nixos/services/radarr.nix
rope 5eeab405c0 services: disable built-in auth on *arr stack; update readme
Radarr, Sonarr, Prowlarr, and Bazarr now patch their auth setting to
None on every service start — auth is handled by Authelia at the proxy.

Also updates readme with missing services, settings files, and flake
inputs added since the last readme refresh.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-16 12:27:19 +01:00

41 lines
1.3 KiB
Nix

# services/radarr.nix
{ config, pkgs, lib, ... }:
{
config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {
# Radarr
services.radarr = {
enable = true;
openFirewall = true; # Opens port 7878
dataDir = "/var/lib/radarr";
user = "radarr";
group = "media";
};
# Disable built-in auth — Authelia handles it at the reverse proxy
systemd.services.radarr.preStart = lib.mkAfter ''
config_file="/var/lib/radarr/config.xml"
if [ -f "$config_file" ]; then
sed -i 's|<AuthenticationMethod>.*</AuthenticationMethod>|<AuthenticationMethod>None</AuthenticationMethod>|' "$config_file"
fi
'';
# Ensure files created by radarr are group-writable
systemd.services.radarr.serviceConfig.UMask = lib.mkForce "0002";
# Media group is already created in qbittorrent-nox.nix
# Just make sure radarr is in it
users.users.radarr = {
isSystemUser = true;
group = "media";
extraGroups = [ "media" ];
};
# Set up directory structure with proper permissions
systemd.tmpfiles.rules = [
# Media folders - radarr writes here
"d /mnt/storage/torrents/movies 2775 radarr media -"
"Z /mnt/storage/torrents/movies 2775 radarr media -"
];
};
}