mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

move arrs into nix container

Browse Source
This commit is contained in:
mjallen18
2024-11-30 14:35:53 -06:00
parent b7c85a7a56
commit f33d690145
32 changed files with 901 additions and 1087 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
flake.lock generated
View File

@@ -52,11 +52,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1732400024, "lastModified": 1732715105,
"narHash": "sha256-uf1QzIl0Jj5dr7+erWjHWiCUEvywLaR7ir1jcqGgjeQ=", "narHash": "sha256-WGf8bzwNEgbWjM9aTFv9ZCGrBQEfg0fYd4FSoVa2gDs=",
"owner": "chaotic-cx", "owner": "chaotic-cx",
"repo": "nyx", "repo": "nyx",
"rev": "376a2e022a5d8fa21cecb5bb0fef0cb54db5cdfc", "rev": "8f153d013632e6036e8bec6377cc5ed7d2ad14df",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -76,11 +76,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1732412226, "lastModified": 1732757557,
"narHash": "sha256-Eb7LqtaCVgZy5Kp3pMrRTAmcnFO7HGj6lpAM2TrQzTA=", "narHash": "sha256-zADldaLfiSb2iGPhcSJPokGypYa1Fix0llhWkMvm8pQ=",
"owner": "lilyinstarlight", "owner": "lilyinstarlight",
"repo": "nixos-cosmic", "repo": "nixos-cosmic",
"rev": "44c9057ebbf4eb41cff08b8fc9c952b3f977656a", "rev": "5116835b8eb2ec18ec258050a11d374d38ac8764",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -295,11 +295,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1732303962, "lastModified": 1732482255,
"narHash": "sha256-5Umjb5AdtxV5jSJd5jxoCckh5mlg+FBQDsyAilu637g=", "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "8cf9cb2ee78aa129e5b8220135a511a2be254c0c", "rev": "a9953635d7f34e7358d5189751110f87e3ac17da",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -336,11 +336,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1732482255, "lastModified": 1732884235,
"narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=", "narHash": "sha256-r8j6R3nrvwbT1aUp4EPQ1KC7gm0pu9VcV1aNaB+XG6Q=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "a9953635d7f34e7358d5189751110f87e3ac17da", "rev": "819f682269f4e002884702b87e445c82840c68f2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -373,11 +373,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1732032028, "lastModified": 1732648910,
"narHash": "sha256-NjyfJQQxs/a2a/KwTmXM44K7XjeJwGsf4YFtebueQzo=", "narHash": "sha256-1F83DUfEHnCZpGY4UOlWaamWoDx8eZ9tHaUF51p2hng=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "65dc04371cf914c9af4f073638821e4787303005", "rev": "e86d2ad72094354326887bd6fe156f327d63d491",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -540,11 +540,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1732014248, "lastModified": 1732521221,
"narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -632,11 +632,11 @@
}, },
"nixpkgs-unstable-small": { "nixpkgs-unstable-small": {
"locked": { "locked": {
"lastModified": 1732632041, "lastModified": 1732866476,
"narHash": "sha256-3nnq3M2rsGu9doFG9pj2kFKgVv8S19kd68EQkwuCwSI=", "narHash": "sha256-fQPhGk0rBifqOtcq07Que6MWuWU08AmiaOVZ6TTAHUw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "bd4d2031f34254e597eaee1ad618749acb33ad86", "rev": "564e219aa5ca9306ab22fb803c16391aacb4417b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -776,11 +776,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1732328983, "lastModified": 1732588352,
"narHash": "sha256-RHt12f/slrzDpSL7SSkydh8wUE4Nr4r23HlpWywed9E=", "narHash": "sha256-J2/hxOO1VtBA/u+a+9E+3iJpWT3xsBdghgYAVfoGCJo=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "ed8aa5b64f7d36d9338eb1d0a3bb60cf52069a72", "rev": "414e748aae5c9e6ca63c5aafffda03e5dad57ceb",
"type": "github" "type": "github"
}, },
"original": { "original": {

39
hosts/nas/apps.nix
View File

@@ -1,16 +1,13 @@
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
# ../../modules/apps/caddy
../../modules/apps/jellyfin/jellyfin.nix
../../modules/apps/paperless ../../modules/apps/paperless
../../modules/apps/jellyseerr/jellyseerr.nix ../../modules/apps/jellyseerr/jellyseerr.nix
../../modules/apps/radarr/radarr.nix
../../modules/apps/sonarr/sonarr.nix
]; ];
nas-apps = { nas-apps = {
beszel.enable = true;
beszel-agent.enable = true;
collabora = { collabora = {
enable = true; enable = true;
@@ -21,14 +18,8 @@
free-games-claimer.enable = true; free-games-claimer.enable = true;
immich.enable = true;
jackett.enable = true; jackett.enable = true;
jellyfin.enable = true;
# jellyseerr.enable = false;
manyfold.enable = true; manyfold.enable = true;
mariadb = { mariadb = {
@@ -39,15 +30,6 @@
]; ];
}; };
mealie = {
enable = true;
baseUrl = "https://mealie.mjallen.dev";
port = "9001";
maxConcurrency = "4";
maxWorkers = "4";
allowSignup = "false";
};
mongodb.enable = true; mongodb.enable = true;
nextcloud = { nextcloud = {
@@ -60,27 +42,10 @@
open-webui.enable = true; open-webui.enable = true;
orca-slicer = {
enable = true;
httpPort = "3300";
httpsPort = "3301";
};
# radarr.enable = false;
sabnzbd.enable = true;
# sonarr.enable = false;
swag.enable = true; swag.enable = true;
tdarr.enable = true; tdarr.enable = true;
vscode.enable = true;
wireguard.enable = true;
wireguard.configPath = "/media/nas/ssd/nix-app-data/wireguard/sidestore";
your_spotify.enable = true; your_spotify.enable = true;
}; };
} }

1
hosts/nas/configuration.nix
View File

@@ -98,6 +98,7 @@ in
lm_sensors lm_sensors
nano nano
ninja ninja
nixfmt-rfc-style
nix-inspect nix-inspect
nix-ld nix-ld
networkmanagerapplet networkmanagerapplet

