{ extraInfo, pkgs, ... }: { users.groups.media = { }; services.jellyfin.enable = true; services.nginx.virtualHosts.${extraInfo.jellyfinURI} = { enableACME = true; forceSSL = true; locations = { "/" = { proxyPass = "http://localhost:8096"; }; "/socket" = { proxyPass = "http://localhost:8096"; proxyWebsockets = true; }; }; }; services.sonarr = { enable = true; openFirewall = true; group = "media"; }; # Sonarr didn't update their runtime for a while... nixpkgs.config.permittedInsecurePackages = [ "aspnetcore-runtime-6.0.36" "aspnetcore-runtime-wrapped-6.0.36" "dotnet-sdk-wrapped-6.0.428" "dotnet-sdk-6.0.428" ]; services.radarr = { enable = true; openFirewall = true; group = "media"; }; services.bazarr = { enable = true; openFirewall = true; group = "media"; }; # Torrent client services.deluge = { enable = true; web = { enable = true; openFirewall = true; }; group = "media"; }; services.jackett = { enable = true; openFirewall = true; }; systemd.services.delugedweb.requires = [ "deluged-proxy.service" ]; systemd.services.deluged.bindsTo = [ "wireguard-wg1.service" ]; systemd.services.deluged.requires = [ "network-online.target" ]; systemd.services.deluged.serviceConfig.NetworkNamespacePath = "/var/run/netns/wg1ns"; systemd.services.deluged.serviceConfig.PrivateNetwork = true; systemd.sockets.deluged-proxy = { description = "Socket for deluge-web to deluged in network namespace"; listenStreams = [ "58846" ]; wantedBy = [ "sockets.target" ]; }; systemd.services.deluged-proxy = { description = "Proxy for deluge-web to deluged in network namespace"; requires = [ "deluged.service" "deluged-proxy.socket" ]; after = [ "deluged.service" "deluged-proxy.socket" ]; unitConfig.JoinsNamespaceOf = "deluged.service"; serviceConfig = { User = "deluge"; Group = "media"; ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd 127.0.0.1:58846"; PrivateNetwork = true; }; }; }