splitted arrstack by program

2024-11-04 10:00:41 +01:00 · 2024-11-04 10:00:41 +01:00 · c056c0b24e
commit c056c0b24e
parent 6dfd7462e2
14 changed files with 655 additions and 459 deletions
--- a/modules/arrstack/autobrr.nix
+++ b/modules/arrstack/autobrr.nix
@ -0,0 +1,28 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+  autobrr_port = cfg.arrstack.autobrr.port;
+  outpost_port = cfg.authentik.outpostPort;
+  domain = "mc-fucker.cool";
+in
+{
+
+  virtualisation.oci-containers.containers.autobrr = {
+    image = "ghcr.io/autobrr/autobrr";
+    environment = {
+      TZ = "Europe/Berlin";
+    };
+    ports = [
+      "${autobrr_port}:${autobrr_port}"
+    ];
+    volumes = [
+      "/var/lib/autobrr:/config"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+  };
+
+  #services.nginx.virtualHosts = {
+
+  #};
+}
+# vim: set et ts=2 sw=2 ai:
--- a/modules/arrstack/bazarr.nix
+++ b/modules/arrstack/bazarr.nix
@ -0,0 +1,62 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+  bazarr_port = cfg.arrstack.bazarr.port;
+  outpost_port = cfg.authentik.outpostPort;
+  domain = "mc-fucker.cool";
+in
+{
+
+  virtualisation.oci-containers.containers.bazarr = {
+    image = "lscr.io/linuxserver/bazarr:latest";
+    environment = {
+      TZ = "Europe/Berlin";
+      PUID = toString config.users.users.arr.uid;
+      PGID = toString config.users.groups.arr.gid;
+    };
+    ports = [
+      "${bazarr_port}:${bazarr_port}"
+    ];
+    volumes = [
+      "/var/lib/bazarr:/config"
+      "/mnt/mergerfs/media:/data"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+    autoStart = false;
+  };
+
+  services.nginx.virtualHosts = {
+    "bazarr.${domain}" = {
+      forceSSL = true;
+      enableACME = true;
+      locations =
+      let
+        common = ''
+          proxy_set_header    X-Real-IP $remote_addr;
+          proxy_set_header    Host $host;
+          proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header    X-Forwarded-Proto $scheme;
+          proxy_http_version  1.1;
+          proxy_set_header    Upgrade $http_upgrade;
+          proxy_set_header    Connection "Upgrade";
+          proxy_redirect      off;
+        '';
+      in
+      {
+        "/" = {
+          proxyPass = "http://127.0.0.1:${outpost_port}";
+          extraConfig = common;
+        };
+        "/api" = {
+          proxyPass = "http://127.0.0.1:${bazarr_port}";
+          extraConfig = common;
+        };
+      };
+      extraConfig = ''
+        access_log          /var/log/nginx/bazarr.${domain}_access.log;
+        error_log           /var/log/nginx/bazarr.${domain}_error.log;
+      '';
+    };
+  };
+}
+# vim: set et ts=2 sw=2 ai:
--- a/modules/arrstack/crossseed.nix
+++ b/modules/arrstack/crossseed.nix
@ -0,0 +1,35 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+  crossseed_port = cfg.arrstack.crossseed.port;
+  #outpost_port = cfg.authentik.outpostPort;
+  #domain = "mc-fucker.cool";
+in
+{
+
+  virtualisation.oci-containers.containers.crossseed = {
+    image = "docker.io/crossseed/cross-seed";
+    cmd = [ "daemon" ];
+    environment = {
+      TZ = "Europe/Berlin";
+      PUID = toString config.users.users.arr.uid;
+      PGID = toString config.users.groups.arr.gid;
+    };
+    ports = [
+      "${crossseed_port}:${crossseed_port}"
+    ];
+    volumes = [
+      "/var/lib/cross-seed:/config"
+      #"/mnt/mergerfs/media:/data"
+      "/var/lib/qbittorrent/qBittorrent/data/BT_backup:/torrents"
+      "/mnt/mergerfs/media/qbittorrent:/data/qbittorrent"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+  };
+
+
+  #services.nginx.virtualHosts = {
+
+  #};
+}
+# vim: set et ts=2 sw=2 ai:
--- a/modules/arrstack/default.nix
+++ b/modules/arrstack/default.nix
@ -1,6 +1,6 @@
-{ ... }:
+{ config, ... }:
 let
-  cfg = import ./vars.nix;
+  cfg = import /etc/nixos/modules/vars.nix;
  autobrr_port = cfg.arrstack.autobrr.port;
  bazarr_port = cfg.arrstack.bazarr.port;
  jellyseerr_port = cfg.arrstack.jellyseerr.port;
@ -17,16 +17,16 @@ let
 in
 {

-  users.groups.arr = {
-    gid = 1337;
-  };
-  users.users = {
+  users = {
+    groups.arr.gid = 1337;
+    users = {
+      mc-fucker.extraGroups = [ "arr" ];
