sneeuwvlok/modules/nixos/services/media/default.nix

{ pkgs, lib, namespace, config, ... }:
let
  inherit (lib) mkIf mkEnableOption mkOption;
  inherit (lib.types) str;

  cfg = config.${namespace}.services.media;
in
{
  options.${namespace}.services.media = {
    enable = mkEnableOption "Enable media services";

    user = mkOption {
      type = str;
      default = "media";
    };

    group = mkOption {
      type = str;
      default = "media";
    };

    path = mkOption {
      type = str;
      default = "/var/media";
    };
  };

  config = mkIf cfg.enable {
    #=========================================================================
    # Dependencies
    #=========================================================================
    environment.systemPackages = with pkgs; [
      podman-tui
      jellyfin
      jellyfin-web
      jellyfin-ffmpeg
      jellyseerr
      mediainfo
      id3v2
      yt-dlp
    ];

    #=========================================================================
    # Prepare system
    #=========================================================================
    users = {
      users.${cfg.user} = {
        isSystemUser = true;
        group = cfg.group;
      };
      groups.${cfg.group} = {};
    };

    systemd.tmpfiles.rules = [
      "d '${cfg.path}/series' 0700 ${cfg.user} ${cfg.group} - -"
      "d '${cfg.path}/movies' 0700 ${cfg.user} ${cfg.group} - -"
      "d '${cfg.path}/music' 0700 ${cfg.user} ${cfg.group} - -"
      "d '${cfg.path}/qbittorrent' 0700 ${cfg.user} ${cfg.group} - -"
      "d '${cfg.path}/sabnzbd' 0700 ${cfg.user} ${cfg.group} - -"
      "d '${cfg.path}/reiverr/config' 0700 ${cfg.user} ${cfg.group} - -"
      "d '${cfg.path}/downloads/incomplete' 0700 ${cfg.user} ${cfg.group} - -"
      "d '${cfg.path}/downloads/done' 0700 ${cfg.user} ${cfg.group} - -"
    ];

    #=========================================================================
    # Services
    #=========================================================================
    services = let
      arrService = {
        enable = true;
        openFirewall = true;

        settings = {
          auth.AuthenticationMethod = "External";

          # postgres = {
          #   PostgresHost = "localhost";
          #   PostgresPort = "5432";
          #   PostgresUser = "media";
          # };
        };
      };

      withPort = port: service: service // { settings.server.Port = builtins.toString port; };

      withUserAndGroup = service: service  // {
        user = cfg.user;
        group = cfg.group;
      };
    in {
      radarr =
        arrService
        |> withPort 2001
        |> withUserAndGroup;

      sonarr =
        arrService
        |> withPort 2002
        |> withUserAndGroup;

      lidarr =
        arrService
        |> withPort 2003
        |> withUserAndGroup;
        
      prowlarr =
        arrService
        |> withPort 2004;

      bazarr = {
        enable = true;
        openFirewall = true;
        user = cfg.user;
        group = cfg.group;
        listenPort = 2005;
      };

      # port is harcoded in nixpkgs module
      jellyfin = {
        enable = true;
        openFirewall = true;
        user = cfg.user;
        group = cfg.group;
      };

      flaresolverr = {
        enable = true;
        openFirewall = true;
        port = 2007;
      };

      qbittorrent = {
        enable = true;
        openFirewall = true;
        webuiPort = 2008;

        serverConfig = {
          LegalNotice.Accepted = true;
        };

        user = cfg.user;
        group = cfg.group;
      };

      # port is harcoded in nixpkgs module
      sabnzbd = {
        enable = true;
        openFirewall = true;
        configFile = "${cfg.path}/sabnzbd/config.ini";

        user = cfg.user;
        group = cfg.group;
      };

      # postgresql = {
      #   enable = true;
      #   ensureDatabases = [
      #     "radarr-main" "radarr-log"
      #     "sonarr-main" "sonarr-log"
      #     "lidarr-main" "lidarr-log"
      #     "prowlarr-main" "prowlarr-log"
      #   ];
      #   identMap = ''
      #     media media radarr-main
      #     media media radarr-log
      #     media media sonarr-main
      #     media media sonarr-log
      #     media media lidarr-main
      #     media media lidarr-log
      #     media media prowlarr-main
      #     media media prowlarr-log
      #   '';
      #   ensureUsers = [
      #     { name = "radarr-main"; ensureDBOwnership = true; }
      #     { name = "radarr-log"; ensureDBOwnership = true; }

      #     { name = "sonarr-main"; ensureDBOwnership = true; }
      #     { name = "sonarr-log"; ensureDBOwnership = true; }
          
      #     { name = "lidarr-main"; ensureDBOwnership = true; }
      #     { name = "lidarr-log"; ensureDBOwnership = true; }
          
      #     { name = "prowlarr-main"; ensureDBOwnership = true; }
      #     { name = "prowlarr-log"; ensureDBOwnership = true; }
      #   ];
      # };

      caddy = {
        enable = true;
        virtualHosts = {
          "jellyfin.kruining.eu".extraConfig = ''
            reverse_proxy http://[::1]:8096
          '';
        };
      };
    };

    systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL";
  };
}