Compare commits

..

2 commits

Author SHA1 Message Date
a2480da0b9
added nvidia to scrypted and jellyfin correctly
All checks were successful
Build / nix-build (native-x86_64, telperion) (push) Successful in 3m39s
Build / nix-build (native-x86_64, gandalf) (push) Successful in 7m17s
Build / nix-build (native-x86_64, shadowfax) (push) Successful in 9m7s
2024-11-22 15:11:00 -06:00
6824855094
this is not how it works? 2024-11-22 11:15:01 -06:00
5 changed files with 113 additions and 58 deletions

View file

@ -223,16 +223,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731880681, "lastModified": 1726989464,
"narHash": "sha256-FmYTkIyPBUxSWgA7DPIVTsCCMvSSbs56yOtHpLNSnKg=", "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "aecd341dfead1c3ef7a3c15468ecd71e8343b7c6", "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-24.11", "ref": "release-24.05",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
@ -456,16 +456,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1731755305, "lastModified": 1731797254,
"narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=", "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4", "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-24.11", "ref": "nixos-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }

View file

@ -1,6 +1,7 @@
{ {
lib, lib,
config, config,
pkgs,
... ...
}: }:
with lib; with lib;
@ -9,7 +10,6 @@ let
# renovate: depName=ghcr.io/jellyfin/jellyfin datasource=docker # renovate: depName=ghcr.io/jellyfin/jellyfin datasource=docker
version = "10.10.2"; version = "10.10.2";
image = "ghcr.io/jellyfin/jellyfin:${version}"; image = "ghcr.io/jellyfin/jellyfin:${version}";
port = 8096; # int
cfg = config.mySystem.containers.${app}; cfg = config.mySystem.containers.${app};
in in
{ {
@ -27,37 +27,64 @@ in
# Implementation # Implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
# Container # Systemd service for container
virtualisation.oci-containers.containers.${app} = { systemd.services.${app} = {
image = "${image}"; description = "Jellyfin Media Server";
user = "568:568"; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
volumes = [ serviceConfig = {
"/nahar/containers/volumes/jellyfin:/config:rw" ExecStartPre = "${pkgs.writeShellScript "jellyfin-start-pre" ''
"/moria/media:/media:rw" set -o errexit
"tmpfs:/cache:rw" set -o nounset
"tmpfs:/transcode:rw" set -o pipefail
"tmpfs:/tmp:rw"
];
environment = { podman rm -f ${app} || true
TZ = "America/Chicago"; rm -f /run/${app}.ctr-id
DOTNET_SYSTEM_IO_DISABLEFILELOCKING = "true"; ''}";
JELLYFIN_FFmpeg__probesize = "50000000"; ExecStart = ''
JELLYFIN_FFmpeg__analyzeduration = "50000000"; ${pkgs.podman}/bin/podman run \
--rm \
--name=${app} \
--user=568:568 \
--device='nvidia.com/gpu=all' \
--log-driver=journald \
--cidfile=/run/${app}.ctr-id \
--cgroups=no-conmon \
--sdnotify=conmon \
--volume="/nahar/containers/volumes/jellyfin:/config:rw" \
--volume="/moria/media:/media:rw" \
--volume="tmpfs:/cache:rw" \
--volume="tmpfs:/transcode:rw" \
--volume="tmpfs:/tmp:rw" \
--env=TZ=America/Chicago \
--env=DOTNET_SYSTEM_IO_DISABLEFILELOCKING=true \
--env=JELLYFIN_FFmpeg__probesize=50000000 \
--env=JELLYFIN_FFmpeg__analyzeduration=50000000 \
--env=JELLYFIN_PublishedServerUrl=http://10.1.1.61:8096 \
-p 8096:8096 \
-p 8920:8920 \
-p 1900:1900/udp \
-p 7359:7359/udp \
${image}
'';
ExecStop = "${pkgs.podman}/bin/podman stop --ignore --cidfile=/run/${app}.ctr-id";
ExecStopPost = "${pkgs.podman}/bin/podman rm --force --ignore --cidfile=/run/${app}.ctr-id";
Type = "simple";
Restart = "always";
}; };
ports = [ "${toString port}:${toString port}" ]; # expose port
extraOptions = [
# "--device nvidia.com/gpu=all"
];
}; };
# Firewall # Firewall
networking.firewall = mkIf cfg.openFirewall { networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ port ]; allowedTCPPorts = [
allowedUDPPorts = [ port ]; 8096 # HTTP web interface
8920 # HTTPS web interface
];
allowedUDPPorts = [
1900 # DLNA discovery
7359 # Jellyfin auto-discovery
];
}; };
# TODO add nginx proxy # TODO add nginx proxy

