Compare commits

...

19 commits

Author SHA1 Message Date
5a13735bc1 Update nixpkgs to nixos-24.11 2024-11-22 21:33:52 +00:00
a2480da0b9
added nvidia to scrypted and jellyfin correctly
All checks were successful
Build / nix-build (native-x86_64, telperion) (push) Successful in 3m39s
Build / nix-build (native-x86_64, gandalf) (push) Successful in 7m17s
Build / nix-build (native-x86_64, shadowfax) (push) Successful in 9m7s
2024-11-22 15:11:00 -06:00
6824855094
this is not how it works? 2024-11-22 11:15:01 -06:00
14975aa509
advertise & noauth for plex 2024-11-22 06:29:08 -06:00
8ef09cc9e6
until I have the right config 2024-11-21 23:11:27 -06:00
afc6e7c94c
correct podman device 2024-11-21 17:51:59 -06:00
46c4752395
add nvidia runtime 2024-11-21 17:44:51 -06:00
88f7106962
revert graphics to 24.05 style 2024-11-21 17:26:28 -06:00
d72aca1621
revert until flake is fixed 2024-11-21 17:24:31 -06:00
ee32975604
update to 24.11
Some checks failed
Build / nix-build (native-x86_64, gandalf) (push) Failing after 1m34s
Build / nix-build (native-x86_64, telperion) (push) Successful in 4m50s
Build / nix-build (native-x86_64, shadowfax) (push) Failing after 6m52s
2024-11-21 17:05:38 -06:00
eafcd7412a
add plex jellyfin and scrypted 2024-11-21 17:05:29 -06:00
cd64a74160
can't do it -- needs to be static 2024-11-19 22:12:03 -06:00
81607cd8ff
change sops path 2024-11-19 21:18:13 -06:00
f40e2fbee2
add barebones plex 2024-11-19 21:11:07 -06:00
a5ce6a01dd
fedora jank 2024-11-19 18:14:25 -06:00
349e0a357b
sick of pins, will revist 2024-11-19 17:23:19 -06:00
1a9f2c8fb0 Merge pull request 'Update ghcr.io/onedr0p/plex Docker tag to v1.41.2.9200-c6bbc1b53' (#51) from renovate/ghcr.io-onedr0p-plex-1.x into main
Reviewed-on: #51
2024-11-19 16:57:36 -06:00
3558557526 Update ghcr.io/onedr0p/plex Docker tag to v1.41.2.9200-c6bbc1b53 2024-11-19 22:53:09 +00:00
b75bce55d4
working with pins 2024-11-19 16:49:06 -06:00
13 changed files with 377 additions and 70 deletions

View file

@ -35,5 +35,6 @@
}, },
"[jsonc]": { "[jsonc]": {
"editor.defaultFormatter": "esbenp.prettier-vscode" "editor.defaultFormatter": "esbenp.prettier-vscode"
} },
"sops.binPath": "/home/jahanson/.nix-profile/bin/sops"
} }

