tristan/nix
1
0
Fork 0
Code Projects Releases Packages Activity

alpine: add prowlarr and exportarr

Browse source
This commit is contained in:
Tristan 2025-08-19 19:51:12 +01:00
parent e7c8cec95e
commit c993639066
3 changed files with 111 additions and 77 deletions
Download patch file Download diff file Expand all files Collapse all files

73
nixos/services/arr.nix
View file

@ -1,20 +1,20 @@
{config, lib, user, ...}: let
{
config,
lib,
user,
...
}: let
inherit (config) sops;
inherit (sops) templates placeholder;
in {
nixpkgs.config.permittedInsecurePackages = [
"aspnetcore-runtime-6.0.36"
"aspnetcore-runtime-wrapped-6.0.36"
"dotnet-sdk-6.0.428"
"dotnet-sdk-wrapped-6.0.428"
];
users.users.${user}.extraGroups = ["media"];
users.groups.media = {
gid = 979;
};
services.jackett = {
services.prowlarr = {
enable = true;
};
services.flaresolverr.enable = true;
services.lidarr = {
enable = true;
group = "media";
@ -27,21 +27,13 @@ in {
enable = true;
group = "media";
};
services.bazarr = {
enable = true;
group = "media";
};
services.jellyseerr.enable = true;
sops.secrets.sonarr-sslkey = {
sopsFile = ../../certs/alpine.prawn-justice.ts.net.key;
format = "binary";
owner = "nginx";
};
# this was fun to figure out, but pointless atm.
services.nginx.virtualHosts."alpine.prawn-justice.ts.net" = {
forceSSL = true;
sslCertificateKey = config.sops.secrets.sonarr-sslkey.path;
sslCertificate = ../../certs/alpine.prawn-justice.ts.net.crt;
};
# probably easier if i just put this in a nixos-container
virtualisation.oci-containers.containers.transmission = {
autoStart = false;
image = "docker.io/haugene/transmission-openvpn:5.3.2";
ports = ["9091:9091"];
volumes = [
@ -49,7 +41,7 @@ in {
"/home/tristan/pods/transmission/config:/config"
"/mnt/storage/media/unsorted:/data/completed"
];
environmentFiles = [ templates."transmission/env".path ];
environmentFiles = [templates."transmission/env".path];
environment = {
PUID = "1000";
PGID = toString config.users.groups.media.gid;
@ -79,4 +71,43 @@ in {
OPENVPN_PASSWORD=${placeholder."transmission/auth/OPENVPN_PASSWORD"}
'';
};
sops.secrets."sonarr/api_key" = {};
sops.secrets."radarr/api_key" = {};
sops.secrets."prowlarr/api_key" = {};
services.prometheus.exporters.exportarr-sonarr = {
enable = true;
url = "http://localhost:${toString config.services.sonarr.settings.server.port}/sonarr";
port = 9708;
apiKeyFile = config.sops.secrets."sonarr/api_key".path;
};
services.prometheus.exporters.exportarr-radarr = {
enable = true;
url = "http://localhost:${toString config.services.radarr.settings.server.port}";
port = 9709;
apiKeyFile = config.sops.secrets."radarr/api_key".path;
};
services.prometheus.exporters.exportarr-prowlarr = {
enable = true;
url = "http://localhost:${toString config.services.prowlarr.settings.server.port}";
port = 9710;
apiKeyFile = config.sops.secrets."prowlarr/api_key".path;
};
services.prometheus = {
enable = true;
scrapeConfigs = [
{
job_name = "exportarr";
static_configs = [
{
targets = [
"localhost:${toString config.services.prometheus.exporters.exportarr-radarr.port}"
"localhost:${toString config.services.prometheus.exporters.exportarr-sonarr.port}"
"localhost:${toString config.services.prometheus.exporters.exportarr-prowlarr.port}"
];
}
];
}
];
};
}

98
nixos/services/prometheus.nix
View file

@ -29,28 +29,34 @@ in {
];
rules = [
(builtins.toJSON {
groups = [{
name = "node";
rules = [
{
alert = "io error";
expr = ''node_filesystem_device_error{device_error!="permission denied"} > 0'';
}
{
alert = "disk full";
expr = ''node_filesystem_avail_bytes{fstype=~"ext4|btrfs"} < ${toString (50 * 1024 * 1024 * 1024)}'';
}
];
}];
groups = [
{
name = "node";
rules = [
{
alert = "io error";
expr = ''node_filesystem_device_error{device_error!="permission denied"} > 0'';
}
{
alert = "disk full";
expr = ''node_filesystem_avail_bytes{fstype=~"ext4|btrfs"} < ${toString (50 * 1024 * 1024 * 1024)}'';
}
];
}
];
})
];
alertmanagers = [ {
static_configs = [ {
targets = [
"localhost:9093"
alertmanagers = [
{
static_configs = [
{
targets = [
"localhost:9093"
];
}
];
} ];
} ];
}
];
exporters = {
postgres = {
enable = true;
@ -58,39 +64,35 @@ in {
};
};
alertmanager = {
enable = true;
enable = false;
configuration = {
receivers = [{
name = "ntfy";
webhook_configs = [{
url = "http://localhost${config.services.ntfy-sh.settings.listen-http}/alert/trigger";
}];
}];
route = {
receiver = "ntfy";
# routes = [{
# matchers = [
# ''node_filesystem_device_error != 0''
# ];
# }];
receiver = "alertmanager-ntfy";
routes = [{
matchers = [
''node_filesystem_device_error != 0''
];
}];
};
};
};
alertmanager-ntfy = {
enable = false;
settings = {
ntfy = {
baseurl = "https://up.tristans.cloud";
notification = {
topic = "alert";
};
};
};
};
# alertmanager-ntfy = {
# enable = true;
# settings = {
# ntfy = {
# baseurl = "https://up.tristans.cloud";
# notification = {
# topic = "alert";
# };
# };
# };
# };
};
services.grafana.provision.datasources.settings.datasources = [{
name = "Prometheus";
type = "prometheus";
url = "http://localhost:${toString prometheus.port}";
}];
services.grafana.provision.datasources.settings.datasources = [
{
name = "Prometheus";
type = "prometheus";
url = "http://localhost:${toString prometheus.port}";
}
];
}

