puppet-prod/hieradata/roles/apps/media/prowlarr.yaml

---
hiera_include:
  - prowlarr
  - profiles::nginx::ldapauth
  - profiles::media::prowlarr

# manage prowlarr
prowlarr::params::user: prowlarr
prowlarr::params::group: media
prowlarr::params::manage_group: false
prowlarr::params::archive_version: 1.19.0
prowlarr::params::port: 8000

# additional altnames
profiles::pki::vault::alt_names:
  - prowlarr.main.unkin.net
  - prowlarr.service.consul
  - prowlarr.query.consul
  - "prowlarr.service.%{facts.country}-%{facts.region}.consul"

# manage a simple nginx reverse proxy
profiles::nginx::simpleproxy::nginx_vhost: 'prowlarr.query.consul'
profiles::nginx::simpleproxy::nginx_aliases:
  - prowlarr.main.unkin.net
  - prowlarr.service.consul
  - prowlarr.query.consul
  - "prowlarr.service.%{facts.country}-%{facts.region}.consul"
profiles::nginx::simpleproxy::proxy_port: 8000
profiles::nginx::simpleproxy::proxy_host: 127.0.0.1
profiles::nginx::simpleproxy::proxy_path: '/'
profiles::nginx::simpleproxy::use_default_location: false
nginx::client_max_body_size: 20M

ldap_binddn: 'cn=svc_prowlarr,ou=services,ou=users,dc=main,dc=unkin,dc=net'
ldap_template: '(&(uid=%(username)s)(memberOf=ou=prowlarr_access,ou=groups,dc=main,dc=unkin,dc=net))'

# configure consul service
consul::services:
  prowlarr:
    service_name: 'prowlarr'
    tags:
      - 'media'
      - 'prowlarr'
    address: "%{facts.networking.ip}"
    port: 443
    checks:
      - id: 'prowlarr_http_check'
        name: 'Prowlarr HTTP Check'
        http: "https://%{facts.networking.fqdn}:443/consul/health"
        method: 'GET'
        tls_skip_verify: true
        interval: '10s'
        timeout: '1s'
profiles::consul::client::node_rules:
  - resource: service
    segment: prowlarr
    disposition: write

profiles::nginx::simpleproxy::locations:
  arrstack_web_external:
    location_satisfy: any
    location_allow:
      - 198.18.13.47
      - 198.18.13.50
      - 198.18.13.51
      - 198.18.13.52