Two small follow-ups to the SAB module: - Extend host_whitelist to also include 127.0.0.1 + localhost. SAB's local-IP bypass usually handles this, but Sonarr/Radarr's "Hostname verification failed" error becomes a real footgun if it ever flips. - Add extraGroups = [ "media" ] for parity with sonarr/radarr/qbittorrent. No functional change since group = "media" already. Also wires SABnzbd into arr-interconnect: extracts api_key from sabnzbd.ini and POSTs a Sabnzbd download client into Sonarr (tv-sonarr category) and Radarr (radarr category). Idempotent like the existing qBittorrent block; silently skips on first boot before SAB has materialised its config. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
65 lines
No EOL
2.2 KiB
Nix
65 lines
No EOL
2.2 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
let
|
|
# SAB rejects requests whose Host header isn't in host_whitelist. We need:
|
|
# - sabnzbd.nordhammer.it (the nginx-fronted public path)
|
|
# - 127.0.0.1 + localhost (so Sonarr/Radarr can hit SAB locally via
|
|
# arr-interconnect without hitting "Hostname verification failed")
|
|
patchConfig = pkgs.writeShellScript "sabnzbd-patch-config" ''
|
|
CONFIG=/var/lib/sabnzbd/sabnzbd.ini
|
|
WHITELIST="sabnzbd.nordhammer.it,127.0.0.1,localhost"
|
|
|
|
if [ ! -f "$CONFIG" ]; then
|
|
printf '[misc]\nhost_whitelist = %s\nport = 8085\n' "$WHITELIST" > "$CONFIG"
|
|
exit 0
|
|
fi
|
|
|
|
if ${pkgs.gnugrep}/bin/grep -q "^host_whitelist" "$CONFIG"; then
|
|
${pkgs.gnused}/bin/sed -i "s/^host_whitelist =.*/host_whitelist = $WHITELIST/" "$CONFIG"
|
|
else
|
|
${pkgs.gnused}/bin/sed -i "/^\[misc\]/a host_whitelist = $WHITELIST" "$CONFIG"
|
|
fi
|
|
'';
|
|
in
|
|
{
|
|
config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {
|
|
|
|
users.users.sabnzbd = {
|
|
isSystemUser = true;
|
|
group = "media";
|
|
extraGroups = [ "media" ];
|
|
};
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"d /var/lib/sabnzbd 0755 sabnzbd media -"
|
|
"Z /var/lib/sabnzbd 0755 sabnzbd media -"
|
|
"d /mnt/storage/usenet/downloads 2775 sabnzbd media -"
|
|
"Z /mnt/storage/usenet/downloads 2775 sabnzbd media -"
|
|
"d /mnt/storage/usenet/incomplete 2775 sabnzbd media -"
|
|
"Z /mnt/storage/usenet/incomplete 2775 sabnzbd media -"
|
|
];
|
|
|
|
systemd.services.sabnzbd = {
|
|
description = "SABnzbd usenet downloader";
|
|
after = [ "network.target" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
User = "sabnzbd";
|
|
Group = "media";
|
|
ExecStartPre = patchConfig;
|
|
ExecStart = "${pkgs.sabnzbd}/bin/sabnzbd --config-file /var/lib/sabnzbd/sabnzbd.ini --server 127.0.0.1:8085";
|
|
Restart = "on-failure";
|
|
UMask = "0002";
|
|
NoNewPrivileges = true;
|
|
PrivateTmp = true;
|
|
ProtectSystem = "strict";
|
|
ProtectHome = false;
|
|
ReadWritePaths = [
|
|
"/var/lib/sabnzbd"
|
|
"/mnt/storage/usenet"
|
|
];
|
|
WorkingDirectory = "/var/lib/sabnzbd";
|
|
};
|
|
};
|
|
};
|
|
} |