17
secrets/secrets.yaml
View file

@ -33,11 +33,13 @@ transmission:
OPENVPN_USERNAME: ENC[AES256_GCM,data:RQ+hGLE6YEgN/aaa2TLpkg==,iv:oG794WxGe0t1ZI0PyC45ZgCPA0Ar2m/dSVDdMYBKJvY=,tag:CGnEu8ds0s4aH4ImCrNWNQ==,type:str]
OPENVPN_PASSWORD: ENC[AES256_GCM,data:Jw==,iv:uGAaXFWfpSaeqY7yC9cR9iqblH3E3hudnrnIlOvdRCg=,tag:P1XJ2SBY82z9YZP9J/n5SA==,type:str]
namecheap: ENC[AES256_GCM,data:PTEQK8+G1FfmvRk9IxrAZjCAhiKdV0AA+JxaJRZvbHU=,iv:xTrJzPooM0xzs9xgkNGWKRzRHeIIhMGa8EYW2/41ZvA=,tag:KHdLKuip439QNeAiBwreqg==,type:str]
sonarr:
api_key: ENC[AES256_GCM,data:mBq+ndbhDtErh/sytTybutes7btHMIkg6wT9C7t4M9I=,iv:JicYavIQJpnmYbFpO+AVOTwrp2DeOB5xWBROwSYNF4Y=,tag:xmlaKpdn8A9s/HpdsBR+0g==,type:str]
radarr:
api_key: ENC[AES256_GCM,data:iHDX/wLjde/6dj6+ORJaAnFCzXn82DXUWy3yh6fkmiQ=,iv:NcgRPa6Cy9tKLKYJ4OGr2cdW5smvpHbiXtBYJlEqOfw=,tag:BJ1YeMLXrhuDrZKsB5Z4YQ==,type:str]
prowlarr:
api_key: ENC[AES256_GCM,data:p1KRHilxv8qSy8NEKQlBy8ppXDxmQDeZXAzRYyc7psA=,iv:HyK3YEKLvE01fLCkxR89G96uViAegIPi7Xb43mFeWlQ=,tag:B8pNOT9+2rPUqVL+rTDRHg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age106vffwu4y8cx90y0rtzajgpafl8jq7ty5hf6pur2gjsuq3g2lf5qjmdq0q
enc: |
@ -48,8 +50,7 @@ sops:
S3ZwcHhkdEEvY0pINDloand5S0NycHcKEpIt5EeIKhLQK7f74sWVN/x5gzh/Jq7x
UUN5QtysRbWVGnWRxdNB8LIMjDJY9jRojycdQfSNebaz5ZLjEp8dZQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-18T02:00:29Z"
mac: ENC[AES256_GCM,data:x3J0tRfNynM2qlB4YUUAUMYI/94opN1kJ1j0kOyeZ1GZHx+EA4dQZif4nPQOERo+5xRt8C4YXVDZEnCjD1TpQE6LYik0n0iY+84sY5fSr2SYiXzq2P72Tk7BzBklI9/zjndeJLJbydTJDMzOCvdEWIfHYZsHODnKXBO9pYwjAqU=,iv:z+QD93t72S2w0CqMV5sQk9oK9LMnQAxyaiExmqEcSp0=,tag:dbtyHUQ+n2EQvHEkQa7zrw==,type:str]
pgp: []
lastmodified: "2025-08-19T18:47:49Z"
mac: ENC[AES256_GCM,data:xgsPA3TDBZ4C6aQVYoamOz2fi2iEaiUtT2eOFUnldBB4Wt+YNM4b4RVavXnlND1vOat9FtRzjmvI1rlkxoPV95tZz4B4QDfH/LUBWCwiOnZdLwrd4W0VWJLSxcX/hAmZ7qnGMpA7/G/0d45A2y0yMHJ3KGfqTsCikE/MPwrQbkg=,iv:1GEIIYygolYOGfS2LG1CmZCnacLaeOfBw+TGeh713DQ=,tag:E7mrU7xK2Zppq9QCwKdveQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.9.2
version: 3.10.2