
+    echo "Checking synced app '${app.name}'..."
+    TARGET_API_KEY=$(${grep} -oP '(?<=<ApiKey>)[^<]+' ${lib.escapeShellArg app.apiKeyFrom})
+    EXISTING_APPS=$(${curl} -sf "$BASE_URL/applications" -H "X-Api-Key: $API_KEY")
+    if echo "$EXISTING_APPS" | ${jq} -e --arg name ${lib.escapeShellArg app.name} '.[] | select(.name == $name)' > /dev/null 2>&1; then
+      echo "Synced app '${app.name}' already exists, skipping"
+    else
+      echo "Adding synced app '${app.name}'..."
+      PAYLOAD=$(${jq} -n \
+        --arg name ${lib.escapeShellArg app.name} \
+        --arg implementation ${lib.escapeShellArg app.implementation} \
+        --arg configContract ${lib.escapeShellArg app.configContract} \
+        --arg syncLevel ${lib.escapeShellArg app.syncLevel} \
+        --arg prowlarrUrl ${lib.escapeShellArg app.prowlarrUrl} \
+        --arg baseUrl ${lib.escapeShellArg app.baseUrl} \
+        --arg apiKey "$TARGET_API_KEY" \
+        --argjson syncCategories ${builtins.toJSON app.syncCategories} \
+        '{
+          name: $name,
+          implementation: $implementation,
+          configContract: $configContract,
+          syncLevel: $syncLevel,
+          fields: [
+            {name: "prowlarrUrl", value: $prowlarrUrl},
+            {name: "baseUrl", value: $baseUrl},
+            {name: "apiKey", value: $apiKey},
+            {name: "syncCategories", value: $syncCategories}
+          ],
+          tags: []
+        }')
+      ${curl} -sf -X POST "$BASE_URL/applications?forceSave=true" \
+        -H "X-Api-Key: $API_KEY" \
+        -H "Content-Type: application/json" \
+        -d "$PAYLOAD"
+      echo "Synced app '${app.name}' added"
+    fi
+  '';
+
   mkInitScript =
     name: inst:
     pkgs.writeShellScript "${name}-init" ''
@@ -182,11 +355,78 @@ let
 
       ${lib.concatMapStringsSep "\n" mkDownloadClientSection inst.downloadClients}
       ${lib.concatMapStringsSep "\n" mkRootFolderSection inst.rootFolders}
+      ${lib.concatMapStringsSep "\n" mkSyncedAppSection inst.syncedApps}
 
       echo "${name} init complete"
     '';
 
