flake: bump inputs

nixos: services: servarr: nzbhydra: fix websockets
From what I could read, NZBHydra2 *might* require proxying websockets in new versions (better safe than sorry).
2025-03-31 22:49:11 +02:00 · 2025-03-31 21:43:05 +02:00 · 2025-03-31 21:43:05 +02:00 · 2025-03-31 21:43:05 +02:00 · 2025-03-31 21:43:05 +02:00 · 2025-03-31 21:43:05 +02:00
10 changed files with 248 additions and 182 deletions
--- a/flake.lock
+++ b/flake.lock
@ -136,11 +136,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1742771635,
-        "narHash": "sha256-HQHzQPrg+g22tb3/K/4tgJjPzM+/5jbaujCZd8s2Mls=",
+        "lastModified": 1743438213,
+        "narHash": "sha256-ZZDN+0v1r4I1xkQWlt8euOJv5S4EvElUCZMrDjTCEsY=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "ad0614a1ec9cce3b13169e20ceb7e55dfaf2a818",
+        "rev": "ccd7df836e1f42ea84806760f25b77b586370259",
        "type": "github"
      },
      "original": {
@ -152,11 +152,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1742669843,
-        "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=",
+        "lastModified": 1743315132,
+        "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "1e5b653dff12029333a6546c11e108ede13052eb",
+        "rev": "52faf482a3889b7619003c0daec593a1912fddc1",
        "type": "github"
      },
      "original": {
--- a/hosts/nixos/porthos/services.nix
+++ b/hosts/nixos/porthos/services.nix
@ -51,10 +51,6 @@ in
        passwordFile = secrets."forgejo/mail-password".path;
      };
    };
-    # Meta-indexers
-    indexers = {
-      prowlarr.enable = true;
-    };
    # Jellyfin media server
    jellyfin.enable = true;
    # Gitea mirrorig service
@ -144,11 +140,18 @@ in
    sabnzbd.enable = true;
    # The whole *arr software suite
    servarr = {
-      enable = true;
+      enableAll = true;
      # ... But not Lidarr because I don't care for music that much
      lidarr = {
        enable = false;
      };
+      # I only use Prowlarr nowadays
+      jackett = {
+        enable = false;
+      };
+      nzbhydra = {
+        enable = false;
+      };
    };
    # Because I still need to play sysadmin
    ssh-server.enable = true;
--- a/modules/nixos/services/default.nix
+++ b/modules/nixos/services/default.nix
@ -15,7 +15,6 @@
    ./gitea
    ./grocy
    ./homebox
-    ./indexers
    ./jellyfin
    ./komga
    ./lohr
--- a/modules/nixos/services/indexers/default.nix
+++ b/modules/nixos/services/indexers/default.nix
@ -1,78 +0,0 @@
-# Torrent and usenet meta-indexers
-{ config, lib, ... }:
-let
-  cfg = config.my.services.indexers;
-
-  jackettPort = 9117;
-  nzbhydraPort = 5076;
-  prowlarrPort = 9696;
-in
-{
-  options.my.services.indexers = with lib; {
-    jackett.enable = mkEnableOption "Jackett torrent meta-indexer";
-    nzbhydra.enable = mkEnableOption "NZBHydra2 usenet meta-indexer";
-    prowlarr.enable = mkEnableOption "Prowlarr torrent & usenet meta-indexer";
-  };
-
-  config = lib.mkMerge [
-    (lib.mkIf cfg.jackett.enable {
-      services.jackett = {
-        enable = true;
-      };
-
-      # Jackett wants to eat *all* my RAM if left to its own devices
-      systemd.services.jackett = {
-        serviceConfig = {
-          MemoryHigh = "15%";
-          MemoryMax = "25%";
-        };
-      };
-
-      my.services.nginx.virtualHosts = {
-        jackett = {
-          port = jackettPort;
-        };
-      };
-    })
-
-    (lib.mkIf cfg.nzbhydra.enable {
-      services.nzbhydra2 = {
-        enable = true;
-      };
-
-      my.services.nginx.virtualHosts = {
-        nzbhydra = {
-          port = nzbhydraPort;
-        };
-      };
-    })
-
-    (lib.mkIf cfg.prowlarr.enable {
-      services.prowlarr = {
