modules/tlmp/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111

{ self, config, lib, pkgs, ... }:

with self.lib.nginx;
{
  imports = [ ./rtorrent.nix ./slsk.nix ];

  security.acme.certs = {
    "media.cocaine.farm" = {
      extraDomainNames = [ "*.media.cocaine.farm" ];
    };
  };

  users = {
    users.media = {
      isSystemUser = true;
      group = "media";
    };
    groups.media = {};
  };

  services.jellyfin = {
    enable = true;
    user = "media";
    group = "media";
  };

  services.radarr = {
    enable = true;
    user = "media";
    group = "media";
  };

  services.sonarr = {
    enable = true;
    package = pkgs.callPackage ./sonarr.nix {};
    user = "media";
    group = "media";
  };

  services.prowlarr = {
    enable = true;
  };

  services.rutorrent = {
    enable = true;
    hostName = "torrent.media.cocaine.farm";
    plugins = lib.mkForce [ "httprpc" "data" "diskspace" "edit" "erasedata" "theme" "trafic" ];
    nginx.enable = true;
  };

  virtualisation.oci-containers.containers = {
    flaresolverr = {
      image = "ghcr.io/flaresolverr/flaresolverr:latest";
      autoStart = true;
      ports = [
        "10.10.0.2:8191:8191"
      ];
    };
  };

  services.nginx = {
    enable = true;
    virtualHosts = {
      "media.cocaine.farm" = (proxyDomain "media.cocaine.farm" "http://127.0.0.1:8096/");
      "sonarr.media.cocaine.farm" = proxyDomainAuth "media.cocaine.farm" "http://127.0.0.1:8989";
      "radarr.media.cocaine.farm" = proxyDomainAuth "media.cocaine.farm" "http://127.0.0.1:7878";
      "prowlarr.media.cocaine.farm" = proxyDomainAuth "media.cocaine.farm" "http://127.0.0.1:9696";
      "torrent.media.cocaine.farm" = domainAuth "media.cocaine.farm";

      "torrent.local" = {
        listen = [{
          addr = "10.10.0.2";
          port = 80;
        }];

        serverAliases = [ "phaenn.wg.vapor.systems" ];

        locations."/RPC2" = {
          extraConfig = ''
            include ${pkgs.nginx}/conf/scgi_params;
            scgi_pass unix:/run/rtorrent/rpc.sock;
          '';
        };

        root = config.services.rutorrent.dataDir;
        locations = {
          "~ [^/]\\.php(/|$)" = {
            extraConfig = ''
              fastcgi_split_path_info ^(.+?\.php)(/.*)$;
              if (!-f $document_root$fastcgi_script_name) {
                return 404;
              }

              # Mitigate https://httpoxy.org/ vulnerabilities
              fastcgi_param HTTP_PROXY "";

              fastcgi_pass unix:${config.services.phpfpm.pools.rutorrent.socket};
              fastcgi_index index.php;

              include ${pkgs.nginx}/conf/fastcgi.conf;
            '';
          };
        };
      };
    };
  };

  networking.hosts = {
    "10.10.0.2" = [ "torrent.local" ];
  };
}