with import ./network.nix;
{
  services = {
    sonarr.enable = true;

    nginx.virtualHosts.${sonarrdomain} = {
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://localhost:8989";
        extraConfig = ''
          allow 10.0.0.0/24;
          allow 10.3.0.0/24;
          deny all;
        '';
      };
    };
  };

  networking.extraHosts = ''
    ${architect-lan} ${sonarrdomain}
    ${architect-wg} ${sonarrdomain}
  '';

  users.groups.media.members = ["sonarr"];
}