2
hosts/nas/impermanence.nix
View File

@@ -31,7 +31,7 @@
{ {
directory = "/etc/nix"; directory = "/etc/nix";
user = "root"; user = "root";
group = "root"; group = "wheel";
mode = "u=rwx,g=rx,o=rx"; mode = "u=rwx,g=rx,o=rx";
} }
{ {

163
modules/apps/arrs/default.nix Normal file
View File

@@ -0,0 +1,163 @@
{ config, pkgs, lib, ... }:
let
radarrPort = 7878;
sonarrPort = 8989;
sabnzbdPort = 8080;
radarrDataDir = "/var/lib/radarr";
downloadDir = "/downloads";
incompleteDir = "/downloads-incomplete";
sonarrDataDir = "/var/lib/sonarr";
sabnzbdConfig = "/var/lib/sabnzbd";
mediaDir = "/media";
arrUserId = config.users.users.nix-apps.uid;
arrGroupId = config.users.groups.jallen-nas.gid;
in
{
containers.arrs = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.0.1.18";
localAddress = "10.0.1.51";
config = { config, pkgs, lib, ... }: {
nixpkgs.config.allowUnfree = true;
# Enable radarr service
services.radarr = {
enable = true;
openFirewall = true;
user = "arrs";
group = "media";
dataDir = radarrDataDir;
};
# Enable Sonarr service
services.sonarr = {
enable = true;
openFirewall = true;
user = "arrs";
group = "media";
dataDir = sonarrDataDir;
};
# Enable Sabnzbd service
services.sabnzbd = {
enable = true;
openFirewall = true;
user = "arrs";
group = "media";
configFile = "${sabnzbdConfig}/sabnzbd.ini";
};
# Create required users and groups
users.users.arrs = {
isSystemUser = true;
uid = lib.mkForce arrUserId;
group = "media";
extraGroups = [ "downloads" ];
};
users.groups = {
media = { gid = lib.mkForce arrGroupId; };
downloads = {};
};
# System packages
environment.systemPackages = with pkgs; [
sqlite
mono
mediainfo
protonvpn-cli
];
# Create and set permissions for required directories
system.activationScripts.radarr-dirs = ''
mkdir -p ${radarrDataDir}
mkdir -p ${sonarrDataDir}
mkdir -p ${sabnzbdConfig}
mkdir -p ${downloadDir}
mkdir -p ${incompleteDir}
mkdir -p ${mediaDir}
chown -R arrs:media ${radarrDataDir}
chown -R arrs:media ${sonarrDataDir}
chown -R arrs:media ${sabnzbdConfig}
chown -R arrs:media ${downloadDir}
chown -R arrs:media ${incompleteDir}
chown -R arrs:media ${mediaDir}
chmod -R 775 ${radarrDataDir}
chmod -R 775 ${sonarrDataDir}
chmod -R 775 ${sabnzbdConfig}
chmod -R 775 ${downloadDir}
chmod -R 775 ${incompleteDir}
chmod -R 775 ${mediaDir}
'';
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ radarrPort sonarrPort sabnzbdPort ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "23.11";
};
# Bind mount directories from host
bindMounts = {
"${radarrDataDir}" = {
hostPath = "/media/nas/ssd/nix-app-data/radarr";
isReadOnly = false;
};
"${sonarrDataDir}" = {
hostPath = "/media/nas/ssd/nix-app-data/sonarr";
isReadOnly = false;
};
"${sabnzbdConfig}" = {
hostPath = "/media/nas/ssd/nix-app-data/sabnzbd";
isReadOnly = false;
};
"${downloadDir}" = {
hostPath = "/media/nas/ssd/ssd_app_data/downloads";
isReadOnly = false;
};
"${incompleteDir}" = {
hostPath = "/media/nas/ssd/ssd_app_data/downloads-incomplete";
isReadOnly = false;
};
"/media/movies" = {
hostPath = "/media/nas/main/movies";
isReadOnly = false;
};
"/media/tv" = {
hostPath = "/media/nas/main/tv";
isReadOnly = false;
};
};
};
networking.nat = {
forwardPorts = [
{
destination = "10.0.1.51:7878";
sourcePort = radarrPort;
}
{
destination = "10.0.1.51:8989";
sourcePort = sonarrPort;
}
{
destination = "10.0.1.51:8080";
sourcePort = sabnzbdPort;
}
];
};
}

25
modules/apps/beszel-agent/default.nix
View File

@@ -1,25 +0,0 @@
{ lib, config, ... }:
with lib;
let
cfg = config.nas-apps.beszel-agent;
in
{
imports = [ ./options.nix ];
config = mkIf cfg.enable {
virtualisation.oci-containers.containers."${cfg.name}" = {
autoStart = cfg.autoStart;
image = cfg.image;
ports = [ "${cfg.port}:45876" ];
volumes = [ "${cfg.podmanSock}:/var/run/docker.sock:ro" ];
environment = {
PORT = cfg.port;
KEY = cfg.key;
FILESYSTEM = cfg.fileSystem;
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
};
};
}

57
modules/apps/beszel-agent/options.nix
View File

@@ -1,57 +0,0 @@
{ lib, ... }:
with lib;
{
options.nas-apps.beszel-agent = {
enable = mkEnableOption "beszel agent docker service";
autoStart = mkOption {
type = types.bool;
default = true;
};
port = mkOption {
type = types.str;
default = "45876";
};
name = mkOption {
type = types.str;
default = "beszel-agent";
};
image = mkOption {
type = types.str;
default = "henrygd/beszel-agent";
};
podmanSock = mkOption {
type = types.str;
default = "/var/run/podman/podman.sock";
};
key = mkOption {
type = types.str;
default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBIxbgq3dHkhhmmydqgT1DQCAEEUdZ2V0RjzmxtyJo9w";
};
fileSystem = mkOption {
type = types.str;
default = "/dev/mapper/hdd1";
};
puid = mkOption {
type = types.str;
default = "911";
};
pgid = mkOption {
type = types.str;
default = "1000";
};
timeZone = mkOption {
type = types.str;
default = "America/Chicago";
};
};
}

