From f33d69014551ddb80b3fde6ba62f1ada532b73b2 Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Sat, 30 Nov 2024 14:35:53 -0600 Subject: [PATCH] move arrs into nix container --- flake.lock | 48 ++-- hosts/nas/apps.nix | 39 +--- hosts/nas/configuration.nix | 1 + hosts/nas/impermanence.nix | 2 +- modules/apps/arrs/default.nix | 163 ++++++++++++++ modules/apps/beszel-agent/default.nix | 25 --- modules/apps/beszel-agent/options.nix | 57 ----- modules/apps/beszel/default.nix | 22 -- modules/apps/beszel/options.nix | 47 ---- modules/apps/caddy/custom-caddy.nix | 43 ++++ modules/apps/caddy/default.nix | 231 ++++++++++++++++++++ modules/apps/collabora/default.nix | 4 +- modules/apps/free-games-claimer/default.nix | 4 +- modules/apps/immich/default.nix | 168 -------------- modules/apps/immich/options.nix | 7 - modules/apps/jellyfin/jellyfin.nix | 168 ++++++++++++++ modules/apps/jellyseerr/jellyseerr.nix | 54 +++-- modules/apps/mealie/default.nix | 26 --- modules/apps/mealie/options.nix | 67 ------ modules/apps/orca-slicer/default.nix | 32 --- modules/apps/orca-slicer/options.nix | 57 ----- modules/apps/paperless/default.nix | 116 +++++----- modules/apps/radarr/default.nix | 26 --- modules/apps/radarr/options.nix | 57 ----- modules/apps/radarr/radarr.nix | 106 --------- modules/apps/sabnzbd/sabnzbd.nix | 57 +++++ modules/apps/sonarr/sonarr.nix | 204 +++++++++-------- modules/apps/vscode/default.nix | 26 --- modules/apps/vscode/options.nix | 47 ---- modules/apps/wireguard/default.nix | 26 --- modules/apps/wireguard/options.nix | 47 ---- modules/default.nix | 11 +- 32 files changed, 901 insertions(+), 1087 deletions(-) create mode 100644 modules/apps/arrs/default.nix delete mode 100644 modules/apps/beszel-agent/default.nix delete mode 100644 modules/apps/beszel-agent/options.nix delete mode 100644 modules/apps/beszel/default.nix delete mode 100644 modules/apps/beszel/options.nix create mode 100644 modules/apps/caddy/custom-caddy.nix create mode 100644 modules/apps/caddy/default.nix delete mode 100644 modules/apps/immich/default.nix delete mode 100644 modules/apps/immich/options.nix create mode 100644 modules/apps/jellyfin/jellyfin.nix delete mode 100644 modules/apps/mealie/default.nix delete mode 100644 modules/apps/mealie/options.nix delete mode 100644 modules/apps/orca-slicer/default.nix delete mode 100644 modules/apps/orca-slicer/options.nix delete mode 100644 modules/apps/radarr/default.nix delete mode 100644 modules/apps/radarr/options.nix delete mode 100644 modules/apps/radarr/radarr.nix create mode 100644 modules/apps/sabnzbd/sabnzbd.nix delete mode 100644 modules/apps/vscode/default.nix delete mode 100644 modules/apps/vscode/options.nix delete mode 100644 modules/apps/wireguard/default.nix delete mode 100644 modules/apps/wireguard/options.nix diff --git a/flake.lock b/flake.lock index 56d0306..ea13dea 100644 --- a/flake.lock +++ b/flake.lock @@ -52,11 +52,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1732400024, - "narHash": "sha256-uf1QzIl0Jj5dr7+erWjHWiCUEvywLaR7ir1jcqGgjeQ=", + "lastModified": 1732715105, + "narHash": "sha256-WGf8bzwNEgbWjM9aTFv9ZCGrBQEfg0fYd4FSoVa2gDs=", "owner": "chaotic-cx", "repo": "nyx", - "rev": "376a2e022a5d8fa21cecb5bb0fef0cb54db5cdfc", + "rev": "8f153d013632e6036e8bec6377cc5ed7d2ad14df", "type": "github" }, "original": { @@ -76,11 +76,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1732412226, - "narHash": "sha256-Eb7LqtaCVgZy5Kp3pMrRTAmcnFO7HGj6lpAM2TrQzTA=", + "lastModified": 1732757557, + "narHash": "sha256-zADldaLfiSb2iGPhcSJPokGypYa1Fix0llhWkMvm8pQ=", "owner": "lilyinstarlight", "repo": "nixos-cosmic", - "rev": "44c9057ebbf4eb41cff08b8fc9c952b3f977656a", + "rev": "5116835b8eb2ec18ec258050a11d374d38ac8764", "type": "github" }, "original": { @@ -295,11 +295,11 @@ ] }, "locked": { - "lastModified": 1732303962, - "narHash": "sha256-5Umjb5AdtxV5jSJd5jxoCckh5mlg+FBQDsyAilu637g=", + "lastModified": 1732482255, + "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=", "owner": "nix-community", "repo": "home-manager", - "rev": "8cf9cb2ee78aa129e5b8220135a511a2be254c0c", + "rev": "a9953635d7f34e7358d5189751110f87e3ac17da", "type": "github" }, "original": { @@ -336,11 +336,11 @@ ] }, "locked": { - "lastModified": 1732482255, - "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=", + "lastModified": 1732884235, + "narHash": "sha256-r8j6R3nrvwbT1aUp4EPQ1KC7gm0pu9VcV1aNaB+XG6Q=", "owner": "nix-community", "repo": "home-manager", - "rev": "a9953635d7f34e7358d5189751110f87e3ac17da", + "rev": "819f682269f4e002884702b87e445c82840c68f2", "type": "github" }, "original": { @@ -373,11 +373,11 @@ ] }, "locked": { - "lastModified": 1732032028, - "narHash": "sha256-NjyfJQQxs/a2a/KwTmXM44K7XjeJwGsf4YFtebueQzo=", + "lastModified": 1732648910, + "narHash": "sha256-1F83DUfEHnCZpGY4UOlWaamWoDx8eZ9tHaUF51p2hng=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "65dc04371cf914c9af4f073638821e4787303005", + "rev": "e86d2ad72094354326887bd6fe156f327d63d491", "type": "github" }, "original": { @@ -540,11 +540,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732014248, - "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", + "lastModified": 1732521221, + "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", + "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", "type": "github" }, "original": { @@ -632,11 +632,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1732632041, - "narHash": "sha256-3nnq3M2rsGu9doFG9pj2kFKgVv8S19kd68EQkwuCwSI=", + "lastModified": 1732866476, + "narHash": "sha256-fQPhGk0rBifqOtcq07Que6MWuWU08AmiaOVZ6TTAHUw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bd4d2031f34254e597eaee1ad618749acb33ad86", + "rev": "564e219aa5ca9306ab22fb803c16391aacb4417b", "type": "github" }, "original": { @@ -776,11 +776,11 @@ ] }, "locked": { - "lastModified": 1732328983, - "narHash": "sha256-RHt12f/slrzDpSL7SSkydh8wUE4Nr4r23HlpWywed9E=", + "lastModified": 1732588352, + "narHash": "sha256-J2/hxOO1VtBA/u+a+9E+3iJpWT3xsBdghgYAVfoGCJo=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "ed8aa5b64f7d36d9338eb1d0a3bb60cf52069a72", + "rev": "414e748aae5c9e6ca63c5aafffda03e5dad57ceb", "type": "github" }, "original": { diff --git a/hosts/nas/apps.nix b/hosts/nas/apps.nix index 6154ed7..e10a5dc 100644 --- a/hosts/nas/apps.nix +++ b/hosts/nas/apps.nix @@ -1,16 +1,13 @@ { config, ... }: { imports = [ + # ../../modules/apps/caddy + ../../modules/apps/jellyfin/jellyfin.nix ../../modules/apps/paperless ../../modules/apps/jellyseerr/jellyseerr.nix - ../../modules/apps/radarr/radarr.nix - ../../modules/apps/sonarr/sonarr.nix ]; nas-apps = { - beszel.enable = true; - - beszel-agent.enable = true; collabora = { enable = true; @@ -21,14 +18,8 @@ free-games-claimer.enable = true; - immich.enable = true; - jackett.enable = true; - jellyfin.enable = true; - - # jellyseerr.enable = false; - manyfold.enable = true; mariadb = { @@ -39,15 +30,6 @@ ]; }; - mealie = { - enable = true; - baseUrl = "https://mealie.mjallen.dev"; - port = "9001"; - maxConcurrency = "4"; - maxWorkers = "4"; - allowSignup = "false"; - }; - mongodb.enable = true; nextcloud = { @@ -60,27 +42,10 @@ open-webui.enable = true; - orca-slicer = { - enable = true; - httpPort = "3300"; - httpsPort = "3301"; - }; - - # radarr.enable = false; - - sabnzbd.enable = true; - - # sonarr.enable = false; - swag.enable = true; tdarr.enable = true; - vscode.enable = true; - - wireguard.enable = true; - wireguard.configPath = "/media/nas/ssd/nix-app-data/wireguard/sidestore"; - your_spotify.enable = true; }; } diff --git a/hosts/nas/configuration.nix b/hosts/nas/configuration.nix index 2bf07a8..2ace4bc 100755 --- a/hosts/nas/configuration.nix +++ b/hosts/nas/configuration.nix @@ -98,6 +98,7 @@ in lm_sensors nano ninja + nixfmt-rfc-style nix-inspect nix-ld networkmanagerapplet diff --git a/hosts/nas/impermanence.nix b/hosts/nas/impermanence.nix index 4d19cf7..c4b21eb 100644 --- a/hosts/nas/impermanence.nix +++ b/hosts/nas/impermanence.nix @@ -31,7 +31,7 @@ { directory = "/etc/nix"; user = "root"; - group = "root"; + group = "wheel"; mode = "u=rwx,g=rx,o=rx"; } { diff --git a/modules/apps/arrs/default.nix b/modules/apps/arrs/default.nix new file mode 100644 index 0000000..a379307 --- /dev/null +++ b/modules/apps/arrs/default.nix @@ -0,0 +1,163 @@ +{ config, pkgs, lib, ... }: + +let + radarrPort = 7878; + sonarrPort = 8989; + sabnzbdPort = 8080; + radarrDataDir = "/var/lib/radarr"; + downloadDir = "/downloads"; + incompleteDir = "/downloads-incomplete"; + sonarrDataDir = "/var/lib/sonarr"; + sabnzbdConfig = "/var/lib/sabnzbd"; + mediaDir = "/media"; + arrUserId = config.users.users.nix-apps.uid; + arrGroupId = config.users.groups.jallen-nas.gid; +in +{ + containers.arrs = { + autoStart = true; + privateNetwork = true; + hostAddress = "10.0.1.18"; + localAddress = "10.0.1.51"; + + config = { config, pkgs, lib, ... }: { + + nixpkgs.config.allowUnfree = true; + + # Enable radarr service + services.radarr = { + enable = true; + openFirewall = true; + user = "arrs"; + group = "media"; + dataDir = radarrDataDir; + }; + + # Enable Sonarr service + services.sonarr = { + enable = true; + openFirewall = true; + user = "arrs"; + group = "media"; + dataDir = sonarrDataDir; + }; + + # Enable Sabnzbd service + services.sabnzbd = { + enable = true; + openFirewall = true; + user = "arrs"; + group = "media"; + configFile = "${sabnzbdConfig}/sabnzbd.ini"; + }; + + # Create required users and groups + users.users.arrs = { + isSystemUser = true; + uid = lib.mkForce arrUserId; + group = "media"; + extraGroups = [ "downloads" ]; + }; + + users.groups = { + media = { gid = lib.mkForce arrGroupId; }; + downloads = {}; + }; + + # System packages + environment.systemPackages = with pkgs; [ + sqlite + mono + mediainfo + protonvpn-cli + ]; + + # Create and set permissions for required directories + system.activationScripts.radarr-dirs = '' + mkdir -p ${radarrDataDir} + mkdir -p ${sonarrDataDir} + mkdir -p ${sabnzbdConfig} + mkdir -p ${downloadDir} + mkdir -p ${incompleteDir} + mkdir -p ${mediaDir} + + chown -R arrs:media ${radarrDataDir} + chown -R arrs:media ${sonarrDataDir} + chown -R arrs:media ${sabnzbdConfig} + chown -R arrs:media ${downloadDir} + chown -R arrs:media ${incompleteDir} + chown -R arrs:media ${mediaDir} + + chmod -R 775 ${radarrDataDir} + chmod -R 775 ${sonarrDataDir} + chmod -R 775 ${sabnzbdConfig} + chmod -R 775 ${downloadDir} + chmod -R 775 ${incompleteDir} + chmod -R 775 ${mediaDir} + + ''; + + networking = { + firewall = { + enable = true; + allowedTCPPorts = [ radarrPort sonarrPort sabnzbdPort ]; + }; + # Use systemd-resolved inside the container + # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 + useHostResolvConf = lib.mkForce false; + }; + + services.resolved.enable = true; + system.stateVersion = "23.11"; + }; + + # Bind mount directories from host + bindMounts = { + "${radarrDataDir}" = { + hostPath = "/media/nas/ssd/nix-app-data/radarr"; + isReadOnly = false; + }; + "${sonarrDataDir}" = { + hostPath = "/media/nas/ssd/nix-app-data/sonarr"; + isReadOnly = false; + }; + "${sabnzbdConfig}" = { + hostPath = "/media/nas/ssd/nix-app-data/sabnzbd"; + isReadOnly = false; + }; + "${downloadDir}" = { + hostPath = "/media/nas/ssd/ssd_app_data/downloads"; + isReadOnly = false; + }; + "${incompleteDir}" = { + hostPath = "/media/nas/ssd/ssd_app_data/downloads-incomplete"; + isReadOnly = false; + }; + "/media/movies" = { + hostPath = "/media/nas/main/movies"; + isReadOnly = false; + }; + "/media/tv" = { + hostPath = "/media/nas/main/tv"; + isReadOnly = false; + }; + }; + }; + + networking.nat = { + forwardPorts = [ + { + destination = "10.0.1.51:7878"; + sourcePort = radarrPort; + } + { + destination = "10.0.1.51:8989"; + sourcePort = sonarrPort; + } + { + destination = "10.0.1.51:8080"; + sourcePort = sabnzbdPort; + } + ]; + }; +} \ No newline at end of file diff --git a/modules/apps/beszel-agent/default.nix b/modules/apps/beszel-agent/default.nix deleted file mode 100644 index 203bae5..0000000 --- a/modules/apps/beszel-agent/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ lib, config, ... }: -with lib; -let - cfg = config.nas-apps.beszel-agent; -in -{ - imports = [ ./options.nix ]; - - config = mkIf cfg.enable { - virtualisation.oci-containers.containers."${cfg.name}" = { - autoStart = cfg.autoStart; - image = cfg.image; - ports = [ "${cfg.port}:45876" ]; - volumes = [ "${cfg.podmanSock}:/var/run/docker.sock:ro" ]; - environment = { - PORT = cfg.port; - KEY = cfg.key; - FILESYSTEM = cfg.fileSystem; - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; - }; - }; - }; -} diff --git a/modules/apps/beszel-agent/options.nix b/modules/apps/beszel-agent/options.nix deleted file mode 100644 index 10f8b98..0000000 --- a/modules/apps/beszel-agent/options.