Compare commits
1 commit
5a13735bc1
...
7cf3d20972
Author | SHA1 | Date | |
---|---|---|---|
7cf3d20972 |
12 changed files with 65 additions and 372 deletions
3
.vscode/settings.json
vendored
3
.vscode/settings.json
vendored
|
@ -35,6 +35,5 @@
|
||||||
},
|
},
|
||||||
"[jsonc]": {
|
"[jsonc]": {
|
||||||
"editor.defaultFormatter": "esbenp.prettier-vscode"
|
"editor.defaultFormatter": "esbenp.prettier-vscode"
|
||||||
},
|
}
|
||||||
"sops.binPath": "/home/jahanson/.nix-profile/bin/sops"
|
|
||||||
}
|
}
|
||||||
|
|
87
flake.lock
87
flake.lock
|
@ -24,11 +24,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1732221404,
|
"lastModified": 1731549112,
|
||||||
"narHash": "sha256-fWTyjgGt+BHmkeJ5IxOR4zGF4/uc+ceWmhBjOBSVkgQ=",
|
"narHash": "sha256-c9I3i1CwZ10SoM5npQQVnfwgvB86jAS3lT4ZqkRoSOI=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "97c0c4d7072f19b598ed332e9f7f8ad562c6885b",
|
"rev": "5fd852c4155a689098095406500d0ae3d04654a8",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -98,11 +98,11 @@
|
||||||
"nixpkgs-lib": "nixpkgs-lib"
|
"nixpkgs-lib": "nixpkgs-lib"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730504689,
|
"lastModified": 1727826117,
|
||||||
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
|
"narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=",
|
||||||
"owner": "hercules-ci",
|
"owner": "hercules-ci",
|
||||||
"repo": "flake-parts",
|
"repo": "flake-parts",
|
||||||
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
|
"rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -359,11 +359,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731814505,
|
"lastModified": 1731593150,
|
||||||
"narHash": "sha256-l9ryrx1Twh08a+gxrMGM9O/aZKEimZfa6sZVyPCImgI=",
|
"narHash": "sha256-FvksinoI2Y6kuwH+cKBu1oDA8uPGfoRqgtQV6O8GDc4=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nix-index-database",
|
"repo": "nix-index-database",
|
||||||
"rev": "bdba246946fb079b87b4cada4df9b1cdf1c06132",
|
"rev": "40d882b55e89add1ded379cc99edaab24983d6d9",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -403,11 +403,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1732153840,
|
"lastModified": 1731548755,
|
||||||
"narHash": "sha256-lt8Gdx6TNheby/9lRNE1GMP3vkdpLaXmyHQk+ZvYNAY=",
|
"narHash": "sha256-kFg3S67OaYWI1SQ0tcmsPIC4PXtq7Av8AJcyf21ZxDE=",
|
||||||
"owner": "Infinidoge",
|
"owner": "Infinidoge",
|
||||||
"repo": "nix-minecraft",
|
"repo": "nix-minecraft",
|
||||||
"rev": "8325d463c1c424f2e6edeef2010c0d902a37b3d3",
|
"rev": "e6f7090175ae5183d84adb6192f115d8f859beaa",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -425,11 +425,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1732153985,
|
"lastModified": 1731548914,
|
||||||
"narHash": "sha256-libOsvOEQjHhlNEVPuG+i4OY5NyO301RZCxYovsVtrc=",
|
"narHash": "sha256-UtYkHq8OdZcz2Q/r7gh+3HFGVgX9AFfYDrMjAVO6sj4=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nix-vscode-extensions",
|
"repo": "nix-vscode-extensions",
|
||||||
"rev": "c53c9d319e51deb97fb9a82001952c4efa74cba7",
|
"rev": "00e11784c89ecd236ff045acd7a447e0fe5b80df",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -440,11 +440,11 @@
|
||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731797098,
|
"lastModified": 1731403644,
|
||||||
"narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=",
|
"narHash": "sha256-T9V7CTucjRZ4Qc6pUEV/kpgNGzQbHWfGcfK6JJLfUeI=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6",
|
"rev": "f6581f1c3b137086e42a08a906bdada63045f991",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -472,14 +472,14 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-lib": {
|
"nixpkgs-lib": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730504152,
