45 lines
1.6 KiB
Nix
45 lines
1.6 KiB
Nix
# sonarr.nix
|
|
{ config, pkgs, lib, ... }:
|
|
{
|
|
config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {
|
|
|
|
# Sonarr
|
|
services.sonarr = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
dataDir = "/var/lib/sonarr";
|
|
user = "sonarr";
|
|
group = "media";
|
|
};
|
|
|
|
# Disable built-in auth — Authelia handles it at the reverse proxy
|
|
systemd.services.sonarr.preStart = lib.mkAfter ''
|
|
config_file="/var/lib/sonarr/config.xml"
|
|
if [ -f "$config_file" ]; then
|
|
sed -i 's|<AuthenticationMethod>.*</AuthenticationMethod>|<AuthenticationMethod>External</AuthenticationMethod>|' "$config_file"
|
|
if grep -q '<AuthenticationRequired>' "$config_file"; then
|
|
sed -i 's|<AuthenticationRequired>.*</AuthenticationRequired>|<AuthenticationRequired>DisabledForLocalAddresses</AuthenticationRequired>|' "$config_file"
|
|
else
|
|
sed -i 's|</Config>| <AuthenticationRequired>DisabledForLocalAddresses</AuthenticationRequired>\n</Config>|' "$config_file"
|
|
fi
|
|
fi
|
|
'';
|
|
|
|
# Ensure files created by sonarr are group-writable
|
|
systemd.services.sonarr.serviceConfig.UMask = lib.mkForce "0002";
|
|
|
|
# Media group is already created in qbittorrent-nox.nix
|
|
# Just make sure sonarr is in it
|
|
users.users.sonarr = {
|
|
isSystemUser = true;
|
|
group = "media";
|
|
extraGroups = [ "media" ];
|
|
};
|
|
|
|
systemd.tmpfiles.rules = [
|
|
# Shows - sonarr organises, bazarr writes subtitles
|
|
"d /mnt/storage/torrents/shows 2775 sonarr media -"
|
|
"Z /mnt/storage/torrents/shows 2775 sonarr media -"
|
|
];
|
|
};
|
|
}
|