      arr = {
        isSystemUser = true;
        group = "arr";
        uid = 1337;
      };
-    mc-fucker.extraGroups = [ "arr" ];
+    };
  };

  networking.firewall.interfaces.podman0.allowedTCPPorts = [ 12421 28917 ];
@ -34,220 +34,12 @@ in

  #container config

-  #virtualisation.oci-containers.containers.autobrr = {
-  #  image = "ghcr.io/autobrr/autobrr";
-  #  environment = {
-  #    TZ = "Europe/Berlin";
-  #  };
-  #  ports = [
-  #    "${autobrr_port}:${autobrr_port}"
-  #  ];
-  #  volumes = [
-  #    "/var/lib/autobrr:/config"
-  #  ];
-  #  extraOptions = cfg.podman.extraOptions;
-  #};
-
-  virtualisation.oci-containers.containers.bazarr = {
-    image = "lscr.io/linuxserver/bazarr:latest";
-    environment = {
-      TZ = "Europe/Berlin";
-      PUID = "1337";
-      PGID = "1337";
-    };
-    ports = [
-      "${bazarr_port}:${bazarr_port}"
-    ];
-    volumes = [
-      "/var/lib/bazarr:/config"
-      "/mnt/mergerfs/media:/data"
-    ];
-    extraOptions = cfg.podman.extraOptions;
-    autoStart = false;
-  };
-
-  #virtualisation.oci-containers.containers.crossseed = {
-  #  image = "docker.io/crossseed/cross-seed";
-  #  environment = {
-  #    TZ = "Europe/Berlin";
-  #    PUID = "1337";
-  #    PGID = "1337";
-  #  };
-  #  ports = [
-  #    "${radarr_port}:${radarr_port}"
-  #  ];
-  #  volumes = [
-  #    "/var/lib/radarr:/config"
-  #    "/mnt/mergerfs/media:/data"
-  #    "/mnt/box/files:/data/seedbox"
-  #  ];
-  #  extraOptions = cfg.podman.extraOptions;
-  #};
-
-  virtualisation.oci-containers.containers.jellyseerr = {
-    image = "docker.io/fallenbagel/jellyseerr";
-    environment = {
-      TZ = "Europe/Berlin";
-    };
-    ports = [
-      "${jellyseerr_port}:${jellyseerr_port}"
-    ];
-    volumes = [
-      "/var/lib/jellyseerr:/app/config"
-    ];
-    extraOptions = cfg.podman.extraOptions;
-  };
-
-  virtualisation.oci-containers.containers.lidarrtest = {
-    image = "docker.io/youegraillot/lidarr-on-steroids";
-    environment = {
-      TZ = "Europe/Berlin";
-      PUID = "1337";
-      PGID = "1337";
-    };
-    ports = [
-      "10101:8686"
-      "10100:6595"
-    ];
-    volumes = [
-      "/var/lib/lidarrtest/lidarr:/config"
-      "/var/lib/lidarrtest/deemix:/config_deemix"
-      "/mnt/tmp/deemix:/downloads"
-      #"/mnt/mergerfs/media/music/Interpreten:/music"
-      #"/mnt/mergerfs/media:/data"
-      #"/mnt/box/files:/data/seedbox"
-    ];
-    extraOptions = cfg.podman.extraOptions;
-    autoStart = false;
-  };
-
-  virtualisation.oci-containers.containers.lidarr = {
-    image = "lscr.io/linuxserver/lidarr:latest";
-    environment = {
-      TZ = "Europe/Berlin";
-      PUID = "1337";
-      PGID = "1337";
-    };
-    ports = [
-      "${lidarr_port}:${lidarr_port}"
-    ];
-    volumes = [
-      "/var/lib/lidarr:/config"
-      "/var/lib/lidarr-extended/custom-cont-init.d:/custom-cont-init.d"
-      "/var/lib/lidarr-extended/custom-services.d:/custom-services.d"
-      "/mnt/mergerfs/media:/data"
-      #"/mnt/box/files:/mnt/seedbox"
-      "/mnt/ultracc/downloads:/mnt/ultracc"
-    ];
-    extraOptions = cfg.podman.extraOptions;
-    autoStart = false;
-  };
-
-  virtualisation.oci-containers.containers.prowlarr = {
-    image = "lscr.io/linuxserver/prowlarr:latest";
-    environment = {
-      TZ = "Europe/Berlin";
-    };
-    ports = [
-      "${prowlarr_port}:${prowlarr_port}"
-    ];
-    volumes = [
-      "/var/lib/prowlarr:/config"
-    ];
-    extraOptions = cfg.podman.extraOptions;
-  };
-
-  virtualisation.oci-containers.containers.qbittorrent = {
-    image = "docker.io/binhex/arch-qbittorrentvpn";
-    environment = {
-      TZ = "Europe/Berlin";
-      PUID = "1337";
-      PGID = "1337";
-      VPN_ENABLED = "yes";
-      VPN_CLIENT = "wireguard";
-      VPN_PROV = "custom";
-      LAN_NETWORK = "192.168.178.0/24";
-    };
-    ports = [
-      "6881:6881"
-      "6881:6881/udp"
-      "8080:8080"
-      #"8118:8118"
-    ];
-    volumes = [
-      "/var/lib/qbittorrent:/config"
-      "/mnt/mergerfs/media/qbittorrent:/data/qbittorrent"
-    ];
