properly set unpackerr and stash secrets

2025-10-02 14:07:46 -06:00
parent 143187e171
commit 86e540b35d
5 changed files with 38 additions and 257 deletions
--- a/modules/servers/qbittorrent.nix
+++ b/modules/servers/qbittorrent.nix
@@ -49,14 +49,7 @@ in
    };
  };
  config = lib.mkIf (config.my.servers.qbittorrent.enable && config.my.secureHost) {
-    home-manager.users.jawz = {
-      xdg = {
-        dataFile.vuetorrent.source = vuetorrent;
-        configFile."unpackerr.conf" = lib.mkIf config.my.servers.unpackerr.enable {
-          source = ../../dotfiles/unpackerr.conf;
-        };
-      };
-    };
+    home-manager.users.jawz.xdg.dataFile.vuetorrent.source = vuetorrent;
    sops.secrets =
      let
        mkQbitSecret = file: mode: {
@@ -66,19 +59,23 @@ in
          owner = config.users.users.jawz.name;
          path = "/home/jawz/.config/qBittorrent/ssl/${file}";
        };
+        mkUnpackerrSecret = {
+          sopsFile = ../../secrets/secrets.yaml;
+          owner = config.users.users.jawz.name;
+        };
      in
      {
        "certificates/qbit_cert" = mkQbitSecret "server.crt" "0644";
        "certificates/qbit_key" = mkQbitSecret "server.key" "0600";
+        "unpackerr/sonarr-api" = mkUnpackerrSecret;
+        "unpackerr/radarr-api" = mkUnpackerrSecret;
      };
    systemd = {
      packages = [ pkgs.qbittorrent-nox ];
-      services = {
-        "qbittorrent-nox@jawz" = {
-          enable = true;
-          overrideStrategy = "asDropin";
-          wantedBy = [ "multi-user.target" ];
-        };
+      services."qbittorrent-nox@jawz" = {
+        enable = true;
+        overrideStrategy = "asDropin";
+        wantedBy = [ "multi-user.target" ];
      };
      user = {
        services = {
@@ -93,7 +90,7 @@ in
              {
                Restart = "on-failure";
                RestartSec = 30;
-                ExecStart = "${qbit_manageEnv}/bin/python ${env}/qbit_manage.py -r -c ${env}/config.yml";
+                ExecStart = "${qbit_manageEnv}/bin/python ${env}/qbit_manage.py -r -c ~/.config/qbit_manage/config.yml";
              };
          };
          unpackerr = lib.mkIf config.my.servers.unpackerr.enable {
@@ -101,12 +98,20 @@ in
            restartIfChanged = true;
            description = "Run unpackerr";
            wantedBy = [ "default.target" ];
+            environment = {
+              UN_FILE_MODE = "0664";
+              UN_DIR_MODE = "0775";
+              UN_SONARR_0_URL = config.my.servers.sonarr.local;
+              UN_SONARR_0_API_KEY = "filepath:${config.sops.secrets."unpackerr/sonarr-api".path}";
+              UN_SONARR_0_PATHS = "/srv/pool/multimedia/downloads/torrent";
+              UN_RADARR_0_URL = config.my.servers.radarr.local;
+              UN_RADARR_0_API_KEY = "filepath:${config.sops.secrets."unpackerr/radarr-api".path}";
+              UN_RADARR_0_PATHS = "/srv/pool/multimedia/downloads/torrent";
+            };
            serviceConfig = {
              Restart = "on-failure";
              RestartSec = 30;
-              ExecStart = ''
-                ${pkgs.unpackerr}/bin/unpackerr \
-                -c /home/jawz/.config/unpackerr.conf'';
+              ExecStart = "${pkgs.unpackerr}/bin/unpackerr";
            };
          };
        };