|
"lastModified": 1727825735,
|
||||||
"narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=",
|
"narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=",
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
|
"url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"type": "tarball",
|
"type": "tarball",
|
||||||
"url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
|
"url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-ovmf": {
|
"nixpkgs-ovmf": {
|
||||||
|
@ -498,13 +498,29 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixpkgs-stable": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1730602179,
|
||||||
|
"narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "release-24.05",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1732014248,
|
"lastModified": 1731319897,
|
||||||
"narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=",
|
"narHash": "sha256-PbABj4tnbWFMfBp6OcUK5iGy1QY+/Z96ZcLpooIbuEI=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "23e89b7da85c3640bbc2173fe04f4bd114342367",
|
"rev": "dc460ec76cbff0e66e269457d7b728432263166c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -552,11 +568,11 @@
|
||||||
},
|
},
|
||||||
"nur": {
|
"nur": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1732220928,
|
"lastModified": 1731695757,
|
||||||
"narHash": "sha256-OOFqnjTax0132/mBsRpVD1QTMlZUCbVexKgKUVUxJNg=",
|
"narHash": "sha256-w+bGxRbZpWc6SyBbtjW2ci2fw1zk0udTjFpQW0g0Pc8=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "NUR",
|
"repo": "NUR",
|
||||||
"rev": "8439fca0da7f67b331edcca08eb2a47249be72f4",
|
"rev": "6e17acc00a48253a4d25e5ee4e6c215b8950c039",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -714,14 +730,15 @@
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
]
|
],
|
||||||
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1732186149,
|
"lastModified": 1731364708,
|
||||||
"narHash": "sha256-N9JGWe/T8BC0Tss2Cv30plvZUYoiRmykP7ZdY2on2b0=",
|
"narHash": "sha256-HC0anOL+KmUQ2hdRl0AtunbAckasxrkn4VLmxbW/WaA=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "53c853fb1a7e4f25f68805ee25c83d5de18dc699",
|
"rev": "4c91d52db103e757fc25b58998b0576ae702d659",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -813,11 +830,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1732161983,
|
"lastModified": 1731662473,
|
||||||
"narHash": "sha256-HnM+3Dv/p4awf0zXffPpcg/v4RywuKiN4yA2t7W1CxE=",
|
"narHash": "sha256-A/iTgV5uVTfRPCZ/V0UmZ10LSC0rznvN0hGDL7tEYss=",
|
||||||
"owner": "budimanjojo",
|
"owner": "budimanjojo",
|
||||||
"repo": "talhelper",
|
"repo": "talhelper",
|
||||||
"rev": "94487e8cc82617dc9be8b50de94edd33ce1e56ad",
|
"rev": "48cc0b637e0252f5b335ffa33593bddad7bacfee",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -94,10 +94,6 @@ with config;
|
||||||
# nix tools
|
# nix tools
|
||||||
nvd
|
nvd
|
||||||
|
|
||||||
# backup tools
|
|
||||||
unstable.rclone
|
|
||||||
unstable.restic
|
|
||||||
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -28,14 +28,7 @@ in
|
||||||
|
|
||||||
swapDevices = [ ];
|
swapDevices = [ ];
|
||||||
|
|
||||||
hardware = {
|
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
||||||
nvidia.open = true;
|
|
||||||
# TODO: Swap these once I switch to 24.11
|
|
||||||
# graphics.enable = true;
|
|
||||||
opengl.enable = true;
|
|
||||||
nvidia-container-toolkit.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
users.users.root.openssh.authorizedKeys.keys = [
|
users.users.root.openssh.authorizedKeys.keys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos"
|
||||||
|
@ -86,7 +79,6 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
xserver.videoDrivers = [ "nvidia" ];
