nixos/services/prowlarr.nix
rope 8dd70a2d9d mediaserver: drop no-op firewall rules, close unused DR forwards
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-11 10:00:49 +01:00

25 lines
997 B
Nix

#prowlarr.nix
{ config, pkgs, lib, ... }:
{
config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {
# Disable built-in auth — Authelia handles it at the reverse proxy
systemd.services.prowlarr.preStart = lib.mkAfter ''
config_file="/var/lib/prowlarr/config.xml"
if [ -f "$config_file" ]; then
sed -i 's|<AuthenticationMethod>.*</AuthenticationMethod>|<AuthenticationMethod>External</AuthenticationMethod>|' "$config_file"
if grep -q '<AuthenticationRequired>' "$config_file"; then
sed -i 's|<AuthenticationRequired>.*</AuthenticationRequired>|<AuthenticationRequired>DisabledForLocalAddresses</AuthenticationRequired>|' "$config_file"
else
sed -i 's|</Config>| <AuthenticationRequired>DisabledForLocalAddresses</AuthenticationRequired>\n</Config>|' "$config_file"
fi
fi
'';
# Prowlarr
services.prowlarr = {
enable = true;
dataDir = "/var/lib/prowlarr";
};
};
}