about summary refs log tree commit diff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--modules/beets.nix11
-rw-r--r--modules/common/ark.nix2
-rw-r--r--modules/monitoring/default.nix12
-rw-r--r--modules/nsd.nix3
-rw-r--r--modules/piracy/default.nix177
-rw-r--r--modules/piracy/jackett.nix (renamed from modules/jackett.nix)4
-rw-r--r--modules/piracy/lidarr.nix (renamed from modules/lidarr.nix)46
-rw-r--r--modules/piracy/radarr.nix84
-rw-r--r--modules/piracy/sonarr.nix84
-rw-r--r--modules/profiles/headful.nix2
-rw-r--r--modules/prowlarr.nix65
-rw-r--r--modules/radarr.nix40
-rw-r--r--modules/rtorrent.nix328
-rw-r--r--modules/sonarr.nix40
14 files changed, 465 insertions, 433 deletions
diff --git a/modules/beets.nix b/modules/beets.nix
index 732f400..c25ad53 100644
--- a/modules/beets.nix
+++ b/modules/beets.nix
@@ -49,10 +49,17 @@ in
               original_date = true;
               import = {
                 write = true;
-                copy = true;
+                copy = true; # sshfs mount and `beet import` the required directory.
                 move = false;
-                bell = true;
+                link = false;
+                hardlink = false;
+                reflink = false;
+                resume = false;
+                incremental = true;
+                incremental_skip_later = false;
                 from_scratch = true;
+                quiet = false;
+                bell = true;
               };
               match = {
                 preferred = {
diff --git a/modules/common/ark.nix b/modules/common/ark.nix
index f297fce..e3ea4c5 100644
--- a/modules/common/ark.nix
+++ b/modules/common/ark.nix
@@ -46,7 +46,7 @@ in
   config = lib.mkIf cfg.enable {
     environment.persistence.${cfg.path} = {
       hideMounts = true;
-      enableDebugging = true;
+      enableDebugging = false;
       enableWarnings = true;
       inherit (cfg) directories files;
     };
diff --git a/modules/monitoring/default.nix b/modules/monitoring/default.nix
index a3e57d3..164ac5d 100644
--- a/modules/monitoring/default.nix
+++ b/modules/monitoring/default.nix
@@ -189,6 +189,14 @@ in
                 ];
                 inherit (config.services.endlessh-go.prometheus) port;
               };
+              exportarr-prowlarr = {
+                hosts = [ yavanna ];
+                inherit (config.services.prometheus.exporters.exportarr-prowlarr) port;
+              };
+              exportarr-lidarr = {
+                hosts = [ yavanna ];
+                inherit (config.services.prometheus.exporters.exportarr-lidarr) port;
+              };
               nginx = {
                 hosts = [
                   manwe
@@ -221,10 +229,6 @@ in
                 hosts = [ manwe ];
                 inherit (config.services.prometheus.exporters.wireguard) port;
               };
-              exportarr-lidarr = {
-                hosts = [ yavanna ];
-                inherit (config.services.prometheus.exporters.exportarr-lidarr) port;
-              };
             };
 
         ruleFiles = [
diff --git a/modules/nsd.nix b/modules/nsd.nix
index acf7e27..13cebe9 100644
--- a/modules/nsd.nix
+++ b/modules/nsd.nix
@@ -103,7 +103,7 @@ in
                     SOA = {
                       nameServer = "${cfg.fqdn}.";
                       adminEmail = "admin+dns@${my.domain.shire}";
-                      serial = 2022091601; # Don't forget to bump the revision!
+                      serial = 2024010301; # Don't forget to bump the revision!
                     };
 
                     NS = with my.domain; [
@@ -163,6 +163,7 @@ in
                     flood = yavanna;
                     jackett = yavanna;
                     lidarr = yavanna;
+                    prowlarr = yavanna;
                   };
                 }
               ];
diff --git a/modules/piracy/default.nix b/modules/piracy/default.nix
new file mode 100644
index 0000000..be957f0
--- /dev/null
+++ b/modules/piracy/default.nix
@@ -0,0 +1,177 @@
+{
+  config,
+  lib,
+  libNginx,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.nixfiles.modules.piracy;
+in
+{
+  imports = lib.attrValues (lib.modulesIn ./.);
+
+  options.nixfiles.modules.piracy = {
+    enable = lib.mkEnableOption "tools for working with the BitTorrent protocol";
+
+    group = lib.mkOption {
+      type = lib.types.str;
+      default = "piracy";
+    };
+    gid = lib.mkOption {
+      type = lib.types.int;
+      default = 210; # Unused UID from Nixpkgs.
