1
0
Fork 0
dotfiles/system/nixos/prowlarr.nix

48 lines
1.1 KiB
Nix
Raw Normal View History

2023-04-14 22:04:18 +00:00
{ pkgs, lib, ... }:
2023-04-13 22:12:24 +00:00
2023-04-13 20:53:38 +00:00
{
services.prowlarr = {
enable = true;
openFirewall = false;
};
systemd.services.prowlarr = {
bindsTo = [ "netns@wg.service" ];
2023-04-14 22:04:18 +00:00
requires = [ "network-online.target" ];
after = lib.mkForce [ "wg.service" ];
2023-04-13 20:53:38 +00:00
serviceConfig = {
NetworkNamespacePath = "/var/run/netns/wg";
};
};
2023-04-13 22:12:24 +00:00
systemd.services.socat-prowlarr = {
description = "socat exposes prowlarr";
bindsTo = [ "netns@wg.service" ];
2023-04-14 22:31:56 +00:00
requires = [ "network-online.target" ];
after = [ "wg.service" ];
2023-04-13 22:12:24 +00:00
serviceConfig = {
Type = "simple";
2023-04-13 22:27:54 +00:00
User = "nobody";
2023-04-13 22:12:24 +00:00
NetworkNamespacePath = "/var/run/netns/wg";
2023-04-14 16:01:15 +00:00
UMask = "000";
2023-04-14 18:19:51 +00:00
ExecStart = "${pkgs.socat}/bin/socat -d -d UNIX-LISTEN:/run/nginx-sockets/prowlarr.sock,unlink-early,fork TCP4:127.0.0.1:9696";
2023-04-13 22:12:24 +00:00
Restart = "on-failure";
};
};
2023-04-14 15:45:02 +00:00
services.nginx.virtualHosts."prowlarr.internal.kempkens.network" = {
quic = true;
http3 = true;
onlySSL = true;
useACMEHost = "internal.kempkens.network";
locations."/" = {
recommendedProxySettings = true;
2023-04-14 18:19:51 +00:00
proxyPass = "http://unix:/run/nginx-sockets/prowlarr.sock:/";
2023-04-14 15:45:02 +00:00
};
};
2023-04-13 20:53:38 +00:00
}