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ lib, ... }: -with lib; -{ - options.nas-apps.beszel-agent = { - enable = mkEnableOption "beszel agent docker service"; - - autoStart = mkOption { - type = types.bool; - default = true; - }; - - port = mkOption { - type = types.str; - default = "45876"; - }; - - name = mkOption { - type = types.str; - default = "beszel-agent"; - }; - - image = mkOption { - type = types.str; - default = "henrygd/beszel-agent"; - }; - - podmanSock = mkOption { - type = types.str; - default = "/var/run/podman/podman.sock"; - }; - - key = mkOption { - type = types.str; - default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBIxbgq3dHkhhmmydqgT1DQCAEEUdZ2V0RjzmxtyJo9w"; - }; - - fileSystem = mkOption { - type = types.str; - default = "/dev/mapper/hdd1"; - }; - - puid = mkOption { - type = types.str; - default = "911"; - }; - - pgid = mkOption { - type = types.str; - default = "1000"; - }; - - timeZone = mkOption { - type = types.str; - default = "America/Chicago"; - }; - }; -} diff --git a/modules/apps/beszel/default.nix b/modules/apps/beszel/default.nix deleted file mode 100644 index 39c1fb5..0000000 --- a/modules/apps/beszel/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ lib, config, ... }: -with lib; -let - cfg = config.nas-apps.beszel; -in -{ - imports = [ ./options.nix ]; - - config = mkIf cfg.enable { - virtualisation.oci-containers.containers."${cfg.name}" = { - autoStart = cfg.autoStart; - image = cfg.image; - ports = [ "${cfg.httpPort}:8090" ]; - volumes = [ "${cfg.configPath}:/beszel_data" ]; - environment = { - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; - }; - }; - }; -} diff --git a/modules/apps/beszel/options.nix b/modules/apps/beszel/options.nix deleted file mode 100644 index a0c1e90..0000000 --- a/modules/apps/beszel/options.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ lib, ... }: -with lib; -{ - options.nas-apps.beszel = { - enable = mkEnableOption "beszel docker service"; - - autoStart = mkOption { - type = types.bool; - default = true; - }; - - httpPort = mkOption { - type = types.str; - default = "8090"; - }; - - name = mkOption { - type = types.str; - default = "beszel"; - }; - - image = mkOption { - type = types.str; - default = "henrygd/beszel"; - }; - - configPath = mkOption { - type = types.str; - default = "/media/nas/ssd/nix-app-data/beszel"; - }; - - puid = mkOption { - type = types.str; - default = "911"; - }; - - pgid = mkOption { - type = types.str; - default = "1000"; - }; - - timeZone = mkOption { - type = types.str; - default = "America/Chicago"; - }; - }; -} diff --git a/modules/apps/caddy/custom-caddy.nix b/modules/apps/caddy/custom-caddy.nix new file mode 100644 index 0000000..509e3b0 --- /dev/null +++ b/modules/apps/caddy/custom-caddy.nix @@ -0,0 +1,43 @@ +{ + pkgs, + config, + plugins, + stdenv, + lib, + ... +}: + +stdenv.mkDerivation rec { + pname = "caddy"; + # https://github.com/NixOS/nixpkgs/issues/113520 + version = "2.7.6"; + dontUnpack = true; + + nativeBuildInputs = [ + pkgs.git + pkgs.go + pkgs.xcaddy + ]; + + configurePhase = '' + export GOCACHE=$TMPDIR/go-cache + export GOPATH="$TMPDIR/go" + ''; + + buildPhase = + let + pluginArgs = lib.concatMapStringsSep " " (plugin: "--with ${plugin}") plugins; + in + '' + runHook preBuild + ${pkgs.xcaddy}/bin/xcaddy build "v${version}" ${pluginArgs} + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + mkdir -p $out/bin + mv caddy $out/bin + runHook postInstall + ''; +} diff --git a/modules/apps/caddy/default.nix b/modules/apps/caddy/default.nix new file mode 100644 index 0000000..5d84ba6 --- /dev/null +++ b/modules/apps/caddy/default.nix @@ -0,0 +1,231 @@ +{ config, pkgs, ... }: +{ + # Enable containers + containers.caddy = { + autoStart = true; + privateNetwork = true; + hostAddress = "10.0.1.18"; + localAddress = "10.0.2.1"; + + config = + { config, pkgs, ... }: + { + nixpkgs.overlays = [ + ( + _final: prev: + let + plugins = [ "github.com/caddy-dns/cloudflare" ]; + goImports = prev.lib.flip prev.lib.concatMapStrings plugins (pkg: " _ \"${pkg}\"\n"); + goGets = prev.lib.flip prev.lib.concatMapStrings plugins (pkg: "go get ${pkg}\n "); + main = '' + package main + import ( + caddycmd "github.com/caddyserver/caddy/v2/cmd" + _ "github.com/caddyserver/caddy/v2/modules/standard" + ${goImports} + ) + func main() { + caddycmd.Main() + } + ''; + + in + { + caddy-cloudflare = prev.buildGoModule { + pname = "caddy-cloudflare"; + version = prev.caddy.version; + runVend = true; + + subPackages = [ "cmd/caddy" ]; + + src = prev.caddy.src; + + vendorHash = "sha256-fTcMtg5GGEgclIwJCav0jjWpqT+nKw2OF1Ow0MEEitk="; + + overrideModAttrs = ( + _: { + preBuild = '' + echo '${main}' > cmd/caddy/main.go + ${goGets} + ''; + postInstall = "cp go.sum go.mod $out/ && ls $out/"; + } + ); + + postPatch = '' + echo '${main}' > cmd/caddy/main.go + cat cmd/caddy/main.go + ''; + + postConfigure = '' + cp vendor/go.sum ./ + cp vendor/go.mod ./ + ''; + + meta = with prev.lib; { + homepage = "https://caddyserver.com"; + description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS"; + license = licenses.asl20; + maintainers = with maintainers; [ + Br1ght0ne + techknowlogick + ]; + }; + }; + } + ) + ]; + + systemd.services.caddy.serviceConfig.AmbientCapabilities = "CAP_NET_BIND_SERVICE"; + + # Caddy web server + services.caddy = { + enable = true; + email = "jalle008@proton.me"; + enableReload = true; + package = pkgs.caddy-cloudflare; + adapter = "''"; # Required to enable JSON + + # virtualHosts = { + + # } + + configFile = pkgs.writeText "Caddyfile" ( + builtins.toJSON { + apps.http.servers.main = { + listen = [ ":443" ]; + routes = [ + { + match = [ { host = [ "authentik.mjallen.dev" ]; } ]; + handle = [ + { + handler = "reverse_proxy"; + upstreams = [ { dial = "http://10.0.1.18:9000"; } ]; + } + ]; + } + ]; + }; + apps.tls.automation.policies = [ + { + issuers = [ + { + module = "acme"; + challenges = { + dns = { + provider = { + name = "cloudflare"; + api_token = "{env.CLOUDFLARE_API_TOKEN}"; + }; + resolvers = [ "1.1.1.1" ]; + }; + }; + } + ]; + } + ]; + } + ); + + # configFile = pkgs.writeText "Caddyfile" '' + # apps.tls.automation.policies = [{ + # issuers = [{ + # module = "acme"; + # challenges = { + # dns = { + # provider = { + # name = "cloudflare"; + # api_token = "{env.CLOUDFLARE_API_TOKEN}"; + # }; + # resolvers = [ "1.1.1.1" ]; + # }; + # }; + # }]; + # # Wildcard certificate for all subdomains + # *.mjallen.dev { + # tls { + # dns cloudflare {env.CLOUDFLARE_API_TOKEN} + # } + # } + + # :80 { + # respond "Hello from Caddy!" + # } + + # :443 { + # respond "Hello from Caddy!" + # } + + # authentik.mjallen.dev { + # reverse_proxy 10.0.1.18:9000 + # } + # ''; + }; + + # Environment variable for DNS challenge + environment.etc."caddy/cloudflare.env" = { + mode = "0600"; + text = '' + CLOUDFLARE_API_TOKEN=HYhx7cN6e-O6QQJNKd9g7RpgvCzY-aegOPU2iQwB + ''; + }; + + # Fail2Ban configuration + environment.etc."fail2ban/filter.d/caddy.local" = { + mode = "0644"; + text = '' + [Definition] + failregex = ^ .* "(GET|POST|PUT|DELETE|HEAD|OPTIONS) .* HTTP/\d\.