jahanson/mochi
1
0
Fork 0
Code Issues 1 Pull requests 3 Projects Releases Packages Wiki Activity Actions

Compare commits

base: jahanson:e5c6584e971b3c543f6dcd5b53c8cf4cd002905d
Branches Tags
jahanson:main
jahanson:renovate/docker.io-ollama-ollama-0.x
jahanson:renovate/ghcr.io-koush-scrypted-0.x
jahanson:renovate/nixpkgs-24.x
jahanson:talos-pxe-bootstrap
jahanson:update_flake_lock_action
jahanson:renovate/lock-file-maintenance
...
compare: jahanson:7bb9b03b7faadb74d17a952b9578f3774e71d351
Branches Tags
jahanson:renovate/docker.io-ollama-ollama-0.x
jahanson:main
jahanson:renovate/ghcr.io-koush-scrypted-0.x
jahanson:renovate/nixpkgs-24.x
jahanson:talos-pxe-bootstrap
jahanson:update_flake_lock_action
jahanson:renovate/lock-file-maintenance

5 commits
e5c6584e97 ... 7bb9b03b7f

Author SHA1 Message Date
Renovate Bot
7bb9b03b7f Update ghcr.io/jellyfin/jellyfin Docker tag to v10.10.3 2024-11-23 11:36:50 +00:00
Joseph Hanson
a2480da0b9
added nvidia to scrypted and jellyfin correctly
All checks were successful
Build / nix-build (native-x86_64, telperion) (push) Successful in 3m39s
Details
Build / nix-build (native-x86_64, gandalf) (push) Successful in 7m17s
Details
Build / nix-build (native-x86_64, shadowfax) (push) Successful in 9m7s
Details
2024-11-22 15:11:00 -06:00
Joseph Hanson
6824855094
this is not how it works? 2024-11-22 11:15:01 -06:00
Joseph Hanson
14975aa509
advertise & noauth for plex 2024-11-22 06:29:08 -06:00
Joseph Hanson
8ef09cc9e6
until I have the right config 2024-11-21 23:11:27 -06:00
5 changed files with 116 additions and 61 deletions
Show stats Expand all files Collapse all files

16
flake.lock
View file

@ -223,16 +223,16 @@
]
},
"locked": {
"lastModified": 1731880681,
"narHash": "sha256-FmYTkIyPBUxSWgA7DPIVTsCCMvSSbs56yOtHpLNSnKg=",
"lastModified": 1726989464,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "aecd341dfead1c3ef7a3c15468ecd71e8343b7c6",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.11",
"ref": "release-24.05",
"repo": "home-manager",
"type": "github"
}
@ -456,16 +456,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1731755305,
"narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=",
"lastModified": 1731797254,
"narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4",
"rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.11",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}

79
nixos/modules/nixos/containers/jellyfin/default.nix
View file

@ -1,15 +1,15 @@
{
lib,
config,
pkgs,
...
}:
with lib;
let
app = "jellyfin";
# renovate: depName=ghcr.io/jellyfin/jellyfin datasource=docker
version = "10.10.2";
version = "10.10.3";
image = "ghcr.io/jellyfin/jellyfin:${version}";
port = 8096; # int
cfg = config.mySystem.containers.${app};
in
{
@ -27,37 +27,64 @@ in
# Implementation
config = mkIf cfg.enable {
# Container
virtualisation.oci-containers.containers.${app} = {
image = "${image}";
user = "568:568";
# Systemd service for container
systemd.services.${app} = {
description = "Jellyfin Media Server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
volumes = [
"/nahar/containers/volumes/jellyfin:/config:rw"
"/moria/media:/media:rw"
"tmpfs:/cache:rw"
"tmpfs:/transcode:rw"
"tmpfs:/tmp:rw"
];
serviceConfig = {
ExecStartPre = "${pkgs.writeShellScript "jellyfin-start-pre" ''
set -o errexit
set -o nounset
set -o pipefail
environment = {
TZ = "America/Chicago";
DOTNET_SYSTEM_IO_DISABLEFILELOCKING = "true";
JELLYFIN_FFmpeg__probesize = "50000000";
JELLYFIN_FFmpeg__analyzeduration = "50000000";
podman rm -f ${app} || true
rm -f /run/${app}.ctr-id
''}";
ExecStart = ''
${pkgs.podman}/bin/podman run \
--rm \
--name=${app} \
--user=568:568 \
--device='nvidia.com/gpu=all' \
--log-driver=journald \
--cidfile=/run/${app}.ctr-id \
--cgroups=no-conmon \
--sdnotify=conmon \
--volume="/nahar/containers/volumes/jellyfin:/config:rw" \
--volume="/moria/media:/media:rw" \
--volume="tmpfs:/cache:rw" \
--volume="tmpfs:/transcode:rw" \
--volume="tmpfs:/tmp:rw" \
--env=TZ=America/Chicago \
--env=DOTNET_SYSTEM_IO_DISABLEFILELOCKING=true \
--env=JELLYFIN_FFmpeg__probesize=50000000 \
--env=JELLYFIN_FFmpeg__analyzeduration=50000000 \
--env=JELLYFIN_PublishedServerUrl=http://10.1.1.61:8096 \
-p 8096:8096 \
-p 8920:8920 \
-p 1900:1900/udp \
-p 7359:7359/udp \
${image}
'';
ExecStop = "${pkgs.podman}/bin/podman stop --ignore --cidfile=/run/${app}.ctr-id";
ExecStopPost = "${pkgs.podman}/bin/podman rm --force --ignore --cidfile=/run/${app}.ctr-id";
Type = "simple";
Restart = "always";
};
ports = [ "${toString port}:${toString port}" ]; # expose port
extraOptions = [
"--device nvidia.com/gpu=all"
];
};
# Firewall
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ port ];
allowedUDPPorts = [ port ];
allowedTCPPorts = [
8096 # HTTP web interface
8920 # HTTPS web interface
];
allowedUDPPorts = [
1900 # DLNA discovery
7359 # Jellyfin auto-discovery
];
};
# TODO add nginx proxy

