{ config, pkgs, lib, ... }: let radarrPort = 7878; sonarrPort = 8989; sabnzbdPort = 8080; radarrDataDir = "/var/lib/radarr"; downloadDir = "/downloads"; incompleteDir = "/downloads-incomplete"; sonarrDataDir = "/var/lib/sonarr"; sabnzbdConfig = "/var/lib/sabnzbd"; mediaDir = "/media"; arrUserId = config.users.users.nix-apps.uid; arrGroupId = config.users.groups.jallen-nas.gid; sonarrPkg = pkgs.unstable.sonarr; in { containers.arrs = { autoStart = true; privateNetwork = true; hostAddress = "10.0.1.18"; localAddress = "10.0.1.51"; config = { config, pkgs, lib, ... }: { nixpkgs.config.permittedInsecurePackages = [ "aspnetcore-runtime-6.0.36" "aspnetcore-runtime-wrapped-6.0.36" "dotnet-sdk-6.0.428" "dotnet-sdk-wrapped-6.0.428" ]; nixpkgs.config.allowUnfree = true; # Enable radarr service services.radarr = { enable = true; openFirewall = true; user = "arrs"; group = "media"; dataDir = radarrDataDir; }; # Enable Sonarr service services.sonarr = { enable = true; openFirewall = true; user = "arrs"; group = "media"; dataDir = sonarrDataDir; package = sonarrPkg; }; # Enable Sabnzbd service services.sabnzbd = { enable = true; openFirewall = true; user = "arrs"; group = "media"; configFile = "${sabnzbdConfig}/sabnzbd.ini"; }; # Create required users and groups users.users.arrs = { isSystemUser = true; uid = lib.mkForce arrUserId; group = "media"; extraGroups = [ "downloads" ]; }; users.groups = { media = { gid = lib.mkForce arrGroupId; }; downloads = {}; }; # System packages environment.systemPackages = with pkgs; [ sqlite mono mediainfo protonvpn-cli ]; # Create and set permissions for required directories system.activationScripts.radarr-dirs = '' mkdir -p ${radarrDataDir} mkdir -p ${sonarrDataDir} mkdir -p ${sabnzbdConfig} mkdir -p ${downloadDir} mkdir -p ${incompleteDir} mkdir -p ${mediaDir} chown -R arrs:media ${radarrDataDir} chown -R arrs:media ${sonarrDataDir} chown -R arrs:media ${sabnzbdConfig} chown -R arrs:media ${downloadDir} chown -R arrs:media ${incompleteDir} chown -R arrs:media ${mediaDir} chmod -R 775 ${radarrDataDir} chmod -R 775 ${sonarrDataDir} chmod -R 775 ${sabnzbdConfig} chmod -R 775 ${downloadDir} chmod -R 775 ${incompleteDir} chmod -R 775 ${mediaDir} ''; networking = { firewall = { enable = true; allowedTCPPorts = [ radarrPort sonarrPort sabnzbdPort ]; }; # Use systemd-resolved inside the container # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 useHostResolvConf = lib.mkForce false; }; services.resolved.enable = true; system.stateVersion = "23.11"; }; # Bind mount directories from host bindMounts = { "${radarrDataDir}" = { hostPath = "/media/nas/ssd/nix-app-data/radarr"; isReadOnly = false; }; "${sonarrDataDir}" = { hostPath = "/media/nas/ssd/nix-app-data/sonarr"; isReadOnly = false; }; "${sabnzbdConfig}" = { hostPath = "/media/nas/ssd/nix-app-data/sabnzbd"; isReadOnly = false; }; "${downloadDir}" = { hostPath = "/media/nas/ssd/ssd_app_data/downloads"; isReadOnly = false; }; "${incompleteDir}" = { hostPath = "/media/nas/ssd/ssd_app_data/downloads-incomplete"; isReadOnly = false; }; "/media/movies" = { hostPath = "/media/nas/main/movies"; isReadOnly = false; }; "/media/tv" = { hostPath = "/media/nas/main/tv"; isReadOnly = false; }; }; }; networking.nat = { forwardPorts = [ { destination = "10.0.1.51:7878"; sourcePort = radarrPort; } { destination = "10.0.1.51:8989"; sourcePort = sonarrPort; } { destination = "10.0.1.51:8080"; sourcePort = sabnzbdPort; } ]; }; }