dotfiles/system/nixos/prowlarr.nix

{ pkgs, lib, ... }:

{
  services.prowlarr = {
    enable = true;
    openFirewall = false;
  };

  systemd.services.prowlarr = {
    bindsTo = [ "wg.service" ];
    after = lib.mkForce [ "wg.service" ];

    serviceConfig = {
      NetworkNamespacePath = "/var/run/netns/wg";
    };
  };

  systemd.services.socat-prowlarr = {
    description = "socat exposes prowlarr";
    bindsTo = [ "wg.service" ];
    requires = [ "prowlarr.service" ];
    after = [ "wg.service" ];
    wantedBy = [ "multi-user.target" ];

    serviceConfig = {
      Type = "simple";
      RuntimeDirectory = "socat-prowlarr";
      DynamicUser = true;
      UMask = "000";
      NetworkNamespacePath = "/var/run/netns/wg";
      ExecStart = "${pkgs.socat}/bin/socat -d -d UNIX-LISTEN:/run/socat-prowlarr/prowlarr.sock,unlink-early,fork TCP4:127.0.0.1:9696";
      Restart = "on-failure";
    };
  };

  services.nginx.virtualHosts."prowlarr.internal.kempkens.network" = {
    quic = true;
    http3 = true;

    onlySSL = true;
    useACMEHost = "internal.kempkens.network";

    extraConfig = ''
      client_max_body_size 32m;
    '';

    locations."/" = {
      recommendedProxySettings = true;
      proxyWebsockets = true;
      proxyPass = "http://unix:/run/socat-prowlarr/prowlarr.sock:/";
    };
  };
}
mediaserver: prowlarr 2023-04-15 00:04:18 +02:00			`{ pkgs, lib, ... }:`
mediaserver: wireguard+prowlarr 2023-04-14 00:12:24 +02:00
mediaserver: wireguard+prowlarr 2023-04-13 22:53:38 +02:00			`{`
			`services.prowlarr = {`
			`enable = true;`
			`openFirewall = false;`
			`};`

			`systemd.services.prowlarr = {`
fixup 2023-04-15 00:52:07 +02:00			`bindsTo = [ "wg.service" ];`
mediaserver: prowlarr 2023-04-15 00:04:18 +02:00			`after = lib.mkForce [ "wg.service" ];`
mediaserver: wireguard+prowlarr 2023-04-13 22:53:38 +02:00
			`serviceConfig = {`
			`NetworkNamespacePath = "/var/run/netns/wg";`
			`};`
			`};`
mediaserver: wireguard+prowlarr 2023-04-14 00:12:24 +02:00
			`systemd.services.socat-prowlarr = {`
			`description = "socat exposes prowlarr";`
fixup 2023-04-15 00:52:07 +02:00			`bindsTo = [ "wg.service" ];`
mediaserver: fixup 2023-04-15 22:26:41 +02:00			`requires = [ "prowlarr.service" ];`
fixup 2023-04-15 00:31:56 +02:00			`after = [ "wg.service" ];`
mediaserver: improve socat startup 2023-04-16 00:39:50 +02:00			`wantedBy = [ "multi-user.target" ];`
mediaserver: wireguard+prowlarr 2023-04-14 00:12:24 +02:00
			`serviceConfig = {`
			`Type = "simple";`
fixup 2023-04-15 01:08:14 +02:00			`RuntimeDirectory = "socat-prowlarr";`
fixup 2023-04-15 00:55:32 +02:00			`DynamicUser = true;`
fixup 2023-04-15 01:11:03 +02:00			`UMask = "000";`
mediaserver: wireguard+prowlarr 2023-04-14 00:12:24 +02:00			`NetworkNamespacePath = "/var/run/netns/wg";`
fixup 2023-04-15 01:08:14 +02:00			`ExecStart = "${pkgs.socat}/bin/socat -d -d UNIX-LISTEN:/run/socat-prowlarr/prowlarr.sock,unlink-early,fork TCP4:127.0.0.1:9696";`
mediaserver: wireguard+prowlarr 2023-04-14 00:12:24 +02:00			`Restart = "on-failure";`
			`};`
			`};`
mediaserver: expose prowlarr 2023-04-14 17:45:02 +02:00
			`services.nginx.virtualHosts."prowlarr.internal.kempkens.network" = {`
			`quic = true;`
			`http3 = true;`

			`onlySSL = true;`
			`useACMEHost = "internal.kempkens.network";`

fixup 2023-04-15 01:29:59 +02:00			`extraConfig = ''`
			`client_max_body_size 32m;`
			`'';`

mediaserver: expose prowlarr 2023-04-14 17:45:02 +02:00			`locations."/" = {`
			`recommendedProxySettings = true;`
fixup 2023-04-15 01:27:47 +02:00			`proxyWebsockets = true;`
fixup 2023-04-15 01:08:14 +02:00			`proxyPass = "http://unix:/run/socat-prowlarr/prowlarr.sock:/";`
mediaserver: expose prowlarr 2023-04-14 17:45:02 +02:00			`};`
			`};`
mediaserver: wireguard+prowlarr 2023-04-13 22:53:38 +02:00			`}`