Compare commits
No commits in common. "a2480da0b91ddd086fde50f7795f8bca60373ab2" and "14975aa509bdc43b00b0ec221050f362a55a63bd" have entirely different histories.
a2480da0b9
...
14975aa509
5 changed files with 58 additions and 113 deletions
16
flake.lock
16
flake.lock
|
@ -223,16 +223,16 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1726989464,
|
"lastModified": 1731880681,
|
||||||
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
|
"narHash": "sha256-FmYTkIyPBUxSWgA7DPIVTsCCMvSSbs56yOtHpLNSnKg=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
|
"rev": "aecd341dfead1c3ef7a3c15468ecd71e8343b7c6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"ref": "release-24.05",
|
"ref": "release-24.11",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
@ -456,16 +456,16 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731797254,
|
"lastModified": 1731755305,
|
||||||
"narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=",
|
"narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59",
|
"rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"ref": "nixos-24.05",
|
"ref": "nixos-24.11",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
{
|
{
|
||||||
lib,
|
lib,
|
||||||
config,
|
config,
|
||||||
pkgs,
|
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
|
@ -10,6 +9,7 @@ let
|
||||||
# renovate: depName=ghcr.io/jellyfin/jellyfin datasource=docker
|
# renovate: depName=ghcr.io/jellyfin/jellyfin datasource=docker
|
||||||
version = "10.10.2";
|
version = "10.10.2";
|
||||||
image = "ghcr.io/jellyfin/jellyfin:${version}";
|
image = "ghcr.io/jellyfin/jellyfin:${version}";
|
||||||
|
port = 8096; # int
|
||||||
cfg = config.mySystem.containers.${app};
|
cfg = config.mySystem.containers.${app};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
@ -27,64 +27,37 @@ in
|
||||||
|
|
||||||
# Implementation
|
# Implementation
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
# Systemd service for container
|
# Container
|
||||||
systemd.services.${app} = {
|
virtualisation.oci-containers.containers.${app} = {
|
||||||
description = "Jellyfin Media Server";
|
image = "${image}";
|
||||||
wantedBy = [ "multi-user.target" ];
|
user = "568:568";
|
||||||
after = [ "network.target" ];
|
|
||||||
|
|
||||||
serviceConfig = {
|
volumes = [
|
||||||
ExecStartPre = "${pkgs.writeShellScript "jellyfin-start-pre" ''
|
"/nahar/containers/volumes/jellyfin:/config:rw"
|
||||||
set -o errexit
|
"/moria/media:/media:rw"
|
||||||
set -o nounset
|
"tmpfs:/cache:rw"
|
||||||
set -o pipefail
|
"tmpfs:/transcode:rw"
|
||||||
|
"tmpfs:/tmp:rw"
|
||||||
|
];
|
||||||
|
|
||||||
podman rm -f ${app} || true
|
environment = {
|
||||||
rm -f /run/${app}.ctr-id
|
TZ = "America/Chicago";
|
||||||
''}";
|
DOTNET_SYSTEM_IO_DISABLEFILELOCKING = "true";
|
||||||
ExecStart = ''
|
JELLYFIN_FFmpeg__probesize = "50000000";
|
||||||
${pkgs.podman}/bin/podman run \
|
JELLYFIN_FFmpeg__analyzeduration = "50000000";
|
||||||
--rm \
|
|
||||||
--name=${app} \
|
|
||||||
--user=568:568 \
|
|
||||||
--device='nvidia.com/gpu=all' \
|
|
||||||
--log-driver=journald \
|
|
||||||
--cidfile=/run/${app}.ctr-id \
|
|
||||||
--cgroups=no-conmon \
|
|
||||||
--sdnotify=conmon \
|
|
||||||
--volume="/nahar/containers/volumes/jellyfin:/config:rw" \
|
|
||||||
--volume="/moria/media:/media:rw" \
|
|
||||||
--volume="tmpfs:/cache:rw" \
|
|
||||||
--volume="tmpfs:/transcode:rw" \
|
|
||||||
--volume="tmpfs:/tmp:rw" \
|
|
||||||
--env=TZ=America/Chicago \
|
|
||||||
--env=DOTNET_SYSTEM_IO_DISABLEFILELOCKING=true \
|
|
||||||
--env=JELLYFIN_FFmpeg__probesize=50000000 \
|
|
||||||
--env=JELLYFIN_FFmpeg__analyzeduration=50000000 \
|
|
||||||
--env=JELLYFIN_PublishedServerUrl=http://10.1.1.61:8096 \
|
|
||||||
-p 8096:8096 \
|
|
||||||
-p 8920:8920 \
|
|
||||||
-p 1900:1900/udp \
|
|
||||||
-p 7359:7359/udp \
|
|
||||||
${image}
|
|
||||||
'';
|
|
||||||
ExecStop = "${pkgs.podman}/bin/podman stop --ignore --cidfile=/run/${app}.ctr-id";
|
|
||||||
ExecStopPost = "${pkgs.podman}/bin/podman rm --force --ignore --cidfile=/run/${app}.ctr-id";
|
|
||||||
Type = "simple";
|
|
||||||
Restart = "always";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
ports = [ "${toString port}:${toString port}" ]; # expose port
|
||||||
|
|
||||||
|
extraOptions = [
|
||||||
|
# "--device nvidia.com/gpu=all"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
# Firewall
|
# Firewall
|
||||||
networking.firewall = mkIf cfg.openFirewall {
|
networking.firewall = mkIf cfg.openFirewall {
|
||||||
allowedTCPPorts = [
|
allowedTCPPorts = [ port ];
|
||||||
8096 # HTTP web interface
|
allowedUDPPorts = [ port ];
|
||||||
8920 # HTTPS web interface
|
|
||||||
];
|
|
||||||
allowedUDPPorts = [
|
|
||||||
1900 # DLNA discovery
|
|
||||||
7359 # Jellyfin auto-discovery
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO add nginx proxy
|
# TODO add nginx proxy
|
||||||
|
|
|
@ -40,7 +40,7 @@ in
|
||||||
];
|
];
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
# "--device nvidia.com/gpu=all"
|
"--device nvidia.com/gpu=all"
|
||||||
];
|
];
|
||||||
|
|
||||||
environment = {
|
environment = {
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
{
|
{
|
||||||
lib,
|
lib,
|
||||||
config,
|
config,
|
||||||
pkgs,
|
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
|
@ -10,6 +9,7 @@ let
|
||||||
# renovate: depName=ghcr.io/koush/scrypted datasource=docker versioning=docker
|
# renovate: depName=ghcr.io/koush/scrypted datasource=docker versioning=docker
|
||||||
version = "v0.123.30-jammy-nvidia";
|
version = "v0.123.30-jammy-nvidia";
|
||||||
image = "ghcr.io/koush/scrypted:${version}";
|
image = "ghcr.io/koush/scrypted:${version}";
|
||||||
|
port = 11080; # int
|
||||||
cfg = config.mySystem.containers.${app};
|
cfg = config.mySystem.containers.${app};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
@ -27,57 +27,36 @@ in
|
||||||
|
|
||||||
# Implementation
|
# Implementation
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
# Systemd service for container
|
# Container
|
||||||
systemd.services.${app} = {
|
virtualisation.oci-containers.containers.${app} = {
|
||||||
description = "Scrypted Home Security";
|
image = "${image}";
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
after = [ "network.target" ];
|
|
||||||
|
|
||||||
serviceConfig = {
|
volumes = [
|
||||||
ExecStartPre = "${pkgs.writeShellScript "scrypted-start-pre" ''
|
"/nahar/containers/volumes/scrypted:/server/volume:rw"
|
||||||
set -o errexit
|
# "/nahar/scrypted:/recordings:rw"
|
||||||
set -o nounset
|
"tmpfs:/.cache:rw"
|
||||||
set -o pipefail
|
"tmpfs:/.npm:rw"
|
||||||
|
"tmpfs:/tmp:rw"
|
||||||
|
];
|
||||||
|
|
||||||
podman rm -f ${app} || true
|
extraOptions = [
|
||||||
rm -f /run/${app}.ctr-id
|
# all usb devices, such as coral tpu
|
||||||
''}";
|
"--device=/dev/bus/usb"
|
||||||
ExecStart = ''
|
"--network=host"
|
||||||
${pkgs.podman}/bin/podman run \
|
"--device nvidia.com/gpu=all"
|
||||||
--rm \
|
];
|
||||||
--name=${app} \
|
|
||||||
--device=/dev/bus/usb \
|
environment = {
|
||||||
--device='nvidia.com/gpu=all' \
|
TZ = "America/Chicago";
|
||||||
--log-driver=journald \
|
|
||||||
--cidfile=/run/${app}.ctr-id \
|
|
||||||
--cgroups=no-conmon \
|
|
||||||
--sdnotify=conmon \
|
|
||||||
--volume="/nahar/containers/volumes/scrypted:/server/volume:rw" \
|
|
||||||
--volume="tmpfs:/.cache:rw" \
|
|
||||||
--volume="tmpfs:/.npm:rw" \
|
|
||||||
--volume="tmpfs:/tmp:rw" \
|
|
||||||
--env=TZ=America/Chicago \
|
|
||||||
--network=host \
|
|
||||||
${image}
|
|
||||||
'';
|
|
||||||
ExecStop = "${pkgs.podman}/bin/podman stop --ignore --cidfile=/run/${app}.ctr-id";
|
|
||||||
ExecStopPost = "${pkgs.podman}/bin/podman rm --force --ignore --cidfile=/run/${app}.ctr-id";
|
|
||||||
Type = "simple";
|
|
||||||
Restart = "always";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
ports = [ "${toString port}:${toString port}" ]; # expose port
|
||||||
};
|
};
|
||||||
|
|
||||||
# Firewall
|
# Firewall
|
||||||
networking.firewall = mkIf cfg.openFirewall {
|
networking.firewall = mkIf cfg.openFirewall {
|
||||||
allowedTCPPorts = [
|
allowedTCPPorts = [ port ];
|
||||||
11080 # Main Scrypted interface
|
allowedUDPPorts = [ port ];
|
||||||
10443 # HTTPS interface
|
|
||||||
8554 # RTSP server
|
|
||||||
];
|
|
||||||
allowedUDPPorts = [
|
|
||||||
10443 # HTTPS interface
|
|
||||||
8554 # RTSP server
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO add nginx proxy
|
# TODO add nginx proxy
|
||||||
|
|
|
@ -1,7 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
set -o errexit
|
|
||||||
set -o nounset
|
|
||||||
set -o pipefail
|
|
||||||
|
|
||||||
podman rm -f scrypted || true
|
|
||||||
rm -f /run/scrypted.ctr-id
|
|
Loading…
Reference in a new issue