services: disable built-in auth on *arr stack; update readme

Radarr, Sonarr, Prowlarr, and Bazarr now patch their auth setting to
None on every service start — auth is handled by Authelia at the proxy.

Also updates readme with missing services, settings files, and flake
inputs added since the last readme refresh.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
rope 2026-05-16 12:27:19 +01:00
parent ad7a45d143
commit 5eeab405c0
5 changed files with 49 additions and 4 deletions

View file

@ -12,6 +12,14 @@
group = "media";
};
# Disable built-in auth — Authelia handles it at the reverse proxy
systemd.services.bazarr.preStart = lib.mkAfter ''
config_file="/var/lib/bazarr/config/config.ini"
if [ -f "$config_file" ]; then
sed -i 's/^type = .*/type = none/' "$config_file"
fi
'';
# Ensure subtitles written by bazarr are group-writable
systemd.services.bazarr.serviceConfig.UMask = lib.mkForce "0002";

View file

@ -3,7 +3,15 @@
{
config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {
# Sonarr
# Disable built-in auth — Authelia handles it at the reverse proxy
systemd.services.prowlarr.preStart = lib.mkAfter ''
config_file="/var/lib/prowlarr/config.xml"
if [ -f "$config_file" ]; then
sed -i 's|<AuthenticationMethod>.*</AuthenticationMethod>|<AuthenticationMethod>None</AuthenticationMethod>|' "$config_file"
fi
'';
# Prowlarr
services.prowlarr = {
enable = true;
openFirewall = true;

View file

@ -12,6 +12,14 @@
group = "media";
};
# Disable built-in auth — Authelia handles it at the reverse proxy
systemd.services.radarr.preStart = lib.mkAfter ''
config_file="/var/lib/radarr/config.xml"
if [ -f "$config_file" ]; then
sed -i 's|<AuthenticationMethod>.*</AuthenticationMethod>|<AuthenticationMethod>None</AuthenticationMethod>|' "$config_file"
fi
'';
# Ensure files created by radarr are group-writable
systemd.services.radarr.serviceConfig.UMask = lib.mkForce "0002";

View file

@ -12,6 +12,14 @@
group = "media";
};
# Disable built-in auth — Authelia handles it at the reverse proxy
systemd.services.sonarr.preStart = lib.mkAfter ''
config_file="/var/lib/sonarr/config.xml"
if [ -f "$config_file" ]; then
sed -i 's|<AuthenticationMethod>.*</AuthenticationMethod>|<AuthenticationMethod>None</AuthenticationMethod>|' "$config_file"
fi
'';
# Ensure files created by sonarr are group-writable
systemd.services.sonarr.serviceConfig.UMask = lib.mkForce "0002";