+    };
+
+    flood = {
+      enable = lib.mkEnableOption "Flood" // {
+        default = cfg.enable;
+      };
+
+      domain = lib.mkOption {
+        description = "Domain name sans protocol scheme.";
+        type = lib.types.str;
+        default = "flood.${config.networking.domain}";
+      };
+    };
+  };
+
+  config =
+    let
+      files = "/export/rtorrent";
+      socket = "/run/rtorrent/rpc.sock";
+    in
+    lib.mkIf cfg.enable (
+      lib.mkMerge [
+        {
+          ark.directories = [
+            config.services.rtorrent.dataDir
+            files
+          ];
+
+          services.rtorrent = {
+            enable = true;
+
+            user = "rtorrent";
+            inherit (cfg) group;
+
+            rpcSocket = socket;
+            configText =
+              with config.services.rtorrent;
+              lib.mkForce ''
+                directory.default.set = ${files}
+                session.path.set = ${dataDir}/session
+
+                network.port_range.set = ${toString port}-${toString port}
+                network.port_random.set = no
+
+                dht.mode.set = disable
+                protocol.pex.set = no
+
+                trackers.use_udp.set = no
+
+                protocol.encryption.set = allow_incoming,try_outgoing,enable_retry
+
+                pieces.memory.max.set = ${toString (lib.pow 2 11)}M
+                pieces.preload.type.set = 2
+
+                network.max_open_files.set   = ${toString (lib.pow 2 13)}
+                network.max_open_sockets.set = ${toString (lib.pow 2 13)}
+
+                network.http.max_open.set = ${toString (lib.pow 2 10)}
+
+                throttle.global_down.max_rate.set_kb = 0
+                throttle.global_up.max_rate.set_kb   = 0
+
+                network.scgi.open_local = ${socket}
+                network.xmlrpc.size_limit.set = ${toString (lib.pow 2 17)}
+
+                encoding.add = utf8
+                system.umask.set = 0007
+
+                log.open_file = "log", "/var/log/rtorrent/log"
+                log.add_output = "info", "log"
+              '';
+          };
+
+          systemd = {
+            sockets.rtorrent = {
+              socketConfig.ListenStream = socket;
+              wantedBy = [ "sockets.target" ];
+            };
+
+            services.rtorrent = {
+              serviceConfig = {
+                UMask = "0007";
+                RuntimeDirectory = "rtorrent";
+                LogsDirectory = "rtorrent";
+                ReadWritePaths = [ files ];
+              };
+              after = [ "rtorrent.socket" ];
+              requires = [ "rtorrent.socket" ];
+            };
+
+            tmpfiles.rules = with config.services.rtorrent; [
+              "d '${files}' 0750 ${user} ${cfg.group} -"
+            ];
+          };
+
+          users = {
+            users.${config.services.rtorrent.user}.uid = cfg.gid;
+            groups.${config.services.rtorrent.group}.gid = cfg.gid;
+          };
+          my.extraGroups = [ cfg.group ];
+
+          boot.kernel.sysctl = {
+            "net.core.rmem_max" = lib.mkOverride 500 (lib.pow 2 24);
+            "net.core.wmem_max" = lib.mkOverride 500 (lib.pow 2 24);
+            "net.ipv4.tcp_fin_timeout" = lib.mkOverride 500 30;
+            "net.ipv4.tcp_rmem" = lib.mkOverride 500 (lib.mkTcpMem 12 23 24);
+            "net.ipv4.tcp_slow_start_after_idle" = 0;
+            "net.ipv4.tcp_tw_recycle" = lib.mkOverride 500 1;
+            "net.ipv4.tcp_tw_reuse" = lib.mkOverride 500 1;
+            "net.ipv4.tcp_wmem" = lib.mkOverride 500 (lib.mkTcpMem 12 23 24);
+          };
+        }
+        (lib.mkIf cfg.flood.enable {
+          ark.directories = [ "/var/lib/private/flood" ];
+
+          nixfiles.modules.nginx = with config.services.flood; {
+            enable = true;
+            upstreams.flood.servers."${host}:${toString port}" = { };
+            virtualHosts.${cfg.flood.domain} = {
+              root = "${package}/lib/node_modules/flood/dist/assets";