22
modules/apps/beszel/default.nix
View File

@@ -1,22 +0,0 @@
{ lib, config, ... }:
with lib;
let
cfg = config.nas-apps.beszel;
in
{
imports = [ ./options.nix ];
config = mkIf cfg.enable {
virtualisation.oci-containers.containers."${cfg.name}" = {
autoStart = cfg.autoStart;
image = cfg.image;
ports = [ "${cfg.httpPort}:8090" ];
volumes = [ "${cfg.configPath}:/beszel_data" ];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
};
};
}

47
modules/apps/beszel/options.nix
View File

@@ -1,47 +0,0 @@
{ lib, ... }:
with lib;
{
options.nas-apps.beszel = {
enable = mkEnableOption "beszel docker service";
autoStart = mkOption {
type = types.bool;
default = true;
};
httpPort = mkOption {
type = types.str;
default = "8090";
};
name = mkOption {
type = types.str;
default = "beszel";
};
image = mkOption {
type = types.str;
default = "henrygd/beszel";
};
configPath = mkOption {
type = types.str;
default = "/media/nas/ssd/nix-app-data/beszel";
};
puid = mkOption {
type = types.str;
default = "911";
};
pgid = mkOption {
type = types.str;
default = "1000";
};
timeZone = mkOption {
type = types.str;
default = "America/Chicago";
};
};
}

43
modules/apps/caddy/custom-caddy.nix Normal file
View File

@@ -0,0 +1,43 @@
{
pkgs,
config,
plugins,
stdenv,
lib,
...
}:
stdenv.mkDerivation rec {
pname = "caddy";
# https://github.com/NixOS/nixpkgs/issues/113520
version = "2.7.6";
dontUnpack = true;
nativeBuildInputs = [
pkgs.git
pkgs.go
pkgs.xcaddy
];
configurePhase = ''
export GOCACHE=$TMPDIR/go-cache
export GOPATH="$TMPDIR/go"
'';
buildPhase =
let
pluginArgs = lib.concatMapStringsSep " " (plugin: "--with ${plugin}") plugins;
in
''
runHook preBuild
${pkgs.xcaddy}/bin/xcaddy build "v${version}" ${pluginArgs}
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out/bin
mv caddy $out/bin
runHook postInstall
'';
}

231
modules/apps/caddy/default.nix Normal file
View File

@@ -0,0 +1,231 @@
{ config, pkgs, ... }:
{
# Enable containers
containers.caddy = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.0.1.18";
localAddress = "10.0.2.1";
config =
{ config, pkgs, ... }:
{
nixpkgs.overlays = [
(
_final: prev:
let
plugins = [ "github.com/caddy-dns/cloudflare" ];
goImports = prev.lib.flip prev.lib.concatMapStrings plugins (pkg: " _ \"${pkg}\"\n");
goGets = prev.lib.flip prev.lib.concatMapStrings plugins (pkg: "go get ${pkg}\n ");
main = ''
package main
import (
caddycmd "github.com/caddyserver/caddy/v2/cmd"
_ "github.com/caddyserver/caddy/v2/modules/standard"
${goImports}
)
func main() {
caddycmd.Main()
}
'';
in
{
caddy-cloudflare = prev.buildGoModule {
pname = "caddy-cloudflare";
version = prev.caddy.version;
runVend = true;
subPackages = [ "cmd/caddy" ];
src = prev.caddy.src;
vendorHash = "sha256-fTcMtg5GGEgclIwJCav0jjWpqT+nKw2OF1Ow0MEEitk=";
overrideModAttrs = (
_: {
preBuild = ''
echo '${main}' > cmd/caddy/main.go
${goGets}
'';
postInstall = "cp go.sum go.mod $out/ && ls $out/";
}
);
postPatch = ''
echo '${main}' > cmd/caddy/main.go
cat cmd/caddy/main.go
'';
postConfigure = ''
cp vendor/go.sum ./
cp vendor/go.mod ./
'';
meta = with prev.lib; {
homepage = "https://caddyserver.com";
description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS";
license = licenses.asl20;
maintainers = with maintainers; [
Br1ght0ne
techknowlogick
];
};
};
}
)
];
systemd.services.caddy.serviceConfig.AmbientCapabilities = "CAP_NET_BIND_SERVICE";
# Caddy web server
services.caddy = {
enable = true;
email = "jalle008@proton.me";
enableReload = true;
package = pkgs.caddy-cloudflare;
adapter = "''"; # Required to enable JSON
# virtualHosts = {
# }
configFile = pkgs.writeText "Caddyfile" (
builtins.toJSON {
apps.http.servers.main = {
listen = [ ":443" ];
routes = [
{
match = [ { host = [ "authentik.mjallen.dev" ]; } ];
handle = [
{
handler = "reverse_proxy";
upstreams = [ { dial = "http://10.0.1.18:9000"; } ];
}
];
}
];
};
apps.tls.automation.policies = [
{
issuers = [
{
module = "acme";
challenges = {
dns = {
provider = {
name = "cloudflare";
api_token = "{env.CLOUDFLARE_API_TOKEN}";
};
resolvers = [ "1.1.1.1" ];
};
};
}
];
}
];
}
);
# configFile = pkgs.writeText "Caddyfile" ''
# apps.tls.automation.policies = [{
# issuers = [{
# module = "acme";
# challenges = {
# dns = {
# provider = {
# name = "cloudflare";
# api_token = "{env.CLOUDFLARE_API_TOKEN}";
# };
# resolvers = [ "1.1.1.1" ];
# };
# };
# }];
# # Wildcard certificate for all subdomains
# *.mjallen.dev {
# tls {
# dns cloudflare {env.CLOUDFLARE_API_TOKEN}
# }
# }
# :80 {
# respond "Hello from Caddy!"
# }
# :443 {
# respond "Hello from Caddy!"
# }
# authentik.mjallen.dev {
# reverse_proxy 10.0.1.18:9000
# }
# '';
};
# Environment variable for DNS challenge
environment.etc."caddy/cloudflare.env" = {
mode = "0600";
text = ''
CLOUDFLARE_API_TOKEN=HYhx7cN6e-O6QQJNKd9g7RpgvCzY-aegOPU2iQwB
'';
};
# Fail2Ban configuration
environment.etc."fail2ban/filter.d/caddy.local" = {
mode = "0644";
text = ''
[Definition]
failregex = ^<HOST> .* "(GET|POST|PUT|DELETE|HEAD|OPTIONS) .* HTTP/\d\.\d" (4\d{2}|5\d{2})
ignoreregex =
'';
};
services.fail2ban = {
enable = true;
jails = {
caddy = {
settings = {
filter = "caddy";
logpath = "/var/log/caddy/access.log";
maxretry = 5;
bantime = "30m";
};
};
};
};
# Ensure logging for Caddy
services.caddy.logDir = "/var/log/caddy";
# Open necessary firewall ports
networking.firewall = {
enable = true;
allowedTCPPorts = [
80
443
];
};
# Install additional packages if needed
environment.systemPackages = with pkgs; [
caddy
fail2ban
];
system.stateVersion = "23.11";
};
};
networking.nat = {
forwardPorts = [
{
destination = "10.0.2.1:80";
sourcePort = 80;
}
{
destination = "10.0.2.1:443";
sourcePort = 443;
}
];
};
}

