{ config, inputs, lib, libNginx, ... }: with lib; let cfg = config.nixfiles.modules.lidarr; in { options.nixfiles.modules.lidarr = { enable = mkEnableOption "Lidarr"; domain = mkOption { description = "Domain name sans protocol scheme."; type = with types; str; default = "lidarr.${config.networking.domain}"; }; }; config = mkIf cfg.enable { secrets.lidarr-api-key.file = "${inputs.self}/secrets/lidarr-api-key"; ark.directories = [ "/var/lib/lidarr" ]; nixfiles.modules.nginx = { enable = true; upstreams.lidarr.servers."127.0.0.1:8686" = { }; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://lidarr"; extraConfig = libNginx.config.internalOnly; }; }; services = { lidarr = { enable = true; user = "rtorrent"; group = "rtorrent"; }; prometheus.exporters.exportarr-lidarr = { enable = true; url = "http://127.0.0.1"; apiKeyFile = config.secrets.lidarr-api-key.path; port = mkDefault 9708; inherit (config.services.lidarr) user; inherit (config.services.lidarr) group; listenAddress = this.wireguard.ipv4.address; environment.CONFIG = "/var/lib/lidarr/.config/Lidarr/config.xml"; }; }; systemd.tmpfiles.rules = with config.services.lidarr; [ "d /var/lib/lidarr/root 0755 ${user} ${group} - -" ]; }; }