-    #extraOptions = cfg.podman.extraOptions ++ [ "--cap-add=NET_ADMIN,NET_RAW" "--device=/dev/net/tun" ];
-    extraOptions = cfg.podman.extraOptions ++ [ ''--sysctl="net.ipv4.conf.all.src_valid_mark=1"'' "--privileged=true" "--ip=10.88.13.37" ];
-    autoStart = false;
-  };
-
-  virtualisation.oci-containers.containers.radarr = {
-    image = "lscr.io/linuxserver/radarr:latest";
-    environment = {
-      TZ = "Europe/Berlin";
-      PUID = "1337";
-      PGID = "1337";
-    };
-    ports = [
-      "${radarr_port}:${radarr_port}"
-    ];
-    volumes = [
-      "/var/lib/radarr:/config"
-      "/mnt/mergerfs/media:/data"
-      #"/mnt/box/files:/mnt/seedbox"
-      "/mnt/ultracc/downloads:/mnt/ultracc"
-    ];
-    extraOptions = cfg.podman.extraOptions;
-    autoStart = false;
-  };
-
-  virtualisation.oci-containers.containers.sonarr = {
-    image = "lscr.io/linuxserver/sonarr:develop";
-    environment = {
-      TZ = "Europe/Berlin";
-      PUID = "1337";
-      PGID = "1337";
-    };
-    ports = [
-      "${sonarr_port}:${sonarr_port}"
-    ];
-    volumes = [
-      "/var/lib/sonarr:/config"
-      "/mnt/mergerfs/media:/data"
-      #"/mnt/box/files:/mnt/seedbox"
-      "/mnt/ultracc/downloads:/mnt/ultracc"
-    ];
-    extraOptions = cfg.podman.extraOptions;
-    autoStart = false;
-  };
-
-  virtualisation.oci-containers.containers.sabnzbd = {
-    image = "lscr.io/linuxserver/sabnzbd:latest";
-    environment = {
-      TZ = "Europe/Berlin";
-      PUID = "1337";
-      PGID = "1337";
-    };
-    ports = [
-      "${sabnzbd_port}:8080"
-    ];
-    volumes = [
-      "/var/lib/sabnzbd:/config"
-      "/mnt/mergerfs/media/usenet:/data/usenet"
-      "/mnt/cache/sabnzbd:/cache"
-    ];
-    extraOptions = cfg.podman.extraOptions;
-    autoStart = false;
-  };
-
  #virtualisation.oci-containers.containers.tdarr = {
  #  image = "ghcr.io/haveagitgat/tdarr";
  #  environment = {
  #    TZ = "Europe/Berlin";
-  #    PUID = "1337";
-  #    PGID = "1337";
+  #    PUID = toString config.users.users.arr.uid;
+  #    PGID = toString config.users.groups.arr.gid;
  #    serverIP = "0.0.0.0";
  #    webUIPort = tdarr_webport;
  #    serverPort = tdarr_serverport;
@ -267,245 +59,22 @@ in
  #  extraOptions = cfg.podman.extraOptions ++ [ "--device=/dev/dri:/dev/dri" ];
  #};

-  virtualisation.oci-containers.containers.whisparr = {
-    image = "cr.hotio.dev/hotio/whisparr";
-    environment = {
-      TZ = "Europe/Berlin";
-      PUID = "1337";
-      PGID = "1337";
-    };
-    ports = [
-      "${whisparr_port}:${whisparr_port}"
-    ];
-    volumes = [
-      "/var/lib/whisparr:/config"
-      "/mnt/mergerfs/media:/data"
-      #"/mnt/box/files:/mnt/seedbox"
-      "/mnt/ultracc/downloads:/mnt/ultracc"
-    ];
-    extraOptions = cfg.podman.extraOptions;
-    autoStart = false;
-  };
-
  #webserver config
-  imports = [ ./nginx.nix ];
-
-  services.nginx.virtualHosts = {
-    "bazarr.${domain}" = {
-      forceSSL = true;
-      enableACME = true;
-      locations =
-      let
-        common = ''
-          proxy_set_header    X-Real-IP $remote_addr;
-          proxy_set_header    Host $host;
-          proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
-          proxy_set_header    X-Forwarded-Proto $scheme;
-          proxy_http_version  1.1;
-          proxy_set_header    Upgrade $http_upgrade;
-          proxy_set_header    Connection "Upgrade";
-          proxy_redirect      off;
-        '';
-      in
-      {
-        "/" = {
-          proxyPass = "http://127.0.0.1:${outpost_port}";
-          extraConfig = common;
-        };
-        "/api" = {
-          proxyPass = "http://127.0.0.1:${bazarr_port}";
-          extraConfig = common;
-        };
-      };
-      extraConfig = ''
-        access_log          /var/log/nginx/bazarr.${domain}_access.log;
-        error_log           /var/log/nginx/bazarr.${domain}_error.log;
-      '';
-    };
-
-    "jellyseerr.${domain}" = {
-      forceSSL = true;
-      enableACME = true;
-      locations = {
-        "/" = {
-          proxyPass = "http://127.0.0.1:${jellyseerr_port}";
-          extraConfig = ''
-            proxy_set_header    Referer             $http_referer;