4
modules/apps/collabora/default.nix
View File

@@ -26,8 +26,8 @@ in
username = cfg.username; username = cfg.username;
# password = cfg.password; # get from env file # password = cfg.password; # get from env file
domain = "office.mjallen.dev"; domain = "office.mjallen.dev";
aliasgroup1 = "https://cloud\.mjallen\.dev:443"; aliasgroup1 = "https://cloud.mjallen.dev:443";
aliasgroup2 = "https://cloud\.mjallen\.dev:443"; aliasgroup2 = "https://cloud.mjallen.dev:443";
# DONT_GEN_SSL_CERT = cfg.dontGenSslCert; # DONT_GEN_SSL_CERT = cfg.dontGenSslCert;
server_name = cfg.serverName; server_name = cfg.serverName;
dictionaries = cfg.dictionaries; dictionaries = cfg.dictionaries;

4
modules/apps/free-games-claimer/default.nix
View File

@@ -11,9 +11,7 @@ in
autoStart = cfg.autoStart; autoStart = cfg.autoStart;
image = cfg.image; image = cfg.image;
ports = [ "${cfg.httpPort}:6080" ]; ports = [ "${cfg.httpPort}:6080" ];
volumes = [ volumes = [ "${cfg.dataPath}:/fgc/data" ];
"${cfg.dataPath}:/fgc/data"
];
environment = { environment = {
PUID = cfg.puid; PUID = cfg.puid;
PGID = cfg.pgid; PGID = cfg.pgid;

168
modules/apps/immich/default.nix
View File

@@ -1,168 +0,0 @@
{ lib, config, pkgs, ... }:
with lib;
let
cfg = config.nas-apps.immich;
in
{
imports = [ ./options.nix ];
config = mkIf cfg.enable {
virtualisation.oci-containers.containers."immich-machine-learning" = {
image = "ghcr.io/immich-app/immich-machine-learning:pr-12826-cuda";
volumes = [
"/media/nas/ssd/nix-app-data/immich/model-cache:/cache:rw"
];
log-driver = "journald";
extraOptions = [
"--network-alias=immich-machine-learning"
"--device=nvidia.com/gpu=0"
];
ports = [
"3003:3003"
];
environment = {
PUID = "911";
PGID = "1000";
};
};
systemd.services."podman-immich-machine-learning" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
partOf = [
"podman-compose-immich-root.target"
];
wantedBy = [
"podman-compose-immich-root.target"
];
};
virtualisation.oci-containers.containers."immich-postgres" = {
image = "docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0";
environment = {
"POSTGRES_INITDB_ARGS" = "--data-checksums";
PUID = "911";
PGID = "1000";
};
environmentFiles = [
config.sops.secrets."jallen-nas/immich/db-password".path
config.sops.secrets."jallen-nas/immich/db-name".path
config.sops.secrets."jallen-nas/immich/db-user".path
];
volumes = [
"/media/nas/ssd/nix-app-data/immich/postgres:/var/lib/postgresql/data:rw"
];
ports = [
"5433:5432"
];
cmd = [ "postgres" "-c" "shared_preload_libraries=vectors.so" "-c" "search_path=\"$user\", public, vectors" "-c" "logging_collector=on" "-c" "max_wal_size=2GB" "-c" "shared_buffers=512MB" "-c" "wal_compression=on" ];
log-driver = "journald";
extraOptions = [
"--health-cmd=pg_isready --dbname=$DB_DATABASE_NAME --username=$DB_USERNAME || exit 1; Chksum=\"$(psql --dbname=$DB_DATABASE_NAME --username=$DB_USERNAME --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')\"; echo \"checksum failure count is $Chksum\"; [ \"$Chksum\" = '0' ] || exit 1"
"--health-interval=5m0s"
"--health-start-period=5m0s"
"--network-alias=database"
];
};
systemd.services."podman-immich-postgres" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
partOf = [
"podman-compose-immich-root.target"
];
wantedBy = [
"podman-compose-immich-root.target"
];
};
virtualisation.oci-containers.containers."immich-redis" = {
image = "docker.io/redis:6.2-alpine@sha256:2d1463258f2764328496376f5d965f20c6a67f66ea2b06dc42af351f75248792";
log-driver = "journald";
extraOptions = [
"--health-cmd=redis-cli ping || exit 1"
"--network-alias=redis"
];
ports = [
"6381:6379"
];
environment = {
PUID = "911";
PGID = "1000";
};
};
systemd.services."podman-immich-redis" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
partOf = [
"podman-compose-immich-root.target"
];
wantedBy = [
"podman-compose-immich-root.target"
];
};
virtualisation.oci-containers.containers."immich-server" = {
image = "ghcr.io/imagegenius/immich:latest";
volumes = [
"/media/nas/ssd/nix-app-data/immich/upload:/usr/src/app/upload:rw"
"/media/nas/ssd/nix-app-data/immich/config:/config"
"/media/nas/main/photos:/photos"
"/media/nas/ssd/nix-app-data/immich/libraries:/libraries"
"/etc/localtime:/etc/localtime:ro"
];
ports = [
"5555:8080/tcp"
];
dependsOn = [
"immich-postgres"
"immich-redis"
];
log-driver = "journald";
extraOptions = [
"--network-alias=immich-server"
"--device=nvidia.com/gpu=0"
];
environment = {
PUID = "911";
PGID = "1000";
DB_HOSTNAME = "10.0.1.18";
DB_PORT = "5433";
REDIS_HOSTNAME = "10.0.1.18";
REDIS_PORT = "6381";
};
environmentFiles = [
config.sops.secrets."jallen-nas/immich/server-db-password".path
config.sops.secrets."jallen-nas/immich/server-db-name".path
config.sops.secrets."jallen-nas/immich/server-db-user".path
];
};
systemd.services."podman-immich-server" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
partOf = [
"podman-compose-immich-root.target"
];
wantedBy = [
"podman-compose-immich-root.target"
];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."podman-compose-immich-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
};
}

