pazpi/nix
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Single secret files for all arr services

Browse source
This commit is contained in:
pazpi 2025-09-14 12:57:38 +02:00
parent 758d01f8e2
commit c505db0d60
12 changed files with 58 additions and 140 deletions
Download patch file Download diff file Expand all files Collapse all files

121
modules/services/media-mgr.nix
View file

@ -9,22 +9,30 @@ with lib;
let
cfg = config.my.services.media-mgr;
lidarrPort = toString 8686;
radarrPort = toString 7878;
sonarrPort = toString 8989;
readarrPort = toString 8787;
prowlarrPort = toString 9696;
in
{
options.my.services.media-mgr = {
programs = {
enable = lib.mkEnableOption "Enable the download manager stack";
commonSecretsFile = lib.mkOption {
default = "";
type = lib.types.path;
description = ''
Path to the file containing secrets in common between Arr
'';
};
};
exportMetrics = {
enable = lib.mkEnableOption "Enable monitoring for the download manager stack";
apiKeyFile = lib.mkOption {
default = "";
type = lib.types.path;
description = ''
Path to the file containing the Arr secrets API key (look also commonSecretsFile)
'';
};
};
proxy = {
@ -61,30 +69,35 @@ in
prowlarr = {
enable = true;
openFirewall = true;
environmentFiles = [ cfg.programs.commonSecretsFile ];
};
# Movies
radarr = {
enable = true;
openFirewall = true;
environmentFiles = [ cfg.programs.commonSecretsFile ];
};
# TV Shows
sonarr = {
enable = true;
openFirewall = true;
environmentFiles = [ cfg.programs.commonSecretsFile ];
};
# Music
lidarr = {
enable = true;
openFirewall = true;
environmentFiles = [ cfg.programs.commonSecretsFile ];
};
# E-books
readarr = {
enable = true;
openFirewall = true;
environmentFiles = [ cfg.programs.commonSecretsFile ];
};
# Subtitles
@ -109,23 +122,23 @@ in
(lib.mkIf cfg.proxy.enable {
services.caddy = with cfg.proxy; {
virtualHosts."prowlarr.ts.${domain}".extraConfig = ''
reverse_proxy http://${host}:${prowlarrPort}
reverse_proxy http://${host}:${toString config.services.prowlarr.settings.server.port}
import cloudflare_${domain}
'';
virtualHosts."radarr.ts.${domain}".extraConfig = ''
reverse_proxy http://${host}:${radarrPort}
reverse_proxy http://${host}:${toString config.services.radarr.settings.server.port}
import cloudflare_${domain}
'';
virtualHosts."sonarr.ts.${domain}".extraConfig = ''
reverse_proxy http://${host}:${sonarrPort}
reverse_proxy http://${host}:${toString config.services.sonarr.settings.server.port}
import cloudflare_${domain}
'';
virtualHosts."lidarr.ts.${domain}".extraConfig = ''
reverse_proxy http://${host}:${lidarrPort}
reverse_proxy http://${host}:${toString config.services.lidarr.settings.server.port}
import cloudflare_${domain}
'';
virtualHosts."readarr.ts.${domain}".extraConfig = ''
reverse_proxy http://${host}:${readarrPort}
reverse_proxy http://${host}:${toString config.services.readarr.settings.server.port}
import cloudflare_${domain}
'';
virtualHosts."bazarr.ts.${domain}".extraConfig = ''
@ -148,110 +161,46 @@ in
isSystemUser = true;
};
age.secrets = {
prowlarr-apiKey = {
file = ../../secrets/prowlarr-apiKey.age;
owner = "exportarr";
group = "exportarr";
mode = "770";
};
};
age.secrets = {
radarr-apiKey = {
file = ../../secrets/radarr-apiKey.age;
owner = "exportarr";
group = "exportarr";
mode = "770";
};
};
age.secrets = {
sonarr-apiKey = {
file = ../../secrets/sonarr-apiKey.age;
owner = "exportarr";
group = "exportarr";
mode = "770";
};
};
age.secrets = {
lidarr-apiKey = {
file = ../../secrets/lidarr-apiKey.age;
owner = "exportarr";
group = "exportarr";
mode = "770";
};
};
age.secrets = {
readarr-apiKey = {
file = ../../secrets/readarr-apiKey.age;
owner = "exportarr";
group = "exportarr";
mode = "770";
};
};
age.secrets = {
bazarr-apiKey = {
file = ../../secrets/bazarr-apiKey.age;
owner = "exportarr";
group = "exportarr";
mode = "770";
};
};
systemd.services = {
prometheus-exportarr-prowlarr-exporter.serviceConfig.EnvironmentFile =
config.age.secrets.prowlarr-apiKey.path;
prometheus-exportarr-radarr-exporter.serviceConfig.EnvironmentFile =
config.age.secrets.radarr-apiKey.path;
prometheus-exportarr-sonarr-exporter.serviceConfig.EnvironmentFile =
config.age.secrets.sonarr-apiKey.path;
prometheus-exportarr-lidarr-exporter.serviceConfig.EnvironmentFile =
config.age.secrets.lidarr-apiKey.path;
prometheus-exportarr-readarr-exporter.serviceConfig.EnvironmentFile =
config.age.secrets.readarr-apiKey.path;
prometheus-exportarr-bazarr-exporter.serviceConfig.EnvironmentFile =
config.age.secrets.bazarr-apiKey.path;
};
services.prometheus.exporters = with cfg.proxy; {
exportarr-prowlarr = {
enable = true;
url = "http://${host}:${prowlarrPort}";
url = "http://${host}:${toString config.services.prowlarr.settings.server.port}";
port = 9701;
user = "exportarr";
group = "exportarr";
apiKeyFile = config.age.secrets.prowlarr-apiKey.path;
apiKeyFile = cfg.exportMetrics.apiKeyFile;
};
exportarr-radarr = {
enable = true;
url = "http://${host}:${radarrPort}";
url = "http://${host}:${toString config.services.radarr.settings.server.port}";
port = 9702;
user = "exportarr";
group = "exportarr";
apiKeyFile = config.age.secrets.radarr-apiKey.path;
apiKeyFile = cfg.exportMetrics.apiKeyFile;
};
exportarr-sonarr = {
enable = true;
url = "http://${host}:${sonarrPort}";
url = "http://${host}:${toString config.services.sonarr.settings.server.port}";
port = 9703;
user = "exportarr";
group = "exportarr";
apiKeyFile = config.age.secrets.sonarr-apiKey.path;
apiKeyFile = cfg.exportMetrics.apiKeyFile;
};
exportarr-lidarr = {
enable = true;
url = "http://${host}:${lidarrPort}";
url = "http://${host}:${toString config.services.lidarr.settings.server.port}";
port = 9704;
user = "exportarr";
group = "exportarr";
apiKeyFile = config.age.secrets.lidarr-apiKey.path;
apiKeyFile = cfg.exportMetrics.apiKeyFile;
};
exportarr-readarr = {
enable = true;
url = "http://${host}:${readarrPort}";
url = "http://${host}:${toString config.services.readarr.settings.server.port}";
port = 9705;
user = "exportarr";
group = "exportarr";
apiKeyFile = config.age.secrets.readarr-apiKey.path;
apiKeyFile = cfg.exportMetrics.apiKeyFile;
};
exportarr-bazarr = {
enable = true;
@ -259,7 +208,7 @@ in
port = 9706;
user = "exportarr";
group = "exportarr";
apiKeyFile = config.age.secrets.bazarr-apiKey.path;
apiKeyFile = cfg.exportMetrics.apiKeyFile;
};
};
})