{ config, pkgs, lib, ... }: let sonarrPort = 8989; dataDir = "/var/lib/sonarr"; downloadDir = "/downloads"; mediaDir = "/media"; sonarrUserId = config.users.users.nix-apps.uid; sonarrGroupId = config.users.groups.jallen-nas.gid; in { containers.sonarr = { autoStart = true; privateNetwork = true; hostAddress = "10.0.1.18"; localAddress = "10.0.1.50"; hostAddress6 = "fc00::1"; localAddress6 = "fc00::2"; config = { config, pkgs, lib, ... }: { # Enable Sonarr service services.sonarr = { enable = true; user = "sonarr"; group = "media"; dataDir = dataDir; }; # Create required users and groups users.users.sonarr = { isSystemUser = true; uid = lib.mkForce sonarrUserId; group = "media"; extraGroups = [ "downloads" ]; }; users.groups = { media = { gid = lib.mkForce sonarrGroupId; }; downloads = {}; }; # System packages environment.systemPackages = with pkgs; [ sqlite mono mediainfo ]; # Create and set permissions for required directories system.activationScripts.sonarr-dirs = '' mkdir -p ${dataDir} mkdir -p ${downloadDir} mkdir -p ${mediaDir} chown -R sonarr:media ${dataDir} chown -R sonarr:media ${downloadDir} chown -R sonarr:media ${mediaDir} chmod -R 775 ${dataDir} chmod -R 775 ${downloadDir} chmod -R 775 ${mediaDir} ''; networking = { firewall = { enable = true; allowedTCPPorts = [ sonarrPort ]; }; # Use systemd-resolved inside the container # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 useHostResolvConf = lib.mkForce false; }; services.resolved.enable = true; system.stateVersion = "23.11"; }; # Bind mount directories from host bindMounts = { "/var/lib/sonarr" = { hostPath = "/media/nas/ssd/nix-app-data/sonarr"; isReadOnly = false; }; "/downloads" = { hostPath = "/media/nas/ssd/ssd_app_data/downloads"; isReadOnly = false; }; "/media" = { hostPath = "/media/nas/main/tv"; isReadOnly = false; }; }; }; networking.nat = { forwardPorts = [ { destination = "10.0.1.50:8989"; sourcePort = 8989; } ]; }; }