{ lib, pkgs, ... }: { users.groups.crime = {}; services = { prowlarr.enable = true; } // lib.genAttrs [ "sonarr" "radarr" ] (_: { enable = true; group = "crime"; }); systemd.services = lib.genAttrs [ "radarr" "sonarr" ] (_: { wants = [ "rclone-mezzomix.service" ]; serviceConfig.UMask = "0002"; }); systemd.mounts = lib.singleton { description = "rclone mount"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" "radarr.service" "sonarr.service" ]; where = "/mnt/mezzomix"; what = "mezzomix@otos.feralhosting.com:private/rtorrent/data"; type = "fuse.sshfs"; options = "_netdev,rw,nosuid,allow_other,default_permissions,follow_symlinks,identityfile=/etc/keys/ssh_host_ed25519_key"; }; systemd.automounts = lib.singleton { name = "mnt-mezzomix.automount"; where = "/mnt/mezzomix"; wantedBy = [ "multi-user.target" ]; automountConfig.TimeoutIdleSec = 0; }; environment.systemPackages = [ pkgs.sshfs ]; programs.ssh.ciphers = [ "aes256-ctr" ]; kyouma.nginx.virtualHosts = { "crime.kyouma.net" = { verifyClientCert = true; locations = { "/".root = ./landingPage.html; "/sonarr/" = { proxyPass = "http://127.0.0.1:8989"; recommendedProxySettings = true; }; "/radarr/" = { proxyPass = "http://127.0.0.1:7878"; recommendedProxySettings = true; }; "/prowlarr/" = { proxyPass = "http://127.0.0.1:9696"; recommendedProxySettings = true; }; }; }; }; security.acme.certs."crime.kyouma.net" = {}; }