|
|
||||||
|
|
||||||
# Minecraft
|
# Minecraft
|
||||||
minecraft-servers = {
|
minecraft-servers = {
|
||||||
|
@ -142,15 +134,6 @@ in
|
||||||
# System settings and services.
|
# System settings and services.
|
||||||
mySystem = {
|
mySystem = {
|
||||||
purpose = "Production";
|
purpose = "Production";
|
||||||
|
|
||||||
# Containers
|
|
||||||
containers = {
|
|
||||||
plex.enable = true;
|
|
||||||
scrypted.enable = true;
|
|
||||||
jellyfin.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# System
|
|
||||||
system = {
|
system = {
|
||||||
motd.networkInterfaces = [ "enp36s0f0" ];
|
motd.networkInterfaces = [ "enp36s0f0" ];
|
||||||
# Incus
|
# Incus
|
||||||
|
@ -177,7 +160,6 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Services
|
|
||||||
services = {
|
services = {
|
||||||
podman.enable = true;
|
podman.enable = true;
|
||||||
libvirt-qemu.enable = true;
|
libvirt-qemu.enable = true;
|
||||||
|
|
|
@ -1,9 +1,7 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./jellyfin
|
|
||||||
./lego-auto
|
./lego-auto
|
||||||
./plex
|
./plex
|
||||||
./scrutiny
|
./scrutiny
|
||||||
./scrypted
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,144 +0,0 @@
|
||||||
{
|
|
||||||
lib,
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
with lib;
|
|
||||||
let
|
|
||||||
app = "jellyfin";
|
|
||||||
# renovate: depName=ghcr.io/jellyfin/jellyfin datasource=docker
|
|
||||||
version = "10.10.2";
|
|
||||||
image = "ghcr.io/jellyfin/jellyfin:${version}";
|
|
||||||
cfg = config.mySystem.containers.${app};
|
|
||||||
in
|
|
||||||
{
|
|
||||||
# Options
|
|
||||||
options.mySystem.containers.${app} = {
|
|
||||||
enable = mkEnableOption "${app}";
|
|
||||||
# TODO add to homepage
|
|
||||||
# addToHomepage = mkEnableOption "Add ${app} to homepage" // {
|
|
||||||
# default = true;
|
|
||||||
# };
|
|
||||||
openFirewall = mkEnableOption "Open firewall for ${app}" // {
|
|
||||||
default = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Implementation
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
# Systemd service for container
|
|
||||||
systemd.services.${app} = {
|
|
||||||
description = "Jellyfin Media Server";
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
after = [ "network.target" ];
|
|
||||||
|
|
||||||
serviceConfig = {
|
|
||||||
ExecStartPre = "${pkgs.writeShellScript "jellyfin-start-pre" ''
|
|
||||||
set -o errexit
|
|
||||||
set -o nounset
|
|
||||||
set -o pipefail
|
|
||||||
|
|
||||||
podman rm -f ${app} || true
|
|
||||||
rm -f /run/${app}.ctr-id
|
|
||||||
''}";
|
|
||||||
ExecStart = ''
|
|
||||||
${pkgs.podman}/bin/podman run \
|
|
||||||
--rm \
|
|
||||||
--name=${app} \
|
|
||||||
--user=568:568 \
|
|
||||||
--device='nvidia.com/gpu=all' \
|
|
||||||
--log-driver=journald \
|
|
||||||
--cidfile=/run/${app}.ctr-id \
|
|
||||||
--cgroups=no-conmon \
|
|
||||||
--sdnotify=conmon \
|
|
||||||
--volume="/nahar/containers/volumes/jellyfin:/config:rw" \
|
|
||||||
--volume="/moria/media:/media:rw" \
|
|
||||||
--volume="tmpfs:/cache:rw" \
|
|
||||||
--volume="tmpfs:/transcode:rw" \
|
|
||||||
--volume="tmpfs:/tmp:rw" \
|
|
||||||
--env=TZ=America/Chicago \
|
|
||||||
--env=DOTNET_SYSTEM_IO_DISABLEFILELOCKING=true \
|
|
||||||
--env=JELLYFIN_FFmpeg__probesize=50000000 \
|
|
||||||
--env=JELLYFIN_FFmpeg__analyzeduration=50000000 \
|
|
||||||
--env=JELLYFIN_PublishedServerUrl=http://10.1.1.61:8096 \
|
|
||||||
-p 8096:8096 \
|
|
||||||
-p 8920:8920 \
|
|
||||||
-p 1900:1900/udp \
|
|
||||||
-p 7359:7359/udp \
|
|
||||||
${image}
|
|
||||||
'';
|
|
||||||
