{ ... }: let cfg = import ./vars.nix; autobrr_port = cfg.arrstack.autobrr.port; bazarr_port = cfg.arrstack.bazarr.port; jellyseerr_port = cfg.arrstack.jellyseerr.port; lidarr_port = cfg.arrstack.lidarr.port; prowlarr_port = cfg.arrstack.prowlarr.port; radarr_port = cfg.arrstack.radarr.port; sonarr_port = cfg.arrstack.sonarr.port; tdarr_webport = cfg.arrstack.tdarr.webport; tdarr_serverport = cfg.arrstack.tdarr.serverport; whisparr_port = cfg.arrstack.whisparr.port; sabnzbd_port = cfg.arrstack.sabnzbd.port; outpost_port = cfg.authentik.outpostPort; domain = "mc-fucker.cool"; in { users.groups.arr = { gid = 1337; }; users.users = { arr = { isSystemUser = true; group = "arr"; uid = 1337; }; mc-fucker.extraGroups = [ "arr" ]; }; networking.firewall.interfaces.podman0.allowedTCPPorts = [ 12421 28917 ]; networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ]; #container config #virtualisation.oci-containers.containers.autobrr = { # image = "ghcr.io/autobrr/autobrr"; # environment = { # TZ = "Europe/Berlin"; # }; # ports = [ # "${autobrr_port}:${autobrr_port}" # ]; # volumes = [ # "/var/lib/autobrr:/config" # ]; # extraOptions = cfg.podman.extraOptions; #}; virtualisation.oci-containers.containers.bazarr = { image = "lscr.io/linuxserver/bazarr:latest"; environment = { TZ = "Europe/Berlin"; PUID = "1337"; PGID = "1337"; }; ports = [ "${bazarr_port}:${bazarr_port}" ]; volumes = [ "/var/lib/bazarr:/config" "/mnt/mergerfs/media:/data" ]; extraOptions = cfg.podman.extraOptions; autoStart = false; }; #virtualisation.oci-containers.containers.crossseed = { # image = "docker.io/crossseed/cross-seed"; # environment = { # TZ = "Europe/Berlin"; # PUID = "1337"; # PGID = "1337"; # }; # ports = [ # "${radarr_port}:${radarr_port}" # ]; # volumes = [ # "/var/lib/radarr:/config" # "/mnt/mergerfs/media:/data" # "/mnt/box/files:/data/seedbox" # ]; # extraOptions = cfg.podman.extraOptions; #}; virtualisation.oci-containers.containers.jellyseerr = { image = "docker.io/fallenbagel/jellyseerr"; environment = { TZ = "Europe/Berlin"; }; ports = [ "${jellyseerr_port}:${jellyseerr_port}" ]; volumes = [ "/var/lib/jellyseerr:/app/config" ]; extraOptions = cfg.podman.extraOptions; }; virtualisation.oci-containers.containers.lidarrtest = { image = "docker.io/youegraillot/lidarr-on-steroids"; environment = { TZ = "Europe/Berlin"; PUID = "1337"; PGID = "1337"; }; ports = [ "10101:8686" "10100:6595" ]; volumes = [ "/var/lib/lidarrtest/lidarr:/config" "/var/lib/lidarrtest/deemix:/config_deemix" "/mnt/tmp/deemix:/downloads" #"/mnt/mergerfs/media/music/Interpreten:/music" #"/mnt/mergerfs/media:/data" #"/mnt/box/files:/data/seedbox" ]; extraOptions = cfg.podman.extraOptions; autoStart = false; }; virtualisation.oci-containers.containers.lidarr = { image = "lscr.io/linuxserver/lidarr:latest"; environment = { TZ = "Europe/Berlin"; PUID = "1337"; PGID = "1337"; }; ports = [ "${lidarr_port}:${lidarr_port}" ]; volumes = [ "/var/lib/lidarr:/config" "/var/lib/lidarr-extended/custom-cont-init.d:/custom-cont-init.d" "/var/lib/lidarr-extended/custom-services.d:/custom-services.d" "/mnt/mergerfs/media:/data" #"/mnt/box/files:/mnt/seedbox" "/mnt/ultracc/downloads:/mnt/ultracc" ]; extraOptions = cfg.podman.extraOptions; autoStart = false; }; virtualisation.oci-containers.containers.prowlarr = { image = "lscr.io/linuxserver/prowlarr:latest"; environment = { TZ = "Europe/Berlin"; }; ports = [ "${prowlarr_port}:${prowlarr_port}" ]; volumes = [ "/var/lib/prowlarr:/config" ]; extraOptions = cfg.podman.extraOptions; }; virtualisation.oci-containers.containers.qbittorrent = { image = "docker.io/binhex/arch-qbittorrentvpn"; environment = { TZ = "Europe/Berlin"; PUID = "1337"; PGID = "1337"; VPN_ENABLED = "yes"; VPN_CLIENT = "wireguard"; VPN_PROV = "custom"; LAN_NETWORK = "192.168.178.0/24"; }; ports = [ "6881:6881" "6881:6881/udp" "8080:8080" #"8118:8118" ]; volumes = [ "/var/lib/qbittorrent:/config" "/mnt/mergerfs/media/qbittorrent:/data/qbittorrent" ]; #extraOptions = cfg.podman.extraOptions ++ [ "--cap-add=NET_ADMIN,NET_RAW" "--device=/dev/net/tun" ]; extraOptions = cfg.podman.extraOptions ++ [ ''--sysctl="net.ipv4.conf.all.src_valid_mark=1"'' "--privileged=true" "--ip=10.88.13.37" ]; autoStart = false; }; virtualisation.oci-containers.containers.radarr = { image = "lscr.io/linuxserver/radarr:latest"; environment = { TZ = "Europe/Berlin"; PUID = "1337"; PGID = "1337"; }; ports = [ "${radarr_port}:${radarr_port}" ]; volumes = [ "/var/lib/radarr:/config" "/mnt/mergerfs/media:/data" #"/mnt/box/files:/mnt/seedbox" "/mnt/ultracc/downloads:/mnt/ultracc" ]; extraOptions = cfg.podman.extraOptions; autoStart = false; }; virtualisation.oci-containers.containers.sonarr = { image = "lscr.io/linuxserver/sonarr:develop"; environment = { TZ = "Europe/Berlin"; PUID = "1337"; PGID = "1337"; }; ports = [ "${sonarr_port}:${sonarr_port}" ]; volumes = [ "/var/lib/sonarr:/config" "/mnt/mergerfs/media:/data" #"/mnt/box/files:/mnt/seedbox" "/mnt/ultracc/downloads:/mnt/ultracc" ]; extraOptions = cfg.podman.extraOptions; autoStart = false; }; virtualisation.oci-containers.containers.sabnzbd = { image = "lscr.io/linuxserver/sabnzbd:latest"; environment = { TZ = "Europe/Berlin"; PUID = "1337"; PGID = "1337"; }; ports = [ "${sabnzbd_port}:8080" ]; volumes = [ "/var/lib/sabnzbd:/config" "/mnt/mergerfs/media/usenet:/data/usenet" ]; extraOptions = cfg.podman.extraOptions; autoStart = false; }; #virtualisation.oci-containers.containers.tdarr = { # image = "ghcr.io/haveagitgat/tdarr"; # environment = { # TZ = "Europe/Berlin"; # PUID = "1337"; # PGID = "1337"; # serverIP = "0.0.0.0"; # webUIPort = tdarr_webport; # serverPort = tdarr_serverport; # internalNode = "true"; # inContainer = "true"; # }; # ports = [ # "${tdarr_webport}:${tdarr_webport}" # "${tdarr_serverport}:${tdarr_serverport}" # ]; # volumes = [ # "/var/lib/tdarr/server:/app/server" # "/var/lib/tdarr/configs:/app/configs" # "/var/lib/tdarr/logs:/app/logs" # "/mnt/mergerfs/media:/data" # ]; # extraOptions = cfg.podman.extraOptions ++ [ "--device=/dev/dri:/dev/dri" ]; #}; virtualisation.oci-containers.containers.whisparr = { image = "cr.hotio.dev/hotio/whisparr"; environment = { TZ = "Europe/Berlin"; PUID = "1337"; PGID = "1337"; }; ports = [ "${whisparr_port}:${whisparr_port}" ]; volumes = [ "/var/lib/whisparr:/config" "/mnt/mergerfs/media:/data" #"/mnt/box/files:/mnt/seedbox" "/mnt/ultracc/downloads:/mnt/ultracc" ]; extraOptions = cfg.podman.extraOptions; autoStart = false; }; #webserver config imports = [ ./nginx.nix ]; services.nginx.virtualHosts = { "bazarr.${domain}" = { forceSSL = true; enableACME = true; locations = let common = '' proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_redirect off; ''; in { "/" = { proxyPass = "http://127.0.0.1:${outpost_port}"; extraConfig = common; }; "/api" = { proxyPass = "http://127.0.0.1:${bazarr_port}"; extraConfig = common; }; }; extraConfig = '' access_log /var/log/nginx/bazarr.