+  # Get list of service names that syncedApps depend on
+  getSyncedAppDeps = inst: map (app: "${app.serviceName}.service") inst.syncedApps;
+
   enabledInstances = lib.filterAttrs (_: inst: inst.enable) cfg;
+
+  mkBazarrProviderSection = type: provider: ''
+    # ${type} provider
+    echo "Checking ${type} provider..."
+    PROVIDER_API_KEY=$(${grep} -oP '(?<=<ApiKey>)[^<]+' ${lib.escapeShellArg "${provider.dataDir}/config.xml"})
+    EXISTING=$(${curl} -sf "$BASE_URL/api/${lib.toLower type}" -H "X-API-KEY: $API_KEY")
+    if echo "$EXISTING" | ${jq} -e '. | length > 0' > /dev/null 2>&1; then
+      echo "${type} provider already configured, skipping"
+    else
+      echo "Adding ${type} provider..."
+      PAYLOAD=$(${jq} -n \
+        --arg ip "localhost" \
+        --argjson port ${builtins.toString provider.port} \
+        --arg apikey "$PROVIDER_API_KEY" \
+        --argjson ssl false \
+        --arg base_url "/" \
+        '{ip: $ip, port: $port, apikey: $apikey, ssl: $ssl, base_url: $base_url}')
+      ${curl} -sf -X POST "$BASE_URL/api/${lib.toLower type}" \
+        -H "X-API-KEY: $API_KEY" \
+        -H "Content-Type: application/json" \
+        -d "$PAYLOAD"
+      echo "${type} provider added"
+    fi
+  '';
+
+  mkBazarrInitScript = pkgs.writeShellScript "bazarr-init" ''
+    set -euo pipefail
+
+    CONFIG_INI="${bazarrCfg.dataDir}/config/config.ini"
+
+    if [ ! -f "$CONFIG_INI" ]; then
+      echo "Config file $CONFIG_INI not found, skipping bazarr init"
+      exit 0
+    fi
+
+    API_KEY=$(${grep} -oP '(?<=apikey = )[^\n]+' "$CONFIG_INI")
+    BASE_URL="http://localhost:${builtins.toString bazarrCfg.port}"
+
+    # Wait for API to become available
+    echo "Waiting for Bazarr API..."
+    for i in $(seq 1 90); do
+      if ${curl} -sf "$BASE_URL/api/system/status" -H "X-API-KEY: $API_KEY" > /dev/null 2>&1; then
+        echo "Bazarr API is ready"
+        break
+      fi
+      if [ "$i" -eq 90 ]; then
+        echo "Bazarr API not available after 90 seconds" >&2
+        exit 1
+      fi
+      sleep 1
+    done
+
+    ${lib.optionalString bazarrCfg.sonarr.enable (mkBazarrProviderSection "Sonarr" bazarrCfg.sonarr)}
+    ${lib.optionalString bazarrCfg.radarr.enable (mkBazarrProviderSection "Radarr" bazarrCfg.radarr)}
+
+    echo "Bazarr init complete"
+  '';
+
+  bazarrDeps = [
+    "bazarr.service"
+  ]
+  ++ (lib.optional bazarrCfg.sonarr.enable "${bazarrCfg.sonarr.serviceName}.service")
+  ++ (lib.optional bazarrCfg.radarr.enable "${bazarrCfg.radarr.serviceName}.service");
 in
 {
   options.services.arrInit = lib.mkOption {
@@ -195,24 +435,54 @@ in
     description = ''
       Attribute set of Servarr application instances to initialize via their APIs.
       Each instance generates a systemd oneshot service that idempotently configures
-      download clients and root folders.
+      download clients, root folders, and synced applications.
     '';
   };
 
-  config = lib.mkIf (enabledInstances != { }) {
+  options.services.bazarrInit = lib.mkOption {
-    systemd.services = lib.mapAttrs' (
+    type = bazarrInitModule;
-      name: inst:
+    default = {
-      lib.nameValuePair "${inst.serviceName}-init" {
+      enable = false;
-        description = "Initialize ${name} API connections";
+    };
-        after = [ "${inst.serviceName}.service" ];
+    description = ''
-        requires = [ "${inst.serviceName}.service" ];
+      Bazarr API initialization for connecting Sonarr and Radarr providers.
+      Bazarr uses a different API than Servarr applications, so it has its own module.
+    '';
+  };
+
+  config = lib.mkMerge [
+    (lib.mkIf (enabledInstances != { }) {
+      systemd.services = lib.mapAttrs' (
+        name: inst:
+        lib.nameValuePair "${inst.serviceName}-init" {
+          description = "Initialize ${name} API connections";
+          after = [ "${inst.serviceName}.service" ] ++ (getSyncedAppDeps inst)
+            ++ (lib.optional (inst.networkNamespacePath != null) "wg.service");
+          requires = [ "${inst.serviceName}.service" ];
+          wantedBy = [ "multi-user.target" ];
+          serviceConfig = {
+            Type = "oneshot";
+            RemainAfterExit = true;
+            ExecStart = "${mkInitScript name inst}";
+          } // lib.optionalAttrs (inst.networkNamespacePath != null) {
+            NetworkNamespacePath = inst.networkNamespacePath;
+          };
+        }
+      ) enabledInstances;
+    })
+
+    (lib.mkIf bazarrCfg.enable {
+      systemd.services.bazarr-init = {
+        description = "Initialize Bazarr API connections";
+        after = bazarrDeps;
+        requires = bazarrDeps;
         wantedBy = [ "multi-user.target" ];
         serviceConfig = {
           Type = "oneshot";
           RemainAfterExit = true;
-          ExecStart = "${mkInitScript name inst}";
+          ExecStart = "${mkBazarrInitScript}";
         };
-      }
+      };
-    ) enabledInstances;
+    })
-  };
+  ];
 }

