From 79cbd4b1a8e9fe52fd462debeb72b4558adc13ba Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Sat, 23 Nov 2024 08:46:26 -0600 Subject: [PATCH] migrate plex container to manual systemd podman for nvidia device --- nixos/hosts/shadowfax/default.nix | 64 +++++++++++------ .../modules/nixos/containers/plex/default.nix | 68 ++++++++++++------- 2 files changed, 85 insertions(+), 47 deletions(-) diff --git a/nixos/hosts/shadowfax/default.nix b/nixos/hosts/shadowfax/default.nix index 9a1f5a7..3b5dd8c 100644 --- a/nixos/hosts/shadowfax/default.nix +++ b/nixos/hosts/shadowfax/default.nix @@ -1,19 +1,26 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, inputs, pkgs, ... }: +{ + config, + lib, + inputs, + pkgs, + ... +}: let sanoidConfig = import ./config/sanoid.nix { }; disks = import ./config/disks.nix; smartdDevices = map (device: { inherit device; }) disks; in { - imports = - [ - inputs.disko.nixosModules.disko - (import ../../profiles/disko-nixos.nix { disks = [ "/dev/sda|/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_500GB_S58SNM0W406409E" ]; }) - inputs.nix-minecraft.nixosModules.minecraft-servers - ]; + imports = [ + inputs.disko.nixosModules.disko + (import ../../profiles/disko-nixos.nix { + disks = [ "/dev/sda|/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_500GB_S58SNM0W406409E" ]; + }) + inputs.nix-minecraft.nixosModules.minecraft-servers + ]; boot = { initrd = { @@ -21,7 +28,12 @@ in supportedFilesystems = [ "nfs" ]; }; - kernelModules = [ "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ]; + kernelModules = [ + "vfio" + "vfio_iommu_type1" + "vfio_pci" + "vfio_virqfd" + ]; extraModulePackages = [ ]; kernelParams = [ "zfs.zfs_arc_max=107374182400" ]; # 100GB }; @@ -88,19 +100,29 @@ in services = { xserver.videoDrivers = [ "nvidia" ]; - # Minecraft - minecraft-servers = { - # Me cc858467-2744-4c22-8514-86568fefd03b - enable = true; - eula = true; - servers.eregion = { - enable = true; - package = pkgs.paper-server; - serverProperties = { - motd = "§6§lEregion§r §7- §6§lMinecraft§r"; - }; - }; - }; + # # Minecraft + # minecraft-servers = { + # # Me cc858467-2744-4c22-8514-86568fefd03b + # enable = true; + # eula = true; + # servers.eregion = { + # enable = true; + # package = pkgs.fabricServers.fabric; + # serverProperties = { + # motd = "§6§lEregion§r §7- §6§lMinecraft§r"; + # }; + # symlinks = { + # mods = pkgs.linkFarmFromDrvs "mods" ( + # builtins.attrValues { + # LanAnnouncer = pkgs.fetchurl { + # url = "https://cdn.modrinth.com/data/eVUWDaxc/versions/ZKZr8EfM/lanannouncer-1.0.2.jar"; + # sha512 = "f2833b12a2e07390c4969ce95c5c9b759e3ddff0b9610054ff4e731a287789280b2c1b801bd08efe685da0d16daebf0562f15af2c86edd481c62f47ec21699c6"; + # }; + # } + # ); + # }; + # }; + # }; # Smart daemon for monitoring disk health. smartd = { diff --git a/nixos/modules/nixos/containers/plex/default.nix b/nixos/modules/nixos/containers/plex/default.nix index e41df08..a7c6bcc 100644 --- a/nixos/modules/nixos/containers/plex/default.nix +++ b/nixos/modules/nixos/containers/plex/default.nix @@ -9,7 +9,6 @@ let # renovate: depName=ghcr.io/onedr0p/plex datasource=docker versioning=loose version = "1.41.2.9200-c6bbc1b53"; image = "ghcr.io/onedr0p/plex:${version}"; - port = 32400; # int cfg = config.mySystem.containers.${app}; in { @@ -27,35 +26,52 @@ in # Implementation config = mkIf cfg.enable { - # Container - virtualisation.oci-containers.containers.${app} = { - image = "${image}"; - user = "568:568"; + # Systemd service for container + systemd.services.${app} = { + description = "Plex Media Server"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; - volumes = [ - "/nahar/containers/volumes/plex:/config/Library/Application Support/Plex Media Server:rw" - "/moria/media:/media:rw" - "tmpfs:/config/Library/Application Support/Plex Media Server/Logs:rw" - "tmpfs:/tmp:rw" - ]; + serviceConfig = { + ExecStartPre = '' + set -o errexit + set -o nounset + set -o pipefail - extraOptions = [ - # "--device nvidia.com/gpu=all" - ]; - - environment = { - TZ = "America/Chicago"; - PLEX_ADVERTISE_URL = "https://10.1.1.61:32400"; - PLEX_NO_AUTH_NETWORKS = "10.1.1.0/24"; + podman rm -f ${app} || true + rm -f /run/${app}.ctr-id + ''; + ExecStart = '' + ${pkgs.podman}/bin/podman run \ + --rm \ + --name=${app} \ + --device='nvidia.com/gpu=all' \ + --log-driver=journald \ + --cidfile=/run/${app}.ctr-id \ + --cgroups=no-conmon \ + --sdnotify=conmon \ + --user=568:568 \ + --volume="/nahar/containers/volumes/plex:/config/Library/Application Support/Plex Media Server:rw" \ + --volume="/moria/media:/media:rw" \ + --volume="tmpfs:/config/Library/Application Support/Plex Media Server/Logs:rw" \ + --volume="tmpfs:/tmp:rw" \ + --env=TZ=America/Chicago \ + --env=PLEX_ADVERTISE_URL=https://10.1.1.61:32400 \ + --env=PLEX_NO_AUTH_NETWORKS=10.1.1.0/24 \ + -p 32400:32400 \ + ${image} + ''; + ExecStop = "${pkgs.podman}/bin/podman stop --ignore --cidfile=/run/${app}.ctr-id"; + ExecStopPost = "${pkgs.podman}/bin/podman rm --force --ignore --cidfile=/run/${app}.ctr-id"; + Type = "simple"; + Restart = "always"; }; - ports = [ "${toString port}:${toString port}" ]; # expose port - }; - - # Firewall - networking.firewall = mkIf cfg.openFirewall { - allowedTCPPorts = [ port ]; - allowedUDPPorts = [ port ]; + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ + 32400 # Primary Plex port + ]; + }; }; # TODO add nginx proxy