msyds/sydnix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(deertopia): *Arr suite

Browse Source
This commit is contained in:
Madeleine Sydney
2025-03-27 16:02:11 -06:00
parent 45a66fe1ab
commit 50af3792f9
19 changed files with 572 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
modules/nixos/deertopia/servarr/jellyfin.nix Normal file
View File

@@ -0,0 +1,67 @@
{ config, lib, pkgs, ... }:
let cfg = config.sydnix.deertopia.servarr.jellyfin;
in {
options.sydnix.deertopia.servarr.jellyfin = {
enable = lib.mkEnableOption "Jellyfin (via Nixarr)";
};
config = lib.mkIf cfg.enable {
sydnix.deertopia.nginx.vhosts."watch".vhost =
# Currently no (convenient) way to specify Jellyfin's port from Nix.
let port = builtins.toString 8096;
in {
forceSSL = true;
enableACME = true;
locations."/".extraConfig = ''
# Proxy main Jellyfin traffic.
proxy_pass $jellyfin;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
# Disable buffering when the nginx proxy gets very resource heavy upon
# streaming.
proxy_buffering off;
'';
locations."/socket".extraConfig = ''
# Proxy Jellyfin Websockets traffic
proxy_pass $jellyfin;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
'';
extraConfig = ''
set $jellyfin http://127.0.0.1:${port};
'';
};
nixarr.jellyfin = {
enable = true;
openFirewall = true;
};
sydnix.deertopia.nginx.vhosts."jellyseer".vhost =
# Currently no (convenient) way to specify Jellyfin's port from Nix.
let port = builtins.toString 8096;
in {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:5055";
};
nixarr.jellyseerr = {
enable = true;
openFirewall = true;
};
};
}

33
modules/nixos/deertopia/servarr/lidarr.nix Normal file
View File

@@ -0,0 +1,33 @@
{ config, lib, pkgs, ... }:
let cfg = config.sydnix.deertopia.servarr.lidarr;
in {
options.sydnix.deertopia.servarr.lidarr = {
enable = lib.mkEnableOption "Lidarr (via Nixarr)";
};
config = lib.mkIf cfg.enable {
sydnix.deertopia.nginx.vhosts."lidarr" = {
directory = null;
vhost = {
forceSSL = true;
enableACME = true;
extraConfig = ''
# include ${../authelia/authelia-location.conf};
set $upstream http://127.0.0.1:8686;
'';
locations."/".extraConfig = ''
# include ${../authelia/authelia-authrequest.conf};
# include ${../authelia/proxy.conf};
proxy_pass $upstream;
'';
};
};
nixarr.lidarr = {
enable = true;
openFirewall = true;
};
};
}

32
modules/nixos/deertopia/servarr/prowlarr.nix Normal file
View File

@@ -0,0 +1,32 @@
{ config, lib, pkgs, ... }:
let cfg = config.sydnix.deertopia.servarr.prowlarr;
in {
options.sydnix.deertopia.servarr.prowlarr = {
enable = lib.mkEnableOption "Prowlarr (via Nixarr)";
};
config = lib.mkIf cfg.enable {
nixarr.prowlarr = {
enable = true;
openFirewall = true;
};
sydnix.deertopia.nginx.vhosts."prowlarr" = {
directory = null;
vhost = {
forceSSL = true;
enableACME = true;
extraConfig = ''
# include ${../authelia/authelia-location.conf};
set $upstream http://127.0.0.1:9696;
'';
locations."/".extraConfig = ''
# include ${../authelia/authelia-authrequest.conf};
# include ${../authelia/proxy.conf};
proxy_pass $upstream;
'';
};
};
};
}

33
modules/nixos/deertopia/servarr/radarr.nix Normal file
View File

@@ -0,0 +1,33 @@
{ config, lib, pkgs, ... }:
let cfg = config.sydnix.deertopia.servarr.radarr;
in {
options.sydnix.deertopia.servarr.radarr = {
enable = lib.mkEnableOption "Radarr (via Nixarr)";
};
config = lib.mkIf cfg.enable {
nixarr.radarr = {
enable = true;
openFirewall = true;
};
sydnix.deertopia.nginx.vhosts."radarr" = {
directory = null;
vhost = {
forceSSL = true;
enableACME = true;
extraConfig = ''
# include ${../authelia/authelia-location.conf};
set $upstream http://127.0.0.1:7878;
'';
locations."/".extraConfig = ''
# include ${../authelia/authelia-authrequest.conf};
# include ${../authelia/proxy.conf};
proxy_pass $upstream;
'';
};
};
};
}

