feat(arr): Add exposePorts option

fix(bind9): Update arr records
chore(arr): Remove lidarr config
2025-09-05 14:19:34 +02:00 · 2025-09-05 10:35:46 +02:00 · 2025-09-05 10:30:57 +02:00 · 2025-09-05 10:28:00 +02:00 · 2025-09-05 10:24:55 +02:00
5 changed files with 152 additions and 95 deletions
--- a/flake.nix
+++ b/flake.nix
@ -41,6 +41,7 @@
      Binnenpost.modules    = [ ./hosts/Binnenpost    ];
      Production.modules    = [ ./hosts/Production    ];
      ProductionGPU.modules = [ ./hosts/ProductionGPU ];
      ProductionArr.modules = [ ./hosts/ProductionArr ];
      ACE.modules           = [ ./hosts/ACE           ];
      Template.modules      = [ ./hosts/Template      ];
--- a/hosts/Development/default.nix
+++ b/hosts/Development/default.nix
@ -4,9 +4,9 @@
  config = {
    homelab = {
      apps = {
-        arr = {
+        bind9.enable = true;
-          qbittorrent.enable = true;
+        traefik.enable = true;
-        };
+        plex.enable = true;
      };
      virtualisation.guest.enable = true;
    };
--- a/hosts/ProductionArr/default.nix
+++ b/hosts/ProductionArr/default.nix
@ -0,0 +1,48 @@
 { config, pkgs, lib, system, ... }:
 {
  config = {
    homelab = {
      apps = {
        arr.enable = true;
        traefik.enable = true;
      };
      virtualisation.guest.enable = true;
    };
    networking = {
      hostId = "aaaa2300";
      domain = "roxanne.depeuter.dev";
      useDHCP = false;
      enableIPv6 = true;
      defaultGateway = {
        address = "192.168.0.1";
        interface = "ens18";
      };
      # Open ports in the firewall.
      firewall = {
        enable = true;
      };
      interfaces.ens18 = {
        ipv4.addresses = [
          {
            address = "192.168.0.33";
            prefixLength = 24;
          }
        ];
      };
      nameservers = [
        "1.1.1.1" # Cloudflare
        "1.0.0.1" # Cloudflare
      ];
    };
    system.stateVersion = "24.05";
  };
 }
--- a/modules/apps/arr/default.nix
+++ b/modules/apps/arr/default.nix
@ -6,7 +6,7 @@ let
  networkName = "arrStack";
  proxyNet = config.homelab.apps.traefik.sharedNetworkName;
-  appNames = [ "bazarr" "lidarr" "prowlarr" "qbittorrent" "radarr" "sonarr" ];
+  appNames = [ "bazarr" "prowlarr" "qbittorrent" "radarr" "sonarr" ];
  inUse = builtins.any (app: cfg.${app}.enable) appNames;
  PGID = toString config.users.groups.media.gid;
@ -14,13 +14,53 @@ let
 in {
  options.homelab.apps.arr = {
    enable = lib.mkEnableOption "Arr Stack using Docker";
    exposePorts = lib.mkOption {
      type = lib.types.bool;
      description = "Expose all app ports";
      # Only expose ports by default if Traefik is not in use.
      default = ! config.homelab.apps.traefik.enable;
    };
-    bazarr.enable = lib.mkEnableOption "Bazarr using Docker";
+    bazarr = {
-    lidarr.enable = lib.mkEnableOption "Lidarr using Docker";
+      enable = lib.mkEnableOption "Bazarr using Docker";
-    prowlarr.enable = lib.mkEnableOption "Prowlarr using Docker";
+      exposePorts = lib.mkOption {
-    qbittorrent.enable = lib.mkEnableOption "qBittorrent using Docker";
+        type = lib.types.bool;
-    radarr.enable = lib.mkEnableOption "Radarr using Docker";
+        description = "Expose Bazarr port";
-    sonarr.enable = lib.mkEnableOption "Sonarr using Docker";
+        default = cfg.exposePorts;
      };
    };
    prowlarr = {
      enable = lib.mkEnableOption "Prowlarr using Docker";
      exposePorts = lib.mkOption {
        type = lib.types.bool;
        description = "Expose Prowlarr port";
        default = cfg.exposePorts;
      };
    };
    qbittorrent = {
      enable = lib.mkEnableOption "qBittorrent using Docker";
      exposePorts = lib.mkOption {
        type = lib.types.bool;
        description = "Expose qBittorrent port";
        default = cfg.exposePorts;
      };
    };
    radarr = {
      enable = lib.mkEnableOption "Radarr using Docker";
      exposePorts = lib.mkOption {
        type = lib.types.bool;
        description = "Expose Radarr port";
        default = cfg.exposePorts;
      };
    };
    sonarr = {
      enable = lib.mkEnableOption "Sonarr using Docker";
      exposePorts = lib.mkOption {
        type = lib.types.bool;
        description = "Expose Sonarr port";
        default = cfg.exposePorts;
      };
    };
  };
