Nixos Modules - Options Documentation

nixarr.enable

Whether or not to enable the nixarr module. Has the following features:

• Run services through a VPN: You can run any service that this module supports through a VPN, fx nixarr.transmission.vpn.enable = true;
• Automatic Directories, Users and Permissions: The module automatically creates directories and users for your media library. It also sets sane permissions.
• State Management: All services support state management and all state that they manage is located by default in /data/.state/nixarr/*
• Optional Automatic Port Forwarding: This module has a UPNP support that lets services request ports from your router automatically, if you enable it.

Also comes with the nixarr command that helps you manage your library.

It is possible, but not recommended, to run the “*Arrs” behind a VPN, because it can cause rate limiting issues. Generally, you should use VPN on transmission and maybe jellyfin, depending on your setup.

The following services are supported:

• Audiobookshelf
• Autobrr
• Bazarr
• Jellyfin
• Jellyseerr
• Lidarr
• Plex
• Prowlarr
• Radarr
• Readarr
• Readarr Audiobook
• Recyclarr
• SABnzbd
• Sonarr
• Transmission

Remember to read the options!

Type: boolean

  false

  true

nixarr.audiobookshelf.enable

Whether or not to enable the Audiobookshelf service.

Conflicting options: nixarr.plex.enable

Type: boolean

  false

  true

nixarr.audiobookshelf.package

The audiobookshelf package to use.

Type: package

  pkgs.audiobookshelf

nixarr.audiobookshelf.expose.https.enable

Required options:

• nixarr.audiobookshelf.expose.https.acmeMail
• nixarr.audiobookshelf.expose.https.domainName

Conflicting options: nixarr.audiobookshelf.vpn.enable

Expose the Audiobookshelf web service to the internet with https support, allowing anyone to access it.

Warning: Do not enable this without setting up Audiobookshelf authentication through localhost first!

Type: boolean

  false

  true

nixarr.audiobookshelf.expose.https.acmeMail

The ACME mail required for the letsencrypt bot.

Type: null or string

  null

  "mail@example.com"

nixarr.audiobookshelf.expose.https.domainName

The domain name to host Audiobookshelf on.

Type: null or string

  null

  "audiobookshelf.example.com"

nixarr.audiobookshelf.expose.https.upnp.enable

Whether to enable UPNP to try to open ports 80 and 443 on your router…

Type: boolean

  false

  true

nixarr.audiobookshelf.openFirewall

Open firewall for Audiobookshelf

Type: boolean

  !nixarr.audiobookshelf.vpn.enable

  true

nixarr.audiobookshelf.port

Default port for Audiobookshelf. The default is 8000 in nixpkgs, but that’s far too common a port to use.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

  9292

  8000

nixarr.audiobookshelf.stateDir

The location of the state directory for the Audiobookshelf service.

Warning: Setting this to any path, where the subpath is not owned by root, will fail! For example:

  stateDir = /home/user/nixarr/.state/audiobookshelf

Is not supported, because /home/user is owned by user.

Type: absolute path

  "${nixarr.stateDir}/audiobookshelf"

  "/nixarr/.state/audiobookshelf"

nixarr.audiobookshelf.vpn.enable

Required options: nixarr.vpn.enable

Conflicting options: nixarr.audiobookshelf.expose.https.enable

Route Audiobookshelf traffic through the VPN.

Type: boolean

  false

  true

nixarr.autobrr.enable

Whether or not to enable the Autobrr service.

Required options: nixarr.enable

Type: boolean

  false

  true

nixarr.autobrr.package

The autobrr package to use.

Type: package

  pkgs.autobrr

nixarr.autobrr.openFirewall

Open firewall for the Autobrr port.

Type: boolean

  !nixarr.autobrr.vpn.enable

  true

nixarr.autobrr.settings

Autobrr configuration options.

See https://autobrr.com/configuration/autobrr for more information.

sessionSecret is automatically generated upon first installation and will be overridden. This is done to ensure that the secret is not hard-coded in the configuration file. The actual secret file is generated in the systemd service at /data/.state/nixarr/autobrr/session-secret.

Type: TOML value

  {
    checkForUpdates = false;
    host = "0.0.0.0";
    port = 7474;
  }

  {
    logLevel = "DEBUG";
  }

nixarr.autobrr.stateDir

The location of the state directory for the Autobrr service.

