diff --git a/nixos/home/jahanson/global.nix b/nixos/home/jahanson/global.nix index 5438f2f..9a0d7c7 100644 --- a/nixos/home/jahanson/global.nix +++ b/nixos/home/jahanson/global.nix @@ -94,6 +94,10 @@ with config; # nix tools nvd + # backup tools + unstable.rclone + unstable.restic + ]; }; }; diff --git a/nixos/hosts/shadowfax/default.nix b/nixos/hosts/shadowfax/default.nix index 3bd508c..55d94ed 100644 --- a/nixos/hosts/shadowfax/default.nix +++ b/nixos/hosts/shadowfax/default.nix @@ -28,7 +28,12 @@ in swapDevices = [ ]; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware = { + cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + nvidia.open = true; + graphics.enable = true; + nvidia-container-toolkit.enable = true; + }; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos" @@ -79,6 +84,7 @@ in }; services = { + xserver.videoDrivers = [ "nvidia" ]; # Minecraft minecraft-servers = { @@ -137,9 +143,9 @@ in # Containers containers = { - plex = { - enable = true; - }; + plex.enable = true; + scrypted.enable = true; + jellyfin.enable = true; }; # System diff --git a/nixos/modules/nixos/containers/default.nix b/nixos/modules/nixos/containers/default.nix index 9909d1a..ddaee30 100644 --- a/nixos/modules/nixos/containers/default.nix +++ b/nixos/modules/nixos/containers/default.nix @@ -1,7 +1,9 @@ { imports = [ + ./jellyfin ./lego-auto ./plex ./scrutiny + ./scrypted ]; } diff --git a/nixos/modules/nixos/containers/jellyfin/default.nix b/nixos/modules/nixos/containers/jellyfin/default.nix new file mode 100644 index 0000000..6c21f83 --- /dev/null +++ b/nixos/modules/nixos/containers/jellyfin/default.nix @@ -0,0 +1,117 @@ +{ + lib, + config, + ... +}: +with lib; +let + app = "jellyfin"; + # renovate: depName=ghcr.io/jellyfin/jellyfin datasource=docker + version = "10.10.2"; + image = "ghcr.io/jellyfin/jellyfin:${version}"; + port = 8096; # int + cfg = config.mySystem.containers.${app}; +in +{ + # Options + options.mySystem.containers.${app} = { + enable = mkEnableOption "${app}"; + # TODO add to homepage + # addToHomepage = mkEnableOption "Add ${app} to homepage" // { + # default = true; + # }; + openFirewall = mkEnableOption "Open firewall for ${app}" // { + default = true; + }; + }; + + # Implementation + config = mkIf cfg.enable { + # Container + virtualisation.oci-containers.containers.${app} = { + image = "${image}"; + user = "568:568"; + + volumes = [ + "/nahar/containers/volumes/jellyfin:/config:rw" + "/moria/media:/media:rw" + "tmpfs:/cache:rw" + "tmpfs:/transcode:rw" + "tmpfs:/tmp:rw" + ]; + + environment = { + TZ = "America/Chicago"; + DOTNET_SYSTEM_IO_DISABLEFILELOCKING = "true"; + JELLYFIN_FFmpeg__probesize = "50000000"; + JELLYFIN_FFmpeg__analyzeduration = "50000000"; + }; + + ports = [ "${toString port}:${toString port}" ]; # expose port + + extraOptions = [ + # "--runtime=nvidia" + ]; + }; + + # Firewall + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ port ]; + allowedUDPPorts = [ port ]; + }; + + # TODO add nginx proxy + # services.nginx.virtualHosts."${app}.${config.networking.domain}" = { + # useACMEHost = config.networking.domain; + # forceSSL = true; + # locations."^~ /" = { + # proxyPass = "http://${app}:${builtins.toString port}"; + # extraConfig = "resolver 10.88.0.1;"; + + # }; + # }; + + ## TODO add to homepage + # mySystem.services.homepage.media = mkIf cfg.addToHomepage [ + # { + # Plex = { + # icon = "${app}.svg"; + # href = "https://${app}.${config.mySystem.domain}"; + + # description = "Media streaming service"; + # container = "${app}"; + # widget = { + # type = "tautulli"; + # url = "https://tautulli.${config.mySystem.domain}"; + # key = "{{HOMEPAGE_VAR_TAUTULLI__API_KEY}}"; + # }; + # }; + # } + # ]; + + # TODO add gatus monitor + # mySystem.services.gatus.monitors = [ + # { + + # name = app; + # group = "media"; + # url = "https://${app}.