-        enable = true;
-      };
-
-      my.services.nginx.virtualHosts = {
-        prowlarr = {
-          port = prowlarrPort;
-        };
-      };
-
-      services.fail2ban.jails = {
-        prowlarr = ''
-          enabled = true
-          filter = prowlarr
-          action = iptables-allports
-        '';
-      };
-
-      environment.etc = {
-        "fail2ban/filter.d/prowlarr.conf".text = ''
-          [Definition]
-          failregex = ^.*\|Warn\|Auth\|Auth-Failure ip <HOST> username .*$
-          journalmatch = _SYSTEMD_UNIT=prowlarr.service
-        '';
-      };
-    })
-  ];
-}
--- a/modules/nixos/services/servarr/bazarr.nix
+++ b/modules/nixos/services/servarr/bazarr.nix
@ -0,0 +1,37 @@
+{ config, lib, ... }:
+let
+  cfg = config.my.services.servarr.bazarr;
+in
+{
+  options.my.services.servarr.bazarr = with lib; {
+    enable = lib.mkEnableOption "Bazarr" // {
+      default = config.my.services.servarr.enableAll;
+    };
+
+    port = mkOption {
+      type = types.port;
+      default = 6767;
+      example = 8080;
+      description = "Internal port for webui";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.bazarr = {
+      enable = true;
+      group = "media";
+      listenPort = cfg.port;
+    };
+
+    # Set-up media group
+    users.groups.media = { };
+
+    my.services.nginx.virtualHosts = {
+      bazarr = {
+        inherit (cfg) port;
+      };
+    };
+
+    # Bazarr does not log authentication failures...
+  };
+}
--- a/modules/nixos/services/servarr/default.nix
+++ b/modules/nixos/services/servarr/default.nix
@ -2,99 +2,20 @@
 # Relevant link [1].
 #
 # [1]: https://youtu.be/I26Ql-uX6AM
-{ config, lib, ... }:
-let
-  cfg = config.my.services.servarr;
-
-  ports = {
-    bazarr = 6767;
-    lidarr = 8686;
-    radarr = 7878;
-    readarr = 8787;
-    sonarr = 8989;
-  };
-
-  mkService = service: {
-    services.${service} = {
-      enable = true;
-      group = "media";
-    };
-  };
-
-  mkRedirection = service: {
-    my.services.nginx.virtualHosts = {
-      ${service} = {
-        port = ports.${service};
-      };
-    };
-  };
-
-  mkFail2Ban = service: lib.mkIf cfg.${service}.enable {
-    services.fail2ban.jails = {
-      ${service} = ''
-        enabled = true
-        filter = ${service}
-        action = iptables-allports
-      '';
-    };
-
-    environment.etc = {
-      "fail2ban/filter.d/${service}.conf".text = ''
-        [Definition]
-        failregex = ^.*\|Warn\|Auth\|Auth-Failure ip <HOST> username .*$
-        journalmatch = _SYSTEMD_UNIT=${service}.service
-      '';
-    };
-  };
-
-  mkFullConfig = service: lib.mkIf cfg.${service}.enable (lib.mkMerge [
-    (mkService service)
-    (mkRedirection service)
-  ]);
-in
+{ lib, ... }:
 {
+  imports = [
+    ./bazarr.nix
+    ./jackett.nix
+    ./nzbhydra.nix
+    ./prowlarr.nix
+    (import ./starr.nix "lidarr")
+    (import ./starr.nix "radarr")
+    (import ./starr.nix "readarr")
+    (import ./starr.nix "sonarr")
+  ];
+
  options.my.services.servarr = {
-    enable = lib.mkEnableOption "Media automation";
-
-    bazarr = {
-      enable = lib.my.mkDisableOption "Bazarr";
-    };
-
-    lidarr = {
-      enable = lib.my.mkDisableOption "Lidarr";
-    };
-
-    radarr = {
-      enable = lib.my.mkDisableOption "Radarr";
-    };
-
-    readarr = {
-      enable = lib.my.mkDisableOption "Readarr";
-    };
-
-    sonarr = {
-      enable = lib.my.mkDisableOption "Sonarr";
-    };
+    enableAll = lib.mkEnableOption "media automation suite";
  };
-
-  config = lib.mkIf cfg.enable (lib.mkMerge [
-    {
-      # Set-up media group
-      users.groups.media = { };
-    }
-    # Bazarr does not log authentication failures...
