From a636c3258a2bf3d22478678209fc6183e8605dcb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:00:10 +0000 Subject: [PATCH 01/11] nixos: services: servarr: fix 'enableAll' logic I renamed the option and refactored how it worked to make it more explicit that it enables the entire suite by default, with explicit opt-out of individual components (or fine-grained opt-in as an alternative). --- hosts/nixos/porthos/services.nix | 2 +- modules/nixos/services/servarr/default.nix | 20 +++++++++----------- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index ffd150a..021a6ae 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -144,7 +144,7 @@ in sabnzbd.enable = true; # The whole *arr software suite servarr = { - enable = true; + enableAll = true; # ... But not Lidarr because I don't care for music that much lidarr = { enable = false; diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index e25d9cf..65c409a 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -19,6 +19,8 @@ let enable = true; group = "media"; }; + # Set-up media group + users.groups.media = { }; }; mkRedirection = service: { @@ -54,34 +56,30 @@ let in { options.my.services.servarr = { - enable = lib.mkEnableOption "Media automation"; + enableAll = lib.mkEnableOption "media automation suite"; bazarr = { - enable = lib.my.mkDisableOption "Bazarr"; + enable = lib.mkEnableOption "Bazarr" // { default = cfg.enableAll; };; }; lidarr = { - enable = lib.my.mkDisableOption "Lidarr"; + enable = lib.mkEnableOption "Lidarr" // { default = cfg.enableAll; }; }; radarr = { - enable = lib.my.mkDisableOption "Radarr"; + enable = lib.mkEnableOption "Radarr" // { default = cfg.enableAll; }; }; readarr = { - enable = lib.my.mkDisableOption "Readarr"; + enable = lib.mkEnableOption "Readarr" // { default = cfg.enableAll; }; }; sonarr = { - enable = lib.my.mkDisableOption "Sonarr"; + enable = lib.mkEnableOption "Sonarr" // { default = cfg.enableAll; }; }; }; - config = lib.mkIf cfg.enable (lib.mkMerge [ - { - # Set-up media group - users.groups.media = { }; - } + config = (lib.mkMerge [ # Bazarr does not log authentication failures... (mkFullConfig "bazarr") # Lidarr for music From 137390abf62fdcac52374704b3d98dba60e4b4b1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 10:51:21 +0000 Subject: [PATCH 02/11] nixos: services: servarr: extract bazarr It's not an actual *arr package, but closely related to them. Extract its configuration to a sub-module. --- modules/nixos/services/servarr/bazarr.nix | 29 ++++++++++++++++++++++ modules/nixos/services/servarr/default.nix | 11 +++----- 2 files changed, 33 insertions(+), 7 deletions(-) create mode 100644 modules/nixos/services/servarr/bazarr.nix diff --git a/modules/nixos/services/servarr/bazarr.nix b/modules/nixos/services/servarr/bazarr.nix new file mode 100644 index 0000000..2d27c95 --- /dev/null +++ b/modules/nixos/services/servarr/bazarr.nix @@ -0,0 +1,29 @@ +{ config, lib, ... }: +let + cfg = config.my.services.servarr.bazarr; +in +{ + options.my.services.servarr.bazarr = with lib; { + enable = lib.mkEnableOption "Bazarr" // { + default = config.my.services.servarr.enableAll; + }; + }; + + config = lib.mkIf cfg.enable { + services.bazarr = { + enable = true; + group = "media"; + }; + + # Set-up media group + users.groups.media = { }; + + my.services.nginx.virtualHosts = { + bazarr = { + port = 6767; + }; + }; + + # Bazarr does not log authentication failures... + }; +} diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 65c409a..53fd14b 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -7,7 +7,6 @@ let cfg = config.my.services.servarr; ports = { - bazarr = 6767; lidarr = 8686; radarr = 7878; readarr = 