View file

@ -40,7 +40,7 @@ in
]; ];
extraOptions = [ extraOptions = [
"--device nvidia.com/gpu=all" # "--device nvidia.com/gpu=all"
]; ];
environment = { environment = {

View file

@ -1,6 +1,7 @@
{ {
lib, lib,
config, config,
pkgs,
... ...
}: }:
with lib; with lib;
@ -9,7 +10,6 @@ let
# renovate: depName=ghcr.io/koush/scrypted datasource=docker versioning=docker # renovate: depName=ghcr.io/koush/scrypted datasource=docker versioning=docker
version = "v0.123.30-jammy-nvidia"; version = "v0.123.30-jammy-nvidia";
image = "ghcr.io/koush/scrypted:${version}"; image = "ghcr.io/koush/scrypted:${version}";
port = 11080; # int
cfg = config.mySystem.containers.${app}; cfg = config.mySystem.containers.${app};
in in
{ {
@ -27,36 +27,57 @@ in
# Implementation # Implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
# Container # Systemd service for container
virtualisation.oci-containers.containers.${app} = { systemd.services.${app} = {
image = "${image}"; description = "Scrypted Home Security";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
volumes = [ serviceConfig = {
"/nahar/containers/volumes/scrypted:/server/volume:rw" ExecStartPre = "${pkgs.writeShellScript "scrypted-start-pre" ''
# "/nahar/scrypted:/recordings:rw" set -o errexit
"tmpfs:/.cache:rw" set -o nounset
"tmpfs:/.npm:rw" set -o pipefail
"tmpfs:/tmp:rw"
];
extraOptions = [ podman rm -f ${app} || true
# all usb devices, such as coral tpu rm -f /run/${app}.ctr-id
"--device=/dev/bus/usb" ''}";
"--network=host" ExecStart = ''
"--device nvidia.com/gpu=all" ${pkgs.podman}/bin/podman run \
]; --rm \
--name=${app} \
environment = { --device=/dev/bus/usb \
TZ = "America/Chicago"; --device='nvidia.com/gpu=all' \
--log-driver=journald \
--cidfile=/run/${app}.ctr-id \
--cgroups=no-conmon \
--sdnotify=conmon \
--volume="/nahar/containers/volumes/scrypted:/server/volume:rw" \
--volume="tmpfs:/.cache:rw" \
--volume="tmpfs:/.npm:rw" \
--volume="tmpfs:/tmp:rw" \
--env=TZ=America/Chicago \
--network=host \
${image}
'';
ExecStop = "${pkgs.podman}/bin/podman stop --ignore --cidfile=/run/${app}.ctr-id";
ExecStopPost = "${pkgs.podman}/bin/podman rm --force --ignore --cidfile=/run/${app}.ctr-id";
Type = "simple";
Restart = "always";
}; };
ports = [ "${toString port}:${toString port}" ]; # expose port
}; };
# Firewall # Firewall
networking.firewall = mkIf cfg.openFirewall { networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ port ]; allowedTCPPorts = [
allowedUDPPorts = [ port ]; 11080 # Main Scrypted interface
10443 # HTTPS interface
8554 # RTSP server
];
allowedUDPPorts = [
10443 # HTTPS interface
8554 # RTSP server
];
}; };
# TODO add nginx proxy # TODO add nginx proxy

View file

@ -0,0 +1,7 @@
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
podman rm -f scrypted || true
rm -f /run/scrypted.ctr-id