-    (mkFullConfig "bazarr")
-    # Lidarr for music
-    (mkFullConfig "lidarr")
-    (mkFail2Ban "lidarr")
-    # Radarr for movies
-    (mkFullConfig "radarr")
-    (mkFail2Ban "radarr")
-    # Readarr for books
-    (mkFullConfig "readarr")
-    (mkFail2Ban "readarr")
-    # Sonarr for shows
-    (mkFullConfig "sonarr")
-    (mkFail2Ban "sonarr")
-  ]);
 }
--- a/modules/nixos/services/servarr/jackett.nix
+++ b/modules/nixos/services/servarr/jackett.nix
@ -0,0 +1,41 @@
+{ config, lib, ... }:
+let
+  cfg = config.my.services.servarr.jackett;
+in
+{
+  options.my.services.servarr.jackett = with lib; {
+    enable = lib.mkEnableOption "Jackett" // {
+      default = config.my.services.servarr.enableAll;
+    };
+
+    port = mkOption {
+      type = types.port;
+      default = 9117;
+      example = 8080;
+      description = "Internal port for webui";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.jackett = {
+      enable = true;
+      inherit (cfg) port;
+    };
+
+    # Jackett wants to eat *all* my RAM if left to its own devices
+    systemd.services.jackett = {
+      serviceConfig = {
+        MemoryHigh = "15%";
+        MemoryMax = "25%";
+      };
+    };
+
+    my.services.nginx.virtualHosts = {
+      jackett = {
+        inherit (cfg) port;
+      };
+    };
+
+    # Jackett does not log authentication failures...
+  };
+}
--- a/modules/nixos/services/servarr/nzbhydra.nix
+++ b/modules/nixos/services/servarr/nzbhydra.nix
@ -0,0 +1,26 @@
+{ config, lib, ... }:
+let
+  cfg = config.my.services.servarr.nzbhydra;
+in
+{
+  options.my.services.servarr.nzbhydra = with lib; {
+    enable = lib.mkEnableOption "NZBHydra2" // {
+      default = config.my.services.servarr.enableAll;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.nzbhydra2 = {
+      enable = true;
+    };
+
+    my.services.nginx.virtualHosts = {
+      nzbhydra = {
+        port = 5076;
+        websocketsLocations = [ "/" ];
+      };
+    };
+
+    # NZBHydra2 does not log authentication failures...