Type: absolute path

  "${nixarr.stateDir}/autobrr"

  "/nixarr/.state/autobrr"

nixarr.autobrr.vpn.enable

Required options: nixarr.vpn.enable

Route Autobrr traffic through the VPN.

Type: boolean

  false

  true

nixarr.bazarr.enable

Whether or not to enable the Bazarr service.

Type: boolean

  false

  true

nixarr.bazarr.package

The bazarr package to use.

Type: package

  pkgs.bazarr

nixarr.bazarr.openFirewall

Open firewall for Bazarr

Type: boolean

  !nixarr.bazarr.vpn.enable

  true

nixarr.bazarr.port

Port for Bazarr to use.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

  6767

nixarr.bazarr.stateDir

The location of the state directory for the Bazarr service.

Warning: Setting this to any path, where the subpath is not owned by root, will fail! For example:

  stateDir = /home/user/nixarr/.state/bazarr

Is not supported, because /home/user is owned by user.

Type: absolute path

  "${nixarr.stateDir}/bazarr"

  "/nixarr/.state/bazarr"

nixarr.bazarr.vpn.enable

Required options: nixarr.vpn.enable

Route Bazarr traffic through the VPN.

Type: boolean

  false

  true

nixarr.ddns.njalla.enable

Required options:

• nixarr.ddns.njalla.keysFile

Whether or not to enable DDNS for a Njalla domain.

Type: boolean

  false

  true

nixarr.ddns.njalla.keysFile

A path to a JSON-file containing key value pairs of domains and keys.

To get the keys, create a dynamic njalla record. Upon creation you should see something like the following command suggested:

  curl "https://njal.la/update/?h=jellyfin.example.com&k=zeubesojOLgC2eJC&auto"

Then the JSON-file you pass here should contain:

  {
    "jellyfin.example.com": "zeubesojOLgC2eJC"
  }

You can, of course, add more key-value pairs than just one.

Type: null or absolute path

  null

  "/data/.secret/njalla/keys-file.json"

nixarr.ddns.njalla.vpn.enable

Required options:

• nixarr.ddns.njalla.keysFile
• nixarr.vpn.enable

Whether or not to enable DDNS over VPN for a Njalla domain. Setting this will point to the public ip of your VPN. Useful if you’re running services over VPN and want a domain that points to the corresponding ip.

Note: You can enable both this and the regular njalla DDNS service.

Type: boolean

  false

  true

nixarr.ddns.njalla.vpn.keysFile

See nixarr.ddns.njalla.keysFile

Type: null or absolute path

  null

  "/data/.secret/njalla/keys-file.json"

nixarr.jellyfin.enable

Whether or not to enable the Jellyfin service.

Conflicting options: nixarr.plex.enable

Type: boolean

  false

  true

nixarr.jellyfin.package

The jellyfin package to use.

Type: package

  pkgs.jellyfin

nixarr.jellyfin.expose.https.enable

Required options:

• nixarr.jellyfin.expose.https.acmeMail
• nixarr.jellyfin.expose.https.domainName

Conflicting options: nixarr.jellyfin.vpn.enable

Expose the Jellyfin web service to the internet with https support, allowing anyone to access it.

Warning: Do not enable this without setting up Jellyfin authentication through localhost first!

Type: boolean

  false

  true

nixarr.jellyfin.expose.https.acmeMail

The ACME mail required for the letsencrypt bot.

Type: null or string

  null

  "mail@example.com"

nixarr.jellyfin.expose.https.domainName

The domain name to host Jellyfin on.

Type: null or string

  null

  "jellyfin.example.com"

nixarr.jellyfin.expose.https.upnp.enable

Whether to enable UPNP to try to open ports 80 and 443 on your router…

Type: boolean

  false

  true

nixarr.jellyfin.openFirewall

Open firewall for Jellyfin

Type: boolean

  !nixarr.jellyfin.vpn.enable

  true

nixarr.jellyfin.stateDir

The location of the state directory for the Jellyfin service.

Warning: Setting this to any path, where the subpath is not owned by root, will fail! For example:

  stateDir = /home/user/nixarr/.state/jellyfin

Is not supported, because /home/user is owned by user.