6
nixos/modules/nixos/containers/plex/default.nix
View file

@ -40,13 +40,13 @@ in
];
extraOptions = [
"--device nvidia.com/gpu=all"
# "--device nvidia.com/gpu=all"
];
environment = {
TZ = "America/Chicago";
# PLEX_ADVERTISE_URL = "https://${app}.hsn.dev";
PLEX_NO_AUTH_NETWORKS = "10.1.1.0/24,10.1.2.0/24";
PLEX_ADVERTISE_URL = "https://10.1.1.61:32400";
PLEX_NO_AUTH_NETWORKS = "10.1.1.0/24";
};
ports = [ "${toString port}:${toString port}" ]; # expose port

69
nixos/modules/nixos/containers/scrypted/default.nix
View file

@ -1,6 +1,7 @@
{
lib,
config,
pkgs,
...
}:
with lib;
@ -9,7 +10,6 @@ let
# renovate: depName=ghcr.io/koush/scrypted datasource=docker versioning=docker
version = "v0.123.30-jammy-nvidia";
image = "ghcr.io/koush/scrypted:${version}";
port = 11080; # int
cfg = config.mySystem.containers.${app};
in
{
@ -27,36 +27,57 @@ in
# Implementation
config = mkIf cfg.enable {
# Container
virtualisation.oci-containers.containers.${app} = {
image = "${image}";
# Systemd service for container
systemd.services.${app} = {
description = "Scrypted Home Security";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
volumes = [
"/nahar/containers/volumes/scrypted:/server/volume:rw"
# "/nahar/scrypted:/recordings:rw"
"tmpfs:/.cache:rw"
"tmpfs:/.npm:rw"
"tmpfs:/tmp:rw"
];
serviceConfig = {
ExecStartPre = "${pkgs.writeShellScript "scrypted-start-pre" ''
set -o errexit
set -o nounset
set -o pipefail
extraOptions = [
# all usb devices, such as coral tpu
"--device=/dev/bus/usb"
"--network=host"
"--device nvidia.com/gpu=all"
];
environment = {
TZ = "America/Chicago";
podman rm -f ${app} || true
rm -f /run/${app}.ctr-id
''}";
ExecStart = ''
${pkgs.podman}/bin/podman run \
--rm \
--name=${app} \
--device=/dev/bus/usb \
--device='nvidia.com/gpu=all' \
--log-driver=journald \
--cidfile=/run/${app}.ctr-id \
--cgroups=no-conmon \
--sdnotify=conmon \
--volume="/nahar/containers/volumes/scrypted:/server/volume:rw" \
--volume="tmpfs:/.cache:rw" \
--volume="tmpfs:/.npm:rw" \
--volume="tmpfs:/tmp:rw" \
--env=TZ=America/Chicago \
--network=host \
${image}
'';
ExecStop = "${pkgs.podman}/bin/podman stop --ignore --cidfile=/run/${app}.ctr-id";
ExecStopPost = "${pkgs.podman}/bin/podman rm --force --ignore --cidfile=/run/${app}.ctr-id";
Type = "simple";
Restart = "always";
};
ports = [ "${toString port}:${toString port}" ]; # expose port
};
# Firewall
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ port ];
allowedUDPPorts = [ port ];
allowedTCPPorts = [
11080 # Main Scrypted interface
10443 # HTTPS interface
8554 # RTSP server
];
allowedUDPPorts = [
10443 # HTTPS interface
8554 # RTSP server
];
};
# TODO add nginx proxy

7
nixos/modules/nixos/containers/scrypted/systemd/start-pre.sh Normal file
View file

@ -0,0 +1,7 @@
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
podman rm -f scrypted || true
rm -f /run/scrypted.ctr-id