fix(arr): Fix websockets

flake.lock

@@ -965,7 +965,7 @@
         "nixpkgs": "nixpkgs_11"
       },
       "locked": {
-        "lastModified": 1742246510,
+        "lastModified": 1742862380,
         "narHash": "sha256-h19Bg+BTV/51MiCnKa3rN3QbRC74cBWjBHhDrpVgdXM=",
         "path": "/persist/dots/scripts/sydnix-cli",
         "type": "path"

modules/nixos/deertopia/servarr.nix

@@ -43,6 +43,8 @@ in {
       options = [
         "vers=2.0"
         "cred=/run/secrets/buffalo-nas-creds"
+        # Wait for network availability before attempting mount.
+        "_netdev"
         # It appears that the group/user names used by Nixarr are hard-coded.
         "gid=media"
         "uid=streamer"

modules/nixos/deertopia/servarr/radarr.nix

@@ -17,14 +17,25 @@ in {
       vhost = {
         forceSSL = true;
         enableACME = true;
-        extraConfig = ''
-          # include ${../authelia/authelia-location.conf};
-          set $upstream http://127.0.0.1:7878;
-        '';
+        # Per https://wiki.servarr.com/radarr/installation/reverse-proxy
         locations."/".extraConfig = ''
-          # include ${../authelia/authelia-authrequest.conf};
-          # include ${../authelia/proxy.conf};
           proxy_pass $upstream;
+          proxy_set_header Host $host;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Forwarded-Host $host;
+          proxy_set_header X-Forwarded-Proto $scheme;
+          proxy_redirect off;
+          proxy_http_version 1.1;
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header Connection $http_connection;
+        '';
+        locations."/api".extraConfig = ''
+          # Allow the API External Access via NGINX
+          auth_basic off;
+          proxy_pass $upstream;
+        '';
+        extraConfig = ''
+          set $upstream http://127.0.0.1:7878;
         '';
       };
     };

modules/nixos/deertopia/servarr/sonarr.nix

@@ -17,14 +17,25 @@ in {
       vhost = {
         forceSSL = true;
         enableACME = true;
-        extraConfig = ''
-          # include ${../authelia/authelia-location.conf};
-          set $upstream http://127.0.0.1:8989;
-        '';
+        # Per https://wiki.servarr.com/radarr/installation/reverse-proxy
         locations."/".extraConfig = ''
-          # include ${../authelia/authelia-authrequest.conf};
-          # include ${../authelia/proxy.conf};
           proxy_pass $upstream;
+          proxy_set_header Host $host;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Forwarded-Host $host;
+          proxy_set_header X-Forwarded-Proto $scheme;
+          proxy_redirect off;
+          proxy_http_version 1.1;
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header Connection $http_connection;
+        '';
+        locations."/api".extraConfig = ''
+          # Allow the API External Access via NGINX
+          auth_basic off;
+          proxy_pass $upstream;
+        '';
+        extraConfig = ''
+          set $upstream http://127.0.0.1:8989;
         '';
       };
     };