\d" (4\d{2}|5\d{2}) + ignoreregex = + ''; + }; + + services.fail2ban = { + enable = true; + jails = { + caddy = { + settings = { + filter = "caddy"; + logpath = "/var/log/caddy/access.log"; + maxretry = 5; + bantime = "30m"; + }; + }; + }; + }; + + # Ensure logging for Caddy + services.caddy.logDir = "/var/log/caddy"; + + # Open necessary firewall ports + networking.firewall = { + enable = true; + allowedTCPPorts = [ + 80 + 443 + ]; + }; + + # Install additional packages if needed + environment.systemPackages = with pkgs; [ + caddy + fail2ban + ]; + + system.stateVersion = "23.11"; + }; + }; + + networking.nat = { + forwardPorts = [ + { + destination = "10.0.2.1:80"; + sourcePort = 80; + } + { + destination = "10.0.2.1:443"; + sourcePort = 443; + } + ]; + }; +} diff --git a/modules/apps/collabora/default.nix b/modules/apps/collabora/default.nix index 13e49e2..0a8f620 100755 --- a/modules/apps/collabora/default.nix +++ b/modules/apps/collabora/default.nix @@ -26,8 +26,8 @@ in username = cfg.username; # password = cfg.password; # get from env file domain = "office.mjallen.dev"; - aliasgroup1 = "https://cloud\.mjallen\.dev:443"; - aliasgroup2 = "https://cloud\.mjallen\.dev:443"; + aliasgroup1 = "https://cloud.mjallen.dev:443"; + aliasgroup2 = "https://cloud.mjallen.dev:443"; # DONT_GEN_SSL_CERT = cfg.dontGenSslCert; server_name = cfg.serverName; dictionaries = cfg.dictionaries; diff --git a/modules/apps/free-games-claimer/default.nix b/modules/apps/free-games-claimer/default.nix index 21101bc..9729f64 100644 --- a/modules/apps/free-games-claimer/default.nix +++ b/modules/apps/free-games-claimer/default.nix @@ -11,9 +11,7 @@ in autoStart = cfg.autoStart; image = cfg.image; ports = [ "${cfg.httpPort}:6080" ]; - volumes = [ - "${cfg.dataPath}:/fgc/data" - ]; + volumes = [ "${cfg.dataPath}:/fgc/data" ]; environment = { PUID = cfg.puid; PGID = cfg.pgid; diff --git a/modules/apps/immich/default.nix b/modules/apps/immich/default.nix deleted file mode 100644 index c7aadd5..0000000 --- a/modules/apps/immich/default.nix +++ /dev/null @@ -1,168 +0,0 @@ -{ lib, config, pkgs, ... }: -with lib; -let - cfg = config.nas-apps.immich; -in -{ - imports = [ ./options.nix ]; - - config = mkIf cfg.enable { - - virtualisation.oci-containers.containers."immich-machine-learning" = { - image = "ghcr.io/immich-app/immich-machine-learning:pr-12826-cuda"; - volumes = [ - "/media/nas/ssd/nix-app-data/immich/model-cache:/cache:rw" - ]; - log-driver = "journald"; - extraOptions = [ - "--network-alias=immich-machine-learning" - "--device=nvidia.com/gpu=0" - ]; - ports = [ - "3003:3003" - ]; - environment = { - PUID = "911"; - PGID = "1000"; - }; - }; - - systemd.services."podman-immich-machine-learning" = { - serviceConfig = { - Restart = lib.mkOverride 500 "always"; - }; - partOf = [ - "podman-compose-immich-root.target" - ]; - wantedBy = [ - "podman-compose-immich-root.target" - ]; - }; - - virtualisation.oci-containers.containers."immich-postgres" = { - image = "docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0"; - environment = { - "POSTGRES_INITDB_ARGS" = "--data-checksums"; - PUID = "911"; - PGID = "1000"; - }; - environmentFiles = [ - config.sops.secrets."jallen-nas/immich/db-password".path - config.sops.secrets."jallen-nas/immich/db-name".path - config.sops.secrets."jallen-nas/immich/db-user".path - ]; - volumes = [ - "/media/nas/ssd/nix-app-data/immich/postgres:/var/lib/postgresql/data:rw" - ]; - ports = [ - "5433:5432" - ]; - cmd = [ "postgres" "-c" "shared_preload_libraries=vectors.so" "-c" "search_path=\"$user\", public, vectors" "-c" "logging_collector=on" "-c" "max_wal_size=2GB" "-c" "shared_buffers=512MB" "-c" "wal_compression=on" ]; - log-driver = "journald"; - extraOptions = [ - "--health-cmd=pg_isready --dbname=$DB_DATABASE_NAME --username=$DB_USERNAME || exit 1; Chksum=\"$(psql --dbname=$DB_DATABASE_NAME --username=$DB_USERNAME --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')\"; echo \"checksum failure count is $Chksum\"; [ \"$Chksum\" = '0' ] || exit 1" - "--health-interval=5m0s" - "--health-start-period=5m0s" - "--network-alias=database" - ]; - }; - - systemd.services."podman-immich-postgres" = { - serviceConfig = { - Restart = lib.mkOverride 500 "always"; - }; - partOf = [ - "podman-compose-immich-root.target" - ]; - wantedBy = [ - "podman-compose-immich-root.target" - ]; - }; - - virtualisation.oci-containers.containers."immich-redis" = { - image = "docker.io/redis:6.2-alpine@sha256:2d1463258f2764328496376f5d965f20c6a67f66ea2b06dc42af351f75248792"; - log-driver = "journald"; - extraOptions = [ - "--health-cmd=redis-cli ping || exit 1" - "--network-alias=redis" - ]; - ports = [ - "6381:6379" - ]; - environment = { - PUID = "911"; - PGID = "1000"; - }; - }; - - systemd.services."podman-immich-redis" = { - serviceConfig = { - Restart = lib.mkOverride 500 "always"; - }; - partOf = [ - "podman-compose-immich-root.target" - ]; - wantedBy = [ - "podman-compose-immich-root.target" - ]; - }; - - virtualisation.oci-containers.containers."immich-server" = { - image = "ghcr.io/imagegenius/immich:latest"; - volumes = [ - "/media/nas/ssd/nix-app-data/immich/upload:/usr/src/app/upload:rw" - "/media/nas/ssd/nix-app-data/immich/config:/config" - "/media/nas/main/photos:/photos" - "/media/nas/ssd/nix-app-data/immich/libraries:/libraries" - "/etc/localtime:/etc/localtime:ro" - ]; - ports = [ - "5555:8080/tcp" - ]; - dependsOn = [ - "immich-postgres" - "immich-redis" - ]; - log-driver = "journald"; - extraOptions = [ - "--network-alias=immich-server" - "--device=nvidia.com/gpu=0" - ]; - environment = { - PUID = "911"; - PGID = "1000"; - DB_HOSTNAME = "10.0.1.18"; - DB_PORT = "5433"; - REDIS_HOSTNAME = "10.0.1.18"; - REDIS_PORT = "6381"; - }; - environmentFiles = [ - config.sops.secrets."jallen-nas/immich/server-db-password".path - config.sops.secrets."jallen-nas/immich/server-db-name".path - config.sops.secrets."jallen-nas/immich/server-db-user".path - ]; - }; - - systemd.services."podman-immich-server" = { - serviceConfig = { - Restart = lib.mkOverride 500 "always"; - }; - partOf = [ - "podman-compose-immich-root.target" - ]; - wantedBy = [ - "podman-compose-immich-root.target" - ]; - }; - - # Root service - # When started, this will automatically create all resources and start - # the containers. When stopped, this will teardown all resources. - systemd.targets."podman-compose-immich-root" = { - unitConfig = { - Description = "Root target generated by compose2nix."; - }; - wantedBy = [ "multi-user.target" ]; - }; - }; -} diff --git a/modules/apps/immich/options.nix b/modules/apps/immich/options.nix deleted file mode 100644 index 83ac168..0000000 --- a/modules/apps/immich/options.