-            proxy_set_header    Host                $host;
-            proxy_set_header    X-Real-IP           $remote_addr;
-            proxy_set_header    X-Real-Port         $remote_port;
-            proxy_set_header    X-Forwarded-Host    $host:$remote_port;
-            proxy_set_header    X-Forwarded-Server  $host;
-            proxy_set_header    X-Forwarded-Port    $remote_port;
-            proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
-            proxy_set_header    X-Forwarded-Proto   $scheme;
-            proxy_set_header    X-Forwarded-Ssl     on;
-
-            proxy_set_header    Upgrade $http_upgrade;
-            proxy_set_header    Connection $http_connection;
-            proxy_redirect      off;
-            proxy_http_version  1.1;
-          '';
-        };
-      };
-      extraConfig = ''
-        access_log          /var/log/nginx/jellyseerr.${domain}_access.log;
-        error_log           /var/log/nginx/jellyseerr.${domain}_error.log;
-      '';
-    };
-
-    "prowlarr.${domain}" = {
-      forceSSL = true;
-      enableACME = true;
-      locations =
-      let
-        common = ''
-          proxy_set_header    Host $host;
-          proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
-          proxy_set_header    X-Forwarded-Host $host;
-          proxy_set_header    X-Forwarded-Proto $scheme;
-          proxy_set_header    Upgrade $http_upgrade;
-          proxy_set_header    Connection $http_connection;
-          proxy_redirect      off;
-          proxy_http_version  1.1;
-        '';
-      in
-      {
-        "/" = {
-          proxyPass = "http://127.0.0.1:${outpost_port}";
-          extraConfig = common;
-        };
-        "/api" = {
-          proxyPass = "http://127.0.0.1:${prowlarr_port}";
-          extraConfig = common;
-        };
-      };
-      extraConfig = ''
-        access_log          /var/log/nginx/prowlarr.${domain}_access.log;
-        error_log           /var/log/nginx/prowlarr.${domain}_error.log;
-      '';
-    };
-
-    "radarr.${domain}" = {
-      forceSSL = true;
-      enableACME = true;
-      locations =
-      let
-        common = ''
-          proxy_set_header    Host $host;
-          proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
-          proxy_set_header    X-Forwarded-Host $host;
-          proxy_set_header    X-Forwarded-Proto $scheme;
-          proxy_set_header    Upgrade $http_upgrade;
-          proxy_set_header    Connection $http_connection;
-          proxy_redirect      off;
-          proxy_http_version  1.1;
-        '';
-      in
-      {
-        "/" = {
-          proxyPass = "http://127.0.0.1:${outpost_port}";
-          extraConfig = common;
-        };
-        "/api" = {
-          proxyPass = "http://127.0.0.1:${radarr_port}";
-          extraConfig = common;
-        };
-        "/signalr" = {
-          proxyPass = "http://127.0.0.1:${radarr_port}";
-          extraConfig = common;
-        };
-      };
-      extraConfig = ''
-        access_log          /var/log/nginx/radarr.${domain}_access.log;
-        error_log           /var/log/nginx/radarr.${domain}_error.log;
-      '';
-    };
-
-    "sonarr.${domain}" = {
-      forceSSL = true;
-      enableACME = true;
-      locations =
-      let
-        common = ''
-          proxy_set_header    Host $host;
-          proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
-          proxy_set_header    X-Forwarded-Host $host;
-          proxy_set_header    X-Forwarded-Proto $scheme;
-          proxy_set_header    Upgrade $http_upgrade;
-          proxy_set_header    Connection $http_connection;
-          proxy_redirect      off;
-          proxy_http_version  1.1;
-        '';
-      in
-      {
-        "/" = {
-          proxyPass = "http://127.0.0.1:${outpost_port}";
-          extraConfig = common;
-        };
-        "/api" = {
-          proxyPass = "http://127.0.0.1:${sonarr_port}";
-          extraConfig = common;
-        };
-      };
-      extraConfig = ''
-        access_log          /var/log/nginx/sonarr.${domain}_access.log;
-        error_log           /var/log/nginx/sonarr.${domain}_error.log;
-      '';
