1
0
Fork 0
dotfiles/system/nixos/prowlarr.nix

54 lines
1.3 KiB
Nix
Raw Normal View History

2023-04-14 22:04:18 +00:00
{ pkgs, lib, ... }:
2023-04-13 22:12:24 +00:00
2023-04-13 20:53:38 +00:00
{
services.prowlarr = {
enable = true;
openFirewall = false;
};
systemd.services.prowlarr = {
2023-04-14 22:52:07 +00:00
bindsTo = [ "wg.service" ];
2023-04-14 22:04:18 +00:00
after = lib.mkForce [ "wg.service" ];
2023-04-13 20:53:38 +00:00
serviceConfig = {
NetworkNamespacePath = "/var/run/netns/wg";
};
};
2023-04-13 22:12:24 +00:00
systemd.services.socat-prowlarr = {
description = "socat exposes prowlarr";
2023-04-14 22:52:07 +00:00
bindsTo = [ "wg.service" ];
2023-04-15 20:26:41 +00:00
requires = [ "prowlarr.service" ];
2023-04-14 22:31:56 +00:00
after = [ "wg.service" ];
2023-04-15 22:39:50 +00:00
wantedBy = [ "multi-user.target" ];
2023-04-13 22:12:24 +00:00
serviceConfig = {
Type = "simple";
2023-04-14 23:08:14 +00:00
RuntimeDirectory = "socat-prowlarr";
2023-04-14 22:55:32 +00:00
DynamicUser = true;
2023-04-14 23:11:03 +00:00
UMask = "000";
2023-04-13 22:12:24 +00:00
NetworkNamespacePath = "/var/run/netns/wg";
2023-04-14 23:08:14 +00:00
ExecStart = "${pkgs.socat}/bin/socat -d -d UNIX-LISTEN:/run/socat-prowlarr/prowlarr.sock,unlink-early,fork TCP4:127.0.0.1:9696";
2023-04-13 22:12:24 +00:00
Restart = "on-failure";
};
};
2023-04-14 15:45:02 +00:00
services.nginx.virtualHosts."prowlarr.internal.kempkens.network" = {
quic = true;
http3 = true;
onlySSL = true;
useACMEHost = "internal.kempkens.network";
2023-04-14 23:29:59 +00:00
extraConfig = ''
client_max_body_size 32m;
'';
2023-04-14 15:45:02 +00:00
locations."/" = {
recommendedProxySettings = true;
2023-04-14 23:27:47 +00:00
proxyWebsockets = true;
2023-04-14 23:08:14 +00:00
proxyPass = "http://unix:/run/socat-prowlarr/prowlarr.sock:/";
2023-04-14 15:45:02 +00:00
};
};
2023-04-13 20:53:38 +00:00
}