8787; @@ -55,13 +54,13 @@ let ]); in { + imports = [ + ./bazarr.nix + ]; + options.my.services.servarr = { enableAll = lib.mkEnableOption "media automation suite"; - bazarr = { - enable = lib.mkEnableOption "Bazarr" // { default = cfg.enableAll; };; - }; - lidarr = { enable = lib.mkEnableOption "Lidarr" // { default = cfg.enableAll; }; }; @@ -80,8 +79,6 @@ in }; config = (lib.mkMerge [ - # Bazarr does not log authentication failures... - (mkFullConfig "bazarr") # Lidarr for music (mkFullConfig "lidarr") (mkFail2Ban "lidarr") From 9884faee12b8cf80ecb8020a8f900252aeba1c1a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 10:53:32 +0000 Subject: [PATCH 03/11] nixos: services: servarr: bazarr: add 'port' --- modules/nixos/services/servarr/bazarr.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/servarr/bazarr.nix b/modules/nixos/services/servarr/bazarr.nix index 2d27c95..637da0c 100644 --- a/modules/nixos/services/servarr/bazarr.nix +++ b/modules/nixos/services/servarr/bazarr.nix @@ -7,12 +7,20 @@ in enable = lib.mkEnableOption "Bazarr" // { default = config.my.services.servarr.enableAll; }; + + port = mkOption { + type = types.port; + default = 6767; + example = 8080; + description = "Internal port for webui"; + }; }; config = lib.mkIf cfg.enable { services.bazarr = { enable = true; group = "media"; + listenPort = cfg.port; }; # Set-up media group @@ -20,7 +28,7 @@ in my.services.nginx.virtualHosts = { bazarr = { - port = 6767; + inherit (cfg) port; }; }; From 96129a8b2f43f1bd5b2b49608e49477529c2d419 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:07:21 +0000 Subject: [PATCH 04/11] nixox: services: servarr: refactor starr config Makes it slightly DRY-er and more readable. --- modules/nixos/services/servarr/default.nix | 87 ++-------------------- modules/nixos/services/servarr/starr.nix | 51 +++++++++++++ 2 files changed, 56 insertions(+), 82 deletions(-) create mode 100644 modules/nixos/services/servarr/starr.nix diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 53fd14b..398461b 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -2,94 +2,17 @@ # Relevant link [1]. # # [1]: https://youtu.be/I26Ql-uX6AM -{ config, lib, ... }: -let - cfg = config.my.services.servarr; - - ports = { - lidarr = 8686; - radarr = 7878; - readarr = 8787; - sonarr = 8989; - }; - - mkService = service: { - services.${service} = { - enable = true; - group = "media"; - }; - # Set-up media group - users.groups.media = { }; - }; - - mkRedirection = service: { - my.services.nginx.virtualHosts = { - ${service} = { - port = ports.${service}; - }; - }; - }; - - mkFail2Ban = service: lib.mkIf cfg.${service}.enable { - services.fail2ban.jails = { - ${service} = '' - enabled = true - filter = ${service} - action = iptables-allports - ''; - }; - - environment.etc = { - "fail2ban/filter.d/${service}.conf".text = '' - [Definition] - failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ - journalmatch = _SYSTEMD_UNIT=${service}.service - ''; - }; - }; - - mkFullConfig = service: lib.mkIf cfg.${service}.enable (lib.mkMerge [ - (mkService service) - (mkRedirection service) - ]); -in +{ lib, ... }: { imports = [ ./bazarr.nix + (import ./starr.nix "lidarr") + (import ./starr.nix "radarr") + (import ./starr.nix "readarr") + (import ./starr.nix "sonarr") ]; options.my.services.servarr = { enableAll = lib.mkEnableOption "media automation suite"; - - lidarr = { - enable = lib.mkEnableOption "Lidarr" // { default = cfg.enableAll; }; - }; - - radarr = { - enable = lib.mkEnableOption "Radarr" // { default = cfg.enableAll; }; - }; - - readarr = { - enable = lib.mkEnableOption "Readarr" // { default = cfg.enableAll; }; - }; - - sonarr = { - enable = lib.mkEnableOption "Sonarr" // { default = cfg.enableAll; }; - }; }; - - config = (lib.mkMerge [ - # Lidarr for music - (mkFullConfig "lidarr") - (mkFail2Ban "lidarr") - # Radarr for movies - (mkFullConfig "radarr") - (mkFail2Ban "radarr") - # Readarr for books - (mkFullConfig "readarr") - (mkFail2Ban "readarr") - # Sonarr for shows - (mkFullConfig "sonarr") - (mkFail2Ban "sonarr") - ]); } diff --git a/modules/nixos/services/servarr/starr.nix b/modules/nixos/services/servarr/starr.nix new file mode 100644 index 0000000..e9c84f9 --- /dev/null +++ b/modules/nixos/services/servarr/starr.nix @@ -0,0 +1,51 @@ +# Templated *arr configuration +starr: +{ config, lib, ... }: +let + cfg = config.my.services.servarr.${starr}; + ports = { + lidarr = 8686; + radarr = 7878; + readarr = 8787; + sonarr = 8989; + }; +in +{ + options.my.services.servarr.${starr} = with lib; { + enable = lib.mkEnableOption (lib.toSentenceCase starr) // { + default = config.my.services.servarr.enableAll; + }; + }; + + config = lib.mkIf cfg.enable { + services.${starr} = { + enable = true; + group = "media"; + }; + + # Set-up media group + users.groups.media = { }; + + my.services.nginx.virtualHosts = { + ${starr} = { + port = ports.${starr}; + }; + }; + + services.fail2ban.jails = { + ${starr} = '' + enabled = true + filter = ${starr} + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/${starr}.conf".text = '' + [Definition] + failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ + journalmatch = _SYSTEMD_UNIT=${starr}.service + ''; + }; + }; +} From f783e4c789ff959da648d746d8c3c25aa22223e0 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:12:16 +0000 Subject: [PATCH 05/11] nixos: services: servarr: starr: add 'port' Now that declarative configurations are supported for those applications. --- modules/nixos/services/servarr/starr.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/servarr/starr.nix b/modules/nixos/services/servarr/starr.nix index e9c84f9..2bf7c11 100644 --- a/modules/nixos/services/servarr/starr.nix +++ b/modules/nixos/services/servarr/starr.nix @@ -15,12 +15,25 @@ in enable = lib.mkEnableOption (lib.toSentenceCase starr) // { default = config.my.services.servarr.enableAll; }; + + port = mkOption { + type = types.port; + default = ports.${starr}; + example = 8080; + description = "Internal port for webui"; + }; }; config = lib.mkIf cfg.enable { services.${starr} = { enable = true; group = "media"; + + settings = { + server = { + port = cfg.port; + }; + }; }; # Set-up media group @@ -28,7 +41,7 @@ in my.services.nginx.virtualHosts = { ${starr} = { - port = ports.${starr}; + port = cfg.port; }; }; From 8c4a41ffeaa784b5065e4fa92b9f202d7c9a0dd8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:21:24 +0000 Subject: [PATCH 06/11] nixos: services: servarr: migrate prowlarr The configuration doesn't have `group`, so it's a slightly different configuration to the rest of the *arr services. I also want to move the other two indexer modules under `servarr`, as they are all closely related. --- hosts/nixos/porthos/services.nix | 4 -- modules/nixos/services/indexers/default.nix | 30 ------------ modules/nixos/services/servarr/default.nix | 1 + modules/nixos/services/servarr/prowlarr.nix | 53 +++++++++++++++++++++ 4 files changed, 54 insertions(+), 34 deletions(-) create mode 100644 modules/nixos/services/servarr/prowlarr.nix diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 021a6ae..9017894 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -51,10 +51,6 @@ in passwordFile = secrets."forgejo/mail-password".path; }; }; - # Meta-indexers - indexers = { - prowlarr.enable = true; - }; # Jellyfin media server jellyfin.enable = true; # Gitea mirrorig service diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix index 8a42345..00bf316 100644 --- a/modules/nixos/services/indexers/default.nix +++ b/modules/nixos/services/indexers/default.nix @@ -5,13 +5,11 @@ let jackettPort = 9117; nzbhydraPort = 5076; - prowlarrPort = 9696; in { options.my.services.indexers = with lib; { jackett.enable = mkEnableOption "Jackett torrent meta-indexer"; nzbhydra.enable = mkEnableOption "NZBHydra2 usenet meta-indexer"; - prowlarr.enable = mkEnableOption "Prowlarr torrent & usenet meta-indexer"; }; config = lib.mkMerge [ @@ -46,33 +44,5 @@ in }; }; }) - - (lib.mkIf cfg.prowlarr.enable { - services.prowlarr = { - enable = true; - }; - - my.services.nginx.virtualHosts = { - prowlarr = { - port = prowlarrPort; - }; - }; - - services.fail2ban.jails = { - prowlarr = '' - enabled = true - filter = prowlarr - action = iptables-allports - ''; - }; - - environment.etc = { - "fail2ban/filter.d/prowlarr.conf".text = '' - [Definition] - failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ - journalmatch = _SYSTEMD_UNIT=prowlarr.service - ''; - }; - }) ]; } diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 398461b..1bca773 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -6,6 +6,7 @@ { imports = [ ./bazarr.nix + ./prowlarr.nix (import ./starr.nix "lidarr") (import ./starr.nix "radarr") (import ./starr.nix "readarr") diff --git a/modules/nixos/services/servarr/prowlarr.nix b/modules/nixos/services/servarr/prowlarr.nix new file mode 100644 index 0000000..ce044c6 --- /dev/null +++ b/modules/nixos/services/servarr/prowlarr.nix @@ -0,0 +1,53 @@ +# Torrent and NZB indexer +{ config, lib, ... }: +let + cfg = config.my.services.servarr.prowlarr; +in +{ + options.my.services.servarr.prowlarr = with lib; { + enable = lib.mkEnableOption "Prowlarr" // { + default = config.my.services.servarr.enableAll; + }; + + port = mkOption { + type = types.port; + default = 9696; + example = 8080; + description = "Internal port for webui"; + }; + }; + + config = lib.mkIf cfg.enable { + services.prowlarr = { + enable = true; + + settings = { + server = { + port = cfg.port; + }; + }; + }; + + my.services.nginx.virtualHosts = { + prowlarr = { + inherit (cfg) port; + }; + }; + + services.fail2ban.jails = { + prowlarr = '' + enabled = true + filter = prowlarr + action = iptables-allports + ''; + }; + + environment.etc = { + "fail2ban/filter.d/prowlarr.conf".text = '' + [Definition] + failregex = ^.*\|Warn\|Auth\|Auth-Failure ip username .*$ + journalmatch = _SYSTEMD_UNIT=prowlarr.service + ''; + }; + }; +} From 20aa72611a37d5a9acfda046b9b61def73db8107 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:27:18 +0000 Subject: [PATCH 07/11] nixos: services: servarr: migrate jackett --- hosts/nixos/porthos/services.nix | 4 +++ modules/nixos/services/indexers/default.nix | 22 -------------- modules/nixos/services/servarr/default.nix | 1 + modules/nixos/services/servarr/jackett.nix | 33 +++++++++++++++++++++ 4 files changed, 38 insertions(+), 22 deletions(-) create mode 100644 modules/nixos/services/servarr/jackett.nix diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index 9017894..d45846a 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -145,6 +145,10 @@ in lidarr = { enable = false; }; + # I only use Prowlarr nowadays + jackett = { + enable = false; + }; }; # Because I still need to play sysadmin ssh-server.enable = true; diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix index 00bf316..5d81079 100644 --- a/modules/nixos/services/indexers/default.nix +++ b/modules/nixos/services/indexers/default.nix @@ -3,36 +3,14 @@ let cfg = config.my.services.indexers; - jackettPort = 9117; nzbhydraPort = 5076; in { options.my.services.indexers = with lib; { - jackett.enable = mkEnableOption "Jackett torrent meta-indexer"; nzbhydra.enable = mkEnableOption "NZBHydra2 usenet meta-indexer"; }; config = lib.mkMerge [ - (lib.mkIf cfg.jackett.enable { - services.jackett = { - enable = true; - }; - - # Jackett wants to eat *all* my RAM if left to its own devices - systemd.services.jackett = { - serviceConfig = { - MemoryHigh = "15%"; - MemoryMax = "25%"; - }; - }; - - my.services.nginx.virtualHosts = { - jackett = { - port = jackettPort; - }; - }; - }) - (lib.mkIf cfg.nzbhydra.enable { services.nzbhydra2 = { enable = true; diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 1bca773..06a1cef 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -6,6 +6,7 @@ { imports = [ ./bazarr.nix + ./jackett.nix ./prowlarr.nix (import ./starr.nix "lidarr") (import ./starr.nix "radarr") diff --git a/modules/nixos/services/servarr/jackett.nix b/modules/nixos/services/servarr/jackett.nix new file mode 100644 index 0000000..756df9b --- /dev/null +++ b/modules/nixos/services/servarr/jackett.nix @@ -0,0 +1,33 @@ +{ config, lib, ... }: +let + cfg = config.my.services.servarr.jackett; +in +{ + options.my.services.servarr.jackett = with lib; { + enable = lib.mkEnableOption "Jackett" // { + default = config.my.services.servarr.enableAll; + }; + }; + + config = lib.mkIf cfg.enable { + services.jackett = { + enable = true; + }; + + # Jackett wants to eat *all* my RAM if left to its own devices + systemd.services.jackett = { + serviceConfig = { + MemoryHigh = "15%"; + MemoryMax = "25%"; + }; + }; + + my.services.nginx.virtualHosts = { + jackett = { + port = 9117; + }; + }; + + # Jackett does not log authentication failures... + }; +} From 1c968bb4fe15a54a95d6ccf72f485227021e7bb1 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:28:04 +0000 Subject: [PATCH 08/11] nixos: services: servarr: jackett: add 'port' --- modules/nixos/services/servarr/jackett.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/servarr/jackett.nix b/modules/nixos/services/servarr/jackett.nix index 756df9b..481cd3d 100644 --- a/modules/nixos/services/servarr/jackett.nix +++ b/modules/nixos/services/servarr/jackett.nix @@ -7,11 +7,19 @@ in enable = lib.mkEnableOption "Jackett" // { default = config.my.services.servarr.enableAll; }; + + port = mkOption { + type = types.port; + default = 9117; + example = 8080; + description = "Internal port for webui"; + }; }; config = lib.mkIf cfg.enable { services.jackett = { enable = true; + inherit (cfg) port; }; # Jackett wants to eat *all* my RAM if left to its own devices @@ -24,7 +32,7 @@ in my.services.nginx.virtualHosts = { jackett = { - port = 9117; + inherit (cfg) port; }; }; From abd346d329a480aecbedc9e03dc76d7be260e1e6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:32:39 +0000 Subject: [PATCH 09/11] nixos: services: servarr: migrate nzbhydra --- hosts/nixos/porthos/services.nix | 3 +++ modules/nixos/services/default.nix | 1 - modules/nixos/services/indexers/default.nix | 26 --------------------- modules/nixos/services/servarr/default.nix | 1 + modules/nixos/services/servarr/nzbhydra.nix | 25 ++++++++++++++++++++ 5 files changed, 29 insertions(+), 27 deletions(-) delete mode 100644 modules/nixos/services/indexers/default.nix create mode 100644 modules/nixos/services/servarr/nzbhydra.nix diff --git a/hosts/nixos/porthos/services.nix b/hosts/nixos/porthos/services.nix index d45846a..7efddfa 100644 --- a/hosts/nixos/porthos/services.nix +++ b/hosts/nixos/porthos/services.nix @@ -149,6 +149,9 @@ in jackett = { enable = false; }; + nzbhydra = { + enable = false; + }; }; # Because I still