+  };
+}
--- a/modules/nixos/services/servarr/prowlarr.nix
+++ b/modules/nixos/services/servarr/prowlarr.nix
@ -0,0 +1,53 @@
+# Torrent and NZB indexer
+{ config, lib, ... }:
+let
+  cfg = config.my.services.servarr.prowlarr;
+in
+{
+  options.my.services.servarr.prowlarr = with lib; {
+    enable = lib.mkEnableOption "Prowlarr" // {
+      default = config.my.services.servarr.enableAll;
+    };
+
+    port = mkOption {
+      type = types.port;
+      default = 9696;
+      example = 8080;
+      description = "Internal port for webui";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.prowlarr = {
+      enable = true;
+
+      settings = {
+        server = {
+          port = cfg.port;
+        };
+      };
+    };
+
+    my.services.nginx.virtualHosts = {
+      prowlarr = {
+        inherit (cfg) port;
+      };
+    };
+
+    services.fail2ban.jails = {
+      prowlarr = ''
+        enabled = true
+        filter = prowlarr
+        action = iptables-allports
+      '';
+    };
+
+    environment.etc = {
+      "fail2ban/filter.d/prowlarr.conf".text = ''
+        [Definition]
+        failregex = ^.*\|Warn\|Auth\|Auth-Failure ip <HOST> username .*$
+        journalmatch = _SYSTEMD_UNIT=prowlarr.service
+      '';
+    };
+  };
+}
--- a/modules/nixos/services/servarr/starr.nix
+++ b/modules/nixos/services/servarr/starr.nix
@ -0,0 +1,64 @@
+# Templated *arr configuration
+starr:
+{ config, lib, ... }:
+let
+  cfg = config.my.services.servarr.${starr};
+  ports = {
+    lidarr = 8686;
+    radarr = 7878;
+    readarr = 8787;
+    sonarr = 8989;
+  };
+in
+{
+  options.my.services.servarr.${starr} = with lib; {
+    enable = lib.mkEnableOption (lib.toSentenceCase starr) // {
+      default = config.my.services.servarr.enableAll;
+    };
+
+    port = mkOption {
+      type = types.port;
+      default = ports.${starr};
+      example = 8080;
+      description = "Internal port for webui";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.${starr} = {
+      enable = true;
+      group = "media";
+
+      settings = {
+        server = {
+          port = cfg.port;
+        };
+      };
+    };
+
+    # Set-up media group
+    users.groups.media = { };
+
+    my.services.nginx.virtualHosts = {
+      ${starr} = {
+        port = cfg.port;
+      };
+    };
+
+    services.fail2ban.jails = {
+      ${starr} = ''
+        enabled = true
+        filter = ${starr}
+        action = iptables-allports
+      '';
+    };
+
+    environment.etc = {
+      "fail2ban/filter.d/${starr}.conf".text = ''
+        [Definition]
+        failregex = ^.*\|Warn\|Auth\|Auth-Failure ip <HOST> username .*$
+        journalmatch = _SYSTEMD_UNIT=${starr}.service
+      '';
+    };
+  };
+}
Author	SHA1	Message	Date
Bruno BELANYI	dc9b8b5492	flake: bump inputs All checks were successful ci/woodpecker/push/check Pipeline was successful Details	2025-03-31 22:49:11 +02:00
Bruno BELANYI	e6bda50a74	nixos: services: servarr: nzbhydra: fix websockets From what I could read, NZBHydra2 might require proxying websockets in new versions (better safe than sorry).	2025-03-31 21:43:05 +02:00
Bruno BELANYI	abd346d329	nixos: services: servarr: migrate nzbhydra	2025-03-31 21:43:05 +02:00
Bruno BELANYI	1c968bb4fe	nixos: services: servarr: jackett: add 'port'	2025-03-31 21:43:05 +02:00
Bruno BELANYI	20aa72611a	nixos: services: servarr: migrate jackett	2025-03-31 21:43:05 +02:00
Bruno BELANYI	8c4a41ffea	nixos: services: servarr: migrate prowlarr The configuration doesn't have `group`, so it's a slightly different configuration to the rest of the *arr services. I also want to move the other two indexer modules under `servarr`, as they are all closely related.	2025-03-31 21:43:05 +02:00
Bruno BELANYI	f783e4c789	nixos: services: servarr: starr: add 'port' Now that declarative configurations are supported for those applications.	2025-03-31 21:36:44 +02:00
Bruno BELANYI	96129a8b2f	nixox: services: servarr: refactor starr config Makes it slightly DRY-er and more readable.	2025-03-31 21:36:44 +02:00
Bruno BELANYI	9884faee12	nixos: services: servarr: bazarr: add 'port'	2025-03-31 21:36:44 +02:00
Bruno BELANYI	137390abf6	nixos: services: servarr: extract bazarr It's not an actual *arr package, but closely related to them. Extract its configuration to a sub-module.	2025-03-31 21:36:44 +02:00
Bruno BELANYI	a636c3258a	nixos: services: servarr: fix 'enableAll' logic I renamed the option and refactored how it worked to make it more explicit that it enables the entire suite by default, with explicit opt-out of individual components (or fine-grained opt-in as an alternative).	2025-03-31 21:23:10 +02:00