View file

@ -24,11 +24,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731549112, "lastModified": 1732221404,
"narHash": "sha256-c9I3i1CwZ10SoM5npQQVnfwgvB86jAS3lT4ZqkRoSOI=", "narHash": "sha256-fWTyjgGt+BHmkeJ5IxOR4zGF4/uc+ceWmhBjOBSVkgQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "5fd852c4155a689098095406500d0ae3d04654a8", "rev": "97c0c4d7072f19b598ed332e9f7f8ad562c6885b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -98,11 +98,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1727826117, "lastModified": 1730504689,
"narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", "rev": "506278e768c2a08bec68eb62932193e341f55c90",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -359,11 +359,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731593150, "lastModified": 1731814505,
"narHash": "sha256-FvksinoI2Y6kuwH+cKBu1oDA8uPGfoRqgtQV6O8GDc4=", "narHash": "sha256-l9ryrx1Twh08a+gxrMGM9O/aZKEimZfa6sZVyPCImgI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "40d882b55e89add1ded379cc99edaab24983d6d9", "rev": "bdba246946fb079b87b4cada4df9b1cdf1c06132",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -403,11 +403,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731548755, "lastModified": 1732153840,
"narHash": "sha256-kFg3S67OaYWI1SQ0tcmsPIC4PXtq7Av8AJcyf21ZxDE=", "narHash": "sha256-lt8Gdx6TNheby/9lRNE1GMP3vkdpLaXmyHQk+ZvYNAY=",
"owner": "Infinidoge", "owner": "Infinidoge",
"repo": "nix-minecraft", "repo": "nix-minecraft",
"rev": "e6f7090175ae5183d84adb6192f115d8f859beaa", "rev": "8325d463c1c424f2e6edeef2010c0d902a37b3d3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -425,11 +425,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731548914, "lastModified": 1732153985,
"narHash": "sha256-UtYkHq8OdZcz2Q/r7gh+3HFGVgX9AFfYDrMjAVO6sj4=", "narHash": "sha256-libOsvOEQjHhlNEVPuG+i4OY5NyO301RZCxYovsVtrc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-vscode-extensions", "repo": "nix-vscode-extensions",
"rev": "00e11784c89ecd236ff045acd7a447e0fe5b80df", "rev": "c53c9d319e51deb97fb9a82001952c4efa74cba7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -440,11 +440,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1731403644, "lastModified": 1731797098,
"narHash": "sha256-T9V7CTucjRZ4Qc6pUEV/kpgNGzQbHWfGcfK6JJLfUeI=", "narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "f6581f1c3b137086e42a08a906bdada63045f991", "rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -456,30 +456,30 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1731386116, "lastModified": 1731755305,
"narHash": "sha256-lKA770aUmjPHdTaJWnP3yQ9OI1TigenUqVC3wweqZuI=", "narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "689fed12a013f56d4c4d3f612489634267d86529", "rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-24.05", "ref": "nixos-24.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1727825735, "lastModified": 1730504152,
"narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=", "narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=",
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz"
} }
}, },
"nixpkgs-ovmf": { "nixpkgs-ovmf": {
@ -498,29 +498,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": {
"locked": {
"lastModified": 1730602179,
"narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1731319897, "lastModified": 1732014248,
"narHash": "sha256-PbABj4tnbWFMfBp6OcUK5iGy1QY+/Z96ZcLpooIbuEI=", "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "dc460ec76cbff0e66e269457d7b728432263166c", "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -568,11 +552,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1731695757, "lastModified": 1732220928,
"narHash": "sha256-w+bGxRbZpWc6SyBbtjW2ci2fw1zk0udTjFpQW0g0Pc8=", "narHash": "sha256-OOFqnjTax0132/mBsRpVD1QTMlZUCbVexKgKUVUxJNg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "6e17acc00a48253a4d25e5ee4e6c215b8950c039", "rev": "8439fca0da7f67b331edcca08eb2a47249be72f4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -730,15 +714,14 @@
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ]
"nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1731364708, "lastModified": 1732186149,
"narHash": "sha256-HC0anOL+KmUQ2hdRl0AtunbAckasxrkn4VLmxbW/WaA=", "narHash": "sha256-N9JGWe/T8BC0Tss2Cv30plvZUYoiRmykP7ZdY2on2b0=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "4c91d52db103e757fc25b58998b0576ae702d659", "rev": "53c853fb1a7e4f25f68805ee25c83d5de18dc699",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -830,11 +813,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731662473, "lastModified": 1732161983,
"narHash": "sha256-A/iTgV5uVTfRPCZ/V0UmZ10LSC0rznvN0hGDL7tEYss=", "narHash": "sha256-HnM+3Dv/p4awf0zXffPpcg/v4RywuKiN4yA2t7W1CxE=",
"owner": "budimanjojo", "owner": "budimanjojo",
"repo": "talhelper", "repo": "talhelper",
"rev": "48cc0b637e0252f5b335ffa33593bddad7bacfee", "rev": "94487e8cc82617dc9be8b50de94edd33ce1e56ad",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -3,7 +3,7 @@
inputs = { inputs = {
# Nixpkgs and unstable # Nixpkgs and unstable
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
# Lix - Substitution of the Nix package manager, focused on correctness, usability, and growth and committed to doing right by its community. # Lix - Substitution of the Nix package manager, focused on correctness, usability, and growth and committed to doing right by its community.

