{ config, ... }:

let
  domain = "htlid.giugl.io";
in
{
  services = {
    lidarr = {
      enable = true;
      group = "media";
    };
  };

  architect.vhost.${domain} = {
    dnsInterfaces = [ "lan" "tailscale" ];
    locations."/" = {
      port = 8686;
      allowLan = true;
      allowWAN = false;
      allow = [ config.architect.networks."tailscale".net ];
    };
  };

  users.groups.media.members = [ "lidarr" ];
}