jahanson/mochi
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Packages Wiki Activity Actions

added nvidia to scrypted and jellyfin correctly
All checks were successful
Build / nix-build (native-x86_64, telperion) (push) Successful in 3m39s
Details
Build / nix-build (native-x86_64, gandalf) (push) Successful in 7m17s
Details
Build / nix-build (native-x86_64, shadowfax) (push) Successful in 9m7s
Details

Browse source
This commit is contained in:
Joseph Hanson 2024-11-22 15:11:00 -06:00
parent 6824855094
commit a2480da0b9
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
3 changed files with 104 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

77
nixos/modules/nixos/containers/jellyfin/default.nix
View file

@ -1,6 +1,7 @@
{ {
lib, lib,
config, config,
pkgs,
... ...
}: }:
with lib; with lib;
@ -9,7 +10,6 @@ let
# renovate: depName=ghcr.io/jellyfin/jellyfin datasource=docker # renovate: depName=ghcr.io/jellyfin/jellyfin datasource=docker
version = "10.10.2"; version = "10.10.2";
image = "ghcr.io/jellyfin/jellyfin:${version}"; image = "ghcr.io/jellyfin/jellyfin:${version}";
port = 8096; # int
cfg = config.mySystem.containers.${app}; cfg = config.mySystem.containers.${app};
in in
{ {
@ -27,37 +27,64 @@ in
# Implementation # Implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
# Container # Systemd service for container
virtualisation.oci-containers.containers.${app} = { systemd.services.${app} = {
image = "${image}"; description = "Jellyfin Media Server";
user = "568:568"; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
volumes = [ serviceConfig = {
"/nahar/containers/volumes/jellyfin:/config:rw" ExecStartPre = "${pkgs.writeShellScript "jellyfin-start-pre" ''
"/moria/media:/media:rw" set -o errexit
"tmpfs:/cache:rw" set -o nounset
"tmpfs:/transcode:rw" set -o pipefail
"tmpfs:/tmp:rw"
];
environment = { podman rm -f ${app} || true
TZ = "America/Chicago"; rm -f /run/${app}.ctr-id
DOTNET_SYSTEM_IO_DISABLEFILELOCKING = "true"; ''}";
JELLYFIN_FFmpeg__probesize = "50000000"; ExecStart = ''
JELLYFIN_FFmpeg__analyzeduration = "50000000"; ${pkgs.podman}/bin/podman run \
--rm \
--name=${app} \
--user=568:568 \
--device='nvidia.com/gpu=all' \
--log-driver=journald \
--cidfile=/run/${app}.ctr-id \
--cgroups=no-conmon \
--sdnotify=conmon \
--volume="/nahar/containers/volumes/jellyfin:/config:rw" \
--volume="/moria/media:/media:rw" \
--volume="tmpfs:/cache:rw" \
--volume="tmpfs:/transcode:rw" \
--volume="tmpfs:/tmp:rw" \
--env=TZ=America/Chicago \
--env=DOTNET_SYSTEM_IO_DISABLEFILELOCKING=true \
--env=JELLYFIN_FFmpeg__probesize=50000000 \
--env=JELLYFIN_FFmpeg__analyzeduration=50000000 \
--env=JELLYFIN_PublishedServerUrl=http://10.1.1.61:8096 \
-p 8096:8096 \
-p 8920:8920 \
-p 1900:1900/udp \
-p 7359:7359/udp \
${image}
'';
ExecStop = "${pkgs.podman}/bin/podman stop --ignore --cidfile=/run/${app}.ctr-id";
ExecStopPost = "${pkgs.podman}/bin/podman rm --force --ignore --cidfile=/run/${app}.ctr-id";
Type = "simple";
Restart = "always";
}; };
ports = [ "${toString port}:${toString port}" ]; # expose port
extraOptions = [
# "--device nvidia.com/gpu=all"
];
}; };
# Firewall # Firewall
networking.firewall = mkIf cfg.openFirewall { networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ port ]; allowedTCPPorts = [
allowedUDPPorts = [ port ]; 8096 # HTTP web interface
8920 # HTTPS web interface
];
allowedUDPPorts = [
1900 # DLNA discovery
7359 # Jellyfin auto-discovery
];
}; };
# TODO add nginx proxy # TODO add nginx proxy

69
nixos/modules/nixos/containers/scrypted/default.nix
View file

@ -1,6 +1,7 @@
{ {
lib, lib,
config, config,
pkgs,
... ...
}: }:
with lib; with lib;
@ -9,7 +10,6 @@ let
# renovate: depName=ghcr.io/koush/scrypted datasource=docker versioning=docker # renovate: depName=ghcr.io/koush/scrypted datasource=docker versioning=docker
version = "v0.123.30-jammy-nvidia"; version = "v0.123.30-jammy-nvidia";
image = "ghcr.io/koush/scrypted:${version}"; image = "ghcr.io/koush/scrypted:${version}";
port = 11080; # int
cfg = config.mySystem.containers.${app}; cfg = config.mySystem.containers.${app};
in in
{ {
@ -27,36 +27,57 @@ in
# Implementation # Implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
# Container # Systemd service for container
virtualisation.oci-containers.containers.${app} = { systemd.services.${app} = {
image = "${image}"; description = "Scrypted Home Security";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
volumes = [ serviceConfig = {
"/nahar/containers/volumes/scrypted:/server/volume:rw" ExecStartPre = "${pkgs.writeShellScript "scrypted-start-pre" ''
# "/nahar/scrypted:/recordings:rw" set -o errexit
"tmpfs:/.cache:rw" set -o nounset
"tmpfs:/.npm:rw" set -o pipefail
"tmpfs:/tmp:rw"
];
extraOptions = [ podman rm -f ${app} || true
# all usb devices, such as coral tpu rm -f /run/${app}.ctr-id
"--device=/dev/bus/usb" ''}";
"--network=host" ExecStart = ''
"--device nvidia.com/gpu=all" ${pkgs.podman}/bin/podman run \
]; --rm \
--name=${app} \
environment = { --device=/dev/bus/usb \
TZ = "America/Chicago"; --device='nvidia.com/gpu=all' \
--log-driver=journald \
--cidfile=/run/${app}.ctr-id \
--cgroups=no-conmon \
--sdnotify=conmon \
--volume="/nahar/containers/volumes/scrypted:/server/volume:rw" \
--volume="tmpfs:/.cache:rw" \
--volume="tmpfs:/.npm:rw" \
--volume="tmpfs:/tmp:rw" \
--env=TZ=America/Chicago \
--network=host \
${image}
'';
ExecStop = "${pkgs.podman}/bin/podman stop --ignore --cidfile=/run/${app}.ctr-id";
ExecStopPost = "${pkgs.podman}/bin/podman rm --force --ignore --cidfile=/run/${app}.ctr-id";
Type = "simple";
Restart = "always";
}; };
ports = [ "${toString port}:${toString port}" ]; # expose port
}; };
# Firewall # Firewall
networking.firewall = mkIf cfg.openFirewall { networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ port ]; allowedTCPPorts = [
allowedUDPPorts = [ port ]; 11080 # Main Scrypted interface
10443 # HTTPS interface
8554 # RTSP server
];
allowedUDPPorts = [
10443 # HTTPS interface
8554 # RTSP server
];
}; };
# TODO add nginx proxy # TODO add nginx proxy

7
nixos/modules/nixos/containers/scrypted/systemd/start-pre.sh Normal file
View file

@ -0,0 +1,7 @@
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
podman rm -f scrypted || true
rm -f /run/scrypted.ctr-id