{ lib, ... }: let domain = "htnzb.giugl.io"; network = import ./network.nix; auth_block = (import ./openid.nix).openresty_oidc_block; in { services = { nzbget = { enable = true; group = "media"; }; nginx.virtualHosts.${domain} = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://localhost:6789"; extraConfig = auth_block { realm = "master"; client_id = "nzbget"; client_secret = "tkjzdqnUoWTlGUYah5tgMqVPFMlOUvk9"; redirect_uri = "https://${domain}"; }; }; }; }; networking.extraHosts = '' ${network.architect-lan} ${domain} ${network.architect-wg} ${domain} ''; users.groups.media.members = [ "nzbget" ]; }