From 215eb4c91ac722b8da4bb38c6791695021c3b516 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Thu, 13 Feb 2025 22:59:51 +0100
Subject: [PATCH] nixos: services: servarr: add autobrr

---
 hosts/nixos/porthos/services.nix           |  3 ++
 modules/nixos/services/servarr/autobrr.nix | 62 ++++++++++++++++++++++
 modules/nixos/services/servarr/default.nix |  1 +
 3 files changed, 66 insertions(+)
 create mode 100644 modules/nixos/services/servarr/autobrr.nix

diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix
index 7efddfa..cb77fbe 100644
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@@ -141,6 +141,9 @@ in
     # The whole *arr software suite
     servarr = {
       enableAll = true;
+      autobrr = {
+        enable = false;
+      };
       # ... But not Lidarr because I don't care for music that much
       lidarr = {
         enable = false;
diff --git a/modules/nixos/services/servarr/autobrr.nix b/modules/nixos/services/servarr/autobrr.nix
new file mode 100644
index 0000000..afb07f4
--- /dev/null
+++ b/modules/nixos/services/servarr/autobrr.nix
@@ -0,0 +1,62 @@
+# IRC-based
+{ config, lib, ... }:
+let
+  cfg = config.my.services.servarr.autobrr;
+in
+{
+  options.my.services.servarr.autobrr = with lib; {
+    enable = mkEnableOption "autobrr IRC announce tracker" // {
+      default = config.my.services.servarr.enableAll;
+    };
+
+    port = mkOption {
+      type = types.port;
+      default = 7474;
+      example = 8080;
+      description = "Internal port for webui";
+    };
+
+    sessionSecretFile = mkOption {
+      type = types.str;
+      example = "/run/secrets/autobrr-secret.txt";
+      description = ''
+        File containing the session secret.
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.autobrr = {
+      enable = true;
+
+      settings = {
+        inherit (cfg) port;
+        checkForUpdates = false;
+      };
+
+      secretFile = cfg.sessionSecretFile;
+    };
+
+    my.services.nginx.virtualHosts = {
+      autobrr = {
+        inherit (cfg) port;
+      };
+    };
+
+    services.fail2ban.jails = {
+      autobrr = ''
+        enabled = true
+        filter = autobrr
+        action = iptables-allports
+      '';
+    };
+
+    environment.etc = {
+      "fail2ban/filter.d/autobrr.conf".text = ''
+        [Definition]
+        failregex = ^.*Auth: invalid login \[.*\] from: <HOST>$
+        journalmatch = _SYSTEMD_UNIT=autobrr.service
+      '';
+    };
+  };
+}
diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix
index 23838fd..409fcdc 100644
--- a/modules/nixos/services/servarr/default.nix
+++ b/modules/nixos/services/servarr/default.nix
@@ -5,6 +5,7 @@
 { lib, ... }:
 {
   imports = [
+    ./autobrr.nix
     ./bazarr.nix
     ./jackett.nix
     ./nzbhydra.nix