sneeuwvlok/modules/programs/media.nix

{ config, pkgs, lib, sensitive, ... }:

with lib;

let
    user = "media";
    group = "media";
    directory = "/var/media";
in
{
  imports = [
    ../common/qbittorrent.nix
  ];

  environment.systemPackages = with pkgs; [
    podman-tui
    jellyfin
    jellyseerr
    mediainfo
    authelia
  ];

  users = {
    groups = {
      ${group} = {};
    };
    users = {
      ${user} = {
        isSystemUser = true;
        group = group;
      }
    };
  };

  system.activationScripts.var = mkForce ''
    install -d -m 0755 -o ${user} -g ${group} ${directory}/series
    install -d -m 0755 -o ${user} -g ${group} ${directory}/movies
    install -d -m 0755 -o ${user} -g ${group} ${directory}/qbittorrent
    install -d -m 0755 -o ${user} -g ${group} ${directory}/sabnzbd
    install -d -m 0755 -o ${user} -g ${group} ${directory}/reiverr/config
    install -d -m 0755 -o ${user} -g ${group} ${directory}/downloads/incomplete
    install -d -m 0755 -o ${user} -g ${group} ${directory}/downloads/done
  '';

  services = {
    jellyfin = {
      enable = true;
      openFirewall = true;
      user = user;
      group = group;
    };

    radarr = {
      enable = true;
      openFirewall = true;
      user = user;
      group = group;
    };

    sonarr = {
      enable = true;
      openFirewall = true;
      user = user;
      group = group;
    };

    bazarr = {
      enable = true;
      openFirewall = true;
      user = user;
      group = group;
    };

    lidarr = {
      enable = true;
      openFirewall = true;
      user = user;
      group = group;
    };

    jellyseerr = {
      enable = true;
      openFirewall = true;
    };

    prowlarr = {
      enable = true;
      openFirewall = true;
    };

    qbittorrent = {
      enable = true;
      openFirewall = true;
      dataDir = "${directory}/qbittorrent";
      port = 5000;

      user = user;
      group = group;
    };

    sabnzbd = {
      enable = true;
      openFirewall = true;
      configFile = "${directory}/sabnzbd/config.ini";
      port = 5001;

      user = user;
      group = group;
    };

    caddy = {
      enable = true;
      virtualHosts = {
        "media.kruining.eu".extraConfig = ''
          #basicauth {
          #  chris $2a$12$JrsmxrEJj2wLMdcFmEHbWeMJF9gWH/fnE/1Zv67cKvBtq4E4xsSEe
          #}
          reverse_proxy http://127.0.0.1:9494
          tls internal
        '';
        "cloud.kruining.eu".extraConfig = ''
          basicauth {
            chris $2a$12$JrsmxrEJj2wLMdcFmEHbWeMJF9gWH/fnE/1Zv67cKvBtq4E4xsSEe
          }
          php_fastcgi unix//run/phpfpm/nextcloud.sock {
            env front_controller_active true
          }
          tls internal
        '';
      };
    };
  };

  virtualisation = {
    containers.enable = true;

    podman = {
      enable = true;
      dockerCompat = true;
      defaultNetwork.settings.dns_enabled = true;
    };

    oci-containers = {
      backend = "podman";

      containers = {
        flaresolverr = {
          image = "flaresolverr/flaresolverr";
          autoStart = true;
          ports = [ "127.0.0.1:8191:8191" ];
        };

        reiverr = {
          image = "ghcr.io/aleksilassila/reiverr:v2.0.0-alpha.6";
          autoStart = true;
          ports = [ "127.0.0.1:9494:9494" ];
          volumes = [ "${directory}/reiverr/config:/config" ];
        };
      };
    };
  };

  # Open firewall for caddy
  networking.firewall.allowedTCPPorts = [ 80 443 ];

  systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL";
}