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ lib, ... }: -with lib; -{ - options.nas-apps.immich = { - enable = mkEnableOption "immich docker service"; - }; -} diff --git a/modules/apps/jellyfin/jellyfin.nix b/modules/apps/jellyfin/jellyfin.nix new file mode 100644 index 0000000..d0ca07f --- /dev/null +++ b/modules/apps/jellyfin/jellyfin.nix @@ -0,0 +1,168 @@ +{ + config, + pkgs, + lib, + ... +}: + +# let +# jellyfinPort = 8096; +# jellyfinUserId = config.users.users.nix-apps.uid; +# jellyfinGroupId = config.users.groups.jallen-nas.gid; +# package = pkgs.jellyfin; +# in { +# containers.jellyfin = { +# autoStart = true; +# privateNetwork = true; +# hostAddress = "10.0.1.18"; +# localAddress = "10.0.2.25"; + +# config = { config, pkgs, lib, ... }: { +# # Enable jellyfin service +# nixpkgs.config.allowUnfree = true; +# hardware = { +# # Nvidia +# nvidia = { +# package = config.boot.kernelPackages.nvidiaPackages.latest; +# # Modesetting is required. +# modesetting.enable = true; +# # Nvidia power management. Experimental, and can cause sleep/suspend to fail. +# powerManagement.enable = true; +# # Fine-grained power management. Turns off GPU when not in use. +# # Experimental and only works on modern Nvidia GPUs (Turing or newer). +# powerManagement.finegrained = false; +# # Use the NVidia open source kernel module (not to be confused with the +# # independent third-party "nouveau" open source driver). +# # Support is limited to the Turing and later architectures. Full list of +# # supported GPUs is at: +# # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus +# # Only available from driver 515.43.04+ +# # Currently alpha-quality/buggy, so false is currently the recommended setting. +# open = true; + +# # Enable the Nvidia settings menu, +# # accessible via `nvidia-settings`. +# nvidiaSettings = true; +# }; + +# # Enable graphics +# graphics = { +# enable = true; +# enable32Bit = true; +# }; +# }; + +# # Services configs +# services.xserver = { +# # Load nvidia driver for Xorg and Wayland +# videoDrivers = [ "nvidia" ]; +# }; + +# services.jellyfin = { +# enable = true; +# openFirewall = true; +# user = "jellyfin"; +# group = "media"; +# dataDir = "/data"; +# configDir = "/config"; +# # cacheDir = "/cache"; +# }; + +# # Create required users and groups +# users.users.jellyfin = { +# isSystemUser = true; +# uid = lib.mkForce jellyfinUserId; +# group = "media"; +# extraGroups = [ "downloads" ]; +# }; + +# users.groups = { +# media = { gid = lib.mkForce jellyfinGroupId; }; +# downloads = { }; +# }; + +# networking = { +# firewall = { +# enable = true; +# allowedTCPPorts = [ jellyfinPort ]; +# }; +# # Use systemd-resolved inside the container +# # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 +# useHostResolvConf = lib.mkForce false; +# }; + +# # System packages +# environment.systemPackages = with pkgs; [ +# sqlite +# mono +# mediainfo +# # ffmpeg +# # nvidiaPackages.gpu +# # nvidiaPackages.nvidia-settings +# # nvidiaPackages.nvidia-x11 +# ]; + +# services.resolved.enable = true; +# system.stateVersion = "23.11"; +# }; + +# # Bind mount directories from host +# bindMounts = { +# "/data" = { +# hostPath = "/media/nas/ssd/nix-app-data/jellyfin"; +# isReadOnly = false; +# }; +# "/tv" = { +# hostPath = "/media/nas/main/tv"; +# isReadOnly = false; +# }; +# "/movies" = { +# hostPath = "/media/nas/main/movies"; +# isReadOnly = false; +# }; +# "/dev/nvidia0" = { hostPath = "/dev/nvidia0"; }; # GPU device +# "/dev/nvidiactl" = { hostPath = "/dev/nvidiactl"; }; # NVIDIA control +# "/dev/nvidia-modeset" = { hostPath = "/dev/nvidia-modeset"; }; # modesetting +# }; + +# # allowedDevices = [ +# # { +# # modifier = "rw"; +# # node = "/dev/nvidia0"; +# # } +# # { +# # modifier = "rw"; +# # node = "/dev/nvidiactl"; +# # } +# # { +# # modifier = "rw"; +# # node = "/dev/nvidia-modeset"; +# # } +# # { +# # modifier = "rw"; +# # node = "/dev/nvidia-uvm"; +# # } +# # { +# # modifier = "rw"; +# # node = "/dev/nvidia-uvm-tools"; +# # } +# # ]; +# }; + +# networking.nat = { +# forwardPorts = [{ +# destination = "10.0.2.25:8096"; +# sourcePort = jellyfinPort; +# }]; +# }; +# } +{ + services.jellyfin = { + enable = true; + openFirewall = true; + user = "nix-apps"; + group = "jallen-nas"; + dataDir = "/media/nas/ssd/nix-app-data/jellyfin"; + # cacheDir = "/cache"; + }; +} diff --git a/modules/apps/jellyseerr/jellyseerr.nix b/modules/apps/jellyseerr/jellyseerr.nix index d0b4760..8a0d13d 100644 --- a/modules/apps/jellyseerr/jellyseerr.nix +++ b/modules/apps/jellyseerr/jellyseerr.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let jellyseerrPort = 5055; @@ -17,29 +22,36 @@ in localAddress = "10.0.1.52"; hostAddress6 = "fc00::1"; localAddress6 = "fc00::4"; - - config = { config, pkgs, lib, ... }: { - # Enable jellyseerr service - services.jellyseerr = { - enable = true; - port = jellyseerrPort; - # package = package; - openFirewall = true; - }; - networking = { - firewall = { + config = + { + config, + pkgs, + lib, + ... + }: + { + # Enable jellyseerr service + services.jellyseerr = { enable = true; - allowedTCPPorts = [ jellyseerrPort ]; + port = jellyseerrPort; + # package = package; + openFirewall = true; }; - # Use systemd-resolved inside the container - # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 - useHostResolvConf = lib.mkForce false; + + networking = { + firewall = { + enable = true; + allowedTCPPorts = [ jellyseerrPort ]; + }; + # Use systemd-resolved inside the container + # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 + useHostResolvConf = lib.mkForce false; + }; + + services.resolved.enable = true; + system.stateVersion = "23.11"; }; - - services.resolved.enable = true; - system.stateVersion = "23.11"; - }; }; networking.nat = { @@ -50,4 +62,4 @@ in } ]; }; -} \ No newline at end of file +} diff --git a/modules/apps/mealie/default.nix b/modules/apps/mealie/default.nix deleted file mode 100644 index 64f99fa..0000000 --- a/modules/apps/mealie/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ lib, config, ... }: -with lib; -let - cfg = config.nas-apps.mealie; -in -{ - imports = [ ./options.nix ]; - - config = mkIf cfg.enable { - virtualisation.oci-containers.containers."${cfg.name}" = { - autoStart = cfg.autoStart; - image = cfg.image; - ports = [ "${cfg.port}:9000" ]; - volumes = [ "${cfg.dataPath}:/app/data" ]; - environment = { - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; - ALLOW_SIGNUP = cfg.allowSignup; - MAX_WORKERS = cfg.maxWorkers; - MAX_CONCURRENCY = cfg.maxConcurrency; - BASE_URL = cfg.baseUrl; - }; - }; - }; -} diff --git a/modules/apps/mealie/options.nix b/modules/apps/mealie/options.nix deleted file mode 100644 index 8fd1e12..0000000 --- a/modules/apps/mealie/options.