Servarr configuration example for NixOS

nfs-home.nix

{ lib, ... }:

{
  fileSystems."/export/1tb" = {
    device = "/dev/disk/by-uuid/64de61f9-c996-4c22-a045-066782140a1c";
    label = "HD do antigo notebook";
    noCheck = true;
    options = lib.mkDefault [
      "defaults"
      "x-gvfs-show"
    ];
  };

  fileSystems."/export/Code" = {
    device = "/home/almino/Code";
    options = [ "bind" ];
  };

  fileSystems."/export/nix-config" = {
    device = "/nix-config";
    options = [ "bind" ];
  };

  networking.firewall.allowedTCPPorts = [ 2049 ];

  networking.interfaces.eno1 = {
    useDHCP = true;
    ipv4 = {
      # https://nixos.org/manual/nixos/stable/options#opt-networking.interfaces._name_.ipv4.addresses
      addresses = [(import ../net/home-pc.ip.nix)];
    };
    wakeOnLan.enable = true;
  };

  # https://discourse.nixos.org/t/newbie-openssh-server-questions/19064/2
  networking.networkmanager.enable = false;

  services.nfs.server.enable = true;
  services.nfs.server.exports = ''
    /export             192.168.0.0/24(rw,fsid=0,no_subtree_check)
    /export/1tb         192.168.0.0/24(ro,nohide,insecure,no_subtree_check)
    /export/Code        192.168.0.0/24(rw,nohide,insecure,no_subtree_check)
    /export/nix-config  192.168.0.0/24(rw,nohide,insecure,no_subtree_check)
  '';

  system.activationScripts.nfs =
    builtins.concatStringsSep " && " [
      "mkdir --parent /export"
      "chown nobody:nogroup /export"
    ];
}

servarr.nix

{ lib, pkgs, ... }:

let
  rwLine = to: from:
    "rewrite ^/${from}/?$ /${to} redirect;";
  rwBlock = to: list: builtins.concatStringsSep "\n"
    (builtins.map (from: rwLine to from) list);
  bazarr = rwBlock "bazarr" [
    "legendas?"
    "bazz?ar"
  ];
  jellyfin = rwBlock "jellyfin" [
    "assistir?"
    "ver"
    "watch"
    "jel[iy]ff?[iy]n"
  ];
  jellyseerr = rwBlock "jellyseerr" [
    "ask"
    "buscar?"
    "pedido"
    "pedir?"
    "procurar?"
    "solicitar?"
    "jell?[iy]ss?er"
  ];
  jellyseerrURI = "$scheme://$host:5055";
  prowlarr = rwBlock "prowlarr" [
    "index(er)?"
    "prow?ll?ar"
  ];
  radarr = rwBlock "radarr" [
    "filmes?"
    "movies?"
    "radd?ar"
  ];
  sonarr = rwBlock "sonarr" [
    "series?"
    "tv"
    "sonn?ar"
  ];
in
{
  environment.systemPackages = [
    pkgs.transmission-remote-gtk
  ];

  fileSystems."/home/almino/Vídeos/Filmes" = {
    device = "/export/1tb/Filmes";
    options = [ "bind" "x-gvfs-hide" ];
  };

  fileSystems."/home/almino/Vídeos/Séries" = {
    device = "/export/1tb/Séries";
    options = [ "bind" "x-gvfs-hide" ];
  };

  services.bazarr.enable = true;

  services.jellyfin = {
    enable = true;
    openFirewall = true; # Pra ficar mais fácil na TV
  };

  services.jellyseerr = {
    enable = true;
    openFirewall = true; # proxy reverso não suportado
  };

  services.nginx = {
    enable = lib.mkDefault true;
    enableReload = lib.mkDefault true;
    recommendedProxySettings = lib.mkDefault true;
    virtualHosts.localhost = {
      # Caso eu erre a digitação de algum desses nomes
      extraConfig = ''
        ${bazarr}
        ${jellyfin}
        ${jellyseerr}
        ${prowlarr}
        ${radarr}
        ${sonarr}
        rewrite ^/jellyseerr(.*) ${jellyseerrURI}/$1 redirect;
      '';
      default = lib.mkDefault true;
      locations = {
        "^~ /bazarr" = {
          proxyPass = "http://localhost:6767/bazarr";
          proxyWebsockets = true; # needed if you need to use WebSocket
        };
        "^~ /jellyfin" = {
          proxyPass = "http://localhost:8096/jellyfin";
          proxyWebsockets = true; # needed if you need to use WebSocket
        };
        "^~ /prowlarr" = {
          proxyPass = "http://localhost:9696/prowlarr";
          proxyWebsockets = true; # needed if you need to use WebSocket
        };
        "^~ /radarr" = {
          proxyPass = "http://localhost:7878/radarr";
          proxyWebsockets = true; # needed if you need to use WebSocket
        };
        "^~ /sonarr" = {
          proxyPass = "http://localhost:8989/sonarr";
          proxyWebsockets = true; # needed if you need to use WebSocket
        };
        "^~ /transmission" = {
          proxyPass = "http://localhost:9091";
          proxyWebsockets = true; # needed if you need to use WebSocket
        };
      };
    };
  };

  services.prowlarr.enable = true;

  services.radarr.enable = true;

  services.sonarr.enable = true;

  services.transmission = {
    enable = true;
    group = "servarr";
    openPeerPorts = true;
    openRPCPort = true;
    settings = {
      # sudo nano /var/lib/transmission/.config/transmission-daemon/settings.json
      download-dir = "/export/1tb/Transmission";
      incomplete-dir-enabled = false;
      rpc-bind-address = "0.0.0.0";
      rpc-host-whitelist =
        builtins.concatStringsSep ","
          (import ../net/hosts.home-pc.nix
            ++ [ "localhost" ]);
      rpc-whitelist = "127.0.0.*,::1,192.168.0.*";
    };
  };

  users.groups.servarr = {
    gid = 689;
    members = [
      "almino"
      "bazarr"
      "jackett"
      "jellyfin"
      "radarr"
      "sonarr"
      "transmission"
    ];
  };

  users.users.almino.packages = with pkgs; [
    ffmpeg_6
    screen
  ];
}

smb.nix

{ ... }:

{
  networking.firewall.allowPing = true;

  services.samba = {
    enable = true;

    extraConfig = ''
      workgroup = WORKGROUP
      # note: localhost is the ipv6 localhost ::1
      hosts allow = 192.168.0. 127.0.0.1 localhost
      hosts deny = 0.0.0.0/0
      guest account = nobody
      map to guest = bad user
    '';

    openFirewall = true;

    shares.public = {
      path = "/export/1tb";
      browseable = "yes";
      "read only" = "yes";
      "guest ok" = "yes";
      "force group" = "servarr";
    };
  };
}