Compare commits
4 commits
8114f3695b
...
b8070672ae
Author | SHA1 | Date | |
---|---|---|---|
b8070672ae | |||
a2480da0b9 | |||
6824855094 | |||
14975aa509 |
5 changed files with 116 additions and 61 deletions
16
flake.lock
16
flake.lock
|
@ -223,16 +223,16 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731880681,
|
"lastModified": 1726989464,
|
||||||
"narHash": "sha256-FmYTkIyPBUxSWgA7DPIVTsCCMvSSbs56yOtHpLNSnKg=",
|
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "aecd341dfead1c3ef7a3c15468ecd71e8343b7c6",
|
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"ref": "release-24.11",
|
"ref": "release-24.05",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
@ -456,16 +456,16 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731755305,
|
"lastModified": 1731797254,
|
||||||
"narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=",
|
"narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4",
|
"rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"ref": "nixos-24.11",
|
"ref": "nixos-24.05",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
{
|
{
|
||||||
lib,
|
lib,
|
||||||
config,
|
config,
|
||||||
|
pkgs,
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
|
@ -9,7 +10,6 @@ let
|
||||||
# renovate: depName=ghcr.io/jellyfin/jellyfin datasource=docker
|
# renovate: depName=ghcr.io/jellyfin/jellyfin datasource=docker
|
||||||
version = "10.10.2";
|
version = "10.10.2";
|
||||||
image = "ghcr.io/jellyfin/jellyfin:${version}";
|
image = "ghcr.io/jellyfin/jellyfin:${version}";
|
||||||
port = 8096; # int
|
|
||||||
cfg = config.mySystem.containers.${app};
|
cfg = config.mySystem.containers.${app};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
@ -27,37 +27,64 @@ in
|
||||||
|
|
||||||
# Implementation
|
# Implementation
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
# Container
|
# Systemd service for container
|
||||||
virtualisation.oci-containers.containers.${app} = {
|
systemd.services.${app} = {
|
||||||
image = "${image}";
|
description = "Jellyfin Media Server";
|
||||||
user = "568:568";
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network.target" ];
|
||||||
|
|
||||||
volumes = [
|
serviceConfig = {
|
||||||
"/nahar/containers/volumes/jellyfin:/config:rw"
|
ExecStartPre = "${pkgs.writeShellScript "jellyfin-start-pre" ''
|
||||||
"/moria/media:/media:rw"
|
set -o errexit
|
||||||
"tmpfs:/cache:rw"
|
set -o nounset
|
||||||
"tmpfs:/transcode:rw"
|
set -o pipefail
|
||||||
"tmpfs:/tmp:rw"
|
|
||||||
];
|
|
||||||
|
|
||||||
environment = {
|
podman rm -f ${app} || true
|
||||||
TZ = "America/Chicago";
|
rm -f /run/${app}.ctr-id
|
||||||
DOTNET_SYSTEM_IO_DISABLEFILELOCKING = "true";
|
''}";
|
||||||
JELLYFIN_FFmpeg__probesize = "50000000";
|
ExecStart = ''
|
||||||
JELLYFIN_FFmpeg__analyzeduration = "50000000";
|
${pkgs.podman}/bin/podman run \
|
||||||
|
--rm \
|
||||||
|
--name=${app} \
|
||||||
|
--user=568:568 \
|
||||||
|
--device='nvidia.com/gpu=all' \
|
||||||
|
--log-driver=journald \
|
||||||
|
--cidfile=/run/${app}.ctr-id \
|
||||||
|
--cgroups=no-conmon \
|
||||||
|
--sdnotify=conmon \
|
||||||
|
--volume="/nahar/containers/volumes/jellyfin:/config:rw" \
|
||||||
|
--volume="/moria/media:/media:rw" \
|
||||||
|
--volume="tmpfs:/cache:rw" \
|
||||||
|
--volume="tmpfs:/transcode:rw" \
|
||||||
|
--volume="tmpfs:/tmp:rw" \
|
||||||
|
--env=TZ=America/Chicago \
|
||||||
|
--env=DOTNET_SYSTEM_IO_DISABLEFILELOCKING=true \
|
||||||
|
--env=JELLYFIN_FFmpeg__probesize=50000000 \
|
||||||
|
--env=JELLYFIN_FFmpeg__analyzeduration=50000000 \
|
||||||
|
--env=JELLYFIN_PublishedServerUrl=http://10.1.1.61:8096 \
|
||||||
|
-p 8096:8096 \
|
||||||
|
-p 8920:8920 \
|
||||||
|
-p 1900:1900/udp \
|
||||||
|
-p 7359:7359/udp \
|
||||||
|
${image}
|
||||||
|
'';
|
||||||
|
ExecStop = "${pkgs.podman}/bin/podman stop --ignore --cidfile=/run/${app}.ctr-id";
|
||||||
|
ExecStopPost = "${pkgs.podman}/bin/podman rm --force --ignore --cidfile=/run/${app}.ctr-id";
|
||||||
|
Type = "simple";
|
||||||
|
Restart = "always";
|
||||||
};
|
};
|
||||||
|
|
||||||
ports = [ "${toString port}:${toString port}" ]; # expose port
|
|
||||||
|
|
||||||
extraOptions = [
|
|
||||||
# "--device nvidia.com/gpu=all"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# Firewall
|
# Firewall
|
||||||
networking.firewall = mkIf cfg.openFirewall {
|
networking.firewall = mkIf cfg.openFirewall {
|
||||||
allowedTCPPorts = [ port ];
|
allowedTCPPorts = [
|
||||||
allowedUDPPorts = [ port ];
|
8096 # HTTP web interface
|
||||||
|