ExecStop = "${pkgs.podman}/bin/podman stop --ignore --cidfile=/run/${app}.ctr-id";
|
|
||||||
ExecStopPost = "${pkgs.podman}/bin/podman rm --force --ignore --cidfile=/run/${app}.ctr-id";
|
|
||||||
Type = "simple";
|
|
||||||
Restart = "always";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Firewall
|
|
||||||
networking.firewall = mkIf cfg.openFirewall {
|
|
||||||
allowedTCPPorts = [
|
|
||||||
8096 # HTTP web interface
|
|
||||||
8920 # HTTPS web interface
|
|
||||||
];
|
|
||||||
allowedUDPPorts = [
|
|
||||||
1900 # DLNA discovery
|
|
||||||
7359 # Jellyfin auto-discovery
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
# TODO add nginx proxy
|
|
||||||
# services.nginx.virtualHosts."${app}.${config.networking.domain}" = {
|
|
||||||
# useACMEHost = config.networking.domain;
|
|
||||||
# forceSSL = true;
|
|
||||||
# locations."^~ /" = {
|
|
||||||
# proxyPass = "http://${app}:${builtins.toString port}";
|
|
||||||
# extraConfig = "resolver 10.88.0.1;";
|
|
||||||
|
|
||||||
# };
|
|
||||||
# };
|
|
||||||
|
|
||||||
## TODO add to homepage
|
|
||||||
# mySystem.services.homepage.media = mkIf cfg.addToHomepage [
|
|
||||||
# {
|
|
||||||
# Plex = {
|
|
||||||
# icon = "${app}.svg";
|
|
||||||
# href = "https://${app}.${config.mySystem.domain}";
|
|
||||||
|
|
||||||
# description = "Media streaming service";
|
|
||||||
# container = "${app}";
|
|
||||||
# widget = {
|
|
||||||
# type = "tautulli";
|
|
||||||
# url = "https://tautulli.${config.mySystem.domain}";
|
|
||||||
# key = "{{HOMEPAGE_VAR_TAUTULLI__API_KEY}}";
|
|
||||||
# };
|
|
||||||
# };
|
|
||||||
# }
|
|
||||||
# ];
|
|
||||||
|
|
||||||
# TODO add gatus monitor
|
|
||||||
# mySystem.services.gatus.monitors = [
|
|
||||||
# {
|
|
||||||
|
|
||||||
# name = app;
|
|
||||||
# group = "media";
|
|
||||||
# url = "https://${app}.${config.mySystem.domain}/web/";
|
|
||||||
# interval = "1m";
|
|
||||||
# conditions = [
|
|
||||||
# "[CONNECTED] == true"
|
|
||||||
# "[STATUS] == 200"
|
|
||||||
# "[RESPONSE_TIME] < 50"
|
|
||||||
# ];
|
|
||||||
# }
|
|
||||||
# ];
|
|
||||||
|
|
||||||
# TODO add restic backup
|
|
||||||
# services.restic.backups = config.lib.mySystem.mkRestic {
|
|
||||||
# inherit app user;
|
|
||||||
# excludePaths = [ "Backups" ];
|
|
||||||
# paths = [ appFolder ];
|
|
||||||
# inherit appFolder;
|
|
||||||
# };
|
|
||||||
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -7,14 +7,15 @@ with lib;
|
||||||
let
|
let
|
||||||
app = "plex";
|
app = "plex";
|
||||||
# renovate: depName=ghcr.io/onedr0p/plex datasource=docker versioning=loose
|
# renovate: depName=ghcr.io/onedr0p/plex datasource=docker versioning=loose
|
||||||
version = "1.41.2.9200-c6bbc1b53";
|
image = "ghcr.io/onedr0p/plex:1.40.1.8227-c0dd5a73e@sha256:a60bc6352543b4453b117a8f2b89549e458f3ed8960206d2f3501756b6beb519";
|
||||||
image = "ghcr.io/onedr0p/plex:${version}";
|
user = "kah"; # string
|
||||||
|
group = "kah"; # string
|
||||||
port = 32400; # int
|
port = 32400; # int
|
||||||
cfg = config.mySystem.containers.${app};
|
cfg = config.mySystem.services.${app};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
# Options
|
# Options
|
||||||
options.mySystem.containers.${app} = {
|
options.mySystem.services.${app} = {
|
||||||
enable = mkEnableOption "${app}";
|
enable = mkEnableOption "${app}";
|
||||||
# TODO add to homepage
|
# TODO add to homepage
|
||||||
# addToHomepage = mkEnableOption "Add ${app} to homepage" // {
|
# addToHomepage = mkEnableOption "Add ${app} to homepage" // {
|
||||||
|
@ -31,25 +32,17 @@ in
|
||||||
virtualisation.oci-containers.containers.${app} = {
|
