From f825d047b5f17cdff8cd096660abf48ed79e7f72 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:21:24 +0000 Subject: [PATCH] nixos: services: servarr: migrate prowlarr The configuration doesn't have `group`, so it's a slightly different configuration to the rest of the *arr services. I also want to move the other two indexer modules under `servarr`, as they are all closely related. --- hosts/nixos/porthos/services.nix | 4 -- modules/nixos/services/indexers/default.nix | 30 ------------ modules/nixos/services/servarr/default.nix | 1 + modules/nixos/services/servarr/prowlarr.nix | 53 +++++++++++++++++++++ 4 files changed, 54 insertions(+), 34 deletions(-) create mode 100644 modules/nixos/services/servarr/prowlarr.nix diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 021a6ae..9017894 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -51,10 +51,6 @@ in passwordFile = secrets."forgejo/mail-password".path; }; }; - # Meta-indexers - indexers = { - prowlarr.enable = true; - }; # Jellyfin media server jellyfin.enable = true; # Gitea mirrorig service diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix index 8a42345..00bf316 100644 --- a/modules/nixos/services/indexers/default.nix +++ b/modules/nixos/services/indexers/default.nix @@ -5,13 +5,11 @@ let jackettPort = 9117; nzbhydraPort = 5076; - prowlarrPort = 9696; in { options.my.services.indexers = with lib; { jackett.enable = mkEnableOption "Jackett torrent meta-indexer"; nzbhydra.enable = mkEnableOption "NZBHydra2 usenet meta-indexer"; - prowlarr.enable = mkEnableOption "Prowlarr torrent & usenet meta-indexer"; }; config = lib.mkMerge [ @@ -46,33 +44,5 @@ in }; }; }) - - (lib.mkIf cfg.prowlarr.enable { - services.prowlarr = { - enable = true; - }; - - my.services.nginx.virtualHosts = { - prowlarr = { - port = prowlarrPort; - }; - }; - - services.fail2ban.jails = { - prowlarr = '' - enabled = true - filter = prowlarr - action = iptables-allports - ''; - }; - - environment.etc = { - "fail2ban/filter.d/prowlarr.conf".text = '' - [Definition] - failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ - journalmatch = _SYSTEMD_UNIT=prowlarr.service - ''; - }; - }) ]; } diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 398461b..1bca773 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -6,6 +6,7 @@ { imports = [ ./bazarr.nix + ./prowlarr.nix (import ./starr.nix "lidarr") (import ./starr.nix "radarr") (import ./starr.nix "readarr") diff --git a/modules/nixos/services/servarr/prowlarr.nix b/modules/nixos/services/servarr/prowlarr.nix new file mode 100644 index 0000000..ce044c6 --- /dev/null +++ b/modules/nixos/services/servarr/prowlarr.nix @@ -0,0 +1,53 @@ +# Torrent and NZB indexer +{ config, lib, ... }: +let + cfg = config.my.services.servarr.prowlarr; +in +{ + options.my.services.servarr.prowlarr = with lib; { + enable = lib.mkEnableOption "Prowlarr" // { + default = config.my.services.servarr.enableAll; + }; + + port = mkOption { + type = types.port; + default = 9696; + example = 8080; + description = "Internal port for webui"; + }; + }; + + config = lib.mkIf cfg.enable { + services.prowlarr = { + enable = true; + + settings = { + server = { + port = cfg.port; + }; + }; + }; + + my.services.nginx.virtualHosts = { + prowlarr = { + inherit (cfg) port; + }; + }; + + services.fail2ban.jails = { + prowlarr = '' + enabled = true + filter = prowlarr + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/prowlarr.conf".text = '' + [Definition] + failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ + journalmatch = _SYSTEMD_UNIT=prowlarr.service + ''; + }; + }; +}