From ec656712e22e7351f1c06e0f901946cf8c35219a Mon Sep 17 00:00:00 2001
From: rasmus-kirk <mail@rasmuskirk.com>
Date: Tue, 12 Mar 2024 09:33:17 +0100
Subject: [PATCH] Added bazarr

---
 nixarr/bazarr/default.nix | 89 +++++++++++++++++++++++++++++++++++++++
 nixarr/lidarr/default.nix |  1 +
 nixarr/nixarr.nix         |  2 +
 3 files changed, 92 insertions(+)
 create mode 100644 nixarr/bazarr/default.nix

diff --git a/nixarr/bazarr/default.nix b/nixarr/bazarr/default.nix
new file mode 100644
index 0000000..49293cb
--- /dev/null
+++ b/nixarr/bazarr/default.nix
@@ -0,0 +1,89 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.nixarr.bazarr;
+  nixarr = config.nixarr;
+in {
+  options.nixarr.bazarr = {
+    enable = mkEnableOption "the bazarr service.";
+
+    stateDir = mkOption {
+      type = types.path;
+      default = "${nixarr.stateDir}/bazarr";
+      defaultText = literalExpression ''"''${nixarr.stateDir}/bazarr"'';
+      example = "/home/user/.local/share/nixarr/bazarr";
+      description = "The state directory for bazarr";
+    };
+
+    vpn.enable = mkOption {
+      type = types.bool;
+      default = false;
+      example = true;
+      description = ''
+        **Required options:** [`nixarr.vpn.enable`](#nixarr.vpn.enable)
+
+        Route Bazarr traffic through the VPN.
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.vpn.enable -> nixarr.vpn.enable;
+        message = ''
+          The nixarr.bazarr.vpn.enable option requires the
+          nixarr.vpn.enable option to be set, but it was not.
+        '';
+      }
+    ];
+
+    systemd.tmpfiles.rules = [
+      "d '${cfg.stateDir}' 0700 bazarr root - -"
+    ];
+
+    services.bazarr = {
+      enable = cfg.enable;
+      user = "bazarr";
+      group = "media";
+      dataDir = cfg.stateDir;
+    };
+
+    # Enable and specify VPN namespace to confine service in.
+    systemd.services.bazarr.vpnconfinement = mkIf cfg.vpn.enable {
+      enable = true;
+      vpnnamespace = "wg";
+    };
+
+    # Port mappings
+    # TODO: openports
+    vpnnamespaces.wg = mkIf cfg.vpn.enable {
+      portMappings = [{ from = config.bazarr.listenPort; to = config.bazarr.listenPort; }];
+    };
+
+    services.nginx = mkIf cfg.vpn.enable {
+      enable = true;
+
+      recommendedTlsSettings = true;
+      recommendedOptimisation = true;
+      recommendedGzipSettings = true;
+
+      virtualHosts."127.0.0.1:${builtins.toString config.bazarr.listenPort}" = {
+        listen = [
+          {
+            addr = "0.0.0.0";
+            port = config.bazarr.listenPort;
+          }
+        ];
+        locations."/" = {
+          recommendedProxySettings = true;
+          proxyWebsockets = true;
+          proxyPass = "http://192.168.15.1:${builtins.toString config.bazarr.listenPort}";
+        };
+      };
+    };
+  };
+}
diff --git a/nixarr/lidarr/default.nix b/nixarr/lidarr/default.nix
index adbeb4a..caa768e 100644
--- a/nixarr/lidarr/default.nix
+++ b/nixarr/lidarr/default.nix
@@ -6,6 +6,7 @@
 with lib; let
   cfg = config.nixarr.lidarr;
   nixarr = config.nixarr;
+  defaultPort = 8686;
 in {
   options.nixarr.lidarr = {
     enable = mkEnableOption "the Lidarr service.";
diff --git a/nixarr/nixarr.nix b/nixarr/nixarr.nix
index fd115c4..14d5372 100644
--- a/nixarr/nixarr.nix
+++ b/nixarr/nixarr.nix
@@ -17,6 +17,7 @@ with lib; let
 in {
   imports = [
     ./jellyfin
+    ./bazarr
     ./ddns
     ./radarr
     ./lidarr
@@ -53,6 +54,7 @@ in {
         The following services are supported:
 
         - [Jellyfin](#nixarr.jellyfin.enable)
+        - [Bazarr](#nixarr.bazarr.enable)
         - [Lidarr](#nixarr.lidarr.enable)
         - [Prowlarr](#nixarr.prowlarr.enable)
         - [Radarr](#nixarr.radarr.enable)