-    };
-
-    "sabnzbd.${domain}" = {
-      forceSSL = true;
-      enableACME = true;
-      locations =
-      let
-        common = ''
-          client_max_body_size  100m;
-          proxy_set_header    X-Forwarded-Host $host;
-        '';
-      in
-      {
-        "/" = {
-          proxyPass = "http://127.0.0.1:${outpost_port}";
-          extraConfig = common;
-        };
-        "/api" = {
-          proxyPass = "http://127.0.0.1:${sabnzbd_port}";
-          extraConfig = common;
-        };
-      };
-      extraConfig = ''
-        access_log          /var/log/nginx/sabnzbd.${domain}_access.log;
-        error_log           /var/log/nginx/sabnzbd.${domain}_error.log;
-      '';
-    };
-
-    "whisparr.${domain}" = {
-      forceSSL = true;
-      enableACME = true;
-      locations = {
-        "/" = {
-          proxyPass = "http://127.0.0.1:${outpost_port}";
-          extraConfig = ''
-            #proxy_set_header    Host $proxy_host;
-            proxy_set_header    Host $host;
-            proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header    X-Forwarded-Host $host;
-            proxy_set_header    X-Forwarded-Proto $scheme;
-            proxy_set_header    Upgrade $http_upgrade;
-            proxy_set_header    Connection $http_connection;
-            proxy_redirect      off;
-            proxy_http_version  1.1;
-          '';
-        };
-      };
-      extraConfig = ''
-        access_log          /var/log/nginx/whisparr.${domain}_access.log;
-        error_log           /var/log/nginx/whisparr.${domain}_error.log;
-      '';
-    };
-
-  };
+  imports = [
+    /etc/nixos/modules/nginx.nix
+    ./autobrr.nix
+    ./bazarr.nix
+    ./crossseed.nix
+    ./lidarr.nix
+    ./jellyseerr.nix
+    ./prowlarr.nix
+    ./qbittorrent.nix
+    ./radarr.nix
+    ./recyclarr.nix
+    ./sabnzbd.nix
+    ./sonarr.nix
+    ./whisparr.nix
+  ];

 }
 # vim: set et ts=2 sw=2 ai:
--- a/modules/arrstack/jellyseerr.nix
+++ b/modules/arrstack/jellyseerr.nix
@ -0,0 +1,59 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+  jellyseerr_port = cfg.arrstack.jellyseerr.port;
+  outpost_port = cfg.authentik.outpostPort;
+  domain = "mc-fucker.cool";
+in
+{
+
+  virtualisation.oci-containers.containers.jellyseerr = {
+    image = "docker.io/fallenbagel/jellyseerr";
+    environment = {
+      TZ = "Europe/Berlin";
+    };
+    ports = [
+      "${jellyseerr_port}:${jellyseerr_port}"
+    ];
+    volumes = [
+      "/var/lib/jellyseerr:/app/config"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+  };
+
+  services.nginx.virtualHosts = {
+
+    "jellyseerr.${domain}" = {
+      forceSSL = true;
+      enableACME = true;
+      locations = {
+        "/" = {
+          proxyPass = "http://127.0.0.1:${jellyseerr_port}";
+          extraConfig = ''
+            proxy_set_header    Referer             $http_referer;
+            proxy_set_header    Host                $host;
+            proxy_set_header    X-Real-IP           $remote_addr;
+            proxy_set_header    X-Real-Port         $remote_port;
+            proxy_set_header    X-Forwarded-Host    $host:$remote_port;
+            proxy_set_header    X-Forwarded-Server  $host;
+            proxy_set_header    X-Forwarded-Port    $remote_port;
+            proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+            proxy_set_header    X-Forwarded-Proto   $scheme;
+            proxy_set_header    X-Forwarded-Ssl     on;
+
+            proxy_set_header    Upgrade $http_upgrade;
+            proxy_set_header    Connection $http_connection;
+            proxy_redirect      off;
+            proxy_http_version  1.1;
+          '';
+        };
+      };
+      extraConfig = ''
+        access_log          /var/log/nginx/jellyseerr.${domain}_access.log;
+        error_log           /var/log/nginx/jellyseerr.${domain}_error.log;
+      '';
+    };
+
+  };
+}
+# vim: set et ts=2 sw=2 ai:
--- a/modules/arrstack/lidarr.nix
+++ b/modules/arrstack/lidarr.nix
@ -0,0 +1,58 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+  lidarr_port = cfg.arrstack.lidarr.port;
+  #outpost_port = cfg.authentik.outpostPort;
+  #domain = "mc-fucker.cool";