Type: absolute path

  "${nixarr.stateDir}/jellyfin"

  "/nixarr/.state/jellyfin"

nixarr.jellyfin.vpn.enable

Required options: nixarr.vpn.enable

Conflicting options: nixarr.jellyfin.expose.https.enable

Route Jellyfin traffic through the VPN.

Type: boolean

  false

  true

nixarr.jellyseerr.enable

Whether or not to enable the Jellyseerr service.

Type: boolean

  false

  true

nixarr.jellyseerr.package

The jellyseerr package to use.

Type: package

  pkgs.jellyseerr

nixarr.jellyseerr.expose.https.enable

Required options:

• nixarr.jellyseerr.expose.https.acmeMail
• nixarr.jellyseerr.expose.https.domainName

Conflicting options: nixarr.jellyseerr.vpn.enable

Expose the Jellyseerr web service to the internet with https support, allowing anyone to access it.

Warning: Do not enable this without setting up Jellyseerr authentication through localhost first!

Type: boolean

  false

  true

nixarr.jellyseerr.expose.https.acmeMail

The ACME mail required for the letsencrypt bot.

Type: null or string

  null

  "mail@example.com"

nixarr.jellyseerr.expose.https.domainName

The domain name to host Jellyseerr on.

Type: null or string

  null

  "jellyseerr.example.com"

nixarr.jellyseerr.expose.https.upnp.enable

Whether to enable UPNP to try to open ports 80 and 443 on your router…

Type: boolean

  false

  true

nixarr.jellyseerr.openFirewall

Open firewall for Jellyseerr

Type: boolean

  !nixarr.jellyseerr.vpn.enable

  true

nixarr.jellyseerr.port

Jellyseerr web-UI port.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

  5055

  12345

nixarr.jellyseerr.stateDir

The location of the state directory for the Jellyseerr service.

Warning: Setting this to any path, where the subpath is not owned by root, will fail! For example:

  stateDir = /home/user/nixarr/.state/jellyseerr

Is not supported, because /home/user is owned by user.

Type: absolute path

  "${nixarr.stateDir}/jellyseerr"

  "/nixarr/.state/jellyseerr"

nixarr.jellyseerr.vpn.enable

Required options: nixarr.vpn.enable

Conflicting options: nixarr.jellyseerr.expose.https.enable

Route Jellyseerr traffic through the VPN.

Type: boolean

  false

  true

nixarr.komga.enable

Whether or not to enable the Komga service.

Conflicting options: nixarr.plex.enable

Type: boolean

  false

  true

nixarr.komga.expose.https.enable

Required options:

• nixarr.komga.expose.https.acmeMail
• nixarr.komga.expose.https.domainName

Conflicting options: nixarr.komga.vpn.enable

Expose the Komga web service to the internet with https support, allowing anyone to access it.

Warning: Do not enable this without setting up Komga authentication through localhost first!

Type: boolean

  false

  true

nixarr.komga.expose.https.acmeMail

The ACME mail required for the letsencrypt bot.

Type: null or string

  null

  "mail@example.com"

nixarr.komga.expose.https.domainName

The domain name to host Komga on.

Type: null or string

  null

  "komga.example.com"

nixarr.komga.expose.https.upnp.enable

Whether to enable UPNP to try to open ports 80 and 443 on your router…

Type: boolean

  false

  true

nixarr.komga.openFirewall

Open firewall for Komga

Type: boolean

  !nixarr.komga.vpn.enable

  true

nixarr.komga.stateDir

The location of the state directory for the Komga service.

Warning: Setting this to any path, where the subpath is not owned by root, will fail! For example:

  stateDir = /home/user/nixarr/.state/komga

Is not supported, because /home/user is owned by user.

Type: absolute path

  "${nixarr.stateDir}/komga"

  "/nixarr/.state/komga"

nixarr.komga.vpn.enable

Required options: nixarr.vpn.enable

Conflicting options: nixarr.komga.expose.https.enable

Route Komga traffic through the VPN.

Type: boolean

  false

  true

nixarr.lidarr.enable

Whether or not to enable the Lidarr service.

Type: boolean

  false

  true

nixarr.lidarr.package

The lidarr package to use.