17
modules/nixos/deertopia/servarr/sabnzbd.nix Normal file
View File

@@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let cfg = config.sydnix.deertopia.servarr.sabnzbd;
in {
options.sydnix.deertopia.servarr.sabnzbd = {
enable = lib.mkEnableOption "SABnzbd (via Nixarr)";
};
config = lib.mkIf cfg.enable {
nixarr.sabnzbd = {
enable = true;
# vpn.enable = true;
openFirewall = true;
guiPort = 43288;
};
};
}

74
modules/nixos/deertopia/servarr/slskd.nix Normal file
View File

@@ -0,0 +1,74 @@
{ config, lib, pkgs, ... }:
let cfg = config.sydnix.deertopia.servarr.slskd;
in {
options.sydnix.deertopia.servarr.slskd = {
enable = lib.mkEnableOption "Slskd (à la Nixarr)";
};
config = lib.mkIf cfg.enable {
sydnix.sops.secrets.slskd-credentials = {
owner = "torrenter";
};
# TODO: Patch Nixpkgs to add option services.slskd.appDir.
services.slskd = {
enable = true;
user = "torrenter";
group = "media";
openFirewall = true;
domain = null;
environmentFile = "/run/secrets/slskd-credentials";
settings = {
# Disable slskd's authentication in favour of Authelia.
web.authentication.disabled = true;
shares.directories = [
config.nixarr.mediaDir
];
directories = {
downloads = "/var/lib/slskd/downloads";
incomplete = "/var/lib/slskd/incomplete";
};
};
};
networking.firewall.allowedTCPPorts = [
config.services.slskd.settings.web.port
];
sydnix.deertopia.nginx.vhosts."slsk" = {
directory = null;
vhost = {
forceSSL = true;
enableACME = true;
extraConfig =
let port = builtins.toString config.services.slskd.settings.web.port;
in ''
include ${../authelia/authelia-location.conf};
set $upstream http://127.0.0.1:${port};
'';
locations."/".extraConfig = ''
include ${../authelia/authelia-authrequest.conf};
include ${../authelia/proxy.conf};
proxy_pass $upstream;
'';
locations."/hub".extraConfig = ''
proxy_pass $upstream;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
'';
};
};
};
}

32
modules/nixos/deertopia/servarr/sonarr.nix Normal file
View File

@@ -0,0 +1,32 @@
{ config, lib, pkgs, ... }:
let cfg = config.sydnix.deertopia.servarr.sonarr;
in {
options.sydnix.deertopia.servarr.sonarr = {
enable = lib.mkEnableOption "Sonarr (via Nixarr)";
};
config = lib.mkIf cfg.enable {
nixarr.sonarr = {
enable = true;
openFirewall = true;
};
sydnix.deertopia.nginx.vhosts."sonarr" = {
directory = null;
vhost = {
forceSSL = true;
enableACME = true;
extraConfig = ''
# include ${../authelia/authelia-location.conf};
set $upstream http://127.0.0.1:8989;
'';
locations."/".extraConfig = ''
# include ${../authelia/authelia-authrequest.conf};
# include ${../authelia/proxy.conf};
proxy_pass $upstream;
'';
};
};
};
}

24
modules/nixos/deertopia/servarr/transmission.nix Normal file
View File

@@ -0,0 +1,24 @@
{ config, lib, pkgs, ... }:
let cfg = config.sydnix.deertopia.servarr.transmission;
in {
options.sydnix.deertopia.servarr.transmission = {
enable = lib.mkEnableOption "Transmission (via Nixarr)";
};
config = lib.mkIf cfg.enable {
sydnix.sops.secrets.transmission-credentials = {
owner = config.services.transmission.user;
group = config.services.transmission.group;
mode = "700";
};
nixarr.transmission = {
enable = true;
vpn.enable = true;
credentialsFile = "/run/secrets/transmission-credentials";
# Default (9091) conflicts with Authelia.
uiPort = 7052;
};
};
}