7
modules/apps/immich/options.nix
View File

@@ -1,7 +0,0 @@
{ lib, ... }:
with lib;
{
options.nas-apps.immich = {
enable = mkEnableOption "immich docker service";
};
}

168
modules/apps/jellyfin/jellyfin.nix Normal file
View File

@@ -0,0 +1,168 @@
{
config,
pkgs,
lib,
...
}:
# let
# jellyfinPort = 8096;
# jellyfinUserId = config.users.users.nix-apps.uid;
# jellyfinGroupId = config.users.groups.jallen-nas.gid;
# package = pkgs.jellyfin;
# in {
# containers.jellyfin = {
# autoStart = true;
# privateNetwork = true;
# hostAddress = "10.0.1.18";
# localAddress = "10.0.2.25";
# config = { config, pkgs, lib, ... }: {
# # Enable jellyfin service
# nixpkgs.config.allowUnfree = true;
# hardware = {
# # Nvidia
# nvidia = {
# package = config.boot.kernelPackages.nvidiaPackages.latest;
# # Modesetting is required.
# modesetting.enable = true;
# # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# powerManagement.enable = true;
# # Fine-grained power management. Turns off GPU when not in use.
# # Experimental and only works on modern Nvidia GPUs (Turing or newer).
# powerManagement.finegrained = false;
# # Use the NVidia open source kernel module (not to be confused with the
# # independent third-party "nouveau" open source driver).
# # Support is limited to the Turing and later architectures. Full list of
# # supported GPUs is at:
# # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# # Only available from driver 515.43.04+
# # Currently alpha-quality/buggy, so false is currently the recommended setting.
# open = true;
# # Enable the Nvidia settings menu,
# # accessible via `nvidia-settings`.
# nvidiaSettings = true;
# };
# # Enable graphics
# graphics = {
# enable = true;
# enable32Bit = true;
# };
# };
# # Services configs
# services.xserver = {
# # Load nvidia driver for Xorg and Wayland
# videoDrivers = [ "nvidia" ];
# };
# services.jellyfin = {
# enable = true;
# openFirewall = true;
# user = "jellyfin";
# group = "media";
# dataDir = "/data";
# configDir = "/config";
# # cacheDir = "/cache";
# };
# # Create required users and groups
# users.users.jellyfin = {
# isSystemUser = true;
# uid = lib.mkForce jellyfinUserId;
# group = "media";
# extraGroups = [ "downloads" ];
# };
# users.groups = {
# media = { gid = lib.mkForce jellyfinGroupId; };
# downloads = { };
# };
# networking = {
# firewall = {
# enable = true;
# allowedTCPPorts = [ jellyfinPort ];
# };
# # Use systemd-resolved inside the container
# # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
# useHostResolvConf = lib.mkForce false;
# };
# # System packages
# environment.systemPackages = with pkgs; [
# sqlite
# mono
# mediainfo
# # ffmpeg
# # nvidiaPackages.gpu
# # nvidiaPackages.nvidia-settings
# # nvidiaPackages.nvidia-x11
# ];
# services.resolved.enable = true;
# system.stateVersion = "23.11";
# };
# # Bind mount directories from host
# bindMounts = {
# "/data" = {
# hostPath = "/media/nas/ssd/nix-app-data/jellyfin";
# isReadOnly = false;
# };
# "/tv" = {
# hostPath = "/media/nas/main/tv";
# isReadOnly = false;
# };
# "/movies" = {
# hostPath = "/media/nas/main/movies";
# isReadOnly = false;
# };
# "/dev/nvidia0" = { hostPath = "/dev/nvidia0"; }; # GPU device
# "/dev/nvidiactl" = { hostPath = "/dev/nvidiactl"; }; # NVIDIA control
# "/dev/nvidia-modeset" = { hostPath = "/dev/nvidia-modeset"; }; # modesetting
# };
# # allowedDevices = [
# # {
# # modifier = "rw";
# # node = "/dev/nvidia0";
# # }
# # {
# # modifier = "rw";
# # node = "/dev/nvidiactl";
# # }
# # {
# # modifier = "rw";
# # node = "/dev/nvidia-modeset";
# # }
# # {
# # modifier = "rw";
# # node = "/dev/nvidia-uvm";
# # }
# # {
# # modifier = "rw";
# # node = "/dev/nvidia-uvm-tools";
# # }
# # ];
# };
# networking.nat = {
# forwardPorts = [{
# destination = "10.0.2.25:8096";
# sourcePort = jellyfinPort;
# }];
# };
# }
{
services.jellyfin = {
enable = true;
openFirewall = true;
user = "nix-apps";
group = "jallen-nas";
dataDir = "/media/nas/ssd/nix-app-data/jellyfin";
# cacheDir = "/cache";
};
}

54
modules/apps/jellyseerr/jellyseerr.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
jellyseerrPort = 5055; jellyseerrPort = 5055;
@@ -17,29 +22,36 @@ in
localAddress = "10.0.1.52"; localAddress = "10.0.1.52";
hostAddress6 = "fc00::1"; hostAddress6 = "fc00::1";
localAddress6 = "fc00::4"; localAddress6 = "fc00::4";
config = { config, pkgs, lib, ... }: {
# Enable jellyseerr service
services.jellyseerr = {
enable = true;
port = jellyseerrPort;
# package = package;
openFirewall = true;
};
networking = { config =
firewall = { {
config,
pkgs,
lib,
...
}:
{
# Enable jellyseerr service
services.jellyseerr = {
enable = true; enable = true;
allowedTCPPorts = [ jellyseerrPort ]; port = jellyseerrPort;
# package = package;
openFirewall = true;
}; };
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 networking = {
useHostResolvConf = lib.mkForce false; firewall = {
enable = true;
allowedTCPPorts = [ jellyseerrPort ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "23.11";
}; };
services.resolved.enable = true;
system.stateVersion = "23.11";
};
}; };
networking.nat = { networking.nat = {
@@ -50,4 +62,4 @@ in
} }
]; ];
}; };
} }