Type: package

  pkgs.lidarr

nixarr.lidarr.openFirewall

Open firewall for Lidarr

Type: boolean

  !nixarr.lidarr.vpn.enable

  true

nixarr.lidarr.port

Port for Lidarr to use.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

  8686

nixarr.lidarr.stateDir

The location of the state directory for the Lidarr service.

Warning: Setting this to any path, where the subpath is not owned by root, will fail! For example:

  stateDir = /home/user/nixarr/.state/lidarr

Is not supported, because /home/user is owned by user.

Type: absolute path

  "${nixarr.stateDir}/lidarr"

  "/nixarr/.state/lidarr"

nixarr.lidarr.vpn.enable

Required options: nixarr.vpn.enable

Route Lidarr traffic through the VPN.

Type: boolean

  false

  true

nixarr.mediaDir

The location of the media directory for the services.

Warning: Setting this to any path, where the subpath is not owned by root, will fail! For example:

  mediaDir = /home/user/nixarr

Is not supported, because /home/user is owned by user.

Type: absolute path

  "/data/media"

  "/nixarr"

nixarr.mediaUsers

Extra users to add to the media group.

Type: list of string

  [ ]

  [
    "user"
  ]

nixarr.openssh.expose.vpn.enable

Required options:

• nixarr.vpn.enable

Run the openssh service through a vpn, exposing it to the internet.

Warning: This lets anyone on the internet connect through SSH, make sure the SSH configuration is secure! Disallowing password authentication and only allowing SSH-keys is considered secure.

Note: This option does not enable the SSHD service you still need to setup sshd in your nixos configuration, fx:

  services.openssh = {
    enable = true;
    settings.PasswordAuthentication = false;
    # Get this port from your VPN provider
    ports [ 12345 ];
  };

  users.extraUsers.username.openssh.authorizedKeys.keyFiles = [
    ./path/to/public/key/machine.pub
  ];

Then replace username with your username and the keyFiles path to a ssh public key file from the machine that you want to have access. Don’t use password authentication as it is insecure!

Type: boolean

  false

  true

nixarr.plex.enable

Whether or not to enable the Plex service.

Conflicting options: nixarr.jellyfin.enable

Type: boolean

  false

  true

nixarr.plex.package

The plex package to use.

Type: package

  pkgs.plex

nixarr.plex.expose.https.enable

Required options:

• nixarr.plex.expose.https.acmeMail
• nixarr.plex.expose.https.domainName

Conflicting options: nixarr.plex.vpn.enable

Expose the Plex web service to the internet with https support, allowing anyone to access it.

Warning: Do not enable this without setting up Plex authentication through localhost first!

Type: boolean

  false

  true

nixarr.plex.expose.https.acmeMail

The ACME mail required for the letsencrypt bot.

Type: null or string

  null

  "mail@example.com"

nixarr.plex.expose.https.domainName

The domain name to host Plex on.

Type: null or string

  null

  "plex.example.com"

nixarr.plex.expose.https.upnp.enable

Whether to enable UPNP to try to open ports 80 and 443 on your router…

Type: boolean

  false

  true

nixarr.plex.openFirewall

Open firewall for Plex

Type: boolean

  !nixarr.plex.vpn.enable

  true

nixarr.plex.stateDir

The location of the state directory for the Plex service.

Warning: Setting this to any path, where the subpath is not owned by root, will fail! For example:

  stateDir = /home/user/nixarr/.state/plex

Is not supported, because /home/user is owned by user.

Type: absolute path

  "${nixarr.stateDir}/plex"

  "/nixarr/.state/plex"

nixarr.plex.vpn.enable

Required options: nixarr.vpn.enable

Conflicting options: nixarr.plex.expose.https.enable

Route Plex traffic through the VPN.

Type: boolean

  false

  true

nixarr.prowlarr.enable

Whether or not to enable the Prowlarr service. This has a seperate service since running two instances is the standard way of being able to query both ebooks and audiobooks.

Type: boolean

  false

  true

nixarr.prowlarr.package

The prowlarr package to use.

Type: package

  pkgs.prowlarr

nixarr.prowlarr.openFirewall

Open firewall for Prowlarr

Type: boolean

  !nixarr.prowlarr.vpn.enable

  true

nixarr.prowlarr.port

Port for Prowlarr to use.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

  9696

nixarr.prowlarr.stateDir

The location of the state directory for the Prowlarr service.

