movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-12 20:55:31 +03:00
Code Issues Projects Releases Packages Wiki Activity

nixos/prowlarr: use DynamicUser again, configure bind mount for custom dataDirs

Browse source
This commit is contained in:
Marie Ramlow 2025-05-24 15:15:30 +02:00
parent 9a4eaf1b61
commit 97557de1e2
1 changed files with 23 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

58
nixos/modules/services/misc/servarr/prowlarr.nix
View file

@ -7,6 +7,7 @@
let let
cfg = config.services.prowlarr; cfg = config.services.prowlarr;
servarr = import ./settings-options.nix { inherit lib pkgs; }; servarr = import ./settings-options.nix { inherit lib pkgs; };
isCustomDataDir = cfg.dataDir != "/var/lib/prowlarr";
in in
{ {
options = { options = {
@ -16,7 +17,12 @@ in
dataDir = lib.mkOption { dataDir = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = "/var/lib/prowlarr"; default = "/var/lib/prowlarr";
description = "The directory where Prowlarr stores its data files."; description = ''
The directory where Prowlarr stores its data files.
Note: A bind mount will be used to mount the directory at the expected location
if a different value than `/var/lib/prowlarr` is used.
'';
}; };
package = lib.mkPackageOption pkgs "prowlarr" { }; package = lib.mkPackageOption pkgs "prowlarr" { };
@ -30,22 +36,6 @@ in
settings = servarr.mkServarrSettingsOptions "prowlarr" 9696; settings = servarr.mkServarrSettingsOptions "prowlarr" 9696;
environmentFiles = servarr.mkServarrEnvironmentFiles "prowlarr"; environmentFiles = servarr.mkServarrEnvironmentFiles "prowlarr";
user = lib.mkOption {
type = lib.types.str;
default = "prowlarr";
description = ''
User account under which Prowlarr runs.
'';
};
group = lib.mkOption {
type = lib.types.str;
default = "prowlarr";
description = ''
Group under which Prowlarr runs.
'';
};
}; };
}; };
@ -55,38 +45,36 @@ in
description = "Prowlarr"; description = "Prowlarr";
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
environment = servarr.mkServarrSettingsEnvVars "PROWLARR" cfg.settings; environment = servarr.mkServarrSettingsEnvVars "PROWLARR" cfg.settings // {
HOME = "/var/empty";
};
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
User = cfg.user; DynamicUser = true;
Group = cfg.group; StateDirectory = "prowlarr";
EnvironmentFile = cfg.environmentFiles; EnvironmentFile = cfg.environmentFiles;
ExecStart = "${lib.getExe cfg.package} -nobrowser -data='${cfg.dataDir}'"; ExecStart = "${lib.getExe cfg.package} -nobrowser -data=/var/lib/prowlarr";
Restart = "on-failure"; Restart = "on-failure";
}; };
}; };
tmpfiles.settings."10-prowlarr".${cfg.dataDir}.d = { tmpfiles.settings."10-prowlarr".${cfg.dataDir}.d = lib.mkIf isCustomDataDir {
inherit (cfg) user group; user = "root";
group = "root";
mode = "0700"; mode = "0700";
}; };
mounts = lib.optional isCustomDataDir {
what = cfg.dataDir;
where = "/var/lib/private/prowlarr";
options = "bind";
wantedBy = [ "local-fs.target" ];
};
}; };
networking.firewall = lib.mkIf cfg.openFirewall { networking.firewall = lib.mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.settings.server.port ]; allowedTCPPorts = [ cfg.settings.server.port ];
}; };
users.users = lib.mkIf (cfg.user == "prowlarr") {
prowlarr = {
isSystemUser = true;
group = cfg.group;
home = cfg.dataDir;
};
};
users.groups = lib.mkIf (cfg.group == "prowlarr") {
prowlarr = { };
};
}; };
} }