26
modules/apps/mealie/default.nix
View File

@@ -1,26 +0,0 @@
{ lib, config, ... }:
with lib;
let
cfg = config.nas-apps.mealie;
in
{
imports = [ ./options.nix ];
config = mkIf cfg.enable {
virtualisation.oci-containers.containers."${cfg.name}" = {
autoStart = cfg.autoStart;
image = cfg.image;
ports = [ "${cfg.port}:9000" ];
volumes = [ "${cfg.dataPath}:/app/data" ];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
ALLOW_SIGNUP = cfg.allowSignup;
MAX_WORKERS = cfg.maxWorkers;
MAX_CONCURRENCY = cfg.maxConcurrency;
BASE_URL = cfg.baseUrl;
};
};
};
}

67
modules/apps/mealie/options.nix
View File

@@ -1,67 +0,0 @@
{ lib, ... }:
with lib;
{
options.nas-apps.mealie = {
enable = mkEnableOption "mealie docker service";
autoStart = mkOption {
type = types.bool;
default = true;
};
port = mkOption {
type = types.str;
default = "9000";
};
name = mkOption {
type = types.str;
default = "mealie";
};
image = mkOption {
type = types.str;
default = "ghcr.io/mealie-recipes/mealie";
};
dataPath = mkOption {
type = types.str;
default = "/media/nas/ssd/nix-app-data/mealie";
};
puid = mkOption {
type = types.str;
default = "911";
};
pgid = mkOption {
type = types.str;
default = "1000";
};
timeZone = mkOption {
type = types.str;
default = "America/Chicago";
};
maxWorkers = mkOption {
type = types.str;
default = "1";
};
maxConcurrency = mkOption {
type = types.str;
default = "1";
};
baseUrl = mkOption {
type = types.str;
default = "";
};
allowSignup = mkOption {
type = types.str;
default = "true";
};
};
}

32
modules/apps/orca-slicer/default.nix
View File

@@ -1,32 +0,0 @@
{ lib, config, ... }:
with lib;
let
cfg = config.nas-apps.orca-slicer;
in
{
imports = [ ./options.nix ];
config = mkIf cfg.enable {
virtualisation.oci-containers.containers."${cfg.name}" = {
autoStart = cfg.autoStart;
image = cfg.image;
extraOptions = [ "--device=nvidia.com/gpu=0" ];
ports = [
"${cfg.httpPort}:3000"
"${cfg.httpsPort}:3001"
];
volumes = [
"${cfg.configPath}:/config"
"${cfg.dataPath}:/data"
];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
TITLE = "orca-slicer";
DRINODE = "/dev/dri/renderD128";
NO_DECOR = "1";
};
};
};
}

57
modules/apps/orca-slicer/options.nix
View File

@@ -1,57 +0,0 @@
{ lib, ... }:
with lib;
{
options.nas-apps.orca-slicer = {
enable = mkEnableOption "orca slicer docker service";
autoStart = mkOption {
type = types.bool;
default = true;
};
httpPort = mkOption {
type = types.str;
default = "3000";
};
httpsPort = mkOption {
type = types.str;
default = "3001";
};
name = mkOption {
type = types.str;
default = "orca-slicer";
};
image = mkOption {
type = types.str;
default = "linuxserver/orcaslicer";
};
configPath = mkOption {
type = types.str;
default = "/media/nas/ssd/ssd_app_data/orca-slicer";
};
dataPath = mkOption {
type = types.str;
default = "/media/nas/main/3d_printer";
};
puid = mkOption {
type = types.str;
default = "911";
};
pgid = mkOption {
type = types.str;
default = "1000";
};
timeZone = mkOption {
type = types.str;
default = "America/Chicago";
};
};
}

116
modules/apps/paperless/default.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
paperlessPort = 28981; paperlessPort = 28981;
@@ -14,59 +19,68 @@ in
localAddress = "10.0.1.20"; localAddress = "10.0.1.20";
hostAddress6 = "fc00::1"; hostAddress6 = "fc00::1";
localAddress6 = "fc00::20"; localAddress6 = "fc00::20";
config = { config, pkgs, lib, ... }: {
# Enable paperless service
services.paperless = {
enable = true;
port = paperlessPort;
user = "paperless";
address = "0.0.0.0";
passwordFile = "/var/lib/paperless/paperless-password";
# settings = {
# PAPERLESS_APPS="allauth.socialaccount.providers.openid_connect";
# PAPERLESS_SOCIALACCOUNT_PROVIDERS = {
# "openid_connect" = {
# "OAUTH_PKCE_ENABLED":true,
# "APPS":[
# {"provider_id":"authentik","name":"Authentik","client_id":"<Client ID>","secret":<Client Secret>","settings":{"server_url":"https://authentik.mjallen.dev/application/o/paperless/.well-known/openid-configuration"}}]}}
# }
};
# Create required users and groups config =
users.groups = { {
documents = { gid = lib.mkForce paperlessGroupId; }; config,
}; pkgs,
lib,
users.users.paperless = { ...
isSystemUser = true; }:
uid = lib.mkForce paperlessUserId; {
group = lib.mkForce "documents"; # Enable paperless service
}; services.paperless = {
# Create and set permissions for required directories
system.activationScripts.paperless-dirs = ''
mkdir -p /var/lib/paperless
chown -R paperless:documents /var/lib/paperless
chmod -R 775 /var/lib/paperless
'';
networking = {
firewall = {
enable = true; enable = true;
allowedTCPPorts = [ paperlessPort ]; port = paperlessPort;
user = "paperless";
address = "0.0.0.0";
passwordFile = "/var/lib/paperless/paperless-password";
# settings = {
# PAPERLESS_APPS="allauth.socialaccount.providers.openid_connect";
# PAPERLESS_SOCIALACCOUNT_PROVIDERS = {
# "openid_connect" = {
# "OAUTH_PKCE_ENABLED":true,
# "APPS":[
# {"provider_id":"authentik","name":"Authentik","client_id":"<Client ID>","secret":<Client Secret>","settings":{"server_url":"https://authentik.mjallen.dev/application/o/paperless/.well-known/openid-configuration"}}]}}
# }
}; };
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 # Create required users and groups
useHostResolvConf = lib.mkForce false; users.groups = {
documents = {
gid = lib.mkForce paperlessGroupId;
};
};
users.users.paperless = {
isSystemUser = true;
uid = lib.mkForce paperlessUserId;
group = lib.mkForce "documents";
};
# Create and set permissions for required directories
system.activationScripts.paperless-dirs = ''
mkdir -p /var/lib/paperless
chown -R paperless:documents /var/lib/paperless
chmod -R 775 /var/lib/paperless
'';
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ paperlessPort ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "23.11";
}; };
services.resolved.enable = true;
system.stateVersion = "23.11";
};
# Bind mount directories from host # Bind mount directories from host
bindMounts = { bindMounts = {
@@ -89,4 +103,4 @@ in
} }
]; ];
}; };
} }

