private certificate fix

2026-02-05 06:26:40 -06:00
parent eddef549e7
commit d14a7ba395
4 changed files with 96 additions and 88 deletions
--- a/modules/servers/prowlarr.nix
+++ b/modules/servers/prowlarr.nix
@@ -9,27 +9,29 @@ let
 in
 {
  options.my.servers.prowlarr = setup.mkOptions "prowlarr" "indexer" 9696;
-  config = lib.mkIf cfg.enable {
-    sops.secrets = lib.mkIf cfg.enable {
-      "private-ca/pem" = {
+  config = lib.mkMerge [
+    (lib.mkIf cfg.enable {
+      users.users.prowlarr = {
+        uid = 987;
+        group = "piracy";
+        isSystemUser = true;
+      };
+      services = {
+        prowlarr = {
+          inherit (cfg) enable;
+        };
+        flaresolverr = {
+          inherit (cfg) enable;
+        };
+      };
+    })
+    (lib.mkIf (cfg.enableProxy && config.my.enableProxy && config.my.secureHost) {
+      sops.secrets."private-ca/pem" = {
        sopsFile = ../../secrets/certs.yaml;
        owner = "nginx";
        group = "nginx";
      };
-    };
-    my.servers.prowlarr.certPath = config.sops.secrets."private-ca/pem".path;
-    users.users.prowlarr = {
-      uid = 987;
-      group = "piracy";
-      isSystemUser = true;
-    };
-    services = {
-      prowlarr = {
-        inherit (cfg) enable;
-      };
-      flaresolverr = {
-        inherit (cfg) enable;
-      };
-    };
-  };
+      my.servers.prowlarr.certPath = config.sops.secrets."private-ca/pem".path;
+    })
+  ];
 }