${config.mySystem.domain}/web/"; + # interval = "1m"; + # conditions = [ + # "[CONNECTED] == true" + # "[STATUS] == 200" + # "[RESPONSE_TIME] < 50" + # ]; + # } + # ]; + + # TODO add restic backup + # services.restic.backups = config.lib.mySystem.mkRestic { + # inherit app user; + # excludePaths = [ "Backups" ]; + # paths = [ appFolder ]; + # inherit appFolder; + # }; + + }; +} diff --git a/nixos/modules/nixos/containers/plex/default.nix b/nixos/modules/nixos/containers/plex/default.nix index 94bb0f1..4b6b7f7 100644 --- a/nixos/modules/nixos/containers/plex/default.nix +++ b/nixos/modules/nixos/containers/plex/default.nix @@ -9,8 +9,6 @@ let # renovate: depName=ghcr.io/onedr0p/plex datasource=docker versioning=loose version = "1.41.2.9200-c6bbc1b53"; image = "ghcr.io/onedr0p/plex:${version}"; - user = "kah"; # string - group = "kah"; # string port = 32400; # int cfg = config.mySystem.containers.${app}; in diff --git a/nixos/modules/nixos/containers/scrypted/default.nix b/nixos/modules/nixos/containers/scrypted/default.nix new file mode 100644 index 0000000..e86911a --- /dev/null +++ b/nixos/modules/nixos/containers/scrypted/default.nix @@ -0,0 +1,116 @@ +{ + lib, + config, + ... +}: +with lib; +let + app = "scrypted"; + # renovate: depName=ghcr.io/koush/scrypted datasource=docker versioning=docker + version = "v0.123.30-jammy-nvidia"; + image = "ghcr.io/koush/scrypted:${version}"; + port = 11080; # int + cfg = config.mySystem.containers.${app}; +in +{ + # Options + options.mySystem.containers.${app} = { + enable = mkEnableOption "${app}"; + # TODO add to homepage + # addToHomepage = mkEnableOption "Add ${app} to homepage" // { + # default = true; + # }; + openFirewall = mkEnableOption "Open firewall for ${app}" // { + default = true; + }; + }; + + # Implementation + config = mkIf cfg.enable { + # Container + virtualisation.oci-containers.containers.${app} = { + image = "${image}"; + + volumes = [ + "/nahar/containers/volumes/scrypted:/server/volume:rw" + # "/nahar/scrypted:/recordings:rw" + "tmpfs:/.cache:rw" + "tmpfs:/.npm:rw" + "tmpfs:/tmp:rw" + ]; + + extraOptions = [ + # all usb devices, such as coral tpu + "--device=/dev/bus/usb" + "--network=host" + # "--runtime=nvidia" + ]; + + environment = { + TZ = "America/Chicago"; + }; + + ports = [ "${toString port}:${toString port}" ]; # expose port + }; + + # Firewall + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ port ]; + allowedUDPPorts = [ port ]; + }; + + # TODO add nginx proxy + # services.nginx.virtualHosts."${app}.${config.networking.domain}" = { + # useACMEHost = config.networking.domain; + # forceSSL = true; + # locations."^~ /" = { + # proxyPass = "http://${app}:${builtins.toString port}"; + # extraConfig = "resolver 10.88.0.1;"; + + # }; + # }; + + ## TODO add to homepage + # mySystem.services.homepage.media = mkIf cfg.addToHomepage [ + # { + # Plex = { + # icon = "${app}.svg"; + # href = "https://${app}.${config.mySystem.domain}"; + + # description = "Media streaming service"; + # container = "${app}"; + # widget = { + # type = "tautulli"; + # url = "https://tautulli.${config.mySystem.domain}"; + # key = "{{HOMEPAGE_VAR_TAUTULLI__API_KEY}}"; + # }; + # }; + # } + # ]; + + # TODO add gatus monitor + # mySystem.services.gatus.monitors = [ + # { + + # name = app; + # group = "media"; + # url = "https://${app}.${config.mySystem.domain}/web/"; + # interval = "1m"; + # conditions = [ + # "[CONNECTED] == true" + # "[STATUS] == 200" + # "[RESPONSE_TIME] < 50" + # ]; + # } + # ]; + + # TODO add restic backup + # services.restic.backups = config.lib.mySystem.mkRestic { + # inherit app user; + # excludePaths = [ "Backups" ]; + # paths = [ appFolder ]; + # inherit appFolder; + # }; + + }; +} diff --git a/nixos/profiles/role-server.nix b/nixos/profiles/role-server.nix index 9cd7c5d..9b287a3 100644 --- a/nixos/profiles/role-server.nix +++ b/nixos/profiles/role-server.nix @@ -31,7 +31,6 @@ with lib; nixos.enable = mkDefault false; }; - sound.enable = false; hardware.pulseaudio.enable = false; services.udisks2.enable = mkDefault false;