nixos/hosts/fw/modules/pyload.nix

{ config, pkgs, ... }:
let
  cids = import ./staticids.nix;
  networkPrefix = config.networkPrefix;

  pyloadUser = {
    isSystemUser = true;
    uid = cids.uids.pyload;
    group = "pyload";
    home = "/var/lib/pyload";
    createHome = true;
  };
  pyloadGroup = {
    gid = cids.gids.pyload;
  };

  jellyfinUser = {
    isSystemUser = true;
    uid = cids.uids.jellyfin;
    group = "jellyfin";
    home = "/var/lib/jellyfin";
    createHome = true;
  };
  jellyfinGroup = {
    gid = cids.gids.jellyfin;
  };
in
{
  users.users.pyload = pyloadUser;
  users.groups.pyload = pyloadGroup;
  users.users.jellyfin = jellyfinUser;
  users.groups.jellyfin = jellyfinGroup;

  # Create the multimedia directory structure on the host
  systemd.tmpfiles.rules = [
    "d /var/lib/multimedia 0755 root root - -"
    "d /var/lib/multimedia/downloads 0755 pyload pyload - -"
    "d /var/lib/multimedia/movies 0755 jellyfin jellyfin - -"
    "d /var/lib/multimedia/tv-shows 0755 jellyfin jellyfin - -"
    "d /var/lib/multimedia/music 0755 jellyfin jellyfin - -"
    "d /var/lib/jellyfin 0755 jellyfin jellyfin - -"
  ];

  containers.pyload = {
    autoStart = true;
    ephemeral = false;
    privateNetwork = true;
    hostBridge = "server";
    hostAddress = "${networkPrefix}.97.1";
    localAddress = "${networkPrefix}.97.11/24";

    bindMounts = {
      "/var/lib/pyload" = {
        hostPath = "/var/lib/pyload";
        isReadOnly = false;
      };
      "/var/lib/jellyfin" = {
        hostPath = "/var/lib/jellyfin";
        isReadOnly = false;
      };
      "/multimedia" = {
        hostPath = "/var/lib/multimedia";
        isReadOnly = false;
      };
    };

    config = { lib, config, pkgs, ... }: {
      nixpkgs.overlays = [
        (import ../utils/overlays/packages.nix)
      ];


      nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
        "unrar"
      ];

      environment.systemPackages = with pkgs; [
        unrar  # Required for RAR archive extraction
      ];

      networking = {
        hostName = "pyload";
        useHostResolvConf = false;
        defaultGateway = {
          address = "${networkPrefix}.97.1";
          interface = "eth0";
        };
        nameservers = [ "${networkPrefix}.97.1" ];
        firewall.enable = false;
      };

      services.pyload = {
        enable = true;
        downloadDirectory = "/multimedia/downloads";
        listenAddress = "0.0.0.0";
        port = 8000;
      };

      services.jellyfin = {
        enable = true;
        openFirewall = true;
      };

      # Disable SSL certificate verification
      systemd.services.pyload = {
        environment = {
          PYLOAD__GENERAL__SSL_VERIFY = "0";
        };

        # Bind-mount DNS configuration files and system tools into the chroot
        serviceConfig = {
          BindReadOnlyPaths = [
            "/etc/resolv.conf"
            "/etc/nsswitch.conf"
            "/etc/hosts"
            "/etc/ssl"
            "/etc/static/ssl"
            # Make all system packages (including unrar) accessible
            "/run/current-system/sw/bin"
          ];
        };
      };

      users.users.pyload = pyloadUser;
      users.groups.pyload = pyloadGroup;
      users.users.jellyfin = jellyfinUser;
      users.groups.jellyfin = jellyfinGroup;

      system.stateVersion = "24.05";
    };
  };
}