${domain}_access.log; error_log /var/log/nginx/bazarr.${domain}_error.log; ''; }; "jellyseerr.${domain}" = { forceSSL = true; enableACME = true; locations = { "/" = { proxyPass = "http://127.0.0.1:${jellyseerr_port}"; extraConfig = '' proxy_set_header Referer $http_referer; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-Port $remote_port; proxy_set_header X-Forwarded-Host $host:$remote_port; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Port $remote_port; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Ssl on; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_redirect off; proxy_http_version 1.1; ''; }; }; extraConfig = '' access_log /var/log/nginx/jellyseerr.${domain}_access.log; error_log /var/log/nginx/jellyseerr.${domain}_error.log; ''; }; "prowlarr.${domain}" = { forceSSL = true; enableACME = true; locations = let common = '' proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_redirect off; proxy_http_version 1.1; ''; in { "/" = { proxyPass = "http://127.0.0.1:${outpost_port}"; extraConfig = common; }; "/api" = { proxyPass = "http://127.0.0.1:${prowlarr_port}"; extraConfig = common; }; }; extraConfig = '' access_log /var/log/nginx/prowlarr.${domain}_access.log; error_log /var/log/nginx/prowlarr.${domain}_error.log; ''; }; "radarr.${domain}" = { forceSSL = true; enableACME = true; locations = let common = '' proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_redirect off; proxy_http_version 1.1; ''; in { "/" = { proxyPass = "http://127.0.0.1:${outpost_port}"; extraConfig = common; }; "/api" = { proxyPass = "http://127.0.0.1:${radarr_port}"; extraConfig = common; }; "/signalr" = { proxyPass = "http://127.0.0.1:${radarr_port}"; extraConfig = common; }; }; extraConfig = '' access_log /var/log/nginx/radarr.${domain}_access.log; error_log /var/log/nginx/radarr.${domain}_error.log; ''; }; "sonarr.${domain}" = { forceSSL = true; enableACME = true; locations = let common = '' proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_redirect off; proxy_http_version 1.1; ''; in { "/" = { proxyPass = "http://127.0.0.1:${outpost_port}"; extraConfig = common; }; "/api" = { proxyPass = "http://127.0.0.1:${sonarr_port}"; extraConfig = common; }; }; extraConfig = '' access_log /var/log/nginx/sonarr.${domain}_access.log; error_log /var/log/nginx/sonarr.${domain}_error.log; ''; }; "sabnzbd.${domain}" = { forceSSL = true; enableACME = true; locations = let common = '' client_max_body_size 100m; proxy_set_header X-Forwarded-Host $host; ''; in { "/" = { proxyPass = "http://127.0.0.1:${outpost_port}"; extraConfig = common; }; "/api" = { proxyPass = "http://127.0.0.1:${sabnzbd_port}"; extraConfig = common; }; }; extraConfig = '' access_log /var/log/nginx/sabnzbd.${domain}_access.log; error_log /var/log/nginx/sabnzbd.${domain}_error.log; ''; }; "whisparr.${domain}" = { forceSSL = true; enableACME = true; locations = { "/" = { proxyPass = "http://127.0.0.1:${outpost_port}"; extraConfig = '' #proxy_set_header Host $proxy_host; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_redirect off; proxy_http_version 1.1; ''; }; }; extraConfig = '' access_log /var/log/nginx/whisparr.${domain}_access.log; error_log /var/log/nginx/whisparr.${domain}_error.log; ''; }; }; } # vim: set et ts=2 sw=2 ai: