# Usenet binary client. { config, lib, ... }: let cfg = config.my.services.sabnzbd; port = 9090; # NOTE: not declaratively set... in { options.my.services.sabnzbd = with lib; { enable = mkEnableOption "SABnzbd binary news reader"; }; config = lib.mkIf cfg.enable { services.sabnzbd = { enable = true; group = "media"; }; # Set-up media group users.groups.media = { }; my.services.nginx.virtualHosts = [ { subdomain = "sabnzbd"; inherit port; } ]; services.fail2ban.jails = { sabnzbd = '' enabled = true filter = sabnzbd port = http,https # Unfortunately, sabnzbd does not log to systemd journal backend = auto logpath = /var/lib/sabnzbd/logs/sabnzbd.log ''; }; environment.etc = { # FIXME: path to log file "fail2ban/filter.d/sabnzbd.conf".text = '' [Definition] failregex = ^.*WARNING.*API Key incorrect, Use the api key from Config->General in your 3rd party program: .* \(X-Forwarded-For: \) .*$ ^.*WARNING.*API Key incorrect, Use the api key from Config->General in your 3rd party program: .*$ ^.*WARNING.*API Key missing, please enter the api key from Config->General into your 3rd party program: .* \(X-Forwarded-For: \) .*$ ^.*WARNING.*API Key missing, please enter the api key from Config->General into your 3rd party program: .*$ ^.*WARNING.*Refused connection from: .* \(X-Forwarded-For: \) .*$ ^.*WARNING.*Refused connection from: .*$ ^.*WARNING.*Refused connection with hostname ".*" from: .* \(X-Forwarded-For: \) .*$ ^.*WARNING.*Refused connection with hostname ".*" from: .*$ ^.*WARNING.*Unsuccessful login attempt from .* \(X-Forwarded-For: \) .*$ ^.*WARNING.*Unsuccessful login attempt from .*$ journalmatch = _SYSTEMD_UNIT=sabnzbd.service ''; }; }; }