add arr suite

2023-09-24 13:31:21 -07:00 · 2023-09-24 13:31:21 -07:00 · dc712c08fe
commit dc712c08fe
parent 71610a5415
2 changed files with 127 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@ -9,6 +9,7 @@
  outputs = inputs@{ self, nixpkgs, sops-nix, ... }: {
    nixosModules.default = { config, ... }: {
      imports = [
+        modules/arr.nix
        modules/authelia.nix
        modules/backup.nix
        modules/deluge.nix
--- a/modules/arr.nix
+++ b/modules/arr.nix
@ -0,0 +1,126 @@
+{ config, pkgs, lib, ... }:
+
+let
+  cfg = config.shb.arr;
+
+  apps = {
+    radarr = {
+      defaultPort = 8989;
+    };
+    sonarr = {
+      defaultPort = 7878;
+    };
+    bazarr = {
+      defaultPort = 6767;
+    };
+    readarr = {
+      defaultPort = 8787;
+    };
+    lidarr = {
+      defaultPort = 8686;
+    };
+  };
+
+  appOption = name: c: lib.nameValuePair name (lib.mkOption {
+    description = "Configuration for ${name}";
+    type = lib.types.submodule {
+      options = {
+        enable = lib.mkEnableOption "selfhostblocks.${name}";
+
+        subdomain = lib.mkOption {
+          type = lib.types.str;
+          description = "Subdomain under which ${name} will be served.";
+          example = name;
+        };
+
+        domain = lib.mkOption {
+          type = lib.types.str;
+          description = "Domain under which ${name} will be served.";
+          example = "mydomain.com";
+        };
+
+        port = lib.mkOption {
+          type = lib.types.port;
+          description = "Port on which ${name} listens to incoming requests.";
+          default = c.defaultPort;
+        };
+
+        dataDir = lib.mkOption {
+          type = lib.types.str;
+          description = "Directory where state of ${name} is stored.";
+          default = "/var/lib/${name}";
+        };
+
+        oidcEndpoint = lib.mkOption {
+          type = lib.types.str;
+          description = "OIDC endpoint for SSO";
+          example = "https://authelia.example.com";
+        };
+      };
+    };
+  });
+in
+{
+  options.shb.arr = lib.listToAttrs (lib.mapAttrsToList appOption apps);
+
+  config = {
+    # Listens on port 8989
+    services.sonarr = lib.mkIf cfg.sonarr.enable {
+      enable = true;
+      dataDir = "/var/lib/sonarr";
+    };
+
+    # Listens on port 7878
+    services.radarr = lib.mkIf cfg.radarr.enable {
+      enable = true;
+      dataDir = "/var/lib/radarr";
+    };
+
+    services.bazarr = lib.mkIf cfg.bazarr.enable {
+      enable = true;
+      listenPort = cfg.bazarr.port;
+    };
+
+    # Listens on port 8787
+    services.readarr = lib.mkIf cfg.readarr.enable {
+      enable = true;
+      dataDir = "/var/lib/readarr";
+    };
+
+    # Listens on port 8686
+    services.lidarr = lib.mkIf cfg.lidarr.enable {
+      enable = true;
+      dataDir = "/var/lib/lidarr";
+    };
+
+    shb.nginx.autheliaProtect =
+      let
+        appProtectConfig = name: _defaults:
+          let
+            c = cfg.${name};
+          in
+            {
+              inherit (c) subdomain domain oidcEndpoint;
+              upstream = "http://127.0.0.1:${toString c.port}";
+              autheliaRule = {
+                domain = "${c.subdomain}.${c.domain}";
+                policy = "two_factor";
+                subject = ["group:arr_user"];
+              };
+            };
+      in
+        lib.mapAttrsToList appProtectConfig apps;
+
+    shb.backup.instances =
+      let
+        backupConfig = name: _defaults: {
+          ${name} = {
+            sourceDirectories = [
+              config.shb.arr.${name}.dataDir
+            ];
+          };
+        };
+      in
+        lib.mkMerge (lib.mapAttrsToList backupConfig apps);
+  };
+}