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ lib, ... }: -with lib; -{ - options.nas-apps.mealie = { - enable = mkEnableOption "mealie docker service"; - - autoStart = mkOption { - type = types.bool; - default = true; - }; - - port = mkOption { - type = types.str; - default = "9000"; - }; - - name = mkOption { - type = types.str; - default = "mealie"; - }; - - image = mkOption { - type = types.str; - default = "ghcr.io/mealie-recipes/mealie"; - }; - - dataPath = mkOption { - type = types.str; - default = "/media/nas/ssd/nix-app-data/mealie"; - }; - - puid = mkOption { - type = types.str; - default = "911"; - }; - - pgid = mkOption { - type = types.str; - default = "1000"; - }; - - timeZone = mkOption { - type = types.str; - default = "America/Chicago"; - }; - - maxWorkers = mkOption { - type = types.str; - default = "1"; - }; - - maxConcurrency = mkOption { - type = types.str; - default = "1"; - }; - - baseUrl = mkOption { - type = types.str; - default = ""; - }; - - allowSignup = mkOption { - type = types.str; - default = "true"; - }; - }; -} diff --git a/modules/apps/orca-slicer/default.nix b/modules/apps/orca-slicer/default.nix deleted file mode 100644 index 09781e6..0000000 --- a/modules/apps/orca-slicer/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ lib, config, ... }: -with lib; -let - cfg = config.nas-apps.orca-slicer; -in -{ - imports = [ ./options.nix ]; - - config = mkIf cfg.enable { - virtualisation.oci-containers.containers."${cfg.name}" = { - autoStart = cfg.autoStart; - image = cfg.image; - extraOptions = [ "--device=nvidia.com/gpu=0" ]; - ports = [ - "${cfg.httpPort}:3000" - "${cfg.httpsPort}:3001" - ]; - volumes = [ - "${cfg.configPath}:/config" - "${cfg.dataPath}:/data" - ]; - environment = { - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; - TITLE = "orca-slicer"; - DRINODE = "/dev/dri/renderD128"; - NO_DECOR = "1"; - }; - }; - }; -} diff --git a/modules/apps/orca-slicer/options.nix b/modules/apps/orca-slicer/options.nix deleted file mode 100644 index 02ac2a5..0000000 --- a/modules/apps/orca-slicer/options.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ lib, ... }: -with lib; -{ - options.nas-apps.orca-slicer = { - enable = mkEnableOption "orca slicer docker service"; - - autoStart = mkOption { - type = types.bool; - default = true; - }; - - httpPort = mkOption { - type = types.str; - default = "3000"; - }; - - httpsPort = mkOption { - type = types.str; - default = "3001"; - }; - - name = mkOption { - type = types.str; - default = "orca-slicer"; - }; - - image = mkOption { - type = types.str; - default = "linuxserver/orcaslicer"; - }; - - configPath = mkOption { - type = types.str; - default = "/media/nas/ssd/ssd_app_data/orca-slicer"; - }; - - dataPath = mkOption { - type = types.str; - default = "/media/nas/main/3d_printer"; - }; - - puid = mkOption { - type = types.str; - default = "911"; - }; - - pgid = mkOption { - type = types.str; - default = "1000"; - }; - - timeZone = mkOption { - type = types.str; - default = "America/Chicago"; - }; - }; -} diff --git a/modules/apps/paperless/default.nix b/modules/apps/paperless/default.nix index 0218f47..bdc430c 100644 --- a/modules/apps/paperless/default.nix +++ b/modules/apps/paperless/default.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let paperlessPort = 28981; @@ -14,59 +19,68 @@ in localAddress = "10.0.1.20"; hostAddress6 = "fc00::1"; localAddress6 = "fc00::20"; - - config = { config, pkgs, lib, ... }: { - # Enable paperless service - services.paperless = { - enable = true; - port = paperlessPort; - user = "paperless"; - address = "0.0.0.0"; - passwordFile = "/var/lib/paperless/paperless-password"; - # settings = { - # PAPERLESS_APPS="allauth.socialaccount.providers.openid_connect"; - # PAPERLESS_SOCIALACCOUNT_PROVIDERS = { - # "openid_connect" = { - # "OAUTH_PKCE_ENABLED":true, - # "APPS":[ - # {"provider_id":"authentik","name":"Authentik","client_id":"","secret":","settings":{"server_url":"https://authentik.mjallen.dev/application/o/paperless/.well-known/openid-configuration"}}]}} - # } - }; - # Create required users and groups - users.groups = { - documents = { gid = lib.mkForce paperlessGroupId; }; - }; - - users.users.paperless = { - isSystemUser = true; - uid = lib.mkForce paperlessUserId; - group = lib.mkForce "documents"; - }; - - # Create and set permissions for required directories - system.activationScripts.paperless-dirs = '' - mkdir -p /var/lib/paperless - - chown -R paperless:documents /var/lib/paperless - - chmod -R 775 /var/lib/paperless - - ''; - - networking = { - firewall = { + config = + { + config, + pkgs, + lib, + ... + }: + { + # Enable paperless service + services.paperless = { enable = true; - allowedTCPPorts = [ paperlessPort ]; + port = paperlessPort; + user = "paperless"; + address = "0.0.0.0"; + passwordFile = "/var/lib/paperless/paperless-password"; + # settings = { + # PAPERLESS_APPS="allauth.socialaccount.providers.openid_connect"; + # PAPERLESS_SOCIALACCOUNT_PROVIDERS = { + # "openid_connect" = { + # "OAUTH_PKCE_ENABLED":true, + # "APPS":[ + # {"provider_id":"authentik","name":"Authentik","client_id":"","secret":","settings":{"server_url":"https://authentik.mjallen.dev/application/o/paperless/.well-known/openid-configuration"}}]}} + # } }; - # Use systemd-resolved inside the container - # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 - useHostResolvConf = lib.mkForce false; + + # Create required users and groups + users.groups = { + documents = { + gid = lib.mkForce paperlessGroupId; + }; + }; + + users.users.paperless = { + isSystemUser = true; + uid = lib.mkForce paperlessUserId; + group = lib.mkForce "documents"; + }; + + # Create and set permissions for required directories + system.activationScripts.paperless-dirs = '' + mkdir -p /var/lib/paperless + + chown -R paperless:documents /var/lib/paperless + + chmod -R 775 /var/lib/paperless + + ''; + + networking = { + firewall = { + enable = true; + allowedTCPPorts = [ paperlessPort ]; + }; + # Use systemd-resolved inside the container + # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 + useHostResolvConf = lib.mkForce false; + }; + + services.resolved.enable = true; + system.stateVersion = "23.11"; }; - - services.resolved.enable = true; - system.stateVersion = "23.11"; - }; # Bind mount directories from host bindMounts = { @@ -89,4 +103,4 @@ in } ]; }; -} \ No newline at end of file +} diff --git a/modules/apps/radarr/default.nix b/modules/apps/radarr/default.nix deleted file mode 100644 index ffdd619..0000000 --- a/modules/apps/radarr/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ lib, config, ... }: -with lib; -let - cfg = config.nas-apps.radarr; -in -{ - imports = [ ./options.nix ]; - - config = mkIf cfg.enable { - virtualisation.oci-containers.containers."