Compare commits

..

1 commit

5 changed files with 60 additions and 115 deletions

View file

@ -223,16 +223,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1726989464, "lastModified": 1731880681,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "narHash": "sha256-FmYTkIyPBUxSWgA7DPIVTsCCMvSSbs56yOtHpLNSnKg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "rev": "aecd341dfead1c3ef7a3c15468ecd71e8343b7c6",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-24.05", "ref": "release-24.11",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
@ -456,16 +456,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1731797254, "lastModified": 1731755305,
"narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=", "narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59", "rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-24.05", "ref": "nixos-24.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }

View file

@ -1,7 +1,6 @@
{ {
lib, lib,
config, config,
pkgs,
... ...
}: }:
with lib; with lib;
@ -10,6 +9,7 @@ let
# renovate: depName=ghcr.io/jellyfin/jellyfin datasource=docker # renovate: depName=ghcr.io/jellyfin/jellyfin datasource=docker
version = "10.10.3"; version = "10.10.3";
image = "ghcr.io/jellyfin/jellyfin:${version}"; image = "ghcr.io/jellyfin/jellyfin:${version}";
port = 8096; # int
cfg = config.mySystem.containers.${app}; cfg = config.mySystem.containers.${app};
in in
{ {
@ -27,64 +27,37 @@ in
# Implementation # Implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
# Systemd service for container # Container
systemd.services.${app} = { virtualisation.oci-containers.containers.${app} = {
description = "Jellyfin Media Server"; image = "${image}";
wantedBy = [ "multi-user.target" ]; user = "568:568";
after = [ "network.target" ];
serviceConfig = { volumes = [
ExecStartPre = "${pkgs.writeShellScript "jellyfin-start-pre" '' "/nahar/containers/volumes/jellyfin:/config:rw"
set -o errexit "/moria/media:/media:rw"
set -o nounset "tmpfs:/cache:rw"
set -o pipefail "tmpfs:/transcode:rw"
"tmpfs:/tmp:rw"
];
podman rm -f ${app} || true environment = {
rm -f /run/${app}.ctr-id TZ = "America/Chicago";
''}"; DOTNET_SYSTEM_IO_DISABLEFILELOCKING = "true";
ExecStart = '' JELLYFIN_FFmpeg__probesize = "50000000";
${pkgs.podman}/bin/podman run \ JELLYFIN_FFmpeg__analyzeduration = "50000000";
--rm \
--name=${app} \
--user=568:568 \
--device='nvidia.com/gpu=all' \
--log-driver=journald \
--cidfile=/run/${app}.ctr-id \
--cgroups=no-conmon \
--sdnotify=conmon \
--volume="/nahar/containers/volumes/jellyfin:/config:rw" \
--volume="/moria/media:/media:rw" \
--volume="tmpfs:/cache:rw" \
--volume="tmpfs:/transcode:rw" \
--volume="tmpfs:/tmp:rw" \
--env=TZ=America/Chicago \
--env=DOTNET_SYSTEM_IO_DISABLEFILELOCKING=true \
--env=JELLYFIN_FFmpeg__probesize=50000000 \
--env=JELLYFIN_FFmpeg__analyzeduration=50000000 \
--env=JELLYFIN_PublishedServerUrl=http://10.1.1.61:8096 \
-p 8096:8096 \
-p 8920:8920 \
-p 1900:1900/udp \
-p 7359:7359/udp \
${image}
'';
ExecStop = "${pkgs.podman}/bin/podman stop --ignore --cidfile=/run/${app}.ctr-id";
ExecStopPost = "${pkgs.podman}/bin/podman rm --force --ignore --cidfile=/run/${app}.ctr-id";
Type = "simple";
Restart = "always";
}; };
ports = [ "${toString port}:${toString port}" ]; # expose port
extraOptions = [
"--device nvidia.com/gpu=all"
];
}; };
# Firewall # Firewall
networking.firewall = mkIf cfg.openFirewall { networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ allowedTCPPorts = [ port ];
8096 # HTTP web interface allowedUDPPorts = [ port ];
8920 # HTTPS web interface
];
allowedUDPPorts = [
1900 # DLNA discovery
7359 # Jellyfin auto-discovery
];
}; };
# TODO add nginx proxy # TODO add nginx proxy