  config = {
@ -33,7 +73,6 @@ in {
      # "Master switch": Enable all apps.
      apps.arr = lib.mkIf cfg.enable {
        bazarr.enable = true;
        lidarr.enable = true;
        prowlarr.enable = true;
        qbittorrent.enable = true;
        radarr.enable = true;
@ -63,20 +102,6 @@ in {
        ];
      };
      "/srv/lidarr-backup" = lib.mkIf cfg.lidarr.enable {
        device = "192.168.0.11:/mnt/BIG/BACKUP/LIDARR";
        fsType = "nfs";
        options = [
          "rw"
          "auto"
          "nfsvers=4.2"
          "rsize=1048576" "wsize=1048576"
          "hard"
          "timeo=600" "retrans=2"
          "_netdev" "nosuid" "tcp"
        ];
      };
      "/srv/prowlarr-backup" = lib.mkIf cfg.prowlarr.enable {
        device = "192.168.0.11:/mnt/BIG/BACKUP/PROWLARR";
        fsType = "nfs";
@ -153,7 +178,6 @@ in {
      description = "Create Docker network for ${networkName}";
      requiredBy = [
        "docker-bazarr.service"
        "docker-lidarr.service"
        "docker-prowlarr.service"
        "docker-qbittorrent.service"
        "docker-radarr.service"
@ -179,13 +203,6 @@ in {
        home = "/var/empty";
        shell = null;
      };
      lidarr = lib.mkIf cfg.lidarr.enable {
        uid = lib.mkForce 3002;
        isSystemUser = true;
        group = config.users.groups.media.name;
        home = "/var/empty";
        shell = null;
      };
      prowlarr = lib.mkIf cfg.prowlarr.enable {
        uid = lib.mkForce 3004;
        isSystemUser = true;
@ -228,10 +245,9 @@ in {
        hostname = "bazarr";
        image = "ghcr.io/hotio/bazarr:release-1.4.4";
        autoStart = true;
-        ports = [
+        ports = lib.mkIf cfg.bazarr.exposePorts [
-          # Open ports if you don't use Traefik
+          "${toString port}:${toString port}/tcp"
-          # "${toString port}:${toString port}/tcp"
+          "${toString port}:${toString port}/udp"
          # "${toString port}:${toString port}/udp"
        ];
        extraOptions = [
          "--network=${networkName}"
@ -259,48 +275,14 @@ in {
        };
      };
      lidarr = let
        port = 8686;
      in lib.mkIf cfg.lidarr.enable {
        hostname = "lidarr";
        image = "ghcr.io/hotio/lidarr:release-2.5.3.4341";
        autoStart = true;
        ports = [
          # Open ports if you don't use Traefik
          # "${toString port}:${toString port}/tcp"
        ];
        extraOptions = [
          "--network=${networkName}"
          "--network=${proxyNet}"
        ];
        environment = {
          PUID = toString config.users.users.lidarr.uid;
          inherit PGID UMASK;
          TZ = config.time.timeZone;
        };
        volumes = [
          "lidarr-config:/config"
          # TODO Fix path
          "/srv/lidarr-backup:/media/Backups"
        ];
        labels = {
          "traefik.enable" = "true";
          "traefik.docker.network" = proxyNet;
          "traefik.http.routers.lidarr.rule" = "Host(`lidarr.depeuter.dev`)";
          "traefik.http.services.lidarr.loadbalancer.server.port" = toString port;
        };
      };
      prowlarr = let
        port = 9696;
      in lib.mkIf cfg.prowlarr.enable {
        hostname = "prowlarr";
        image = "ghcr.io/hotio/prowlarr:release-1.23.1.4708";
        autoStart = true;
-        ports = [
+        ports = lib.mkIf cfg.prowlarr.exposePorts [
-          # Open ports if you don't use Traefik
+          "${toString port}:${toString port}/tcp"
          # "${toString port}:${toString port}/tcp"
        ];
        extraOptions = [
          "--network=${networkName}"
@ -330,10 +312,9 @@ in {
        hostname = "qbittorrent";
        image = "ghcr.io/hotio/qbittorrent:release-4.6.7";
        autoStart = true;
-        ports = [
+        ports = lib.mkIf cfg.qbittorrent.exposePorts [