${cfg.name}" = { - autoStart = cfg.autoStart; - image = cfg.image; - ports = [ "${cfg.port}:7878" ]; - volumes = [ - "${cfg.configPath}:/config" - "${cfg.moviesPath}:/movies" - "${cfg.downloadsPath}:/downloads" - ]; - environment = { - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; - }; - }; - }; -} diff --git a/modules/apps/radarr/options.nix b/modules/apps/radarr/options.nix deleted file mode 100644 index c322eae..0000000 --- a/modules/apps/radarr/options.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ lib, ... }: -with lib; -{ - options.nas-apps.radarr = { - enable = mkEnableOption "radarr docker service"; - - autoStart = mkOption { - type = types.bool; - default = true; - }; - - port = mkOption { - type = types.str; - default = "7878"; - }; - - name = mkOption { - type = types.str; - default = "radarr"; - }; - - image = mkOption { - type = types.str; - default = "linuxserver/radarr"; - }; - - configPath = mkOption { - type = types.str; - default = "/media/nas/ssd/ssd_app_data/radarr"; - }; - - moviesPath = mkOption { - type = types.str; - default = "/media/nas/main/movies"; - }; - - downloadsPath = mkOption { - type = types.str; - default = "/media/nas/ssd/ssd_app_data/downloads"; - }; - - puid = mkOption { - type = types.str; - default = "911"; - }; - - pgid = mkOption { - type = types.str; - default = "1000"; - }; - - timeZone = mkOption { - type = types.str; - default = "America/Chicago"; - }; - }; -} diff --git a/modules/apps/radarr/radarr.nix b/modules/apps/radarr/radarr.nix deleted file mode 100644 index d6f1e24..0000000 --- a/modules/apps/radarr/radarr.nix +++ /dev/null @@ -1,106 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - radarrPort = 7878; - dataDir = "/var/lib/radarr"; - downloadDir = "/downloads"; - mediaDir = "/media"; - radarrUserId = config.users.users.nix-apps.uid; - radarrGroupId = config.users.groups.jallen-nas.gid; - package = pkgs.radarr; -in -{ - containers.radarr = { - autoStart = true; - privateNetwork = true; - hostAddress = "10.0.1.18"; - localAddress = "10.0.1.51"; - hostAddress6 = "fc00::1"; - localAddress6 = "fc00::3"; - - config = { config, pkgs, lib, ... }: { - # Enable radarr service - services.radarr = { - enable = true; - user = "radarr"; - group = "media"; - dataDir = dataDir; - package = package; - }; - - # Create required users and groups - users.users.radarr = { - isSystemUser = true; - uid = lib.mkForce radarrUserId; - group = "media"; - extraGroups = [ "downloads" ]; - }; - - users.groups = { - media = { gid = lib.mkForce radarrGroupId; }; - downloads = {}; - }; - - # System packages - environment.systemPackages = with pkgs; [ - sqlite - mono - mediainfo - ]; - - # Create and set permissions for required directories - system.activationScripts.radarr-dirs = '' - mkdir -p ${dataDir} - mkdir -p ${downloadDir} - mkdir -p ${mediaDir} - - chown -R radarr:media ${dataDir} - chown -R radarr:media ${downloadDir} - chown -R radarr:media ${mediaDir} - - chmod -R 775 ${dataDir} - chmod -R 775 ${downloadDir} - chmod -R 775 ${mediaDir} - - ''; - - networking = { - firewall = { - enable = true; - allowedTCPPorts = [ radarrPort ]; - }; - # Use systemd-resolved inside the container - # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 - useHostResolvConf = lib.mkForce false; - }; - - services.resolved.enable = true; - system.stateVersion = "23.11"; - }; - - # Bind mount directories from host - bindMounts = { - "/var/lib/radarr" = { - hostPath = "/media/nas/ssd/nix-app-data/radarr"; - isReadOnly = false; - }; - "/downloads" = { - hostPath = "/media/nas/ssd/ssd_app_data/downloads"; - isReadOnly = false; - }; - "/media" = { - hostPath = "/media/nas/main/movies"; - isReadOnly = false; - }; - }; - }; - - networking.nat = { - forwardPorts = [ - { - destination = "10.0.1.51:7878"; - sourcePort = radarrPort; - } - ]; - }; -} \ No newline at end of file diff --git a/modules/apps/sabnzbd/sabnzbd.nix b/modules/apps/sabnzbd/sabnzbd.nix new file mode 100644 index 0000000..0191ff7 --- /dev/null +++ b/modules/apps/sabnzbd/sabnzbd.nix @@ -0,0 +1,57 @@ +{ + config, + pkgs, + lib, + ... +}: + +let + sabnzbdPort = 8080; + dataDir = "/var/lib/sabnzbd"; + downloadDir = "/downloads"; + mediaDir = "/media"; + sabnzbdUserId = config.users.users.nix-apps.uid; + sabnzbdGroupId = config.users.groups.jallen-nas.gid; + package = pkgs.sabnzbd; +in +{ + containers.sabnzbd = { + autoStart = true; + privateNetwork = true; + hostAddress = "10.0.1.18"; + localAddress = "10.0.2.20"; + + config = + { + config, + pkgs, + lib, + ... + }: + { + # Enable sabnzbd service + services.sabnzbd = { + enable = true; + openFirewall = true; + }; + + networking = { + # Use systemd-resolved inside the container + # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 + useHostResolvConf = lib.mkForce false; + }; + + services.resolved.enable = true; + system.stateVersion = "23.11"; + }; + }; + + networking.nat = { + forwardPorts = [ + { + destination = "10.0.2.20:8080"; + sourcePort = sabnzbdPort; + } + ]; + }; +} diff --git a/modules/apps/sonarr/sonarr.nix b/modules/apps/sonarr/sonarr.nix index 9106d63..d3dfd15 100644 --- a/modules/apps/sonarr/sonarr.nix +++ b/modules/apps/sonarr/sonarr.nix @@ -1,104 +1,118 @@ -{ config, pkgs, lib, ... }: +# { +# config, +# pkgs, +# lib, +# ... +# }: -let - sonarrPort = 8989; - dataDir = "/var/lib/sonarr"; - downloadDir = "/downloads"; - mediaDir = "/media"; - sonarrUserId = config.users.users.nix-apps.uid; - sonarrGroupId = config.users.groups.jallen-nas.gid; -in -{ - containers.sonarr = { - autoStart = true; - privateNetwork = true; - hostAddress = "10.0.1.18"; - localAddress = "10.0.1.50"; - hostAddress6 = "fc00::1"; - localAddress6 = "fc00::2"; - - config = { config, pkgs, lib, ... }: { - # Enable Sonarr service - services.sonarr = { - enable = true; - user = "sonarr"; - group = "media"; - dataDir = dataDir; - }; +# let +# sonarrPort = 8989; +# dataDir = "/var/lib/sonarr"; +# downloadDir = "/downloads"; +# mediaDir = "/media"; +# sonarrUserId = config.users.users.nix-apps.uid; +# sonarrGroupId = config.users.groups.jallen-nas.gid; +# in +# { +# containers.sonarr = { +# autoStart = true; +# privateNetwork = true; +# hostAddress = "10.0.1.18"; +# localAddress = "10.0.1.50"; +# hostAddress6 = "fc00::1"; +# localAddress6 = "fc00::2"; - # Create required users and groups - users.users.sonarr = { - isSystemUser = true; - uid = lib.mkForce sonarrUserId; - group = "media"; - extraGroups = [ "downloads" ]; - }; +# config = +# { +# config, +# pkgs, +# lib, +# ... +# }: +# { +# # Enable Sonarr service +# services.sonarr = { +# enable = true; +# user = "sonarr"; +# group = "media"; +# dataDir = dataDir; +# }; - users.groups = { - media = { gid = lib.mkForce sonarrGroupId; }; - downloads = {}; - }; +# # Create required users and groups +# users.users.sonarr = { +# isSystemUser = true; +# uid = lib.mkForce sonarrUserId; +# group = "media"; +# extraGroups = [ "downloads" ]; +# }; - # System packages - environment.systemPackages = with pkgs; [ - sqlite - mono - mediainfo - ]; +# users.groups = { +# media = { +# gid = lib.mkForce sonarrGroupId; +# }; +# downloads = { }; +# }; - # Create and set permissions for required directories - system.activationScripts.sonarr-dirs = '' - mkdir -p ${dataDir} - mkdir -p ${downloadDir} - mkdir -p ${mediaDir} +# # System packages +# environment.systemPackages = with pkgs; [ +# sqlite +# mono +# mediainfo +# ]; - chown -R sonarr:media ${dataDir} - chown -R sonarr:media ${downloadDir} - chown -R sonarr:media ${mediaDir} - - chmod -R 775 ${dataDir} - chmod -R 775 ${downloadDir} - chmod -R 775 ${mediaDir} - - ''; +# # Create and set permissions for required directories +# system.activationScripts.sonarr-dirs = '' +# mkdir -p ${dataDir} +# mkdir -p ${downloadDir} +# mkdir -p ${mediaDir} - networking = { - firewall = { - enable = true; - allowedTCPPorts = [ sonarrPort ]; - }; - # Use systemd-resolved inside the container - # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 - useHostResolvConf = lib.mkForce false; - }; - - services.resolved.enable = true; - system.stateVersion = "23.11"; - }; +# chown -R sonarr:media ${dataDir} +# chown -R sonarr:media ${downloadDir} +# chown -R sonarr:media ${mediaDir} - # Bind mount directories from host - bindMounts = { - "/var/lib/sonarr" = { - hostPath = "/media/nas/ssd/nix-app-data/sonarr"; - isReadOnly = false; - }; - "/downloads" = { - hostPath = "/media/nas/ssd/ssd_app_data/downloads"; - isReadOnly = false; - }; - "/media" = { - hostPath = "/media/nas/main/tv"; - isReadOnly = false; - }; - }; - }; +# chmod -R 775 ${dataDir} +# chmod -R 775 ${downloadDir} +# chmod -R 775 ${mediaDir} - networking.nat = { - forwardPorts = [ - { - destination = "10.0.1.50:8989"; - sourcePort = 8989; - } - ]; - }; -} \ No newline at end of file +# ''; + +# networking = { +# firewall = { +# enable = true; +# allowedTCPPorts = [ sonarrPort ]; +# }; +# # Use systemd-resolved inside the container +# # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 +# useHostResolvConf = lib.mkForce false; +# }; + +# services.resolved.enable = true; +# system.stateVersion = "23.11"; +# }; + +# # Bind mount directories from host +# bindMounts = { +# "/var/lib/sonarr" = { +# hostPath = "/media/nas/ssd/nix-app-data/sonarr"; +# isReadOnly = false; +# }; +# "/downloads" = { +# hostPath = "/media/nas/ssd/ssd_app_data/downloads"; +# isReadOnly = false; +# }; +# "/media" = { +# hostPath = "/media/nas/main/tv"; +# isReadOnly = false; +# }; +# }; +# }; + +# networking.nat = { +# forwardPorts = [ +# { +# destination = "10.0.1.50:8989"; +# sourcePort = 8989; +# } +# ]; +# }; +# } diff --git a/modules/apps/vscode/default.nix b/modules/apps/vscode/default.nix deleted file mode 100644 index 726c217..0000000 --- a/modules/apps/vscode/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ lib, config, ... }: -with lib; -let - cfg = config.nas-apps.vscode; -in -{ - imports = [ ./options.nix ]; - - config = mkIf cfg.enable { - virtualisation.oci-containers.containers."${cfg.name}" = { - autoStart = cfg.autoStart; - image = cfg.image; - ports = [ "${cfg.port}:8443" ]; - volumes = [ - "${cfg.configPath}:/config" - "/media/nas/ssd/ssd_app_data:/ssd_app_data" - "/home/admin/nix-config:/nix-config" - ]; - environment = { - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; - }; - }; - }; -} diff --git a/modules/apps/vscode/options.nix b/modules/apps/vscode/options.nix deleted file mode 100644 index 1e2cca7..0000000 --- a/modules/apps/vscode/options.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ lib, ... }: -with lib; -{ - options.nas-apps.vscode = { - enable = mkEnableOption "vscode docker service"; - - autoStart = mkOption { - type = types.bool; - default = true; - }; - - port = mkOption { - type = types.str; - default = "8443"; - }; - - name = mkOption { - type = types.str; - default = "vscode"; - }; - - image = mkOption { - type = types.str; - default = "linuxserver/code-server"; - }; - - configPath = mkOption { - type = types.str; - default = "/media/nas/ssd/ssd_app_data/vscode"; - }; - - puid = mkOption { - type = types.str; - default = "911"; - }; - - pgid = mkOption { - type = types.str; - default = "1000"; - }; - - timeZone = mkOption { - type = types.str; - default = "America/Chicago"; - }; - }; -} diff --git a/modules/apps/wireguard/default.nix b/modules/apps/wireguard/default.nix deleted file mode 100644 index 1dbe027..0000000 --- a/modules/apps/wireguard/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ lib, config, ... }: -with lib; -let - cfg = config.nas-apps.wireguard; -in -{ - imports = [ ./options.nix ]; - - config = mkIf cfg.enable { - virtualisation.oci-containers.containers."${cfg.name}" = { - autoStart = cfg.autoStart; - image = cfg.image; - ports = [ "${cfg.port}:51820/udp" ]; - extraOptions = [ - "--cap-add=NET_ADMIN" - "--sysctl=\"net.ipv4.conf.all.src_valid_mark=1\"" - ]; - volumes = [ "${cfg.configPath}:/config" ]; - environment = { - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; - }; - }; - }; -} diff --git a/modules/apps/wireguard/options.nix b/modules/apps/wireguard/options.nix deleted file mode 100644 index a0028a6..0000000 --- a/modules/apps/wireguard/options.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ lib, ... }: -with lib; -{ - options.nas-apps.wireguard = { - enable = mkEnableOption "wireguard docker service"; - - autoStart = mkOption { - type = types.bool; - default = true; - }; - - port = mkOption { - type = types.str; - default = "51820"; - }; - - name = mkOption { - type = types.str; - default = "wireguard"; - }; - - image = mkOption { - type = types.str; - default = "lscr.io/linuxserver/wireguard"; - }; - - configPath = mkOption { - type = types.str; - default = "/media/nas/ssd/nix-app-data/wireguard"; - }; - - puid = mkOption { - type = types.str; - default = "911"; - }; - - pgid = mkOption { - type = types.str; - default = "1000"; - }; - - timeZone = mkOption { - type = types.str; - default = "America/Chicago"; - }; - }; -} diff --git a/modules/default.nix b/modules/default.nix index e2f54fa..837be6c 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -2,31 +2,22 @@ { imports = [ ./samba - ./apps/beszel - ./apps/beszel-agent + ./apps/arrs ./apps/collabora ./apps/deluge ./apps/discover-wrapped ./apps/free-games-claimer - ./apps/immich ./apps/jackett ./apps/jellyfin ./apps/jellyseerr ./apps/manyfold ./apps/mariadb - ./apps/mealie ./apps/mongodb ./apps/nextcloud ./apps/ollama ./apps/open-webui - ./apps/orca-slicer - ./apps/radarr - ./apps/sabnzbd - ./apps/sonarr ./apps/swag ./apps/tdarr - ./apps/vscode - ./apps/wireguard ./apps/your-spotify ]; }