+in
+{
+
+   virtualisation.oci-containers.containers.lidarrtest = {
+    image = "docker.io/youegraillot/lidarr-on-steroids";
+    environment = {
+      TZ = "Europe/Berlin";
+      PUID = toString config.users.users.arr.uid;
+      PGID = toString config.users.groups.arr.gid;
+    };
+    ports = [
+      "10101:8686"
+      "10100:6595"
+    ];
+    volumes = [
+      "/var/lib/lidarrtest/lidarr:/config"
+      "/var/lib/lidarrtest/deemix:/config_deemix"
+      "/mnt/tmp/deemix:/downloads"
+      #"/mnt/mergerfs/media/music/Interpreten:/music"
+      #"/mnt/mergerfs/media:/data"
+      #"/mnt/box/files:/data/seedbox"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+    autoStart = false;
+  };
+
+  virtualisation.oci-containers.containers.lidarr = {
+    image = "lscr.io/linuxserver/lidarr:latest";
+    environment = {
+      TZ = "Europe/Berlin";
+      PUID = toString config.users.users.arr.uid;
+      PGID = toString config.users.groups.arr.gid;
+    };
+    ports = [
+      "${lidarr_port}:${lidarr_port}"
+    ];
+    volumes = [
+      "/var/lib/lidarr:/config"
+      "/var/lib/lidarr-extended/custom-cont-init.d:/custom-cont-init.d"
+      "/var/lib/lidarr-extended/custom-services.d:/custom-services.d"
+      "/mnt/mergerfs/media:/data"
+      "/mnt/ultracc/downloads:/mnt/ultracc"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+    autoStart = false;
+  };
+
+  #services.nginx.virtualHosts = {
+
+  #};
+}
+# vim: set et ts=2 sw=2 ai:
--- a/modules/arrstack/prowlarr.nix
+++ b/modules/arrstack/prowlarr.nix
@ -0,0 +1,60 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+  prowlarr_port = cfg.arrstack.prowlarr.port;
+  outpost_port = cfg.authentik.outpostPort;
+  domain = "mc-fucker.cool";
+in
+{
+
+  virtualisation.oci-containers.containers.prowlarr = {
+    image = "lscr.io/linuxserver/prowlarr:latest";
+    environment = {
+      TZ = "Europe/Berlin";
+    };
+    ports = [
+      "${prowlarr_port}:${prowlarr_port}"
+    ];
+    volumes = [
+      "/var/lib/prowlarr:/config"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+  };
+
+  services.nginx.virtualHosts = {
+
+  "prowlarr.${domain}" = {
+      forceSSL = true;
+      enableACME = true;
+      locations =
+      let
+        common = ''
+          proxy_set_header    Host $host;
+          proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header    X-Forwarded-Host $host;
+          proxy_set_header    X-Forwarded-Proto $scheme;
+          proxy_set_header    Upgrade $http_upgrade;
+          proxy_set_header    Connection $http_connection;
+          proxy_redirect      off;
+          proxy_http_version  1.1;
+        '';
+      in
+      {
+        "/" = {
+          proxyPass = "http://127.0.0.1:${outpost_port}";
+          extraConfig = common;
+        };
+        "/api" = {
+          proxyPass = "http://127.0.0.1:${prowlarr_port}";
+          extraConfig = common;
+        };
+      };
+      extraConfig = ''
+        access_log          /var/log/nginx/prowlarr.${domain}_access.log;
+        error_log           /var/log/nginx/prowlarr.${domain}_error.log;
+      '';
+    };
+
+  };
+}
+# vim: set et ts=2 sw=2 ai:
--- a/modules/arrstack/qbittorrent.nix
+++ b/modules/arrstack/qbittorrent.nix
@ -0,0 +1,40 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+  #bazarr_port = cfg.arrstack.bazarr.port;
+  #outpost_port = cfg.authentik.outpostPort;
+  #domain = "mc-fucker.cool";
+in
+{
+
+   virtualisation.oci-containers.containers.qbittorrent = {
+    image = "docker.io/binhex/arch-qbittorrentvpn";
+    environment = {
+      TZ = "Europe/Berlin";
+      PUID = toString config.users.users.arr.uid;
+      PGID = toString config.users.groups.arr.gid;
+      VPN_ENABLED = "yes";
+      VPN_CLIENT = "wireguard";
+      VPN_PROV = "custom";
+      LAN_NETWORK = "192.168.178.0/24";
+    };
+    ports = [
+      "6881:6881"
+      "6881:6881/udp"
+      "8080:8080"
+      #"8118:8118"
+    ];
+    volumes = [
+      "/var/lib/qbittorrent:/config"
+      "/mnt/mergerfs/media/qbittorrent:/data/qbittorrent"
+      "/mnt/cache/qbittorrent:/cache"
+    ];
