{ config, containerCfg, pkgs, lib, builder, name, ... }: let serverCfg = config.syscfg.server; mkServarrImage = appName: appPkg: binaryPath: pkgs.dockerTools.streamLayeredImage { name = appPkg.name; tag = appPkg.version; contents = with pkgs; [ cacert openssl ]; config = { Cmd = [ "${appPkg}/${binaryPath}" "-nobrowser" "-data=/config" ]; Env = [ "DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1" "HOME=/tmp" ]; }; }; images = { prowlarr = mkServarrImage "prowlarr" pkgs.prowlarr "bin/Prowlarr"; radarr = mkServarrImage "radarr" pkgs.radarr "bin/Radarr"; sonarr = mkServarrImage "sonarr" pkgs.sonarr "bin/Sonarr"; bazarr = mkServarrImage "bazarr" pkgs.bazarr "bin/bazarr"; lidarr = mkServarrImage "lidarr" pkgs.lidarr "bin/Lidarr"; readarr = mkServarrImage "readarr" pkgs.readarr "bin/Readarr"; }; sharedVolumes = [ "${serverCfg.dataPath}/media:/media" # Fast hardlinking requires a single shared root "${serverCfg.configPath}/servarr:/config-root" ]; in { sops = true; paths = [ { path = "${serverCfg.dataPath}/media/"; mode = "0755"; } { path = "${serverCfg.configPath}/servarr/prowlarr"; mode = "0755"; } { path = "${serverCfg.configPath}/servarr/radarr"; mode = "0755"; } { path = "${serverCfg.configPath}/servarr/sonarr"; mode = "0755"; } ]; containers = { prowlarr = builder.mkContainer { subdomain = containerCfg.subdomain; subpath = "prowlarr"; imageStream = images.prowlarr; port = 8989; secret = name; extraEnv = { "PROWLARR__APP__INSTANCENAME" = "Prowlarr"; # "PROWLARR__AUTH__ENABLED" = "false"; "PROWLARR__AUTH__METHOD" = "External"; "PROWLARR__SERVER__PORT" = "8989"; "PROWLARR__SERVER__URLBASE" = "prowlarr"; "PROWLARR__SERVER__ENABLESSL" = "false"; }; extraOptions = [ "--tmpfs=/tmp:rw,noexec,nosuid,size=512m" "--user=1000:1000" ]; overrides.volumes = sharedVolumes ++ [ "${serverCfg.configPath}/servarr/prowlarr:/config" ]; }; radarr = builder.mkContainer { subdomain = containerCfg.subdomain; subpath = "radarr"; imageStream = images.radarr; port = 8989; secret = name; extraEnv = { "RADARR__APP__INSTANCENAME" = "Radarr"; # "RADARR__AUTH__ENABLED" = "false"; "RADARR__AUTH__METHOD" = "External"; "RADARR__SERVER__PORT" = "8989"; "RADARR__SERVER__URLBASE" = "radarr"; "RADARR__SERVER__ENABLESSL" = "false"; }; extraOptions = [ "--tmpfs=/tmp:rw,noexec,nosuid,size=512m" "--user=1000:1000" ]; overrides.volumes = sharedVolumes ++ [ "${serverCfg.configPath}/servarr/radarr:/config" ]; }; sonarr = builder.mkContainer { subdomain = containerCfg.subdomain; subpath = "sonarr"; imageStream = images.sonarr; port = 8989; secret = name; extraEnv = { "SONARR__APP__INSTANCENAME" = "Sonarr"; # "SONARR__AUTH__ENABLED" = "false"; "SONARR__AUTH__METHOD" = "External"; "SONARR__SERVER__PORT" = "8989"; "SONARR__SERVER__URLBASE" = "sonarr"; "SONARR__SERVER__ENABLESSL" = "false"; }; extraOptions = [ "--tmpfs=/tmp:rw,noexec,nosuid,size=512m" "--user=1000:1000" ]; overrides.volumes = sharedVolumes ++ [ "${serverCfg.configPath}/servarr/sonarr:/config" ]; }; #bazarr = ... }; # setup = { # trigger = "prowlarr"; # Triggers atomic environment verification on main controller # envFile = config.sops.secrets."SERVARR".path; # script = pkgs.writeShellScript "setup-servarr" '' # echo "Validating multi-container path permission nodes..." # # mkdir -p ${serverCfg.configPath}/servarr/{prowlarr,radarr,sonarr} # ''; # }; }