refactor: split module.nix into per-service modules

Replace the 1301-line monolithic module.nix with focused modules: - modules/servarr.nix (Sonarr/Radarr/Prowlarr) - modules/bazarr.nix (Bazarr provider connections) - modules/jellyseerr.nix (Jellyseerr quality profiles) - modules/default.nix (import aggregator) Python scripts (from prior commit) are referenced as standalone files via PYTHONPATH, with config passed as a JSON file argument. New options: - Add bindAddress option to all services (default 127.0.0.1) - Replace hardcoded wg.service dependency with configurable networkNamespaceService option - Add systemd hardening: PrivateTmp, NoNewPrivileges, ProtectHome, ProtectKernelTunables/Modules, ProtectControlGroups, RestrictSUIDSGID, SystemCallArchitectures=native Test updates: - Extract mock qBittorrent/SABnzbd servers into tests/lib/mocks.nix - Fix duplicate wait_for_unit calls in integration test
2026-04-16 17:29:25 -04:00
parent a7d9b269df
commit 948c9e3a38
12 changed files with 952 additions and 1705 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -1,35 +1,39 @@
 {
-  description = "Declarative API initialization for Servarr applications (Sonarr, Radarr, Prowlarr, Bazarr)";
+  description = "Declarative API initialization for Servarr applications (Sonarr, Radarr, Prowlarr, Bazarr, Jellyseerr)";

  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    flake-utils.url = "github:numtide/flake-utils";
  };

  outputs =
-    { self, nixpkgs }:
-    let
-      supportedSystems = [
+    {
+      self,
+      nixpkgs,
+      flake-utils,
+    }:
+    flake-utils.lib.eachSystem
+      [
        "x86_64-linux"
        "aarch64-linux"
-      ];
-      forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
-    in
-    {
-      nixosModules.default = import ./module.nix;
-      nixosModules.arr-init = import ./module.nix;
-
-      checks = forAllSystems (
+      ]
+      (
        system:
        let
          pkgs = nixpkgs.legacyPackages.${system};
        in
-        import ./tests {
-          inherit pkgs;
-          lib = nixpkgs.lib;
-          inherit self;
-        }
-      );
+        {
+          checks = import ./tests {
+            inherit pkgs;
+            lib = nixpkgs.lib;
+            inherit self;
+          };

-      formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.nixfmt-tree);
+          formatter = pkgs.nixfmt-tree;
+        }
+      )
+    // {
+      nixosModules.default = import ./modules;
+      nixosModules.arr-init = import ./modules;
    };
 }