virtualisation.oci-containers.containers.${app} = {
|
||||||
image = "${image}";
|
image = "${image}";
|
||||||
user = "568:568";
|
user = "568:568";
|
||||||
|
|
||||||
volumes = [
|
volumes = [
|
||||||
"/nahar/containers/volumes/plex:/config/Library/Application Support/Plex Media Server:rw"
|
"/nahar/containers/volumes/${app}:/config:rw"
|
||||||
"/moria/media:/media:rw"
|
"/moria/media:/media:rw"
|
||||||
"tmpfs:/config/Library/Application Support/Plex Media Server/Logs:rw"
|
# "/eru/backup/apps/plex:/config:rw"
|
||||||
"tmpfs:/tmp:rw"
|
|
||||||
];
|
];
|
||||||
|
|
||||||
extraOptions = [
|
|
||||||
# "--device nvidia.com/gpu=all"
|
|
||||||
];
|
|
||||||
|
|
||||||
environment = {
|
environment = {
|
||||||
TZ = "America/Chicago";
|
TZ = "America/Chicago";
|
||||||
PLEX_ADVERTISE_URL = "https://10.1.1.61:32400";
|
PLEX_ADVERTISE_URL = "https://${app}.hsn.dev";
|
||||||
PLEX_NO_AUTH_NETWORKS = "10.1.1.0/24";
|
PLEX_NO_AUTH_NETWORKS = "10.1.1.0/24";
|
||||||
};
|
};
|
||||||
|
ports = [ "${port}:${port}" ]; # expose port
|
||||||
ports = [ "${toString port}:${toString port}" ]; # expose port
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# Firewall
|
# Firewall
|
||||||
|
|
|
@ -1,137 +0,0 @@
|
||||||
{
|
|
||||||
lib,
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
with lib;
|
|
||||||
let
|
|
||||||
app = "scrypted";
|
|
||||||
# renovate: depName=ghcr.io/koush/scrypted datasource=docker versioning=docker
|
|
||||||
version = "v0.123.30-jammy-nvidia";
|
|
||||||
image = "ghcr.io/koush/scrypted:${version}";
|
|
||||||
cfg = config.mySystem.containers.${app};
|
|
||||||
in
|
|
||||||
{
|
|
||||||
# Options
|
|
||||||
options.mySystem.containers.${app} = {
|
|
||||||
enable = mkEnableOption "${app}";
|
|
||||||
# TODO add to homepage
|
|
||||||
# addToHomepage = mkEnableOption "Add ${app} to homepage" // {
|
|
||||||
# default = true;
|
|
||||||
# };
|
|
||||||
openFirewall = mkEnableOption "Open firewall for ${app}" // {
|
|
||||||
default = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Implementation
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
# Systemd service for container
|
|
||||||
systemd.services.${app} = {
|
|
||||||
description = "Scrypted Home Security";
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
after = [ "network.target" ];
|
|
||||||
|
|
||||||
serviceConfig = {
|
|
||||||
ExecStartPre = "${pkgs.writeShellScript "scrypted-start-pre" ''
|
|
||||||
set -o errexit
|
|
||||||
set -o nounset
|
|
||||||
set -o pipefail
|
|
||||||
|
|
||||||
podman rm -f ${app} || true
|
|
||||||
rm -f /run/${app}.ctr-id
|
|
||||||
''}";
|
|
||||||
ExecStart = ''
|
|
||||||
${pkgs.podman}/bin/podman run \
|
|
||||||
--rm \
|
|
||||||
--name=${app} \
|
|
||||||
--device=/dev/bus/usb \
|
|
||||||
--device='nvidia.com/gpu=all' \
|
|
||||||
--log-driver=journald \
|
|
||||||
--cidfile=/run/${app}.ctr-id \
|
|
||||||
--cgroups=no-conmon \
|
|
||||||
--sdnotify=conmon \
|
|
||||||
--volume="/nahar/containers/volumes/scrypted:/server/volume:rw" \
|
|
||||||
--volume="tmpfs:/.cache:rw" \
|
|
||||||
--volume="tmpfs:/.npm:rw" \
|
|
||||||
--volume="tmpfs:/tmp:rw" \
|
|
||||||
--env=TZ=America/Chicago \
|
|
||||||
--network=host \
|
|
||||||
${image}
|
|
||||||
'';
|
|
||||||
ExecStop = "${pkgs.podman}/bin/podman stop --ignore --cidfile=/run/${app}.ctr-id";
|
|
||||||
ExecStopPost = "${pkgs.podman}/bin/podman rm --force --ignore --cidfile=/run/${app}.ctr-id";
|
|
||||||
Type = "simple";
|
|
||||||
Restart = "always";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Firewall
|
|
||||||
networking.firewall = mkIf cfg.openFirewall {