Warning: Setting this to any path, where the subpath is not owned by root, will fail! For example:

  stateDir = /home/user/nixarr/.state/prowlarr

Is not supported, because /home/user is owned by user.

Type: absolute path

  "${nixarr.stateDir}/prowlarr"

  "/nixarr/.state/prowlarr"

nixarr.prowlarr.vpn.enable

Required options: nixarr.vpn.enable

Route Prowlarr traffic through the VPN.

Type: boolean

  false

  true

nixarr.radarr.enable

Whether or not to enable the Radarr service.

Type: boolean

  false

  true

nixarr.radarr.package

The radarr package to use.

Type: package

  pkgs.radarr

nixarr.radarr.openFirewall

Open firewall for Radarr

Type: boolean

  !nixarr.radarr.vpn.enable

  true

nixarr.radarr.port

Port for Radarr to use.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

  7878

nixarr.radarr.stateDir

The location of the state directory for the Radarr service.

Warning: Setting this to any path, where the subpath is not owned by root, will fail! For example:

  stateDir = /home/user/nixarr/.state/radarr

Is not supported, because /home/user is owned by user.

Type: absolute path

  "${nixarr.stateDir}/radarr"

  "/nixarr/.state/radarr"

nixarr.radarr.vpn.enable

Required options: nixarr.vpn.enable

Route Radarr traffic through the VPN.

Type: boolean

  false

  true

nixarr.readarr.enable

Whether or not to enable the Readarr service.

Type: boolean

  false

  true

nixarr.readarr.package

The readarr package to use.

Type: package

  pkgs.readarr

nixarr.readarr.openFirewall

Open firewall for Readarr

Type: boolean

  !nixarr.readarr.vpn.enable

  true

nixarr.readarr.port

Port for Readarr to use.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

  8787

nixarr.readarr.stateDir

The location of the state directory for the Readarr service.

Warning: Setting this to any path, where the subpath is not owned by root, will fail! For example:

  stateDir = /home/user/nixarr/.state/readarr

Is not supported, because /home/user is owned by user.

Type: absolute path

  "${nixarr.stateDir}/readarr"

  "/nixarr/.state/readarr"

nixarr.readarr.vpn.enable

Required options: nixarr.vpn.enable

Route Readarr traffic through the VPN.

Type: boolean

  false

  true

nixarr.readarr-audiobook.enable

Whether or not to enable the Readarr Audiobook service. This has a seperate service since running two instances is the standard way of being able to query both ebooks and audiobooks.

Type: boolean

  false

  true

nixarr.readarr-audiobook.package

The readarr package to use.

Type: package

  pkgs.readarr

nixarr.readarr-audiobook.openFirewall

Open firewall for Readarr Audiobook

Type: boolean

  !nixarr.readarr-audiobook.vpn.enable

  true

nixarr.readarr-audiobook.port

Port for Readarr Audiobook to use.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

  9494

nixarr.readarr-audiobook.stateDir

The location of the state directory for the Readarr Audiobook service.

Warning: Setting this to any path, where the subpath is not owned by root, will fail! For example:

  stateDir = /home/user/nixarr/.state/readarr-audiobook

Is not supported, because /home/user is owned by user.

Type: absolute path

  "${nixarr.stateDir}/readarr-audiobook"

  "/nixarr/.state/readarr-audiobook"

nixarr.readarr-audiobook.vpn.enable

Required options: nixarr.vpn.enable

Route Readarr Audiobook traffic through the VPN.

Type: boolean

  false

  true

nixarr.recyclarr.enable

Whether or not to enable the Recyclarr service. This service does not need to be run behind a VPN.

Type: boolean

  false

  true

nixarr.recyclarr.package

The recyclarr package to use.

Type: package

  pkgs.recyclarr

nixarr.recyclarr.configFile

Path to the recyclarr YAML configuration file. See Recyclarr’s documentation for more information.

The API keys for Radarr and Sonarr can be referenced in the config file using the RADARR_API_KEY and SONARR_API_KEY environment variables (with macro !env_var).

Note: You cannot set both configFile and configuration options.

Type: null or absolute path

  null

  "./recyclarr.yaml"

nixarr.recyclarr.configuration

Recyclarr YAML configuration as a Nix attribute set. For detailed configuration options and examples, see the official configuration reference.

