nixos/services/sonarr.nix
rope 13fac2ffdf arr: use External auth method to fix auth reset on restart
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-21 22:15:45 +01:00

45 lines
1.6 KiB
Nix

# sonarr.nix
{ config, pkgs, lib, ... }:
{
config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {
# Sonarr
services.sonarr = {
enable = true;
openFirewall = true;
dataDir = "/var/lib/sonarr";
user = "sonarr";
group = "media";
};
# Disable built-in auth — Authelia handles it at the reverse proxy
systemd.services.sonarr.preStart = lib.mkAfter ''
config_file="/var/lib/sonarr/config.xml"
if [ -f "$config_file" ]; then
sed -i 's|<AuthenticationMethod>.*</AuthenticationMethod>|<AuthenticationMethod>External</AuthenticationMethod>|' "$config_file"
if grep -q '<AuthenticationRequired>' "$config_file"; then
sed -i 's|<AuthenticationRequired>.*</AuthenticationRequired>|<AuthenticationRequired>DisabledForLocalAddresses</AuthenticationRequired>|' "$config_file"
else
sed -i 's|</Config>| <AuthenticationRequired>DisabledForLocalAddresses</AuthenticationRequired>\n</Config>|' "$config_file"
fi
fi
'';
# Ensure files created by sonarr are group-writable
systemd.services.sonarr.serviceConfig.UMask = lib.mkForce "0002";
# Media group is already created in qbittorrent-nox.nix
# Just make sure sonarr is in it
users.users.sonarr = {
isSystemUser = true;
group = "media";
extraGroups = [ "media" ];
};
systemd.tmpfiles.rules = [
# Shows - sonarr organises, bazarr writes subtitles
"d /mnt/storage/torrents/shows 2775 sonarr media -"
"Z /mnt/storage/torrents/shows 2775 sonarr media -"
];
};
}