feat: last bits of server setup

2026-01-22 16:16:50 +01:00 · 2025-04-23 00:02:00 +02:00 · 2025-04-23 00:02:00 +02:00 · db85aeb044
commit db85aeb044
parent 9ef90f8dba
12 changed files with 157 additions and 24 deletions
--- a/hosts/homelab/arr.nix
+++ b/hosts/homelab/arr.nix
@ -0,0 +1,64 @@
+{
+  config,
+  username,
+  ...
+}: let
+  user = "media";
+  group = "media";
+
+  mkVirtualHost = port: {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://localhost:${toString port}";
+    };
+    basicAuthFile = "${config.age.secrets.arr-basic-auth.path}";
+  };
+in {
+  # for linux ISOs
+  age.secrets = {
+    arr-basic-auth = {
+      rekeyFile = ../../secrets/hosts/homelab/basic-auth.age;
+      owner = config.services.nginx.user;
+      inherit (config.services.nginx) group;
+    };
+  };
+
+  users.groups."${group}" = {
+    members = [username];
+  };
+  users.users."${user}" = {
+    inherit group;
+    isSystemUser = true;
+  };
+
+  services = {
+    nginx.virtualHosts = {
+      "radarr.nickolaj.com" = mkVirtualHost 7878;
+      "sonarr.nickolaj.com" = mkVirtualHost 8989;
+      "prowlarr.nickolaj.com" = mkVirtualHost 9696;
+      "sabnzbd.nickolaj.com" = mkVirtualHost 8080;
+    };
+
+    restic.backups.homelab.paths = [
+      "/var/lib/radarr"
+      "/var/lib/sonarr"
+      "/var/lib/prowlarr"
+      "/var/lib/sabnzbd"
+    ];
+
+    sabnzbd = {
+      inherit user group;
+      enable = true;
+    };
+    radarr = {
+      inherit user group;
+      enable = true;
+    };
+    sonarr = {
+      inherit user group;
+      enable = true;
+    };
+    prowlarr.enable = true;
+  };
+}