diff --git a/flake.lock b/flake.lock index 6bf2e7e..39560d9 100644 --- a/flake.lock +++ b/flake.lock @@ -33,10 +33,10 @@ ] }, "locked": { - "lastModified": 1776400712, + "lastModified": 1776401121, "narHash": "sha256-BELV1YMBuLL0aQNQ3SLvSLq8YN5h2o1jcrwz1+Zt32Q=", "ref": "refs/heads/main", - "rev": "fdb9433344645802ba2c43e9381700aa2ef59017", + "rev": "6dde2a3e0d087208b8084b61113707c5533c4c2d", "revCount": 19, "type": "git", "url": "ssh://gitea@git.gardling.com/titaniumtown/arr-init" diff --git a/services/arr/init.nix b/services/arr/init.nix index 5f72c0d..7f3cf90 100644 --- a/services/arr/init.nix +++ b/services/arr/init.nix @@ -9,6 +9,14 @@ apiVersion = "v1"; networkNamespacePath = "/run/netns/wg"; networkNamespaceService = "wg"; + # Guarantee critical config.xml elements before startup. Prowlarr has a + # history of losing from config.xml, causing the service to run + # without binding any socket. See arr-init's configXml for details. + configXml = { + Port = service_configs.ports.private.prowlarr.port; + BindAddress = "*"; + EnableSsl = false; + }; # Synced-app health checks require Sonarr/Radarr to reverse-connect to # prowlarrUrl, which is unreachable across the wg namespace boundary. healthChecks = false; @@ -40,6 +48,11 @@ port = service_configs.ports.private.sonarr.port; dataDir = service_configs.sonarr.dataDir; healthChecks = true; + configXml = { + Port = service_configs.ports.private.sonarr.port; + BindAddress = "*"; + EnableSsl = false; + }; rootFolders = [ service_configs.media.tvDir ]; naming = { renameEpisodes = true; @@ -72,6 +85,11 @@ port = service_configs.ports.private.radarr.port; dataDir = service_configs.radarr.dataDir; healthChecks = true; + configXml = { + Port = service_configs.ports.private.radarr.port; + BindAddress = "*"; + EnableSsl = false; + }; rootFolders = [ service_configs.media.moviesDir ]; naming = { renameMovies = true;