+              locations = {
+                "/".tryFiles = "$uri /index.html";
+                "/api" = {
+                  proxyPass = "http://flood";
+                  extraConfig = libNginx.config.noProxyBuffering;
+                };
+              };
+              extraConfig = libNginx.config.internalOnly;
+            };
+          };
+
+          services.flood = {
+            enable = true;
+            extraArgs = [
+              "--auth=none"
+              "--assets=false"
+              "--allowedpath=${files}"
+              "--rtsocket=${socket}"
+            ];
+          };
+
+          systemd.services.flood = {
+            path = [ pkgs.mediainfo ];
+            serviceConfig = {
+              Group = cfg.group;
+              ReadOnlyPaths = [ files ];
+            };
+            after = [ "rtorrent.socket" ];
+            requires = [ "rtorrent.socket" ];
+          };
+        })
+      ]
+    );
+}
diff --git a/modules/jackett.nix b/modules/piracy/jackett.nix
index 5b0b2c0..7ef9311 100644
--- a/modules/jackett.nix
+++ b/modules/piracy/jackett.nix
@@ -7,10 +7,10 @@
   ...
 }:
 let
-  cfg = config.nixfiles.modules.jackett;
+  cfg = config.nixfiles.modules.piracy.jackett;
 in
 {
-  options.nixfiles.modules.jackett = {
+  options.nixfiles.modules.piracy.jackett = {
     enable = lib.mkEnableOption "Jackett";
 
     domain = lib.mkOption {
diff --git a/modules/lidarr.nix b/modules/piracy/lidarr.nix
index 127e8d9..a905d8e 100644
--- a/modules/lidarr.nix
+++ b/modules/piracy/lidarr.nix
@@ -8,10 +8,12 @@
 }:
 with lib;
 let
-  cfg = config.nixfiles.modules.lidarr;
+  cfg = config.nixfiles.modules.piracy.lidarr;
+
+  port = 8686;
 in
 {
-  options.nixfiles.modules.lidarr = {
+  options.nixfiles.modules.piracy.lidarr = {
     enable = mkEnableOption "Lidarr";
 
     domain = mkOption {
@@ -26,27 +28,33 @@ in
 
     ark.directories = [ "/var/lib/lidarr" ];
 
-    nixfiles.modules.nginx = {
-      enable = true;
-      upstreams.lidarr.servers."127.0.0.1:8686" = { };
-      virtualHosts.${cfg.domain} = {
-        locations."/".proxyPass = "http://lidarr";
-        extraConfig = libNginx.config.internalOnly;
+    nixfiles.modules = {
+      nginx = {
+        enable = true;
+        upstreams.lidarr.servers."127.0.0.1:${toString port}" = { };
+        virtualHosts.${cfg.domain} = {
+          locations."/".proxyPass = "http://lidarr";
+          extraConfig = libNginx.config.internalOnly;
+        };
+      };
+
+      piracy = {
+        enable = true;
+        jackett.enable = true;
       };
     };
 
     services = {
       lidarr = {
         enable = true;
-        user = "rtorrent";
-        group = "rtorrent";
+        group = "piracy";
       };
 
       prometheus.exporters.exportarr-lidarr = {
         enable = true;
         url = "http://127.0.0.1";
+        port = port + 10000;
         apiKeyFile = config.secrets.lidarr-api-key.path;
-        port = mkDefault 9708;
         inherit (config.services.lidarr) user;
         inherit (config.services.lidarr) group;
         listenAddress = this.wireguard.ipv4.address;
@@ -54,14 +62,22 @@ in
       };
     };
 
-    systemd.tmpfiles.rules = with config.services.lidarr; [
-      "d /var/lib/lidarr/root 0755 ${user} ${group} - -"
-    ];
+    systemd = {
+      tmpfiles.rules = with config.services.lidarr; [
+        "d /var/lib/lidarr/root 0755 ${user} ${group} - -"
+      ];
+
+      services.lidarr.after = [
+        "flood.service"
+        "jackett.service"
+        "local-fs.target"
+      ];
+    };
 
     topology = with cfg; {
       nodes.${this.hostname}.services.lidarr = {
         info = domain;
-        details.listen.text = "127.0.0.1:8686";
+        details.listen.text = "127.0.0.1:${toString port}";
       };
     };
   };
diff --git a/modules/piracy/radarr.nix b/modules/piracy/radarr.nix
new file mode 100644
index 0000000..ac2fe7f
--- /dev/null
+++ b/modules/piracy/radarr.nix
@@ -0,0 +1,84 @@
+{
+  config,
+  inputs,
+  lib,
+  libNginx,
+  this,
+  ...