View file

@ -40,13 +40,13 @@ in
]; ];
extraOptions = [ extraOptions = [
# "--device nvidia.com/gpu=all" "--device nvidia.com/gpu=all"
]; ];
environment = { environment = {
TZ = "America/Chicago"; TZ = "America/Chicago";
PLEX_ADVERTISE_URL = "https://10.1.1.61:32400"; # PLEX_ADVERTISE_URL = "https://${app}.hsn.dev";
PLEX_NO_AUTH_NETWORKS = "10.1.1.0/24"; PLEX_NO_AUTH_NETWORKS = "10.1.1.0/24,10.1.2.0/24";
}; };
ports = [ "${toString port}:${toString port}" ]; # expose port ports = [ "${toString port}:${toString port}" ]; # expose port

View file

@ -1,7 +1,6 @@
{ {
lib, lib,
config, config,
pkgs,
... ...
}: }:
with lib; with lib;
@ -10,6 +9,7 @@ let
# renovate: depName=ghcr.io/koush/scrypted datasource=docker versioning=docker # renovate: depName=ghcr.io/koush/scrypted datasource=docker versioning=docker
version = "v0.123.30-jammy-nvidia"; version = "v0.123.30-jammy-nvidia";
image = "ghcr.io/koush/scrypted:${version}"; image = "ghcr.io/koush/scrypted:${version}";
port = 11080; # int
cfg = config.mySystem.containers.${app}; cfg = config.mySystem.containers.${app};
in in
{ {
@ -27,57 +27,36 @@ in
# Implementation # Implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
# Systemd service for container # Container
systemd.services.${app} = { virtualisation.oci-containers.containers.${app} = {
description = "Scrypted Home Security"; image = "${image}";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = { volumes = [
ExecStartPre = "${pkgs.writeShellScript "scrypted-start-pre" '' "/nahar/containers/volumes/scrypted:/server/volume:rw"
set -o errexit # "/nahar/scrypted:/recordings:rw"
set -o nounset "tmpfs:/.cache:rw"
set -o pipefail "tmpfs:/.npm:rw"
"tmpfs:/tmp:rw"
];
podman rm -f ${app} || true extraOptions = [
rm -f /run/${app}.ctr-id # all usb devices, such as coral tpu
''}"; "--device=/dev/bus/usb"
ExecStart = '' "--network=host"
${pkgs.podman}/bin/podman run \ "--device nvidia.com/gpu=all"
--rm \ ];
--name=${app} \
--device=/dev/bus/usb \ environment = {
--device='nvidia.com/gpu=all' \ TZ = "America/Chicago";
--log-driver=journald \
--cidfile=/run/${app}.ctr-id \
--cgroups=no-conmon \
--sdnotify=conmon \
--volume="/nahar/containers/volumes/scrypted:/server/volume:rw" \
--volume="tmpfs:/.cache:rw" \
--volume="tmpfs:/.npm:rw" \
--volume="tmpfs:/tmp:rw" \
--env=TZ=America/Chicago \
--network=host \
${image}
'';
ExecStop = "${pkgs.podman}/bin/podman stop --ignore --cidfile=/run/${app}.ctr-id";
ExecStopPost = "${pkgs.podman}/bin/podman rm --force --ignore --cidfile=/run/${app}.ctr-id";
Type = "simple";
Restart = "always";
}; };
ports = [ "${toString port}:${toString port}" ]; # expose port
}; };
# Firewall # Firewall
networking.firewall = mkIf cfg.openFirewall { networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ allowedTCPPorts = [ port ];
11080 # Main Scrypted interface allowedUDPPorts = [ port ];
10443 # HTTPS interface
8554 # RTSP server
];
allowedUDPPorts = [
10443 # HTTPS interface
8554 # RTSP server
];
}; };
# TODO add nginx proxy # TODO add nginx proxy

View file

@ -1,7 +0,0 @@
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
podman rm -f scrypted || true
rm -f /run/scrypted.ctr-id