View file

@ -94,6 +94,10 @@ with config;
# nix tools # nix tools
nvd nvd
# backup tools
unstable.rclone
unstable.restic
]; ];
}; };
}; };

View file

@ -28,7 +28,14 @@ in
swapDevices = [ ]; swapDevices = [ ];
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware = {
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nvidia.open = true;
# TODO: Swap these once I switch to 24.11
# graphics.enable = true;
opengl.enable = true;
nvidia-container-toolkit.enable = true;
};
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos"
@ -79,6 +86,7 @@ in
}; };
services = { services = {
xserver.videoDrivers = [ "nvidia" ];
# Minecraft # Minecraft
minecraft-servers = { minecraft-servers = {
@ -134,6 +142,15 @@ in
# System settings and services. # System settings and services.
mySystem = { mySystem = {
purpose = "Production"; purpose = "Production";
# Containers
containers = {
plex.enable = true;
scrypted.enable = true;
jellyfin.enable = true;
};
# System
system = { system = {
motd.networkInterfaces = [ "enp36s0f0" ]; motd.networkInterfaces = [ "enp36s0f0" ];
# Incus # Incus
@ -160,6 +177,7 @@ in
}; };
}; };
# Services
services = { services = {
podman.enable = true; podman.enable = true;
libvirt-qemu.enable = true; libvirt-qemu.enable = true;

View file

@ -1,7 +1,9 @@
{ {
imports = [ imports = [
./jellyfin
./lego-auto ./lego-auto
./plex ./plex
./scrutiny ./scrutiny
./scrypted
]; ];
} }

View file

@ -0,0 +1,144 @@
{
lib,
config,
pkgs,
...
}:
with lib;
let
app = "jellyfin";
# renovate: depName=ghcr.io/jellyfin/jellyfin datasource=docker
version = "10.10.2";
image = "ghcr.io/jellyfin/jellyfin:${version}";
cfg = config.mySystem.containers.${app};
in
{
# Options
options.mySystem.containers.${app} = {
enable = mkEnableOption "${app}";
# TODO add to homepage
# addToHomepage = mkEnableOption "Add ${app} to homepage" // {
# default = true;
# };
openFirewall = mkEnableOption "Open firewall for ${app}" // {
default = true;
};
};
# Implementation
config = mkIf cfg.enable {
# Systemd service for container
systemd.services.${app} = {
description = "Jellyfin Media Server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStartPre = "${pkgs.writeShellScript "jellyfin-start-pre" ''
set -o errexit
set -o nounset
set -o pipefail
podman rm -f ${app} || true
rm -f /run/${app}.ctr-id
''}";
ExecStart = ''
${pkgs.podman}/bin/podman run \
--rm \
--name=${app} \
--user=568:568 \
--device='nvidia.com/gpu=all' \
--log-driver=journald \
--cidfile=/run/${app}.ctr-id \
--cgroups=no-conmon \
--sdnotify=conmon \
--volume="/nahar/containers/volumes/jellyfin:/config:rw" \
--volume="/moria/media:/media:rw" \
--volume="tmpfs:/cache:rw" \
--volume="tmpfs:/transcode:rw" \
--volume="tmpfs:/tmp:rw" \
--env=TZ=America/Chicago \
--env=DOTNET_SYSTEM_IO_DISABLEFILELOCKING=true \
--env=JELLYFIN_FFmpeg__probesize=50000000 \
--env=JELLYFIN_FFmpeg__analyzeduration=50000000 \
--env=JELLYFIN_PublishedServerUrl=http://10.1.1.61:8096 \
-p 8096:8096 \
-p 8920:8920 \
-p 1900:1900/udp \
-p 7359:7359/udp \
${image}
'';
ExecStop = "${pkgs.podman}/bin/podman stop --ignore --cidfile=/run/${app}.ctr-id";
ExecStopPost = "${pkgs.podman}/bin/podman rm --force --ignore --cidfile=/run/${app}.ctr-id";
Type = "simple";
Restart = "always";
};
};
# Firewall
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [
8096 # HTTP web interface
8920 # HTTPS web interface
];
allowedUDPPorts = [
1900 # DLNA discovery
7359 # Jellyfin auto-discovery
];
};
# TODO add nginx proxy
# services.nginx.virtualHosts."${app}.${config.networking.domain}" = {
# useACMEHost = config.networking.domain;
# forceSSL = true;
# locations."^~ /" = {
# proxyPass = "http://${app}:${builtins.toString port}";
# extraConfig = "resolver 10.88.0.1;";
# };
# };
## TODO add to homepage
# mySystem.services.homepage.media = mkIf cfg.addToHomepage [
# {
# Plex = {
# icon = "${app}.svg";
# href = "https://${app}.${config.mySystem.domain}";
# description = "Media streaming service";
# container = "${app}";
# widget = {
# type = "tautulli";
# url = "https://tautulli.${config.mySystem.domain}";
# key = "{{HOMEPAGE_VAR_TAUTULLI__API_KEY}}";
# };
# };
# }
# ];
# TODO add gatus monitor
# mySystem.services.gatus.monitors = [
# {
# name = app;
# group = "media";
# url = "https://${app}.${config.mySystem.domain}/web/";
# interval = "1m";
# conditions = [
# "[CONNECTED] == true"
# "[STATUS] == 200"
# "[RESPONSE_TIME] < 50"
# ];
# }
# ];
# TODO add restic backup
# services.restic.backups = config.lib.mySystem.mkRestic {
# inherit app user;
# excludePaths = [ "Backups" ];
# paths = [ appFolder ];
# inherit appFolder;
# };
};
}

