-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
13 changed files
with
363 additions
and
91 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,85 @@ | ||
| { config, pkgs, lib, ... }: | ||
|
|
||
| with lib; | ||
|
|
||
| let | ||
| cfg = config.util-nixarr.services.bazarr; | ||
| in | ||
| { | ||
| options = { | ||
| util-nixarr.services.bazarr = { | ||
| enable = mkEnableOption ("bazarr, a subtitle manager for Sonarr and Radarr"); | ||
|
|
||
| openFirewall = mkOption { | ||
| type = types.bool; | ||
| default = false; | ||
| description = "Open ports in the firewall for the bazarr web interface."; | ||
| }; | ||
|
|
||
| listenPort = mkOption { | ||
| type = types.port; | ||
| default = 6767; | ||
| description = "Port on which the bazarr web interface should listen"; | ||
| }; | ||
|
|
||
| dataDir = mkOption { | ||
| type = types.path; | ||
| default = "/var/lib/bazarr"; | ||
| description = "State directory for bazarr"; | ||
| }; | ||
|
|
||
| user = mkOption { | ||
| type = types.str; | ||
| default = "bazarr"; | ||
| description = "User account under which bazarr runs."; | ||
| }; | ||
|
|
||
| group = mkOption { | ||
| type = types.str; | ||
| default = "bazarr"; | ||
| description = "Group under which bazarr runs."; | ||
| }; | ||
| }; | ||
| }; | ||
|
|
||
| config = mkIf cfg.enable { | ||
| systemd.tmpfiles.rules = [ | ||
| "d '${cfg.dataDir}' 0700 bazarr root - -" | ||
| ]; | ||
|
|
||
| systemd.services.bazarr = { | ||
| description = "bazarr"; | ||
| after = [ "network.target" ]; | ||
| wantedBy = [ "multi-user.target" ]; | ||
|
|
||
| serviceConfig = { | ||
| Type = "simple"; | ||
| User = cfg.user; | ||
| Group = cfg.group; | ||
| SyslogIdentifier = "bazarr"; | ||
| ExecStart = pkgs.writeShellScript "start-bazarr" '' | ||
| ${pkgs.bazarr}/bin/bazarr \ | ||
| --config '${cfg.dataDir}' \ | ||
| --port ${toString cfg.listenPort} \ | ||
| --no-update True | ||
| ''; | ||
| Restart = "on-failure"; | ||
| }; | ||
| }; | ||
|
|
||
| networking.firewall = mkIf cfg.openFirewall { | ||
| allowedTCPPorts = [ cfg.listenPort ]; | ||
| }; | ||
|
|
||
| users.users = mkIf (cfg.user == "bazarr") { | ||
| bazarr = { | ||
| isSystemUser = true; | ||
| group = cfg.group; | ||
| }; | ||
| }; | ||
|
|
||
| users.groups = mkIf (cfg.group == "bazarr") { | ||
| bazarr = {}; | ||
| }; | ||
| }; | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,89 @@ | ||
| { | ||
| config, | ||
| lib, | ||
| ... | ||
| }: | ||
| with lib; let | ||
| cfg = config.nixarr.bazarr; | ||
| nixarr = config.nixarr; | ||
| in { | ||
| imports = [ | ||
| ./bazarr-module | ||
| ]; | ||
|
|
||
| options.nixarr.bazarr = { | ||
| enable = mkEnableOption "the bazarr service."; | ||
|
|
||
| stateDir = mkOption { | ||
| type = types.path; | ||
| default = "${nixarr.stateDir}/bazarr"; | ||
| defaultText = literalExpression ''"''${nixarr.stateDir}/bazarr"''; | ||
| example = "/home/user/.local/share/nixarr/bazarr"; | ||
| description = "The state directory for bazarr"; | ||
| }; | ||
|
|
||
| vpn.enable = mkOption { | ||
| type = types.bool; | ||
| default = false; | ||
| example = true; | ||
| description = '' | ||
| **Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable) | ||
| Route Bazarr traffic through the VPN. | ||
| ''; | ||
| }; | ||
| }; | ||
|
|
||
| config = mkIf cfg.enable { | ||
| assertions = [ | ||
| { | ||
| assertion = cfg.vpn.enable -> nixarr.vpn.enable; | ||
| message = '' | ||
| The nixarr.bazarr.vpn.enable option requires the | ||
| nixarr.vpn.enable option to be set, but it was not. | ||
| ''; | ||
| } | ||
| ]; | ||
|
|
||
| util-nixarr.services.bazarr = { | ||
| enable = cfg.enable; | ||
| user = "bazarr"; | ||
| group = "media"; | ||
| dataDir = cfg.stateDir; | ||
| }; | ||
|
|
||
| # Enable and specify VPN namespace to confine service in. | ||
| systemd.services.bazarr.vpnconfinement = mkIf cfg.vpn.enable { | ||
| enable = true; | ||
| vpnnamespace = "wg"; | ||
| }; | ||
|
|
||
| # Port mappings | ||
| # TODO: openports | ||
| vpnnamespaces.wg = mkIf cfg.vpn.enable { | ||
| portMappings = [{ from = config.bazarr.listenPort; to = config.bazarr.listenPort; }]; | ||
| }; | ||
|
|
||
| services.nginx = mkIf cfg.vpn.enable { | ||
| enable = true; | ||
|
|
||
| recommendedTlsSettings = true; | ||
| recommendedOptimisation = true; | ||
| recommendedGzipSettings = true; | ||
|
|
||
| virtualHosts."127.0.0.1:${builtins.toString config.bazarr.listenPort}" = { | ||
| listen = [ | ||
| { | ||
| addr = "0.0.0.0"; | ||
| port = config.bazarr.listenPort; | ||
| } | ||
| ]; | ||
| locations."/" = { | ||
| recommendedProxySettings = true; | ||
| proxyWebsockets = true; | ||
| proxyPass = "http://192.168.15.1:${builtins.toString config.bazarr.listenPort}"; | ||
| }; | ||
| }; | ||
| }; | ||
| }; | ||
| } |
Oops, something went wrong.