services/arr/init.nix

@@ -1,6 +1,57 @@
 { config, service_configs, ... }:
 {
   services.arrInit = {
+    prowlarr = {
+      enable = true;
+      serviceName = "prowlarr";
+      port = service_configs.ports.prowlarr;
+      dataDir = service_configs.prowlarr.dataDir;
+      apiVersion = "v1";
+      networkNamespacePath = "/run/netns/wg";
+      syncedApps = [
+        {
+          name = "Sonarr";
+          implementation = "Sonarr";
+          configContract = "SonarrSettings";
+          prowlarrUrl = "http://localhost:${builtins.toString service_configs.ports.prowlarr}";
+          baseUrl = "http://${config.vpnNamespaces.wg.bridgeAddress}:${builtins.toString service_configs.ports.sonarr}";
+          apiKeyFrom = "${service_configs.sonarr.dataDir}/config.xml";
+          syncCategories = [
+            5000
+            5010
+            5020
+            5030
+            5040
+            5045
+            5050
+            5090
+          ];
+          serviceName = "sonarr";
+        }
+        {
+          name = "Radarr";
+          implementation = "Radarr";
+          configContract = "RadarrSettings";
+          prowlarrUrl = "http://localhost:${builtins.toString service_configs.ports.prowlarr}";
+          baseUrl = "http://${config.vpnNamespaces.wg.bridgeAddress}:${builtins.toString service_configs.ports.radarr}";
+          apiKeyFrom = "${service_configs.radarr.dataDir}/config.xml";
+          syncCategories = [
+            2000
+            2010
+            2020
+            2030
+            2040
+            2045
+            2050
+            2060
+            2070
+            2080
+          ];
+          serviceName = "radarr";
+        }
+      ];
+    };
+
     sonarr = {
       enable = true;
       serviceName = "sonarr";
@@ -43,4 +94,22 @@
       ];
     };
   };
+
+  services.bazarrInit = {
+    enable = true;
+    dataDir = service_configs.bazarr.dataDir;
+    port = service_configs.ports.bazarr;
+    sonarr = {
+      enable = true;
+      dataDir = service_configs.sonarr.dataDir;
+      port = service_configs.ports.sonarr;
+      serviceName = "sonarr";
+    };
+    radarr = {
+      enable = true;
+      dataDir = service_configs.radarr.dataDir;
+      port = service_configs.ports.radarr;
+      serviceName = "radarr";
+    };
+  };
 }

services/arr/prowlarr.nix

@@ -19,6 +19,10 @@
     settings.server.port = service_configs.ports.prowlarr;
   };
 
+  systemd.services.prowlarr.serviceConfig = {
+    ExecStartPre = "+${pkgs.coreutils}/bin/chown -R prowlarr /var/lib/prowlarr";
+  };
+
   services.caddy.virtualHosts."prowlarr.${service_configs.https.domain}".extraConfig = ''
     import ${config.age.secrets.caddy_auth.path}
     reverse_proxy ${config.vpnNamespaces.wg.namespaceAddress}:${builtins.toString service_configs.ports.prowlarr}

tests/arr-init.nix

@@ -19,7 +19,7 @@ testPkgs.testers.runNixOSTest {
 
       system.stateVersion = config.system.stateVersion;
 
-      virtualisation.memorySize = 2048;
+      virtualisation.memorySize = 4096;
 
       environment.systemPackages = with pkgs; [
         curl
@@ -120,6 +120,10 @@ testPkgs.testers.runNixOSTest {
         settings.server.port = lib.mkDefault 7878;
       };
 
+      services.prowlarr = {
+        enable = true;
+      };
+
       services.arrInit.sonarr = {
         enable = true;
         serviceName = "sonarr";
@@ -163,6 +167,36 @@ testPkgs.testers.runNixOSTest {
         ];
         rootFolders = [ "/media/movies" ];
       };
+
+      services.arrInit.prowlarr = {
+        enable = true;
+        serviceName = "prowlarr";
+        dataDir = "/var/lib/prowlarr";
+        port = 9696;
+        apiVersion = "v1";
+        syncedApps = [
+          {
+            name = "Sonarr";
+            implementation = "Sonarr";
+            configContract = "SonarrSettings";
+            prowlarrUrl = "http://localhost:9696";
+            baseUrl = "http://localhost:8989";
+            apiKeyFrom = "/var/lib/sonarr/.config/NzbDrone/config.xml";
+            syncCategories = [ 5000 5010 5020 5030 5040 5045 5050 5090 ];
+            serviceName = "sonarr";
+          }
+          {
+            name = "Radarr";
+            implementation = "Radarr";
+            configContract = "RadarrSettings";
+            prowlarrUrl = "http://localhost:9696";
+            baseUrl = "http://localhost:7878";
+            apiKeyFrom = "/var/lib/radarr/.config/Radarr/config.xml";
+            syncCategories = [ 2000 2010 2020 2030 2040 2045 2050 2060 2070 2080 ];
+            serviceName = "radarr";
+          }
+        ];
+      };
     };
 
   testScript = ''
@@ -173,6 +207,7 @@ testPkgs.testers.runNixOSTest {
     machine.wait_until_succeeds("curl -sf http://localhost:6011/api/v2/app/version", timeout=30)
     machine.wait_for_unit("sonarr.service")
     machine.wait_for_unit("radarr.service")
+    machine.wait_for_unit("prowlarr.service")
 
     # Wait for Sonarr API to be ready (config.xml is auto-generated on first start)
     machine.wait_until_succeeds(
@@ -188,6 +223,13 @@ testPkgs.testers.runNixOSTest {
         timeout=120,
     )
 
+    # Wait for Prowlarr API to be ready
+    machine.wait_until_succeeds(
+        "API_KEY=$(grep -oP '(?<=<ApiKey>)[^<]+' /var/lib/prowlarr/config.xml) && "
+        "curl -sf http://localhost:9696/api/v1/system/status -H \"X-Api-Key: $API_KEY\"",
+        timeout=180,
+    )
+
     # Ensure init services run after config.xml exists
     machine.succeed("systemctl restart sonarr-init.service")
     machine.succeed("systemctl restart radarr-init.service")
@@ -226,9 +268,28 @@ testPkgs.testers.runNixOSTest {
         "jq -e '.[] | select(.path == \"/media/movies\")'"
     )
 
+    # Restart prowlarr-init now that all config.xml files exist
+    machine.succeed("systemctl restart prowlarr-init.service")
+    machine.wait_for_unit("prowlarr-init.service")
+
+    # Verify Sonarr registered as synced app in Prowlarr
+    machine.succeed(
+        "API_KEY=$(grep -oP '(?<=<ApiKey>)[^<]+' /var/lib/prowlarr/config.xml) && "
+        "curl -sf http://localhost:9696/api/v1/applications -H \"X-Api-Key: $API_KEY\" | "
+        "jq -e '.[] | select(.name == \"Sonarr\")'"
+    )
+
+    # Verify Radarr registered as synced app in Prowlarr
+    machine.succeed(
+        "API_KEY=$(grep -oP '(?<=<ApiKey>)[^<]+' /var/lib/prowlarr/config.xml) && "
+        "curl -sf http://localhost:9696/api/v1/applications -H \"X-Api-Key: $API_KEY\" | "
+        "jq -e '.[] | select(.name == \"Radarr\")'"
+    )
+
     # Idempotency test: restart init services and verify no duplicate entries
     machine.succeed("systemctl restart sonarr-init.service")
     machine.succeed("systemctl restart radarr-init.service")
+    machine.succeed("systemctl restart prowlarr-init.service")
 
     # Verify Sonarr still has exactly 1 download client
     result = machine.succeed(
@@ -261,5 +322,13 @@ testPkgs.testers.runNixOSTest {
         "jq '. | length'"
     ).strip()
     assert result == "1", f"Expected 1 Radarr root folder, got {result}"
+
+    # Verify Prowlarr still has exactly 2 synced apps
+    result = machine.succeed(
+        "API_KEY=$(grep -oP '(?<=<ApiKey>)[^<]+' /var/lib/prowlarr/config.xml) && "
+        "curl -sf http://localhost:9696/api/v1/applications -H \"X-Api-Key: $API_KEY\" | "
+        "jq '. | length'"
+    ).strip()
+    assert result == "2", f"Expected 2 Prowlarr synced apps, got {result}"
   '';
 }