View file

@ -7,15 +7,14 @@ with lib;
let let
app = "plex"; app = "plex";
# renovate: depName=ghcr.io/onedr0p/plex datasource=docker versioning=loose # renovate: depName=ghcr.io/onedr0p/plex datasource=docker versioning=loose
image = "ghcr.io/onedr0p/plex:1.40.1.8227-c0dd5a73e@sha256:a60bc6352543b4453b117a8f2b89549e458f3ed8960206d2f3501756b6beb519"; version = "1.41.2.9200-c6bbc1b53";
user = "kah"; # string image = "ghcr.io/onedr0p/plex:${version}";
group = "kah"; # string
port = 32400; # int port = 32400; # int
cfg = config.mySystem.services.${app}; cfg = config.mySystem.containers.${app};
in in
{ {
# Options # Options
options.mySystem.services.${app} = { options.mySystem.containers.${app} = {
enable = mkEnableOption "${app}"; enable = mkEnableOption "${app}";
# TODO add to homepage # TODO add to homepage
# addToHomepage = mkEnableOption "Add ${app} to homepage" // { # addToHomepage = mkEnableOption "Add ${app} to homepage" // {
@ -32,17 +31,25 @@ in
virtualisation.oci-containers.containers.${app} = { virtualisation.oci-containers.containers.${app} = {
image = "${image}"; image = "${image}";
user = "568:568"; user = "568:568";
volumes = [ volumes = [
"/nahar/containers/volumes/${app}:/config:rw" "/nahar/containers/volumes/plex:/config/Library/Application Support/Plex Media Server:rw"
"/moria/media:/media:rw" "/moria/media:/media:rw"
# "/eru/backup/apps/plex:/config:rw" "tmpfs:/config/Library/Application Support/Plex Media Server/Logs:rw"
"tmpfs:/tmp:rw"
]; ];
extraOptions = [
# "--device nvidia.com/gpu=all"
];
environment = { environment = {
TZ = "America/Chicago"; TZ = "America/Chicago";
PLEX_ADVERTISE_URL = "https://${app}.hsn.dev"; PLEX_ADVERTISE_URL = "https://10.1.1.61:32400";
PLEX_NO_AUTH_NETWORKS = "10.1.1.0/24"; PLEX_NO_AUTH_NETWORKS = "10.1.1.0/24";
}; };
ports = [ "${port}:${port}" ]; # expose port
ports = [ "${toString port}:${toString port}" ]; # expose port
}; };
# Firewall # Firewall

