From ff64e6c231b0380cca00f701e17d9b9e9c26ddf2 Mon Sep 17 00:00:00 2001
From: sora-ext <sora.ext@helcel.net>
Date: Tue, 12 May 2026 17:45:07 +0200
Subject: [PATCH] Update modules/server/containers/apps/servarr.nix

---
 modules/server/containers/apps/servarr.nix | 74 +++++++++++++++++++++-
 1 file changed, 72 insertions(+), 2 deletions(-)

diff --git a/modules/server/containers/apps/servarr.nix b/modules/server/containers/apps/servarr.nix
index 6d83f94..48ed458 100644
--- a/modules/server/containers/apps/servarr.nix
+++ b/modules/server/containers/apps/servarr.nix
@@ -1,3 +1,73 @@
-{...}:{
-    
+{ config, containerCfg, pkgs, lib, builder, name, ... }:
+let 
+  serverCfg = config.syscfg.server;
+
+  mkServarrImage = appName: appPkg: binaryPath: pkgs.dockerTools.streamLayeredImage {
+    name = appPkg.name;
+    tag = appPkg.version;
+    contents = with pkgs; [ cacert openssl ];
+    config = {
+      Cmd = [ "${appPkg}/${binaryPath}" "-nobrowser" "-data=/config" ];
+      Env = [ "DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1" ];
+    };
+  };
+
+  images = {
+    prowlarr = mkServarrImage "prowlarr" pkgs.prowlarr "bin/Prowlarr";
+    radarr   = mkServarrImage "radarr"   pkgs.radarr   "bin/Radarr";
+    sonarr   = mkServarrImage "sonarr"   pkgs.sonarr   "bin/Sonarr";
+    bazarr   = mkPythonImage  "bazarr"   pkgs.bazarr   "bin/bazarr";
+    lidarr   = mkServarrImage "lidarr"   pkgs.lidarr   "bin/Lidarr";
+    readarr  = mkServarrImage "readarr"  pkgs.readarr  "bin/Readarr";
+  };
+
+  sharedVolumes = [
+    "${serverCfg.mediaPath or "/mnt/media"}:/media" # Fast hardlinking requires a single shared root
+    "${serverCfg.configPath}/servarr:/config-root"
+  ];
+in {
+  # Initialize atomic configuration structures
+  paths = [
+    { path = "${serverCfg.configPath}/servarr/prowlarr"; mode = "0755"; }
+    { path = "${serverCfg.configPath}/servarr/radarr";   mode = "0755"; }
+    { path = "${serverCfg.configPath}/servarr/sonarr";   mode = "0755"; }
+  ];
+
+  containers = {
+    prowlarr = builder.mkContainer {
+      subdomain = containerCfg.subdomain;
+      subpath = "prowlarr";
+      imageStream = images.prowlarr;
+      port = 9696;
+      secret = name;
+      overrides.volumes = sharedVolumes ++ [ "${serverCfg.configPath}/servarr/prowlarr:/config" ];
+    };
+
+    radarr = builder.mkContainer {
+      subdomain = containerCfg.subdomain;
+      subpath = "radarr";
+      imageStream = images.radarr;
+      port = 7878;
+      secret = name;
+      overrides.volumes = sharedVolumes ++ [ "${serverCfg.configPath}/servarr/radarr:/config" ];
+    };
+
+    sonarr = builder.mkContainer {
+      subdomain = containerCfg.subdomain
+      subpath = "sonarr";
+      imageStream = images.sonarr;
+      port = 8989;
+      secret = name;
+      overrides.volumes = sharedVolumes ++ [ "${serverCfg.configPath}/servarr/sonarr:/config" ];
+    };
+  };
+
+#   setup = {
+#     trigger = "prowlarr"; # Triggers atomic environment verification on main controller
+#     envFile = config.sops.secrets."SERVARR".path;
+#     script = pkgs.writeShellScript "setup-servarr" ''
+#       echo "Validating multi-container path permission nodes..."
+#     #   mkdir -p ${serverCfg.configPath}/servarr/{prowlarr,radarr,sonarr}
+#     '';
+#   };
 }
\ No newline at end of file