-          # Open ports if you don't use Traefik
+          "${toString port}:${toString port}/tcp"
-          # "${toString port}:${toString port}/tcp"
+          "${toString port}:${toString port}/udp"
          # "${toString port}:${toString port}/udp"
        ];
        extraOptions = [
          "--network=${networkName}"
@ -364,9 +345,8 @@ in {
        hostname = "radarr";
        image = "ghcr.io/hotio/radarr:release-5.9.1.9070";
        autoStart = true;
-        ports = [
+        ports = lib.mkIf cfg.radarr.exposePorts [
-          # Open ports if you don't use Traefik
+          "${toString port}:${toString port}/tcp"
          # "${toString port}:${toString port}/tcp"
        ];
        extraOptions = [
          "--network=${networkName}"
@ -399,9 +379,8 @@ in {
        hostname = "sonarr";
        image = "ghcr.io/hotio/sonarr:release-4.0.9.2244";
        autoStart = true;
-        ports = [
+        ports = lib.mkIf cfg.sonarr.exposePorts [
-          # Open ports if you don't use Traefik
+          "${toString port}:${toString port}/tcp"
          # "${toString port}:${toString port}/tcp"
        ];
        extraOptions = [
          "--network=${networkName}"
--- a/modules/apps/bind9/db.depeuter.dev
+++ b/modules/apps/bind9/db.depeuter.dev
@ -1,16 +1,45 @@
 $TTL    604800
-@       IN      SOA     ns1.depeuter.dev. admin.depeuter.dev. (
+@               IN      SOA     ns1 admin (
-                              5         ; Serial
+                                 15 ; Serial
-                         604800         ; Refresh
+                             604800 ; Refresh
-                          86400         ; Retry
+                              86400 ; Retry
-                        2419200         ; Expire
+                            2419200 ; Expire
-                         604800 )       ; Negative Cache TTL
+                             604800 )       ; Negative Cache TTL
-; name servers - NS records
+; Name servers - NS records
-        IN      NS      ns1.depeuter.dev.
+                IN      NS      ns1
-;       IN      NS      ns2.depeuter.dev.
+;                IN      NS      ns2
-ns1.depeuter.dev.  IN      A       192.168.0.91
+ns1             IN      A       192.168.0.91
-;ns1.depeuter.dev.  IN      A       192.158.0.X
+;ns2             IN      A       192.158.0.X
-hugo.depeuter.dev. IN      A       192.168.0.11
+; Hostnames
 hugo.kmtl       IN      A       192.168.0.11
 ingress.kmtl    IN      A       192.168.0.10
 ingress.kmtl    IN      AAAA    fe80::be24:11ff:fed6:842a
 ; Core services
 cloud           IN      A       192.168.0.10
 git             IN      A       78.23.37.117
 home            IN      A       192.168.0.10
 jelly           IN      CNAME   ingress.kmtl
 vault           IN      A       192.168.0.10
 ; Production VM
 books           IN      A       192.168.0.31
 calibre         IN      A       192.168.0.31
 ; Production VM - Arr
 bazarr          IN      A       192.168.0.33
 prowlarr        IN      A       192.168.0.33
 qb              IN      A       192.168.0.33
 radarr          IN      A       192.168.0.33
 sonarr          IN      A       192.168.0.33
 ; Development VM
 plex            IN      A       192.168.0.91
 ; Catchalls
 *.production    IN      A        192.168.0.31
 *.development   IN      A        192.168.0.91
Author	SHA1	Message	Date
Tibo De Peuter	74e4e8dcd6	feat(arr): Add exposePorts option	2025-09-05 14:19:34 +02:00
Tibo De Peuter	5f027ca12a	fix(bind9): Update arr records	2025-09-05 10:35:46 +02:00
Tibo De Peuter	9f5c9ecdd9	chore(arr): Remove lidarr config	2025-09-05 10:30:57 +02:00
Tibo De Peuter	d9e020a0c7	chore(arr): Move to new host	2025-09-05 10:28:00 +02:00
Tibo De Peuter	badc78ece6	chore: Add new host	2025-09-05 10:24:55 +02:00