+    #extraOptions = cfg.podman.extraOptions ++ [ "--cap-add=NET_ADMIN,NET_RAW" "--device=/dev/net/tun" ];
+    extraOptions = cfg.podman.extraOptions ++ [ ''--sysctl="net.ipv4.conf.all.src_valid_mark=1"'' "--privileged=true" "--ip=10.88.13.37" ];
+    autoStart = false;
+  };
+
+  #services.nginx.virtualHosts = {
+  #};
+}
+# vim: set et ts=2 sw=2 ai:
--- a/modules/arrstack/radarr.nix
+++ b/modules/arrstack/radarr.nix
@ -0,0 +1,69 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+  radarr_port = cfg.arrstack.radarr.port;
+  outpost_port = cfg.authentik.outpostPort;
+  domain = "mc-fucker.cool";
+in
+{
+
+  virtualisation.oci-containers.containers.radarr = {
+    image = "lscr.io/linuxserver/radarr:latest";
+    environment = {
+      TZ = "Europe/Berlin";
+      PUID = toString config.users.users.arr.uid;
+      PGID = toString config.users.groups.arr.gid;
+    };
+    ports = [
+      "${radarr_port}:${radarr_port}"
+    ];
+    volumes = [
+      "/var/lib/radarr:/config"
+      "/mnt/mergerfs/media:/data"
+      "/mnt/ultracc/downloads:/mnt/ultracc"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+    autoStart = false;
+  };
+
+  services.nginx.virtualHosts = {
+    "radarr.${domain}" = {
+      forceSSL = true;
+      enableACME = true;
+      locations =
+      let
+        common = ''
+          proxy_set_header    Host $host;
+          proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header    X-Forwarded-Host $host;
+          proxy_set_header    X-Forwarded-Proto $scheme;
+          proxy_set_header    Upgrade $http_upgrade;
+          proxy_set_header    Connection $http_connection;
+          proxy_redirect      off;
+          proxy_http_version  1.1;
+        '';
+      in
+      {
+        "/" = {
+          proxyPass = "http://127.0.0.1:${outpost_port}";
+          extraConfig = common;
+        };
+        "/api" = {
+          proxyPass = "http://127.0.0.1:${radarr_port}";
+          extraConfig = common;
+        };
+        "/signalr" = {
+          proxyPass = "http://127.0.0.1:${radarr_port}";
+          extraConfig = common;
+        };
+      };
+      extraConfig = ''
+        access_log          /var/log/nginx/radarr.${domain}_access.log;
+        error_log           /var/log/nginx/radarr.${domain}_error.log;
+      '';
+    };
+
+  };
+
+}
+# vim: set et ts=2 sw=2 ai:
--- a/modules/arrstack/recyclarr.nix
+++ b/modules/arrstack/recyclarr.nix
@ -0,0 +1,20 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+in
+{
+
+  virtualisation.oci-containers.containers.recyclarr = {
+    image = "ghcr.io/recyclarr/recyclarr";
+    environment = {
+      TZ = "Europe/Berlin";
+    };
+    volumes = [
+      "/var/lib/recyclarr:/config"
+    ];
+    user = "1919:1919";
+    extraOptions = cfg.podman.extraOptions;
+  };
+
+}
+# vim: set et ts=2 sw=2 ai:
--- a/modules/arrstack/sabnzbd.nix
+++ b/modules/arrstack/sabnzbd.nix
@ -0,0 +1,59 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+  sabnzbd_port = cfg.arrstack.sabnzbd.port;
+  outpost_port = cfg.authentik.outpostPort;
+  domain = "mc-fucker.cool";
+in
+{
+
+  virtualisation.oci-containers.containers.sabnzbd = {
+    image = "lscr.io/linuxserver/sabnzbd:latest";
+    environment = {
+      TZ = "Europe/Berlin";
+      PUID = toString config.users.users.arr.uid;
+      PGID = toString config.users.groups.arr.gid;
+    };
+    ports = [
+      "${sabnzbd_port}:8080"
+    ];
+    volumes = [
+      "/var/lib/sabnzbd:/config"
+      "/mnt/mergerfs/media/usenet:/data/usenet"
+      "/mnt/cache/sabnzbd:/cache"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+    autoStart = false;
+  };
+
+  services.nginx.virtualHosts = {
+
+    "sabnzbd.${domain}" = {
+      forceSSL = true;
+      enableACME = true;
+      locations =
+      let
+        common = ''
+          client_max_body_size  100m;
+          proxy_set_header    X-Forwarded-Host $host;
+        '';
+      in
+      {
+        "/" = {
+          proxyPass = "http://127.0.0.1:${outpost_port}";
+          extraConfig = common;
+        };
+        "/api" = {
+          proxyPass = "http://127.0.0.1:${sabnzbd_port}";
+          extraConfig = common;
+        };
+      };
+      extraConfig = ''