The API keys for Radarr and Sonarr can be referenced using the RADARR_API_KEY and SONARR_API_KEY environment variables (with the string “!env_var RADARR_API_KEY”).

Note: You cannot set both configFile and configuration options.

Type: null or YAML 1.1 value

  null

  {
    sonarr = {
      series = {
        base_url = "http://localhost:8989";
        api_key = "!env_var SONARR_API_KEY";
        quality_definition = {
          type = "series";
        };
        delete_old_custom_formats = true;
        custom_formats = [
          {
            trash_ids = [
              "85c61753df5da1fb2aab6f2a47426b09" # BR-DISK
              "9c11cd3f07101cdba90a2d81cf0e56b4" # LQ
            ];
            assign_scores_to = [
              {
                name = "WEB-DL (1080p)";
                score = -10000;
              }
            ];
          }
        ];
      };
    };
    radarr = {
      movies = {
        base_url = "http://localhost:7878";
        api_key = "!env_var RADARR_API_KEY";
        quality_definition = {
          type = "movie";
        };
        delete_old_custom_formats = true;
        custom_formats = [
          {
            trash_ids = [
              "570bc9ebecd92723d2d21500f4be314c" # Remaster
              "eca37840c13c6ef2dd0262b141a5482f" # 4K Remaster
            ];
            assign_scores_to = [
              {
                name = "HD Bluray + WEB";
                score = 25;
              }
            ];
          }
        ];
      };
    };
  }

nixarr.recyclarr.schedule

When to run recyclarr in systemd calendar format.

Type: string

  "daily"

nixarr.recyclarr.stateDir

The location of the state directory for the Recyclarr service.

Type: absolute path

  "${nixarr.stateDir}/recyclarr"

  "/nixarr/.state/recyclarr"

nixarr.sabnzbd.enable

Whether to enable Enable the SABnzbd service…

Type: boolean

  false

  true

nixarr.sabnzbd.package

The sabnzbd package to use.

Type: package

  pkgs.sabnzbd

nixarr.sabnzbd.guiPort

The port that SABnzbd’s GUI will listen on for incomming connections.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

  6336

  9999

nixarr.sabnzbd.openFirewall

Open firewall for SABnzbd

Type: boolean

  !nixarr.sabnzbd.vpn.enable

  true

nixarr.sabnzbd.stateDir

The location of the state directory for the SABnzbd service.

Warning: Setting this to any path, where the subpath is not owned by root, will fail! For example:

  stateDir = /home/user/nixarr/.state/sabnzbd

Is not supported, because /home/user is owned by user.

Type: absolute path

  "${nixarr.stateDir}/sabnzbd"

  "/nixarr/.state/sabnzbd"

nixarr.sabnzbd.vpn.enable

Required options: nixarr.vpn.enable

Route SABnzbd traffic through the VPN.

Type: boolean

  false

  true

nixarr.sabnzbd.whitelistHostnames

A list that specifies what URLs that are allowed to represent your SABnzbd instance.

Note: If you see an error message like this when trying to connect to SABnzbd from another device:

  Refused connection with hostname "your.hostname.com"

Then you should add your hostname (“hostname.com” above) to this list.

SABnzbd only allows connections matching these URLs in order to prevent DNS hijacking. See https://sabnzbd.org/wiki/extra/hostname-check.html for more info.

Type: list of string

  [ config.networking.hostName ]

  [ "mediaserv" "media.example.com" ]

nixarr.sabnzbd.whitelistRanges

A list of IP ranges that will be allowed to connect to SABnzbd’s web GUI. This only needs to be set if SABnzbd needs to be accessed from another machine besides its host.

Type: list of string

  [ ]

  "[ \"192.168.1.0/24\" \"10.0.0.0/23\" ]"

nixarr.sonarr.enable

Whether or not to enable the Sonarr service.

Type: boolean

  false

  true

nixarr.sonarr.package

The sonarr package to use.

Type: package

  pkgs.sonarr

nixarr.sonarr.openFirewall

Open firewall for Sonarr

Type: boolean

  !nixarr.sonarr.vpn.enable

  true

nixarr.sonarr.port

Port for Sonarr to use.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

  8989

nixarr.sonarr.stateDir

The location of the state directory for the Sonarr service.

