lets actually commit for once...

2025-11-20 00:05:34 +01:00 · 2025-11-20 00:05:34 +01:00 · 2d3da197ee
commit 2d3da197ee
parent 169b62e6f3
13 changed files with 711 additions and 74 deletions
--- a/modules/nixos/services/media/default.nix
+++ b/modules/nixos/services/media/default.nix
@ -1,9 +1,11 @@
-{ pkgs, lib, namespace, config, ... }:
+{ pkgs, lib, namespace, config, inputs, system, ... }:
 let
  inherit (lib) mkIf mkEnableOption mkOption;
  inherit (lib.types) str;

  cfg = config.${namespace}.services.media;
+
+  arr = ["radarr" ];
 in
 {
  options.${namespace}.services.media = {
@ -60,47 +62,48 @@ in
      "d '${cfg.path}/reiverr/config' 0700 ${cfg.user} ${cfg.group} - -"
      "d '${cfg.path}/downloads/incomplete' 0700 ${cfg.user} ${cfg.group} - -"
      "d '${cfg.path}/downloads/done' 0700 ${cfg.user} ${cfg.group} - -"
+      "d /var/lib/radarrApplyTerraform 0755 ${cfg.user} ${cfg.group} -"
    ];

    #=========================================================================
    # Services
    #=========================================================================
    services = let
-      arrService = {
-        enable = true;
-        openFirewall = true;
+      arr-services = 
+        arr
+        |> lib.imap (i: service: {
+          name = service;
+          value = {
+            enable = true;
+            openFirewall = true;

-        settings = {
-          auth.AuthenticationMethod = "External";
-        };
-      };
+            environmentFiles = [
+              config.sops.templates."${service}/config.env".path
+            ];

-      withPort = port: service: service // { settings.server.Port = builtins.toString port; };
+            settings = {
+              auth.authenticationMethod = "External";

-      withUserAndGroup = service: service  // {
-        user = cfg.user;
-        group = cfg.group;
-      };
-    in {
-      radarr =
-        arrService
-        |> withPort 2001
-        |> withUserAndGroup;
-
-      sonarr =
-        arrService
-        |> withPort 2002
-        |> withUserAndGroup;
-
-      lidarr =
-        arrService
-        |> withPort 2003
-        |> withUserAndGroup;
-        
-      prowlarr =
-        arrService
-        |> withPort 2004;
+              server = {
+                bindaddress = "0.0.0.0";
+                port = 2000 + i;
+              };

+              postgres = {
+                host = "localhost";
+                port = "5432";
+                user = service;
+                maindb = service;
+                logdb = service;
+              };
+            };
+          }
+          // (if service != "prowlarr" then { user = cfg.user; group = cfg.group; } else {});
+        })
+        |> lib.listToAttrs
+      ;
+    in 
+    arr-services // {
      bazarr = {
        enable = true;
        openFirewall = true;
@ -146,6 +149,19 @@ in
        group = cfg.group;
      };

+      postgresql = 
+      let
+        databases = arr |> lib.concatMap (s: [ s "${s}-log" ]);
+      in
+      {
+        enable = true;
+        ensureDatabases = arr;
+        ensureUsers = arr |> lib.map (service: {
+          name = service;
+          ensureDBOwnership = true;
+        });
+      };
+
      caddy = {
        enable = true;
        virtualHosts = {
@ -156,6 +172,136 @@ in
      };
    };

+    systemd.services.radarrApplyTerraform = 
+    let
+      # this is a nix package, the generated json file to be exact
+      terraformConfiguration = inputs.terranix.lib.terranixConfiguration {
+        inherit system;
+
+        modules = [
+          ({ config, lib, ... }: {
+            config = {
+              variable = {
+                api_key = {
+                  type = "string";
+                  description = "Radarr api key";
+                };
+              };
+
+              terraform.required_providers.radarr = {
+                source = "devopsarr/radarr";
+                version = "2.2.0";
+              };
+
+              provider.radarr = {
+                url = "http://127.0.0.1:2001";
+                api_key = lib.tfRef "var.api_key";
+              };
+
+              resource = {
+                radarr_root_folder.local = {
+                  path = "/var/media/movies";
+                };
+              };
+            };
+          })
+        ];
+      };
+    in
+    {
+      description = "Radarr terraform apply";
+
+      wantedBy = [ "multi-user.target" ];
+      wants = [ "radarr.service" ];
+      
+      script = ''
+        #!/usr/bin/env bash
+
+        if [ "$(systemctl is-active radarr)" != "active" ]; then
+          echo "Radarr is not running"
+          exit 1
+        fi
+
+        # Sleep for a bit to give radarr the chance to start up
+        sleep 5s
+
+        # Print the path to the source for easier debugging
+        echo "config location: ${terraformConfiguration}"
+
+        # Copy infra code into workspace
+        cp -f ${terraformConfiguration} config.tf.json
+
+        # Initialize OpenTofu
+        ${lib.getExe pkgs.opentofu} init
+
+        # Run the infrastructure code
+        # ${lib.getExe pkgs.opentofu} plan -var-file='${config.sops.templates."radarr/config.tfvars".path}'
+        ${lib.getExe pkgs.opentofu} apply -auto-approve -var-file='${config.sops.templates."radarr/config.tfvars".path}'
+      '';
+
+      serviceConfig = {
+        Type = "oneshot";
+        User = cfg.user;
+        Group = cfg.group;
+
+        WorkingDirectory = "/var/lib/radarrApplyTerraform";
+
+        EnvironmentFile = [
+          config.sops.templates."radarr/config.env".path
+        ];
+      };
+    };
+
    systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL";
+
+    sops = {
+      secrets =
+        arr
+        |> lib.map (service: {
+          name = "${service}/apikey";
+          value = {
+            owner = cfg.user;
+            group = cfg.group;
+            restartUnits = [ "${service}.service" ];
+          };
+        })
+        |> lib.listToAttrs
+      ;
+
+      templates = 
+        let
+          apikeys = 
+            arr 
+            |> lib.map (service: {
+              name = "${service}/config.env";
+              value = {
+                owner = cfg.user;
+                group = cfg.group;
+                restartUnits = [ "${service}.service" ];
+                content = ''
+                  ${lib.toUpper service}__AUTH__APIKEY="${config.sops.placeholder."${service}/apikey"}"
+                '';
+              };
+            })
+            |> lib.listToAttrs;
+
+          tfvars = 
+            arr
+            |> lib.map(service: {
+              name = "${service}/config.tfvars";
+              value = {
+                owner = cfg.user;
+                group = cfg.group;
+                restartUnits = [ "${service}ApplyTerraform.service" ];
+                content = ''
+                  api_key = "${config.sops.placeholder."${service}/apikey"}"
+                '';
+              };
+            })
+            |> lib.listToAttrs;
+        in
+        apikeys // tfvars
+      ;
+    };
  };
 }