View file

@ -0,0 +1,137 @@
{
lib,
config,
pkgs,
...
}:
with lib;
let
app = "scrypted";
# renovate: depName=ghcr.io/koush/scrypted datasource=docker versioning=docker
version = "v0.123.30-jammy-nvidia";
image = "ghcr.io/koush/scrypted:${version}";
cfg = config.mySystem.containers.${app};
in
{
# Options
options.mySystem.containers.${app} = {
enable = mkEnableOption "${app}";
# TODO add to homepage
# addToHomepage = mkEnableOption "Add ${app} to homepage" // {
# default = true;
# };
openFirewall = mkEnableOption "Open firewall for ${app}" // {
default = true;
};
};
# Implementation
config = mkIf cfg.enable {
# Systemd service for container
systemd.services.${app} = {
description = "Scrypted Home Security";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStartPre = "${pkgs.writeShellScript "scrypted-start-pre" ''
set -o errexit
set -o nounset
set -o pipefail
podman rm -f ${app} || true
rm -f /run/${app}.ctr-id
''}";
ExecStart = ''
${pkgs.podman}/bin/podman run \
--rm \
--name=${app} \
--device=/dev/bus/usb \
--device='nvidia.com/gpu=all' \
--log-driver=journald \
--cidfile=/run/${app}.ctr-id \
--cgroups=no-conmon \
--sdnotify=conmon \
--volume="/nahar/containers/volumes/scrypted:/server/volume:rw" \
--volume="tmpfs:/.cache:rw" \
--volume="tmpfs:/.npm:rw" \
--volume="tmpfs:/tmp:rw" \
--env=TZ=America/Chicago \
--network=host \
${image}
'';
ExecStop = "${pkgs.podman}/bin/podman stop --ignore --cidfile=/run/${app}.ctr-id";
ExecStopPost = "${pkgs.podman}/bin/podman rm --force --ignore --cidfile=/run/${app}.ctr-id";
Type = "simple";
Restart = "always";
};
};
# Firewall
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [
11080 # Main Scrypted interface
10443 # HTTPS interface
8554 # RTSP server
];
allowedUDPPorts = [
10443 # HTTPS interface
8554 # RTSP server
];
};
# TODO add nginx proxy
# services.nginx.virtualHosts."${app}.${config.networking.domain}" = {
# useACMEHost = config.networking.domain;
# forceSSL = true;
# locations."^~ /" = {
# proxyPass = "http://${app}:${builtins.toString port}";
# extraConfig = "resolver 10.88.0.1;";
# };
# };
## TODO add to homepage
# mySystem.services.homepage.media = mkIf cfg.addToHomepage [
# {
# Plex = {
# icon = "${app}.svg";
# href = "https://${app}.${config.mySystem.domain}";
# description = "Media streaming service";
# container = "${app}";
# widget = {
# type = "tautulli";
# url = "https://tautulli.${config.mySystem.domain}";
# key = "{{HOMEPAGE_VAR_TAUTULLI__API_KEY}}";
# };
# };
# }
# ];
# TODO add gatus monitor
# mySystem.services.gatus.monitors = [
# {
# name = app;
# group = "media";
# url = "https://${app}.${config.mySystem.domain}/web/";
# interval = "1m";
# conditions = [
# "[CONNECTED] == true"
# "[STATUS] == 200"
# "[RESPONSE_TIME] < 50"
# ];
# }
# ];
# TODO add restic backup
# services.restic.backups = config.lib.mySystem.mkRestic {
# inherit app user;
# excludePaths = [ "Backups" ];
# paths = [ appFolder ];
# inherit appFolder;
# };
};
}

View file

@ -0,0 +1,7 @@
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
podman rm -f scrypted || true
rm -f /run/scrypted.ctr-id

View file

@ -31,7 +31,6 @@ with lib;
nixos.enable = mkDefault false; nixos.enable = mkDefault false;
}; };
sound.enable = false;
hardware.pulseaudio.enable = false; hardware.pulseaudio.enable = false;
services.udisks2.enable = mkDefault false; services.udisks2.enable = mkDefault false;

View file

@ -1,6 +1,6 @@
{ {
"$schema": "https://docs.renovatebot.com/renovate-schema.json", "$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["config:recommended", "docker:pinDigests"], "extends": ["config:recommended"],
"nix": { "nix": {
"enabled": true "enabled": true
}, },

View file

@ -6,6 +6,11 @@ in
pkgs.mkShell { pkgs.mkShell {
# Enable experimental features without having to specify the argument # Enable experimental features without having to specify the argument
NIX_CONFIG = "experimental-features = nix-command flakes"; NIX_CONFIG = "experimental-features = nix-command flakes";
shellHook = ''
export TMP=$(mktemp -d "/tmp/nix-shell-XXXXXX")
export TEMP=$TMP
export TMPDIR=$TMP
'';
nativeBuildInputs = with pkgs; [ nativeBuildInputs = with pkgs; [
cachix cachix