Warning: Setting this to any path, where the subpath is not owned by root, will fail! For example:

  stateDir = /home/user/nixarr/.state/sonarr

Is not supported, because /home/user is owned by user.

Type: absolute path

  "${nixarr.stateDir}/sonarr"

  "/nixarr/.state/sonarr"

nixarr.sonarr.vpn.enable

Required options: nixarr.vpn.enable

Route Sonarr traffic through the VPN.

Type: boolean

  false

  true

nixarr.stateDir

The location of the state directory for the services.

Warning: Setting this to any path, where the subpath is not owned by root, will fail! For example:

  stateDir = /home/user/nixarr/.state

Is not supported, because /home/user is owned by user.

Type: absolute path

  "/data/.state/nixarr"

  "/nixarr/.state"

nixarr.transmission.enable

Whether or not to enable the Transmission service.

Type: boolean

  false

  true

nixarr.transmission.package

The transmission_4 package to use.

Type: package

  pkgs.transmission_4

nixarr.transmission.credentialsFile

Path to a JSON file to be merged with the settings. Useful to merge a file which is better kept out of the Nix store to set secret config parameters like rpc-password.

Type: absolute path

  "/dev/null"

  "/var/lib/secrets/transmission/settings.json"

nixarr.transmission.extraAllowedIps

Extra IP addresses allowed to access the Transmission RPC. By default 192.168.* and 127.0.0.1 (localhost) are allowed, but if your local network has a weird ip for some reason, you can add it here.

Type: list of string

  [ ]

  [
    "10.19.5.10"
  ]

nixarr.transmission.extraSettings

Extra config settings for the Transmission service.

See the services.transmission.settings nixos options in the relevant section of the configuration.nix manual or on search.nixos.org.

Type: attribute set

  { }

  {
    trash-original-torrent-files = true;
  }

nixarr.transmission.flood.enable

Whether to enable the flood web-UI for the transmission web-UI…

Type: boolean

  false

  true

nixarr.transmission.messageLevel

Sets the message level of transmission.

Type: one of “none”, “critical”, “error”, “warn”, “info”, “debug”, “trace”

  "warn"

  "debug"

nixarr.transmission.openFirewall

Open firewall for peer-port and rpc-port.

Type: boolean

  !nixarr.transmission.vpn.enable

  true

nixarr.transmission.peerPort

Transmission peer traffic port.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

  50000

  12345

nixarr.transmission.privateTrackers.cross-seed.enable

Required options: nixarr.prowlarr.enable

Whether or not to enable the cross-seed service.

Type: boolean

  false

  true

nixarr.transmission.privateTrackers.cross-seed.extraSettings

Extra settings for the cross-seed service, see the cross-seed options documentation

Type: attribute set

  { }

  {
    delay = 20;
    port = 3000;
  }

nixarr.transmission.privateTrackers.cross-seed.indexIds

List of indexer-ids, from prowlarr. These are from the RSS links for the indexers, located by the “radio” or “RSS” logo on the right of the indexer, you’ll see the links have the form:

http://localhost:9696/1/api?apikey=aaaaaaaaaaaaa

Then the id needed here is the 1.

Type: list of signed integer

  [ ]

  [
    1
    3
    7
  ]

nixarr.transmission.privateTrackers.cross-seed.stateDir

The location of the state directory for the cross-seed service.

Warning: Setting this to any path, where the subpath is not owned by root, will fail! For example:

  stateDir = /home/user/nixarr/.state/cross-seed

Is not supported, because /home/user is owned by user.

Type: absolute path

  "${nixarr.stateDir}/cross-seed"

  "/nixarr/.state/cross-seed"

nixarr.transmission.privateTrackers.disableDhtPex

Disable pex and dht, which is required for some private trackers.

You don’t want to enable this unless a private tracker requires you to, and some don’t. All torrents from private trackers are set as “private”, and this automatically disables dht and pex for that torrent, so it shouldn’t even be a necessary rule to have, but I don’t make their rules ¯\(ツ)/¯.

Type: boolean

  false

  true

nixarr.transmission.stateDir

The location of the state directory for the Transmission service.

Warning: Setting this to any path, where the subpath is not owned by root, will fail! For example:

  stateDir = /home/user/nixarr/.state/transmission

Is not supported, because /home/user is owned by user.