26
modules/apps/radarr/default.nix
View File

@@ -1,26 +0,0 @@
{ lib, config, ... }:
with lib;
let
cfg = config.nas-apps.radarr;
in
{
imports = [ ./options.nix ];
config = mkIf cfg.enable {
virtualisation.oci-containers.containers."${cfg.name}" = {
autoStart = cfg.autoStart;
image = cfg.image;
ports = [ "${cfg.port}:7878" ];
volumes = [
"${cfg.configPath}:/config"
"${cfg.moviesPath}:/movies"
"${cfg.downloadsPath}:/downloads"
];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
};
};
}

57
modules/apps/radarr/options.nix
View File

@@ -1,57 +0,0 @@
{ lib, ... }:
with lib;
{
options.nas-apps.radarr = {
enable = mkEnableOption "radarr docker service";
autoStart = mkOption {
type = types.bool;
default = true;
};
port = mkOption {
type = types.str;
default = "7878";
};
name = mkOption {
type = types.str;
default = "radarr";
};
image = mkOption {
type = types.str;
default = "linuxserver/radarr";
};
configPath = mkOption {
type = types.str;
default = "/media/nas/ssd/ssd_app_data/radarr";
};
moviesPath = mkOption {
type = types.str;
default = "/media/nas/main/movies";
};
downloadsPath = mkOption {
type = types.str;
default = "/media/nas/ssd/ssd_app_data/downloads";
};
puid = mkOption {
type = types.str;
default = "911";
};
pgid = mkOption {
type = types.str;
default = "1000";
};
timeZone = mkOption {
type = types.str;
default = "America/Chicago";
};
};
}

106
modules/apps/radarr/radarr.nix
View File

@@ -1,106 +0,0 @@
{ config, pkgs, lib, ... }:
let
radarrPort = 7878;
dataDir = "/var/lib/radarr";
downloadDir = "/downloads";
mediaDir = "/media";
radarrUserId = config.users.users.nix-apps.uid;
radarrGroupId = config.users.groups.jallen-nas.gid;
package = pkgs.radarr;
in
{
containers.radarr = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.0.1.18";
localAddress = "10.0.1.51";
hostAddress6 = "fc00::1";
localAddress6 = "fc00::3";
config = { config, pkgs, lib, ... }: {
# Enable radarr service
services.radarr = {
enable = true;
user = "radarr";
group = "media";
dataDir = dataDir;
package = package;
};
# Create required users and groups
users.users.radarr = {
isSystemUser = true;
uid = lib.mkForce radarrUserId;
group = "media";
extraGroups = [ "downloads" ];
};
users.groups = {
media = { gid = lib.mkForce radarrGroupId; };
downloads = {};
};
# System packages
environment.systemPackages = with pkgs; [
sqlite
mono
mediainfo
];
# Create and set permissions for required directories
system.activationScripts.radarr-dirs = ''
mkdir -p ${dataDir}
mkdir -p ${downloadDir}
mkdir -p ${mediaDir}
chown -R radarr:media ${dataDir}
chown -R radarr:media ${downloadDir}
chown -R radarr:media ${mediaDir}
chmod -R 775 ${dataDir}
chmod -R 775 ${downloadDir}
chmod -R 775 ${mediaDir}
'';
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ radarrPort ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "23.11";
};
# Bind mount directories from host
bindMounts = {
"/var/lib/radarr" = {
hostPath = "/media/nas/ssd/nix-app-data/radarr";
isReadOnly = false;
};
"/downloads" = {
hostPath = "/media/nas/ssd/ssd_app_data/downloads";
isReadOnly = false;
};
"/media" = {
hostPath = "/media/nas/main/movies";
isReadOnly = false;
};
};
};
networking.nat = {
forwardPorts = [
{
destination = "10.0.1.51:7878";
sourcePort = radarrPort;
}
];
};
}

57
modules/apps/sabnzbd/sabnzbd.nix Normal file
View File

@@ -0,0 +1,57 @@
{
config,
pkgs,
lib,
...
}:
let
sabnzbdPort = 8080;
dataDir = "/var/lib/sabnzbd";
downloadDir = "/downloads";
mediaDir = "/media";
sabnzbdUserId = config.users.users.nix-apps.uid;
sabnzbdGroupId = config.users.groups.jallen-nas.gid;
package = pkgs.sabnzbd;
in
{
containers.sabnzbd = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.0.1.18";
localAddress = "10.0.2.20";
config =
{
config,
pkgs,
lib,
...
}:
{
# Enable sabnzbd service
services.sabnzbd = {
enable = true;
openFirewall = true;
};
networking = {
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "23.11";
};
};
networking.nat = {
forwardPorts = [
{
destination = "10.0.2.20:8080";
sourcePort = sabnzbdPort;
}
];
};
}