need to play sysadmin ssh-server.enable = true; diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index 3992385..27f8765 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -15,7 +15,6 @@ ./gitea ./grocy ./homebox - ./indexers ./jellyfin ./komga ./lohr diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix deleted file mode 100644 index 5d81079..0000000 --- a/modules/nixos/services/indexers/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -# Torrent and usenet meta-indexers -{ config, lib, ... }: -let - cfg = config.my.services.indexers; - - nzbhydraPort = 5076; -in -{ - options.my.services.indexers = with lib; { - nzbhydra.enable = mkEnableOption "NZBHydra2 usenet meta-indexer"; - }; - - config = lib.mkMerge [ - (lib.mkIf cfg.nzbhydra.enable { - services.nzbhydra2 = { - enable = true; - }; - - my.services.nginx.virtualHosts = { - nzbhydra = { - port = nzbhydraPort; - }; - }; - }) - ]; -} diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index 06a1cef..23838fd 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -7,6 +7,7 @@ imports = [ ./bazarr.nix ./jackett.nix + ./nzbhydra.nix ./prowlarr.nix (import ./starr.nix "lidarr") (import ./starr.nix "radarr") diff --git a/modules/nixos/services/servarr/nzbhydra.nix b/modules/nixos/services/servarr/nzbhydra.nix new file mode 100644 index 0000000..4112c30 --- /dev/null +++ b/modules/nixos/services/servarr/nzbhydra.nix @@ -0,0 +1,25 @@ +{ config, lib, ... }: +let + cfg = config.my.services.servarr.nzbhydra; +in +{ + options.my.services.servarr.nzbhydra = with lib; { + enable = lib.mkEnableOption "NZBHydra2" // { + default = config.my.services.servarr.enableAll; + }; + }; + + config = lib.mkIf cfg.enable { + services.nzbhydra2 = { + enable = true; + }; + + my.services.nginx.virtualHosts = { + nzbhydra = { + port = 5076; + }; + }; + + # NZBHydra2 does not log authentication failures... + }; +} From e6bda50a748c7bc58863c89f2cee92f438605292 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 11:34:25 +0000 Subject: [PATCH 10/11] nixos: services: servarr: nzbhydra: fix websockets From what I could read, NZBHydra2 *might* require proxying websockets in new versions (better safe than sorry). --- modules/nixos/services/servarr/nzbhydra.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/services/servarr/nzbhydra.nix b/modules/nixos/services/servarr/nzbhydra.nix index 4112c30..7b63986 100644 --- a/modules/nixos/services/servarr/nzbhydra.nix +++ b/modules/nixos/services/servarr/nzbhydra.nix @@ -17,6 +17,7 @@ in my.services.nginx.virtualHosts = { nzbhydra = { port = 5076; + websocketsLocations = [ "/" ]; }; }; From dc9b8b54927238bb562c35897428f869ed23f136 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Mon, 31 Mar 2025 22:49:11 +0200 Subject: [PATCH 11/11] flake: bump inputs --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 2eff24a..68fa8d6 100644 --- a/flake.lock +++ b/flake.lock @@ -136,11 +136,11 @@ ] }, "locked": { - "lastModified": 1742771635, - "narHash": "sha256-HQHzQPrg+g22tb3/K/4tgJjPzM+/5jbaujCZd8s2Mls=", + "lastModified": 1743438213, + "narHash": "sha256-ZZDN+0v1r4I1xkQWlt8euOJv5S4EvElUCZMrDjTCEsY=", "owner": "nix-community", "repo": "home-manager", - "rev": "ad0614a1ec9cce3b13169e20ceb7e55dfaf2a818", + "rev": "ccd7df836e1f42ea84806760f25b77b586370259", "type": "github" }, "original": { @@ -152,11 +152,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1742669843, - "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=", + "lastModified": 1743315132, + "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1e5b653dff12029333a6546c11e108ede13052eb", + "rev": "52faf482a3889b7619003c0daec593a1912fddc1", "type": "github" }, "original": {