Type: absolute path

  "${nixarr.stateDir}/transmission"

  "/nixarr/.state/transmission"

nixarr.transmission.uiPort

Transmission web-UI port.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

  9091

  12345

nixarr.transmission.vpn.enable

Required options: nixarr.vpn.enable

Route Transmission traffic through the VPN.

Type: boolean

  false

  true

nixarr.vpn.enable

Required options: nixarr.vpn.wgConf

Whether or not to enable VPN support for the services that nixarr supports.

Type: boolean

  false

  true

nixarr.vpn.accessibleFrom

What IP’s the VPN submodule should be accessible from. By default the following are included:

• “192.168.1.0/24”
• “192.168.0.0/24”
• “127.0.0.1”

Otherwise, you would not be able to services over your local network. You might have to use this option to extend your list with your local IP range by passing it with this option.

Type: list of string

  [ ]

  [
    "192.168.2.0/24"
  ]

nixarr.vpn.openTcpPorts

What TCP ports to allow traffic from. You might need this if you’re port forwarding on your VPN provider and you’re setting up services not covered in by this module that uses the VPN.

Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

  [ ]

  [
    46382
    38473
  ]

nixarr.vpn.openUdpPorts

What UDP ports to allow traffic from. You might need this if you’re port forwarding on your VPN provider and you’re setting up services not covered in by this module that uses the VPN.

Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

  [ ]

  [
    46382
    38473
  ]

nixarr.vpn.vpnTestService.enable

Whether to enable the vpn test service. Useful for testing DNS leaks or if the VPN port forwarding works correctly. .

Type: boolean

  false

  true

nixarr.vpn.vpnTestService.port

The port that netcat listens to on the vpn test service. If set to null, then netcat will not be started.

Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)

  null

  58403

nixarr.vpn.wgConf

The path to the wireguard configuration file.

Type: null or absolute path

  null

  "/data/.secret/vpn/wg.conf"

nixarr.whisparr.enable

Whether or not to enable the whisparr service.

Type: boolean

  false

  true

nixarr.whisparr.package

The whisparr package to use.

Type: package

  pkgs.whisparr

nixarr.whisparr.openFirewall

Open firewall for whisparr

Type: boolean

  !nixarr.whisparr.vpn.enable

  true

nixarr.whisparr.port

Port for Whisparr to use.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

  6969

nixarr.whisparr.stateDir

The location of the state directory for the whisparr service.

Warning: Setting this to any path, where the subpath is not owned by root, will fail! For example:

  stateDir = /home/user/nixarr/.state/whisparr

Is not supported, because /home/user is owned by user.

Type: absolute path

  "${nixarr.stateDir}/whisparr"

  "/nixarr/.state/whisparr"

nixarr.whisparr.vpn.enable

Required options: nixarr.vpn.enable

Route whisparr traffic through the VPN.

Type: boolean

  false

  true

util-nixarr.globals

Global values to be used by Nixarr, change at your own risk.

Type: attribute set

  { }

util-nixarr.services.cross-seed.enable

Whether to enable cross-seed.

Type: boolean

  false

  true

util-nixarr.services.cross-seed.credentialsFile

Secret options to be merged into the cross-seed config

Type: absolute path

  "/run/secrets/cross-seed/credentialsFile.json"

util-nixarr.services.cross-seed.dataDir

The cross-seed dataDir

Type: absolute path

  "/var/lib/cross-seed"

util-nixarr.services.cross-seed.group

Group under which cross-seed runs.

Type: null or string

  null

util-nixarr.services.cross-seed.settings

Settings for cross-seed

Type: attribute set

  { }

  ''
    {
      delay = 10;
    }
  ''

util-nixarr.services.cross-seed.user

User account under which cross-seed runs.

Type: null or string

  null

util-nixarr.upnp.enable

Whether to enable Enable port forwarding using UPNP…

Type: boolean

  false

  true

util-nixarr.upnp.openTcpPorts

What TCP ports to open using UPNP.

Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

  [ ]

  [
    46382
    38473
  ]

util-nixarr.upnp.openUdpPorts

What UDP ports to open using UPNP.

Type: list of 16 bit unsigned integer; between 0 and 65535 (both inclusive)

  [ ]

  [
    46382
    38473
  ]