+}:
+with lib;
+let
+  cfg = config.nixfiles.modules.piracy.radarr;
+
+  port = 7878;
+in
+{
+  options.nixfiles.modules.piracy.radarr = {
+    enable = mkEnableOption "Radarr";
+
+    domain = mkOption {
+      description = "Domain name sans protocol scheme.";
+      type = with types; str;
+      default = "radarr.${config.networking.domain}";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    secrets.radarr-api-key.file = "${inputs.self}/secrets/radarr-api-key";
+
+    ark.directories = [ "/var/lib/radarr" ];
+
+    nixfiles.modules = {
+      nginx = {
+        enable = true;
+        upstreams.radarr.servers."127.0.0.1:${toString port}" = { };
+        virtualHosts.${cfg.domain} = {
+          locations."/".proxyPass = "http://radarr";
+          extraConfig = libNginx.config.internalOnly;
+        };
+      };
+
+      piracy = {
+        enable = true;
+        jackett.enable = true;
+      };
+    };
+
+    services = {
+      radarr = {
+        enable = true;
+        group = "piracy";
+      };
+
+      prometheus.exporters.exportarr-radarr = {
+        enable = true;
+        url = "http://127.0.0.1";
+        port = port + 10000;
+        apiKeyFile = config.secrets.radarr-api-key.path;
+        inherit (config.services.radarr) user;
+        inherit (config.services.radarr) group;
+        listenAddress = this.wireguard.ipv4.address;
+        environment.CONFIG = "/var/lib/radarr/.config/Radarr/config.xml";
+      };
+    };
+
+    systemd = {
+      tmpfiles.rules = with config.services.radarr; [
+        "d /var/lib/radarr/root 0755 ${user} ${group} - -"
+      ];
+
+      services.lidarr.after = [
+        "flood.service"
+        "jackett.service"
+        "local-fs.target"
+      ];
+    };
+
+    topology = with cfg; {
+      nodes.${this.hostname}.services.radarr = {
+        info = domain;
+        details.listen.text = "127.0.0.1:${toString port}";
+      };
+    };
+  };
+}
diff --git a/modules/piracy/sonarr.nix b/modules/piracy/sonarr.nix
new file mode 100644
index 0000000..8715a12
--- /dev/null
+++ b/modules/piracy/sonarr.nix
@@ -0,0 +1,84 @@
+{
+  config,
+  inputs,
+  lib,
+  libNginx,
+  this,
+  ...