8920 # HTTPS web interface
|
||||||
|
];
|
||||||
|
allowedUDPPorts = [
|
||||||
|
1900 # DLNA discovery
|
||||||
|
7359 # Jellyfin auto-discovery
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO add nginx proxy
|
# TODO add nginx proxy
|
||||||
|
|
|
@ -40,13 +40,13 @@ in
|
||||||
];
|
];
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--device nvidia.com/gpu=all"
|
# "--device nvidia.com/gpu=all"
|
||||||
];
|
];
|
||||||
|
|
||||||
environment = {
|
environment = {
|
||||||
TZ = "America/Chicago";
|
TZ = "America/Chicago";
|
||||||
# PLEX_ADVERTISE_URL = "https://${app}.hsn.dev";
|
PLEX_ADVERTISE_URL = "https://10.1.1.61:32400";
|
||||||
PLEX_NO_AUTH_NETWORKS = "10.1.1.0/24,10.1.2.0/24";
|
PLEX_NO_AUTH_NETWORKS = "10.1.1.0/24";
|
||||||
};
|
};
|
||||||
|
|
||||||
ports = [ "${toString port}:${toString port}" ]; # expose port
|
ports = [ "${toString port}:${toString port}" ]; # expose port
|
||||||
|
|
|
@ -1,15 +1,15 @@
|
||||||
{
|
{
|
||||||
lib,
|
lib,
|
||||||
config,
|
config,
|
||||||
|
pkgs,
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
let
|
let
|
||||||
app = "scrypted";
|
app = "scrypted";
|
||||||
# renovate: depName=ghcr.io/koush/scrypted datasource=docker versioning=docker
|
# renovate: depName=ghcr.io/koush/scrypted datasource=docker versioning=docker
|
||||||
version = "v0.123.36-jammy-nvidia";
|
version = "v0.123.37-jammy-nvidia";
|
||||||
image = "ghcr.io/koush/scrypted:${version}";
|
image = "ghcr.io/koush/scrypted:${version}";
|
||||||
port = 11080; # int
|
|
||||||
cfg = config.mySystem.containers.${app};
|
cfg = config.mySystem.containers.${app};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
@ -27,36 +27,57 @@ in
|
||||||
|
|
||||||
# Implementation
|
# Implementation
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
# Container
|
# Systemd service for container
|
||||||
virtualisation.oci-containers.containers.${app} = {
|
systemd.services.${app} = {
|
||||||
image = "${image}";
|
description = "Scrypted Home Security";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network.target" ];
|
||||||
|
|
||||||
volumes = [
|
serviceConfig = {
|
||||||
"/nahar/containers/volumes/scrypted:/server/volume:rw"
|
ExecStartPre = "${pkgs.writeShellScript "scrypted-start-pre" ''
|
||||||
# "/nahar/scrypted:/recordings:rw"
|
set -o errexit
|
||||||
"tmpfs:/.cache:rw"
|
set -o nounset
|
||||||
"tmpfs:/.npm:rw"
|
set -o pipefail
|
||||||
"tmpfs:/tmp:rw"
|
|
||||||
];
|
|
||||||
|
|
||||||
extraOptions = [
|
podman rm -f ${app} || true
|
||||||
# all usb devices, such as coral tpu
|
rm -f /run/${app}.ctr-id
|
||||||
"--device=/dev/bus/usb"
|
''}";
|
||||||
"--network=host"
|
ExecStart = ''
|
||||||
"--device nvidia.com/gpu=all"
|
${pkgs.podman}/bin/podman run \
|
||||||
];
|
--rm \
|
||||||
|
--name=${app} \
|
||||||
environment = {
|
--device=/dev/bus/usb \
|
||||||
TZ = "America/Chicago";
|
--device='nvidia.com/gpu=all' \
|
||||||
|
--log-driver=journald \
|
||||||
|
--cidfile=/run/${app}.ctr-id \
|
||||||
|
--cgroups=no-conmon \
|
||||||
|
--sdnotify=conmon \
|
||||||
|
--volume="/nahar/containers/volumes/scrypted:/server/volume:rw" \
|
||||||
|
--volume="tmpfs:/.cache:rw" \
|
||||||
|
--volume="tmpfs:/.npm:rw" \
|
||||||
|
--volume="tmpfs:/tmp:rw" \
|
||||||
|
--env=TZ=America/Chicago \
|
||||||
|
--network=host \
|
||||||
|
${image}
|
||||||
|
'';
|
||||||
|
ExecStop = "${pkgs.podman}/bin/podman stop --ignore --cidfile=/run/${app}.ctr-id";
|
||||||
|
ExecStopPost = "${pkgs.podman}/bin/podman rm --force --ignore --cidfile=/run/${app}.ctr-id";
|
||||||
|
Type = "simple";
|
||||||
|
Restart = "always";
|
||||||
};
|
};
|
||||||
|
|
||||||
ports = [ "${toString port}:${toString port}" ]; # expose port
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# Firewall
|
# Firewall
|
||||||
networking.firewall = mkIf cfg.openFirewall {
|
networking.firewall = mkIf cfg.openFirewall {
|
||||||
allowedTCPPorts = [ port ];
|
allowedTCPPorts = [
|
||||||
allowedUDPPorts = [ port ];
|
11080 # Main Scrypted interface
|
||||||
|
10443 # HTTPS interface
|
||||||
|
8554 # RTSP server
|
||||||
|
];
|
||||||
|
allowedUDPPorts = [
|
||||||
|
10443 # HTTPS interface
|
||||||
|
8554 # RTSP server
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO add nginx proxy
|
# TODO add nginx proxy
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
set -o errexit
|
||||||
|
set -o nounset
|
||||||
|
set -o pipefail
|
||||||
|
|
||||||
|
podman rm -f scrypted || true
|
||||||
|
rm -f /run/scrypted.ctr-id
|
Loading…
Reference in a new issue