|
|
||||||
allowedTCPPorts = [
|
|
||||||
11080 # Main Scrypted interface
|
|
||||||
10443 # HTTPS interface
|
|
||||||
8554 # RTSP server
|
|
||||||
];
|
|
||||||
allowedUDPPorts = [
|
|
||||||
10443 # HTTPS interface
|
|
||||||
8554 # RTSP server
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
# TODO add nginx proxy
|
|
||||||
# services.nginx.virtualHosts."${app}.${config.networking.domain}" = {
|
|
||||||
# useACMEHost = config.networking.domain;
|
|
||||||
# forceSSL = true;
|
|
||||||
# locations."^~ /" = {
|
|
||||||
# proxyPass = "http://${app}:${builtins.toString port}";
|
|
||||||
# extraConfig = "resolver 10.88.0.1;";
|
|
||||||
|
|
||||||
# };
|
|
||||||
# };
|
|
||||||
|
|
||||||
## TODO add to homepage
|
|
||||||
# mySystem.services.homepage.media = mkIf cfg.addToHomepage [
|
|
||||||
# {
|
|
||||||
# Plex = {
|
|
||||||
# icon = "${app}.svg";
|
|
||||||
# href = "https://${app}.${config.mySystem.domain}";
|
|
||||||
|
|
||||||
# description = "Media streaming service";
|
|
||||||
# container = "${app}";
|
|
||||||
# widget = {
|
|
||||||
# type = "tautulli";
|
|
||||||
# url = "https://tautulli.${config.mySystem.domain}";
|
|
||||||
# key = "{{HOMEPAGE_VAR_TAUTULLI__API_KEY}}";
|
|
||||||
# };
|
|
||||||
# };
|
|
||||||
# }
|
|
||||||
# ];
|
|
||||||
|
|
||||||
# TODO add gatus monitor
|
|
||||||
# mySystem.services.gatus.monitors = [
|
|
||||||
# {
|
|
||||||
|
|
||||||
# name = app;
|
|
||||||
# group = "media";
|
|
||||||
# url = "https://${app}.${config.mySystem.domain}/web/";
|
|
||||||
# interval = "1m";
|
|
||||||
# conditions = [
|
|
||||||
# "[CONNECTED] == true"
|
|
||||||
# "[STATUS] == 200"
|
|
||||||
# "[RESPONSE_TIME] < 50"
|
|
||||||
# ];
|
|
||||||
# }
|
|
||||||
# ];
|
|
||||||
|
|
||||||
# TODO add restic backup
|
|
||||||
# services.restic.backups = config.lib.mySystem.mkRestic {
|
|
||||||
# inherit app user;
|
|
||||||
# excludePaths = [ "Backups" ];
|
|
||||||
# paths = [ appFolder ];
|
|
||||||
# inherit appFolder;
|
|
||||||
# };
|
|
||||||
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,7 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
set -o errexit
|
|
||||||
set -o nounset
|
|
||||||
set -o pipefail
|
|
||||||
|
|
||||||
podman rm -f scrypted || true
|
|
||||||
rm -f /run/scrypted.ctr-id
|
|
|
@ -31,6 +31,7 @@ with lib;
|
||||||
nixos.enable = mkDefault false;
|
nixos.enable = mkDefault false;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sound.enable = false;
|
||||||
hardware.pulseaudio.enable = false;
|
hardware.pulseaudio.enable = false;
|
||||||
|
|
||||||
services.udisks2.enable = mkDefault false;
|
services.udisks2.enable = mkDefault false;
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||||
"extends": ["config:recommended"],
|
"extends": ["config:recommended", "docker:pinDigests"],
|
||||||
"nix": {
|
"nix": {
|
||||||
"enabled": true
|
"enabled": true
|
||||||
},
|
},
|
||||||
|
|
|
@ -6,11 +6,6 @@ in
|
||||||
pkgs.mkShell {
|
pkgs.mkShell {
|
||||||
# Enable experimental features without having to specify the argument
|
# Enable experimental features without having to specify the argument
|
||||||
NIX_CONFIG = "experimental-features = nix-command flakes";
|
NIX_CONFIG = "experimental-features = nix-command flakes";
|
||||||
shellHook = ''
|
|
||||||
export TMP=$(mktemp -d "/tmp/nix-shell-XXXXXX")
|
|
||||||
export TEMP=$TMP
|
|
||||||
export TMPDIR=$TMP
|
|
||||||
'';
|
|
||||||
|
|
||||||
nativeBuildInputs = with pkgs; [
|
nativeBuildInputs = with pkgs; [
|
||||||
cachix
|
cachix
|
||||||
|
|
Loading…
Reference in a new issue