+}:
+with lib;
+let
+  cfg = config.nixfiles.modules.piracy.sonarr;
+
+  port = 8989;
+in
+{
+  options.nixfiles.modules.piracy.sonarr = {
+    enable = mkEnableOption "Sonarr";
+
+    domain = mkOption {
+      description = "Domain name sans protocol scheme.";
+      type = with types; str;
+      default = "sonarr.${config.networking.domain}";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    secrets.sonarr-api-key.file = "${inputs.self}/secrets/sonarr-api-key";
+
+    ark.directories = [ "/var/lib/sonarr" ];
+
+    nixfiles.modules = {
+      nginx = {
+        enable = true;
+        upstreams.sonarr.servers."127.0.0.1:${toString port}" = { };
+        virtualHosts.${cfg.domain} = {
+          locations."/".proxyPass = "http://sonarr";
+          extraConfig = libNginx.config.internalOnly;
+        };
+      };
+
+      piracy = {
+        enable = true;
+        jackett.enable = true;
+      };
+    };
+
+    services = {
+      sonarr = {
+        enable = true;
+        group = "piracy";
+      };
+
+      prometheus.exporters.exportarr-sonarr = {
+        enable = true;
+        url = "http://127.0.0.1";
+        port = port + 10000;
+        apiKeyFile = config.secrets.sonarr-api-key.path;
+        inherit (config.services.sonarr) user;
+        inherit (config.services.sonarr) group;
+        listenAddress = this.wireguard.ipv4.address;
+        environment.CONFIG = "/var/lib/sonarr/.config/Sonarr/config.xml";
+      };
+    };
+
+    systemd = {
+      tmpfiles.rules = with config.services.sonarr; [
+        "d /var/lib/sonarr/root 0755 ${user} ${group} - -"
+      ];
+
+      services.sonarr.after = [
+        "flood.service"
+        "jackett.service"
+        "local-fs.target"
+      ];
+    };
+
+    topology = with cfg; {
+      nodes.${this.hostname}.services.sonarr = {
+        info = domain;
+        details.listen.text = "127.0.0.1:${toString port}";
+      };
+    };
+  };
+}
diff --git a/modules/profiles/headful.nix b/modules/profiles/headful.nix
index 991d513..d7f1876 100644
--- a/modules/profiles/headful.nix
+++ b/modules/profiles/headful.nix
@@ -56,9 +56,11 @@ in
           audacity
           byedpi
           eaglemode
+          easyeffects
           element-desktop
           fd
           gimp
+          helvum
           imv
           kdenlive
           libreoffice-fresh
diff --git a/modules/prowlarr.nix b/modules/prowlarr.nix
new file mode 100644
index 0000000..c5bf5c0
--- /dev/null
+++ b/modules/prowlarr.nix
@@ -0,0 +1,65 @@
+{
+  config,
+  inputs,
+  lib,
+  libNginx,
+  this,
+  ...
+}:
+with lib;
+let
+  cfg = config.nixfiles.modules.prowlarr;
+
+  port = 9696;
+in
+{
+  options.nixfiles.modules.prowlarr = {
+    enable = mkEnableOption "Prowlarr";
+
+    domain = mkOption {
+      description = "Domain name sans protocol scheme.";
+      type = with types; str;
+      default = "prowlarr.${config.networking.domain}";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # secrets.prowlarr-api-key.file = "${inputs.self}/secrets/prowlarr-api-key";
+
+    ark.directories = [ "/var/lib/private/prowlarr" ];
+
+    nixfiles.modules.nginx = {
+      enable = true;
+      upstreams.prowlarr.servers."127.0.0.1:${toString port}" = { };
+      virtualHosts.${cfg.domain} = {
+        locations."/".proxyPass = "http://prowlarr";
+        extraConfig = libNginx.config.internalOnly;
+      };
+    };
+
+    services = {
+      prowlarr.enable = true;
+
+      prometheus.exporters.exportarr-prowlarr = {
+        enable = true;
+        url = "http://127.0.0.1";
+        port = port + 10000;
+        apiKeyFile = config.secrets.lidarr-api-key.path;
+        listenAddress = this.wireguard.ipv4.address;
+        environment = {
+          PROWLARR__BACKFILL = "true";
+          PROWLARR__BACKFILL_DATE_SINCE = "2025-01-01";
+        };
+      };
+    };
+
+    topology = with cfg; {
+      nodes.${this.hostname}.services.prowlarr = {
+        name = "Prowlarr";
+        icon = "${inputs.homelab-svg-assets}/assets/prowlarr.svg";
+        info = domain;
+        details.listen.text = "127.0.0.1:${toString port}";
+      };
+    };
+  };
+}
diff --git a/modules/radarr.nix b/modules/radarr.nix
deleted file mode 100644
index 9e4e13f..0000000
--- a/modules/radarr.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{
-  config,
-  lib,
-  libNginx,
-  ...
-}:
-with lib;
-let
-  cfg = config.nixfiles.modules.radarr;
-in
-{
-  options.nixfiles.modules.radarr = {
-    enable = mkEnableOption "Radarr";
-
-    domain = mkOption {
-      description = "Domain name sans protocol scheme.";
-      type = with types; str;
-      default = "radarr.${config.networking.domain}";
-    };
-  };
-
-  config = mkIf cfg.enable {
-    ark.directories = [ "/var/lib/radarr" ];
-
-    nixfiles.modules.nginx = {
-      enable = true;
-      upstreams.radarr.servers."127.0.0.1:7878" = { };
-      virtualHosts.${cfg.domain} = {
-        locations."/".proxyPass = "http://radarr";
-        extraConfig = libNginx.config.internalOnly;
-      };
-    };
-
-    services.radarr = {
-      enable = true;
-      user = "rtorrent";
-      group = "rtorrent";
-    };
-  };
-}
diff --git a/modules/rtorrent.nix b/modules/rtorrent.nix
deleted file mode 100644
index 82ef1b2..0000000
--- a/modules/rtorrent.nix
+++ /dev/null
@@ -1,328 +0,0 @@
-{
-  config,
-  lib,
-  libNginx,
-  pkgs,
-  ...
-}:
-with lib;
-let
-  cfg = config.nixfiles.modules.rtorrent;
-in
-{
-  options.nixfiles.modules.rtorrent = {
-    enable = mkEnableOption "rTorrent";
-
-    flood = {
-      enable = mkEnableOption "Flood" // {
-        default = cfg.enable;
-      };
-
-      domain = mkOption {
-        description = "Domain name sans protocol scheme.";
-        type = with types; str;
-        default = "flood.${config.networking.domain}";
-      };
-    };
-  };
-
-  config =
-    let
-      user = "rtorrent";
-      group = "rtorrent";
-      baseDir = "/var/lib/rtorrent";
-      rpcSocket = "${baseDir}/rpc.socket";
-    in
-    mkIf cfg.enable (mkMerge [
-      (
-        let
-          port = 50000;
-        in
-        {
-          ark.directories = [ baseDir ];
-
-          systemd = {
-            services.rtorrent = {
-              description = "rTorrent";
-              after = [
-                "network.target"
-                "local-fs.target"
-              ];
-              serviceConfig =
-                let
-                  leechDir = "${baseDir}/leech";
-                  seedDir = "${baseDir}/seed";
-                  sessionDir = "${baseDir}/session";
-                  logDir = "${baseDir}/log";
-                  configFile =
-                    let
-                      moveCompleted = getExe (
-                        pkgs.writeShellApplication {
-                          name = "move-completed";
-                          runtimeInputs = with pkgs; [
-                            coreutils-full
-                            gnused
-                            findutils
-                          ];
-                          text = ''
-                            set -x
-
-                            leech_path="$1"
-                            seed_path="$2"
-                            # seed_path="$(echo "$2" | sed 's@+@ @g;s@%@\\x@g' | xargs -0 printf '%b')"
-
-                            mkdir -pv "$seed_path"
-                            mv -fv "$leech_path" "$seed_path"
-                          '';
-                        }
-                      );
-                    in
-                    pkgs.writeText "rtorrent.rc" ''
-                      method.insert = cfg.leech,     private|const|string, (cat, "${leechDir}")
-                      method.insert = cfg.seed,      private|const|string, (cat, "${seedDir}")
-                      method.insert = cfg.session,   private|const|string, (cat, "${sessionDir}")
-                      method.insert = cfg.log,       private|const|string, (cat, "${logDir}")
-                      method.insert = cfg.rpcsocket, private|const|string, (cat, "${rpcSocket}")
-
-                      directory.default.set = (cat, (cfg.leech))
-                      session.path.set = (cat, (cfg.session))
-
-                      network.port_range.set = ${toString port}-${toString port}
-                      network.port_random.set = no
-
-                      dht.mode.set = disable
-                      protocol.pex.set = no
-
-                      trackers.use_udp.set = no
-
-                      protocol.encryption.set = allow_incoming,try_outgoing,enable_retry
-
-                      pieces.memory.max.set = ${toString (pow 2 11)}M
-                      pieces.preload.type.set = 2
-
-                      network.xmlrpc.size_limit.set = ${toString (pow 2 17)}
-
-                      network.max_open_files.set   = ${toString (pow 2 10)}
-                      network.max_open_sockets.set = ${toString (pow 2 10)}
