From 8d48aa19f45d621d0ce234c81d3c930cb5b05eb5 Mon Sep 17 00:00:00 2001
From: Azat Bahawi <azat@bahawi.net>
Date: Thu, 4 May 2023 01:04:59 +0300
Subject: 2023-05-04

---
 modules/nixos/default.nix |  1 +
 modules/nixos/jackett.nix | 33 +++++++++++++++++++++++++++++++++
 modules/nixos/nsd.nix     |  1 +
 modules/nixos/openssh.nix |  2 --
 modules/nixos/unbound.nix |  1 +
 5 files changed, 36 insertions(+), 2 deletions(-)
 create mode 100644 modules/nixos/jackett.nix

(limited to 'modules/nixos')

diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
index 3c4192d..3c6e61b 100644
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -22,6 +22,7 @@ _: {
     ./grafana.nix
     ./hydra.nix
     ./ipfs.nix
+    ./jackett.nix
     ./k3s.nix
     ./kde.nix
     ./libvirtd.nix
diff --git a/modules/nixos/jackett.nix b/modules/nixos/jackett.nix
new file mode 100644
index 0000000..f8e45ba
--- /dev/null
+++ b/modules/nixos/jackett.nix
@@ -0,0 +1,33 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.nixfiles.modules.jackett;
+in {
+  options.nixfiles.modules.jackett = {
+    enable = mkEnableOption "Jackett";
+
+    domain = mkOption {
+      description = "Domain name sans protocol scheme.";
+      type = with types; str;
+      default = "jackett.${config.networking.domain}";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    ark.directories = ["/var/lib/jackett"];
+
+    nixfiles.modules.nginx = {
+      enable = true;
+      upstreams.jackett.servers."127.0.0.1:9117" = {};
+      virtualHosts.${cfg.domain} = {
+        locations."/".proxyPass = "http://jackett";
+        extraConfig = nginxInternalOnly;
+      };
+    };
+
+    services.jackett.enable = true;
+  };
+}
diff --git a/modules/nixos/nsd.nix b/modules/nixos/nsd.nix
index 3659a7a..255c787 100644
--- a/modules/nixos/nsd.nix
+++ b/modules/nixos/nsd.nix
@@ -118,6 +118,7 @@ in {
                       vaultwarden = manwe;
 
                       flood = yavanna;
+                      jackett = yavanna;
                       lidarr = yavanna;
                     };
                   }
diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix
index 164f5bb..22e4b51 100644
--- a/modules/nixos/openssh.nix
+++ b/modules/nixos/openssh.nix
@@ -17,8 +17,6 @@ in {
   };
 
   config = mkIf cfg.server.enable {
-    # authorized_keys is not added here because it only contains my SSH keys and
-    # all non-declarative ones are located in the home directory.
     ark.files = [
       "/etc/ssh/ssh_host_ed25519_key"
       "/etc/ssh/ssh_host_ed25519_key.pub"
diff --git a/modules/nixos/unbound.nix b/modules/nixos/unbound.nix
index d24b79e..7805b02 100644
--- a/modules/nixos/unbound.nix
+++ b/modules/nixos/unbound.nix
@@ -133,6 +133,7 @@ in {
           localControlSocketPath = "/run/unbound/unbound.socket";
         };
 
+        # TODO Switch to https://github.com/letsencrypt/unbound_exporter.
         prometheus.exporters.unbound = {
           enable = true;
           listenAddress = mkDefault this.wireguard.ipv4.address;
-- 
cgit 1.4.1