Newer *arr versions added AuthenticationRequired to config.xml and now block access if it's not explicitly set. Patch it to DisabledForLocalAddresses alongside the existing AuthenticationMethod patch, since Authelia handles auth at the reverse proxy. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
26 lines
1,020 B
Nix
26 lines
1,020 B
Nix
#prowlarr.nix
|
|
{ config, pkgs, lib, ... }:
|
|
{
|
|
config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {
|
|
|
|
# Disable built-in auth — Authelia handles it at the reverse proxy
|
|
systemd.services.prowlarr.preStart = lib.mkAfter ''
|
|
config_file="/var/lib/prowlarr/config.xml"
|
|
if [ -f "$config_file" ]; then
|
|
sed -i 's|<AuthenticationMethod>.*</AuthenticationMethod>|<AuthenticationMethod>None</AuthenticationMethod>|' "$config_file"
|
|
if grep -q '<AuthenticationRequired>' "$config_file"; then
|
|
sed -i 's|<AuthenticationRequired>.*</AuthenticationRequired>|<AuthenticationRequired>DisabledForLocalAddresses</AuthenticationRequired>|' "$config_file"
|
|
else
|
|
sed -i 's|</Config>| <AuthenticationRequired>DisabledForLocalAddresses</AuthenticationRequired>\n</Config>|' "$config_file"
|
|
fi
|
|
fi
|
|
'';
|
|
|
|
# Prowlarr
|
|
services.prowlarr = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
dataDir = "/var/lib/prowlarr";
|
|
};
|
|
};
|
|
}
|