-
-                      network.http.max_open.set = ${toString (pow 2 8)}
-
-                      throttle.global_down.max_rate.set_kb = 0
-                      throttle.global_up.max_rate.set_kb   = 0
-
-                      encoding.add = UTF-8
-                      system.umask.set = 0027
-                      system.cwd.set = (directory.default)
-
-                      network.scgi.open_local = (cat, (cfg.rpcsocket))
-
-                      method.insert = d.move_completed, simple, "\
-                        d.directory.set=$argument.1=;\
-                        execute=${moveCompleted}, $argument.0=, $argument.1=;\
-                        d.save_full_session=\
-                      "
-                      method.insert = d.leech_path, simple, "\
-                        if=(d.is_multi_file),\
-                        (cat, (d.directory), /),\
-                        (cat, (d.directory), /, (d.name))\
-                      "
-                      method.insert = d.seed_path, simple, "\
-                        cat=$cfg.seed=, /, $d.custom1=\
-                      "
-                      method.set_key = event.download.finished, move_complete, "\
-                        d.move_completed=$d.leech_path=, $d.seed_path=\
-                      "
-
-                      log.open_file = "log", (cat, (cfg.log), "/", "default.log")
-                      log.add_output = "info", "log"
-                      log.execute = (cat, (cfg.log), "/", "execute.log")
-                    '';
-                in
-                {
-                  Restart = "on-failure";
-                  RestartSec = 3;
-
-                  KillMode = "process";
-                  KillSignal = "SIGHUP";
-
-                  User = user;
-                  Group = group;
-
-                  ExecStartPre = concatStringsSep " " [
-                    "${pkgs.coreutils-full}/bin/mkdir -p"
-                    leechDir
-                    seedDir
-                    sessionDir
-                    logDir
-                  ];
-                  ExecStart = concatStringsSep " " [
-                    (getExe pkgs.rtorrent)
-                    "-n"
-                    "-o system.daemon.set=true"
-                    "-o network.bind_address.set=0.0.0.0"
-                    "-o import=${configFile}"
-                  ];
-                  ExecStop = concatStringsSep " " [
-                    "${pkgs.coreutils-full}/bin/rm -rf"
-                    rpcSocket
-                  ];
-
-                  RuntimeDirectory = "rtorrent";
-                  RuntimeDirectoryMode = 750;
-                  UMask = 27;
-                  AmbientCapabilities = [ "" ];
-                  CapabilityBoundingSet = [ "" ];
-                  LockPersonality = true;
-                  MemoryDenyWriteExecute = true;
-                  NoNewPrivileges = true;
-                  PrivateDevices = true;
-                  PrivateTmp = true;
-                  PrivateUsers = true;
-                  ProtectClock = true;
-                  ProtectControlGroups = true;
-                  ProtectHome = true;
-                  ProtectHostname = true;
-                  ProtectKernelLogs = true;
-                  ProtectKernelModules = true;
-                  ProtectKernelTunables = true;
-                  ProcSubset = "pid";
-                  RemoveIPC = true;
-                  RestrictAddressFamilies = [
-                    "AF_UNIX"
-                    "AF_INET"
-                    "AF_INET6"
-                  ];
-                  RestrictNamespaces = true;
-                  RestrictRealtime = true;
-                  RestrictSUIDSGID = true;
-                  SystemCallArchitectures = "native";
-                  SystemCallFilter = [
-                    "@system-service"
-                    "~@resources"
-                    "~@privileged"
-                  ];
-                };
-              wantedBy = [ "multi-user.target" ];
-            };
-
-            tmpfiles.rules = [ "d '${baseDir}' 0750 ${user} ${group} -" ];
-          };
-
-          users = {
-            users.${user} = {
-              inherit group;
-              shell = pkgs.bashInteractive;
-              home = baseDir;
-              description = "rTorrent";
-              isSystemUser = true;
-            };
-            groups.${group} = { };
-          };
-          my.extraGroups = [ group ];
-
-          networking.firewall.allowedTCPPorts = [ port ];
-
-          boot.kernel.sysctl = {