+        access_log          /var/log/nginx/sabnzbd.${domain}_access.log;
+        error_log           /var/log/nginx/sabnzbd.${domain}_error.log;
+      '';
+    };
+
+  };
+}
+# vim: set et ts=2 sw=2 ai:
--- a/modules/arrstack/sonarr.nix
+++ b/modules/arrstack/sonarr.nix
@ -0,0 +1,65 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+  sonarr_port = cfg.arrstack.sonarr.port;
+  outpost_port = cfg.authentik.outpostPort;
+  domain = "mc-fucker.cool";
+in
+{
+
+  virtualisation.oci-containers.containers.sonarr = {
+    image = "lscr.io/linuxserver/sonarr:develop";
+    environment = {
+      TZ = "Europe/Berlin";
+      PUID = toString config.users.users.arr.uid;
+      PGID = toString config.users.groups.arr.gid;
+    };
+    ports = [
+      "${sonarr_port}:${sonarr_port}"
+    ];
+    volumes = [
+      "/var/lib/sonarr:/config"
+      "/mnt/mergerfs/media:/data"
+      "/mnt/ultracc/downloads:/mnt/ultracc"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+    autoStart = false;
+  };
+
+  services.nginx.virtualHosts = {
+
+    "sonarr.${domain}" = {
+      forceSSL = true;
+      enableACME = true;
+      locations =
+      let
+        common = ''
+          proxy_set_header    Host $host;
+          proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header    X-Forwarded-Host $host;
+          proxy_set_header    X-Forwarded-Proto $scheme;
+          proxy_set_header    Upgrade $http_upgrade;
+          proxy_set_header    Connection $http_connection;
+          proxy_redirect      off;
+          proxy_http_version  1.1;
+        '';
+      in
+      {
+        "/" = {
+          proxyPass = "http://127.0.0.1:${outpost_port}";
+          extraConfig = common;
+        };
+        "/api" = {
+          proxyPass = "http://127.0.0.1:${sonarr_port}";
+          extraConfig = common;
+        };
+      };
+      extraConfig = ''
+        access_log          /var/log/nginx/sonarr.${domain}_access.log;
+        error_log           /var/log/nginx/sonarr.${domain}_error.log;
+      '';
+    };
+
+  };
+}
+# vim: set et ts=2 sw=2 ai:
--- a/modules/arrstack/template
+++ b/modules/arrstack/template
@ -0,0 +1,14 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+  bazarr_port = cfg.arrstack.bazarr.port;
+  outpost_port = cfg.authentik.outpostPort;
+  domain = "mc-fucker.cool";
+in
+{
+
+  services.nginx.virtualHosts = {
+
+  };
+}
+# vim: set et ts=2 sw=2 ai:
--- a/modules/arrstack/whisparr.nix
+++ b/modules/arrstack/whisparr.nix
@ -0,0 +1,58 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+  whisparr_port = cfg.arrstack.whisparr.port;
+  outpost_port = cfg.authentik.outpostPort;
+  domain = "mc-fucker.cool";
+in
+{
+
+  virtualisation.oci-containers.containers.whisparr = {
+    image = "ghcr.io/hotio/whisparr";
+    environment = {
+      TZ = "Europe/Berlin";
+      PUID = toString config.users.users.arr.uid;
+      PGID = toString config.users.groups.arr.gid;
+    };
+    ports = [
+      "${whisparr_port}:${whisparr_port}"
+    ];
+    volumes = [
+      "/var/lib/whisparr:/config"
+      "/mnt/mergerfs/media:/data"
+      "/mnt/ultracc/downloads:/mnt/ultracc"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+    autoStart = false;
+  };
+
+  services.nginx.virtualHosts = {
+
+    "whisparr.${domain}" = {
+      forceSSL = true;
+      enableACME = true;
+      locations = {
+        "/" = {
+          proxyPass = "http://127.0.0.1:${outpost_port}";
+          extraConfig = ''
+            #proxy_set_header    Host $proxy_host;
+            proxy_set_header    Host $host;
+            proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header    X-Forwarded-Host $host;
+            proxy_set_header    X-Forwarded-Proto $scheme;
+            proxy_set_header    Upgrade $http_upgrade;
+            proxy_set_header    Connection $http_connection;
+            proxy_redirect      off;
+            proxy_http_version  1.1;
+          '';
+        };
+      };
+      extraConfig = ''
+        access_log          /var/log/nginx/whisparr.${domain}_access.log;
+        error_log           /var/log/nginx/whisparr.${domain}_error.log;
+      '';
+    };
+
+  };
+}
+# vim: set et ts=2 sw=2 ai: