Radarr, Sonarr, Prowlarr, and Bazarr now patch their auth setting to None on every service start — auth is handled by Authelia at the proxy. Also updates readme with missing services, settings files, and flake inputs added since the last readme refresh. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
41 lines
1.3 KiB
Nix
41 lines
1.3 KiB
Nix
# services/radarr.nix
|
|
{ config, pkgs, lib, ... }:
|
|
{
|
|
config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {
|
|
|
|
# Radarr
|
|
services.radarr = {
|
|
enable = true;
|
|
openFirewall = true; # Opens port 7878
|
|
dataDir = "/var/lib/radarr";
|
|
user = "radarr";
|
|
group = "media";
|
|
};
|
|
|
|
# Disable built-in auth — Authelia handles it at the reverse proxy
|
|
systemd.services.radarr.preStart = lib.mkAfter ''
|
|
config_file="/var/lib/radarr/config.xml"
|
|
if [ -f "$config_file" ]; then
|
|
sed -i 's|<AuthenticationMethod>.*</AuthenticationMethod>|<AuthenticationMethod>None</AuthenticationMethod>|' "$config_file"
|
|
fi
|
|
'';
|
|
|
|
# Ensure files created by radarr are group-writable
|
|
systemd.services.radarr.serviceConfig.UMask = lib.mkForce "0002";
|
|
|
|
# Media group is already created in qbittorrent-nox.nix
|
|
# Just make sure radarr is in it
|
|
users.users.radarr = {
|
|
isSystemUser = true;
|
|
group = "media";
|
|
extraGroups = [ "media" ];
|
|
};
|
|
|
|
# Set up directory structure with proper permissions
|
|
systemd.tmpfiles.rules = [
|
|
# Media folders - radarr writes here
|
|
"d /mnt/storage/torrents/movies 2775 radarr media -"
|
|
"Z /mnt/storage/torrents/movies 2775 radarr media -"
|
|
];
|
|
};
|
|
}
|