-            "net.core.rmem_max" = mkOverride 500 (pow 2 24);
-            "net.core.wmem_max" = mkOverride 500 (pow 2 24);
-            "net.ipv4.tcp_fin_timeout" = mkOverride 500 30;
-            "net.ipv4.tcp_rmem" = mkOverride 500 (mkTcpMem 12 23 24);
-            "net.ipv4.tcp_slow_start_after_idle" = 0;
-            "net.ipv4.tcp_tw_recycle" = mkOverride 500 1;
-            "net.ipv4.tcp_tw_reuse" = mkOverride 500 1;
-            "net.ipv4.tcp_wmem" = mkOverride 500 (mkTcpMem 12 23 24);
-          };
-        }
-      )
-      (
-        let
-          port = 50001;
-          pkg = pkgs.nodePackages.flood;
-        in
-        mkIf cfg.flood.enable {
-          nixfiles.modules.nginx = {
-            enable = true;
-            upstreams.flood.servers."127.0.0.1:${toString port}" = { };
-            virtualHosts.${cfg.flood.domain} = {
-              root = "${pkg}/lib/node_modules/flood/dist/assets";
-              locations = {
-                "/".tryFiles = "$uri /index.html";
-                "/api" = {
-                  proxyPass = "http://flood";
-                  extraConfig = libNginx.config.noProxyBuffering;
-                };
-              };
-              extraConfig = libNginx.config.internalOnly;
-            };
-          };
-
-          systemd.services.flood = {
-            description = "Flood";
-            after = [
-              "network.target"
-              "rtorrent.service"
-            ];
-            path = with pkgs; [ mediainfo ];
-            serviceConfig = {
-              Restart = "on-failure";
-              RestartSec = 3;
-
-              User = user;
-              Group = group;
-
-              ExecStart = concatStringsSep " " [
-                (getExe pkg)
-                "--allowedpath=${baseDir}"
-                "--baseuri=/"
-                "--rundir=${baseDir}/flood"
-                "--host=127.0.0.1"
-                "--port=${toString port}"
-                "--rtsocket=${rpcSocket}"
-                "--ssl=false"
-                "--auth=none"
-              ];
-
-              RuntimeDirectory = "rtorrent";
-              RuntimeDirectoryMode = 750;
-              UMask = 27;
-              AmbientCapabilities = [ "" ];
-              CapabilityBoundingSet = [ "" ];
-              LockPersonality = true;
-              NoNewPrivileges = true;
-              PrivateDevices = true;
-              PrivateTmp = true;
-              PrivateUsers = true;
-              ProtectClock = true;
-              ProtectControlGroups = true;
-              ProtectHome = true;
-              ProtectHostname = true;
-              ProtectKernelLogs = true;
-              ProtectKernelModules = true;
-              ProtectKernelTunables = true;
-              ProcSubset = "pid";
-              ProtectProc = "invisible";
-              RemoveIPC = true;
-              RestrictAddressFamilies = [
-                "AF_UNIX"
-                "AF_INET"
-                "AF_INET6"
-              ];
-              RestrictNamespaces = true;
-              RestrictRealtime = true;
-              RestrictSUIDSGID = true;
-              SystemCallArchitectures = "native";
-              SystemCallFilter = [
-                "~@cpu-emulation"
-                "~@debug"
-                "~@mount"
-                "~@obsolete"
-                "~@privileged"
-                "~@resources"
-              ];
-            };
-            wantedBy = [ "multi-user.target" ];
-          };
-        }
-      )
-    ]);
-}
diff --git a/modules/sonarr.nix b/modules/sonarr.nix
deleted file mode 100644
index b11dda0..0000000
--- a/modules/sonarr.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{
-  config,
-  lib,
-  libNginx,
-  ...
-}:
-with lib;
-let
-  cfg = config.nixfiles.modules.sonarr;
-in
-{
-  options.nixfiles.modules.sonarr = {
-    enable = mkEnableOption "Sonarr";
-
-    domain = mkOption {
-      description = "Domain name sans protocol scheme.";
-      type = with types; str;
-      default = "sonarr.${config.networking.domain}";
-    };
-  };
-
-  config = mkIf cfg.enable {
-    ark.directories = [ "/var/lib/sonarr" ];
-
-    nixfiles.modules.nginx = {
-      enable = true;
-      upstreams.sonarr.servers."127.0.0.1:8989" = { };
-      virtualHosts.${cfg.domain} = {
-        locations."/".proxyPass = "http://sonarr";
-        extraConfig = libNginx.config.internalOnly;
-      };
-    };
-
-    services.sonarr = {
-      enable = true;
-      user = "rtorrent";
-      group = "rtorrent";
-    };
-  };
-}

Consider giving Nix/NixOS a try! <3