diff --git a/flake.nix b/flake.nix index afdced8..59b9219 100644 --- a/flake.nix +++ b/flake.nix @@ -9,6 +9,7 @@ outputs = inputs@{ self, nixpkgs, sops-nix, ... }: { nixosModules.default = { config, ... }: { imports = [ + modules/arr.nix modules/authelia.nix modules/backup.nix modules/deluge.nix diff --git a/modules/arr.nix b/modules/arr.nix new file mode 100644 index 0000000..94da023 --- /dev/null +++ b/modules/arr.nix @@ -0,0 +1,126 @@ +{ config, pkgs, lib, ... }: + +let + cfg = config.shb.arr; + + apps = { + radarr = { + defaultPort = 8989; + }; + sonarr = { + defaultPort = 7878; + }; + bazarr = { + defaultPort = 6767; + }; + readarr = { + defaultPort = 8787; + }; + lidarr = { + defaultPort = 8686; + }; + }; + + appOption = name: c: lib.nameValuePair name (lib.mkOption { + description = "Configuration for ${name}"; + type = lib.types.submodule { + options = { + enable = lib.mkEnableOption "selfhostblocks.${name}"; + + subdomain = lib.mkOption { + type = lib.types.str; + description = "Subdomain under which ${name} will be served."; + example = name; + }; + + domain = lib.mkOption { + type = lib.types.str; + description = "Domain under which ${name} will be served."; + example = "mydomain.com"; + }; + + port = lib.mkOption { + type = lib.types.port; + description = "Port on which ${name} listens to incoming requests."; + default = c.defaultPort; + }; + + dataDir = lib.mkOption { + type = lib.types.str; + description = "Directory where state of ${name} is stored."; + default = "/var/lib/${name}"; + }; + + oidcEndpoint = lib.mkOption { + type = lib.types.str; + description = "OIDC endpoint for SSO"; + example = "https://authelia.example.com"; + }; + }; + }; + }); +in +{ + options.shb.arr = lib.listToAttrs (lib.mapAttrsToList appOption apps); + + config = { + # Listens on port 8989 + services.sonarr = lib.mkIf cfg.sonarr.enable { + enable = true; + dataDir = "/var/lib/sonarr"; + }; + + # Listens on port 7878 + services.radarr = lib.mkIf cfg.radarr.enable { + enable = true; + dataDir = "/var/lib/radarr"; + }; + + services.bazarr = lib.mkIf cfg.bazarr.enable { + enable = true; + listenPort = cfg.bazarr.port; + }; + + # Listens on port 8787 + services.readarr = lib.mkIf cfg.readarr.enable { + enable = true; + dataDir = "/var/lib/readarr"; + }; + + # Listens on port 8686 + services.lidarr = lib.mkIf cfg.lidarr.enable { + enable = true; + dataDir = "/var/lib/lidarr"; + }; + + shb.nginx.autheliaProtect = + let + appProtectConfig = name: _defaults: + let + c = cfg.${name}; + in + { + inherit (c) subdomain domain oidcEndpoint; + upstream = "http://127.0.0.1:${toString c.port}"; + autheliaRule = { + domain = "${c.subdomain}.${c.domain}"; + policy = "two_factor"; + subject = ["group:arr_user"]; + }; + }; + in + lib.mapAttrsToList appProtectConfig apps; + + shb.backup.instances = + let + backupConfig = name: _defaults: { + ${name} = { + sourceDirectories = [ + config.shb.arr.${name}.dataDir + ]; + }; + }; + in + lib.mkMerge (lib.mapAttrsToList backupConfig apps); + }; +}