From 8973330dcc3c960afbebefb626543f84231ebd8f Mon Sep 17 00:00:00 2001
From: Mark Nipper <nipsy@bitgnome.net>
Date: Sun, 13 Oct 2024 03:16:12 -0700
Subject: Add the *arr services @arrakis

---
 hosts/arrakis/default.nix | 134 +++++++++++++++++++++++++++++++++++++---------
 1 file changed, 108 insertions(+), 26 deletions(-)

(limited to 'hosts/arrakis/default.nix')

diff --git a/hosts/arrakis/default.nix b/hosts/arrakis/default.nix
index 1e9641f..6461c94 100644
--- a/hosts/arrakis/default.nix
+++ b/hosts/arrakis/default.nix
@@ -207,34 +207,116 @@
 
   system.stateVersion = "23.11";
 
-  systemd.services."nftables-extra" = {
-    description = "nftables extra firewall rules";
-    script = ''
-      ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport { http, https } counter accept # 80, 443'
-      ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport { netbios-ns, netbios-dgm } counter accept # 137, 138'
-      ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport { netbios-ssn, microsoft-ds } counter accept # 139, 445'
-      ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport 2049 counter accept'
-      ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport { 2456, 2457 } counter accept # Valheim dedicated server'
-      ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport 5121 counter accept # Neverwinter Nights Server'
-      ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport { 7878, 8080, 8686, 8787, 8989 } counter accept # Radarr, Sabnzb, Lidarr, Sonarr, Readarr'
-      ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport 15637 counter accept # Enshrouded'
-      ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" ip saddr 192.168.1.0/24 udp dport { 27031, 27036 } counter accept # Steam Remote Play'
-      ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" ip saddr 192.168.1.0/24 tcp dport { 27036, 27037 } counter accept # Steam Remote Play'
-      ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport 51820 counter accept # WireGuard'
-      ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path}
-    '';
-    serviceConfig = {
-      RemainAfterExit = true;
-      Type = "oneshot";
+  systemd.services = {
+    "nftables-extra" = {
+      description = "nftables extra firewall rules";
+      script = ''
+        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport { http, https } counter accept # 80, 443'
+        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport { netbios-ns, netbios-dgm } counter accept # 137, 138'
+        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport { netbios-ssn, microsoft-ds } counter accept # 139, 445'
+        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport 2049 counter accept'
+        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport { 2456, 2457 } counter accept # Valheim dedicated server'
+        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport 5121 counter accept # Neverwinter Nights Server'
+        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" tcp dport { 7878, 8080, 8686, 8787, 8989 } counter accept # Radarr, Sabnzb, Lidarr, Sonarr, Readarr'
+        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport 15637 counter accept # Enshrouded'
+        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" ip saddr 192.168.1.0/24 udp dport { 27031, 27036 } counter accept # Steam Remote Play'
+        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" ip saddr 192.168.1.0/24 tcp dport { 27036, 27037 } counter accept # Steam Remote Play'
+        ${pkgs.nftables}/bin/nft insert rule inet nixos-fw input 'iifname "wlp5s0" udp dport 51820 counter accept # WireGuard'
+        ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path}
+      '';
+      serviceConfig = {
+        RemainAfterExit = true;
+        Type = "oneshot";
+      };
+      unitConfig = {
+        ConditionPathExists = [
+          config.sops.secrets."nftables/ssh".path
+        ];
+      };
+      wantedBy = [ "multi-user.target" ];
+      after = [ "nftables.service" ];
+      partOf = [ "nftables.service" ];
     };
-    unitConfig = {
-      ConditionPathExists = [
-        config.sops.secrets."nftables/ssh".path
-      ];
+    "lidarr" = {
+      after = [ "network.target" ];
+      description = "Lidarr Daemon";
+      serviceConfig = {
+        User = "nipsy";
+        Group = "nipsy";
+        Restart = "always";
+        RestartSec= 5;
+        Type = "simple";
+        ExecStart = "/home/nipsy/Lidarr/Lidarr -nobrowser";
+        TimeoutStopSec = 20;
+        PIDFile = "/home/nipsy/.config/Lidarr/lidarr.pid";
+        NetworkNamespacePath = "/run/netns/vpn";
+      };
+      wantedBy = [ "multi-user.target" ];
+    };
+    "prowlarr" = {
+      after = [ "network.target" ];
+      description = "Prowlarr Daemon";
+      serviceConfig = {
+        User = "nipsy";
+        Group = "nipsy";
+        Restart = "always";
+        RestartSec= 5;
+        Type = "simple";
+        ExecStart = "/home/nipsy/Prowlarr/Prowlarr -nobrowser";
+        TimeoutStopSec = 20;
+        PIDFile = "/home/nipsy/.config/Prowlarr/prowlarr.pid";
+        NetworkNamespacePath = "/run/netns/vpn";
+      };
+      wantedBy = [ "multi-user.target" ];
+    };
+    "radarr" = {
+      after = [ "network.target" ];
+      description = "Radarr Daemon";
+      serviceConfig = {
+        User = "nipsy";
+        Group = "nipsy";
+        Restart = "always";
+        RestartSec= 5;
+        Type = "simple";
+        ExecStart = "/home/nipsy/Radarr/Radarr -nobrowser";
+        TimeoutStopSec = 20;
+        PIDFile = "/home/nipsy/.config/Radarr/radarr.pid";
+        NetworkNamespacePath = "/run/netns/vpn";
+      };
+      wantedBy = [ "multi-user.target" ];
+    };
+    "readarr" = {
+      after = [ "network.target" ];
+      description = "Readarr Daemon";
+      serviceConfig = {
+        User = "nipsy";
+        Group = "nipsy";
+        Restart = "always";
+        RestartSec= 5;
+        Type = "simple";
+        ExecStart = "/home/nipsy/Readarr/Readarr -nobrowser";
+        TimeoutStopSec = 20;
+        PIDFile = "/home/nipsy/.config/Readarr/readarr.pid";
+        NetworkNamespacePath = "/run/netns/vpn";
+      };
+      wantedBy = [ "multi-user.target" ];
+    };
+    "sonarr" = {
+      after = [ "network.target" ];
+      description = "Sonarr Daemon";
+      serviceConfig = {
+        User = "nipsy";
+        Group = "nipsy";
+        Restart = "always";
+        RestartSec= 5;
+        Type = "simple";
+        ExecStart = "/home/nipsy/Sonarr/Sonarr -nobrowser";
+        TimeoutStopSec = 20;
+        PIDFile = "/home/nipsy/.config/Sonarr/sonarr.pid";
+        NetworkNamespacePath = "/run/netns/vpn";
+      };
+      wantedBy = [ "multi-user.target" ];
     };
-    wantedBy = [ "multi-user.target" ];
-    after = [ "nftables.service" ];
-    partOf = [ "nftables.service" ];
   };
   systemd.paths."nftables-extra" = {
     pathConfig = {
-- 
cgit v1.2.3