migrate plex container to manual systemd podman for nvidia device

nixos/hosts/shadowfax/default.nix

@@ -1,17 +1,24 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, inputs, pkgs, ... }:
+{
+  config,
+  lib,
+  inputs,
+  pkgs,
+  ...
+}:
 let
   sanoidConfig = import ./config/sanoid.nix { };
   disks = import ./config/disks.nix;
   smartdDevices = map (device: { inherit device; }) disks;
 in
 {
-  imports =
+  imports = [
-    [
     inputs.disko.nixosModules.disko
-      (import ../../profiles/disko-nixos.nix { disks = [ "/dev/sda|/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_500GB_S58SNM0W406409E" ]; })
+    (import ../../profiles/disko-nixos.nix {
+      disks = [ "/dev/sda|/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_500GB_S58SNM0W406409E" ];
+    })
     inputs.nix-minecraft.nixosModules.minecraft-servers
   ];
 
@@ -21,7 +28,12 @@ in
       supportedFilesystems = [ "nfs" ];
     };
 
-    kernelModules = [ "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ];
+    kernelModules = [
+      "vfio"
+      "vfio_iommu_type1"
+      "vfio_pci"
+      "vfio_virqfd"
+    ];
     extraModulePackages = [ ];
     kernelParams = [ "zfs.zfs_arc_max=107374182400" ]; # 100GB
   };
@@ -88,19 +100,29 @@ in
   services = {
     xserver.videoDrivers = [ "nvidia" ];
 
-    # Minecraft
+    # # Minecraft
-    minecraft-servers = {
+    # minecraft-servers = {
-      # Me cc858467-2744-4c22-8514-86568fefd03b
+    #   # Me cc858467-2744-4c22-8514-86568fefd03b
-      enable = true;
+    #   enable = true;
-      eula = true;
+    #   eula = true;
-      servers.eregion = {
+    #   servers.eregion = {
-        enable = true;
+    #     enable = true;
-        package = pkgs.paper-server;
+    #     package = pkgs.fabricServers.fabric;
-        serverProperties = {
+    #     serverProperties = {
-          motd = "§6§lEregion§r §7- §6§lMinecraft§r";
+    #       motd = "§6§lEregion§r §7- §6§lMinecraft§r";
-        };
+    #     };
-      };
+    #     symlinks = {
-    };
+    #       mods = pkgs.linkFarmFromDrvs "mods" (
+    #         builtins.attrValues {
+    #           LanAnnouncer = pkgs.fetchurl {
+    #             url = "https://cdn.modrinth.com/data/eVUWDaxc/versions/ZKZr8EfM/lanannouncer-1.0.2.jar";
+    #             sha512 = "f2833b12a2e07390c4969ce95c5c9b759e3ddff0b9610054ff4e731a287789280b2c1b801bd08efe685da0d16daebf0562f15af2c86edd481c62f47ec21699c6";
+    #           };
+    #         }
+    #       );
+    #     };
+    #   };
+    # };
 
     # Smart daemon for monitoring disk health.
     smartd = {

nixos/modules/nixos/containers/plex/default.nix

@@ -9,7 +9,6 @@ let
   # renovate: depName=ghcr.io/onedr0p/plex datasource=docker versioning=loose
   version = "1.41.2.9200-c6bbc1b53";
   image = "ghcr.io/onedr0p/plex:${version}";
-  port = 32400; # int
   cfg = config.mySystem.containers.${app};
 in
 {
@@ -27,35 +26,52 @@ in
 
   # Implementation
   config = mkIf cfg.enable {
-    # Container
+    # Systemd service for container
-    virtualisation.oci-containers.containers.${app} = {
+    systemd.services.${app} = {
-      image = "${image}";
+      description = "Plex Media Server";
-      user = "568:568";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
 
-      volumes = [
+      serviceConfig = {
-        "/nahar/containers/volumes/plex:/config/Library/Application Support/Plex Media Server:rw"
+        ExecStartPre = ''
-        "/moria/media:/media:rw"
+          set -o errexit
-        "tmpfs:/config/Library/Application Support/Plex Media Server/Logs:rw"
+          set -o nounset
-        "tmpfs:/tmp:rw"
+          set -o pipefail
-      ];
 
-      extraOptions = [
+          podman rm -f ${app} || true
-        # "--device nvidia.com/gpu=all"
+          rm -f /run/${app}.ctr-id
-      ];
+        '';
-
+        ExecStart = ''
-      environment = {
+          ${pkgs.podman}/bin/podman run \
-        TZ = "America/Chicago";
+            --rm \
-        PLEX_ADVERTISE_URL = "https://10.1.1.61:32400";
+            --name=${app} \
-        PLEX_NO_AUTH_NETWORKS = "10.1.1.0/24";
+            --device='nvidia.com/gpu=all' \
+            --log-driver=journald \
+            --cidfile=/run/${app}.ctr-id \
+            --cgroups=no-conmon \
+            --sdnotify=conmon \
+            --user=568:568 \
+            --volume="/nahar/containers/volumes/plex:/config/Library/Application Support/Plex Media Server:rw" \
+            --volume="/moria/media:/media:rw" \
+            --volume="tmpfs:/config/Library/Application Support/Plex Media Server/Logs:rw" \
+            --volume="tmpfs:/tmp:rw" \
+            --env=TZ=America/Chicago \
+            --env=PLEX_ADVERTISE_URL=https://10.1.1.61:32400 \
+            --env=PLEX_NO_AUTH_NETWORKS=10.1.1.0/24 \
+            -p 32400:32400 \
+            ${image}
+        '';
+        ExecStop = "${pkgs.podman}/bin/podman stop --ignore --cidfile=/run/${app}.ctr-id";
+        ExecStopPost = "${pkgs.podman}/bin/podman rm --force --ignore --cidfile=/run/${app}.ctr-id";
+        Type = "simple";
+        Restart = "always";
       };
 
-      ports = [ "${toString port}:${toString port}" ]; # expose port
-    };
-
-    # Firewall
       networking.firewall = mkIf cfg.openFirewall {
-      allowedTCPPorts = [ port ];
+        allowedTCPPorts = [
-      allowedUDPPorts = [ port ];
+          32400  # Primary Plex port
+        ];
+      };
     };
 
     # TODO add nginx proxy