Nix configurations for my homelab
yemou.pink
1{ config, nixpkgs-unstable, ... }:
2{
3 environment.persistence."/data/persistent".directories = [
4 # NOTE: Prowlarr isn't here since it uses /var/lib/private/prowlarr as its directory regardless and this directory
5 # is already in nixos-impermanence
6 {
7 directory = "/var/lib/radarr";
8 mode = "0700";
9 user = config.services.radarr.user;
10 group = config.services.radarr.group;
11 }
12 {
13 directory = "/var/lib/sonarr";
14 mode = "0700";
15 user = config.services.sonarr.user;
16 group = config.services.sonarr.group;
17 }
18 ];
19
20 sops = {
21 secrets = {
22 "prowlarr-apikey" = { };
23 "radarr-apikey" = { };
24 "sonarr-apikey" = { };
25 };
26 templates = {
27 prowlarr-env.content = "PROWLARR__AUTH__APIKEY=${config.sops.placeholder."prowlarr-apikey"}";
28 radarr-env.content = "RADARR__AUTH__APIKEY=${config.sops.placeholder."radarr-apikey"}";
29 sonarr-env.content = "SONARR__AUTH__APIKEY=${config.sops.placeholder."sonarr-apikey"}";
30 };
31 };
32
33 # Help prevent from rebuilding chromium all the time
34 nixpkgs.overlays = [ (final: prev: { inherit (nixpkgs-unstable.legacyPackages.${prev.system}) chromium; }) ];
35
36 networking.firewall.interfaces.${config.services.netbird.clients.homelab.interface}.allowedTCPPorts = [
37 config.services.prowlarr.settings.server.port
38 config.services.radarr.settings.server.port
39 config.services.sonarr.settings.server.port
40 ];
41
42 services = {
43 flaresolverr.enable = true;
44 prowlarr = {
45 enable = true;
46 environmentFiles = [ config.sops.templates.prowlarr-env.path ];
47 settings.log.level = "info";
48 };
49 radarr = {
50 enable = true;
51 environmentFiles = [ config.sops.templates.radarr-env.path ];
52 settings.log.level = "info";
53 };
54 sonarr = {
55 enable = true;
56 environmentFiles = [ config.sops.templates.sonarr-env.path ];
57 settings.log.level = "info";
58 };
59 };
60
61 systemd.services.flaresolverr.serviceConfig.RestrictAddressFamilies = [ "~AF_INET6" ];
62}