From c1cf03fe47f68b0f214b78d69d5108376cb3824f Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Mon, 19 Feb 2024 18:27:53 -0600 Subject: [PATCH] fix smb, manual jellyfin --- configuration-nas.nix | 4 +-- nas-apps/jellyfin.nix | 60 +++++++++++++++++++++++++++++++++---------- nas-samba/samba.nix | 7 ++--- 3 files changed, 53 insertions(+), 18 deletions(-) diff --git a/configuration-nas.nix b/configuration-nas.nix index 1eecf03..df5db21 100644 --- a/configuration-nas.nix +++ b/configuration-nas.nix @@ -203,8 +203,8 @@ in enable = true; allowPing = true; extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns''; - allowedTCPPorts = [ 80 443 445 139 ]; - allowedUDPPorts = [ 80 443 137 138 ]; + allowedTCPPorts = [ 80 443 ]; + allowedUDPPorts = [ 80 443 ]; }; }; diff --git a/nas-apps/jellyfin.nix b/nas-apps/jellyfin.nix index 010ff90..88646cb 100644 --- a/nas-apps/jellyfin.nix +++ b/nas-apps/jellyfin.nix @@ -2,22 +2,23 @@ { # Jellyfin + # Nix + # environment.systemPackages = [ + # pkgs.jellyfin + # pkgs.jellyfin-web + # pkgs.jellyfin-ffmpeg + # ]; - environment.systemPackages = [ - pkgs.jellyfin - pkgs.jellyfin-web - pkgs.jellyfin-ffmpeg - ]; + # services.jellyfin = { + # enable = true; + # user = "911"; + # group = "1000"; + # # dataDir = "/mnt/Safe\ SSD/ssd_app_data/jellyfin/config"; # defaults to /var/lib/jellyfin and cannot be changed.... + # openFirewall = true; - services.jellyfin = { - enable = true; - user = "911"; - group = "1000"; - # dataDir = "/mnt/Safe\ SSD/ssd_app_data/jellyfin/config"; # defaults to /var/lib/jellyfin and cannot be changed.... - openFirewall = true; - - }; + # }; + # nix-docker # virtualisation.oci-containers.containers."jellyfin" = { # autoStart = true; # image = "linuxserver/jellyfin"; @@ -38,4 +39,37 @@ # PGID = "1000"; # }; # }; + + # Manual + systemd.services.jellyfin-nvidia-docker = { + path = [ pkgs.bash ]; + script = '' + set -e + exec podman run \ + --rm \ + --gpus all \ + --runtime=nvidia \ + --name='jellyfin' \ + --log-driver=journald \ + --cidfile=/run/podman-'jellyfin'.ctr-id \ + --cgroups=no-conmon \ + --sdnotify=conmon \ + -d \ + --replace \ + -e 'JELLYFIN_LOG_DIR'='/log' \ + -e 'NVIDIA_DRIVER_CAPABILITIES'='compute,utility' \ + -e 'NVIDIA_VISIBLE_DEVICES'='all' \ + -e 'PGID'='1000' \ + -e 'PUID'='911' \ + -p '8096:8096' \ + -v '/mnt/Safe SSD/ssd_app_data/jellyfin/config:/config' \ + -v '/mnt/Safe SSD/ssd_app_data/jellyfin/cache:/cache' \ + -v '/mnt/Safe SSD/ssd_app_data/jellyfin/log:/log' \ + -v '/mnt/Main Pool/Movies:/movies' \ + -v '/mnt/Main Pool/TV:/tv' \ + linuxserver/jellyfin \ + ''; + wantedBy = [ "multi-user.target" ]; + }; + } diff --git a/nas-samba/samba.nix b/nas-samba/samba.nix index b0ae0a2..ea70409 100644 --- a/nas-samba/samba.nix +++ b/nas-samba/samba.nix @@ -1,10 +1,11 @@ { config, ... }: { + # make shares visible for Windows clients services.samba-wsdd = { - # make shares visible for Windows clients enable = true; openFirewall = true; }; + services.samba = { enable = true; securityType = "user"; @@ -17,14 +18,14 @@ #use sendfile = yes #max protocol = smb2 # note: localhost is the ipv6 localhost ::1 - hosts allow = 10.0.1 127.0.0.1 localhost + hosts allow = 10.0.1. 127.0.0.1 localhost hosts deny = 0.0.0.0/0 guest account = nobody map to guest = bad user ''; shares = { backup = { - path = "/mnt/Main\ Pool/backup"; + path = "/mnt/Main\ Pool/Backup"; browseable = "yes"; "read only" = "no"; "guest ok" = "yes";