204
modules/apps/sonarr/sonarr.nix
View File

@@ -1,104 +1,118 @@
{ config, pkgs, lib, ... }: # {
# config,
# pkgs,
# lib,
# ...
# }:
let # let
sonarrPort = 8989; # sonarrPort = 8989;
dataDir = "/var/lib/sonarr"; # dataDir = "/var/lib/sonarr";
downloadDir = "/downloads"; # downloadDir = "/downloads";
mediaDir = "/media"; # mediaDir = "/media";
sonarrUserId = config.users.users.nix-apps.uid; # sonarrUserId = config.users.users.nix-apps.uid;
sonarrGroupId = config.users.groups.jallen-nas.gid; # sonarrGroupId = config.users.groups.jallen-nas.gid;
in # in
{ # {
containers.sonarr = { # containers.sonarr = {
autoStart = true; # autoStart = true;
privateNetwork = true; # privateNetwork = true;
hostAddress = "10.0.1.18"; # hostAddress = "10.0.1.18";
localAddress = "10.0.1.50"; # localAddress = "10.0.1.50";
hostAddress6 = "fc00::1"; # hostAddress6 = "fc00::1";
localAddress6 = "fc00::2"; # localAddress6 = "fc00::2";
config = { config, pkgs, lib, ... }: {
# Enable Sonarr service
services.sonarr = {
enable = true;
user = "sonarr";
group = "media";
dataDir = dataDir;
};
# Create required users and groups # config =
users.users.sonarr = { # {
isSystemUser = true; # config,
uid = lib.mkForce sonarrUserId; # pkgs,
group = "media"; # lib,
extraGroups = [ "downloads" ]; # ...
}; # }:
# {
# # Enable Sonarr service
# services.sonarr = {
# enable = true;
# user = "sonarr";
# group = "media";
# dataDir = dataDir;
# };
users.groups = { # # Create required users and groups
media = { gid = lib.mkForce sonarrGroupId; }; # users.users.sonarr = {
downloads = {}; # isSystemUser = true;
}; # uid = lib.mkForce sonarrUserId;
# group = "media";
# extraGroups = [ "downloads" ];
# };
# System packages # users.groups = {
environment.systemPackages = with pkgs; [ # media = {
sqlite # gid = lib.mkForce sonarrGroupId;
mono # };
mediainfo # downloads = { };
]; # };
# Create and set permissions for required directories # # System packages
system.activationScripts.sonarr-dirs = '' # environment.systemPackages = with pkgs; [
mkdir -p ${dataDir} # sqlite
mkdir -p ${downloadDir} # mono
mkdir -p ${mediaDir} # mediainfo
# ];
chown -R sonarr:media ${dataDir} # # Create and set permissions for required directories
chown -R sonarr:media ${downloadDir} # system.activationScripts.sonarr-dirs = ''
chown -R sonarr:media ${mediaDir} # mkdir -p ${dataDir}
# mkdir -p ${downloadDir}
chmod -R 775 ${dataDir} # mkdir -p ${mediaDir}
chmod -R 775 ${downloadDir}
chmod -R 775 ${mediaDir}
'';
networking = { # chown -R sonarr:media ${dataDir}
firewall = { # chown -R sonarr:media ${downloadDir}
enable = true; # chown -R sonarr:media ${mediaDir}
allowedTCPPorts = [ sonarrPort ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "23.11";
};
# Bind mount directories from host # chmod -R 775 ${dataDir}
bindMounts = { # chmod -R 775 ${downloadDir}
"/var/lib/sonarr" = { # chmod -R 775 ${mediaDir}
hostPath = "/media/nas/ssd/nix-app-data/sonarr";
isReadOnly = false;
};
"/downloads" = {
hostPath = "/media/nas/ssd/ssd_app_data/downloads";
isReadOnly = false;
};
"/media" = {
hostPath = "/media/nas/main/tv";
isReadOnly = false;
};
};
};
networking.nat = { # '';
forwardPorts = [
{ # networking = {
destination = "10.0.1.50:8989"; # firewall = {
sourcePort = 8989; # enable = true;
} # allowedTCPPorts = [ sonarrPort ];
]; # };
}; # # Use systemd-resolved inside the container
} # # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
# useHostResolvConf = lib.mkForce false;
# };
# services.resolved.enable = true;
# system.stateVersion = "23.11";
# };
# # Bind mount directories from host
# bindMounts = {
# "/var/lib/sonarr" = {
# hostPath = "/media/nas/ssd/nix-app-data/sonarr";
# isReadOnly = false;
# };
# "/downloads" = {
# hostPath = "/media/nas/ssd/ssd_app_data/downloads";
# isReadOnly = false;
# };
# "/media" = {
# hostPath = "/media/nas/main/tv";
# isReadOnly = false;
# };
# };
# };
# networking.nat = {
# forwardPorts = [
# {
# destination = "10.0.1.50:8989";
# sourcePort = 8989;
# }
# ];
# };
# }

26
modules/apps/vscode/default.nix
View File

@@ -1,26 +0,0 @@
{ lib, config, ... }:
with lib;
let
cfg = config.nas-apps.vscode;
in
{
imports = [ ./options.nix ];
config = mkIf cfg.enable {
virtualisation.oci-containers.containers."${cfg.name}" = {
autoStart = cfg.autoStart;
image = cfg.image;
ports = [ "${cfg.port}:8443" ];
volumes = [
"${cfg.configPath}:/config"
"/media/nas/ssd/ssd_app_data:/ssd_app_data"
"/home/admin/nix-config:/nix-config"
];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
};
};
}

47
modules/apps/vscode/options.nix
View File

@@ -1,47 +0,0 @@
{ lib, ... }:
with lib;
{
options.nas-apps.vscode = {
enable = mkEnableOption "vscode docker service";
autoStart = mkOption {
type = types.bool;
default = true;
};
port = mkOption {
type = types.str;
default = "8443";
};
name = mkOption {
type = types.str;
default = "vscode";
};
image = mkOption {
type = types.str;
default = "linuxserver/code-server";
};
configPath = mkOption {
type = types.str;
default = "/media/nas/ssd/ssd_app_data/vscode";
};
puid = mkOption {
type = types.str;
default = "911";
};
pgid = mkOption {
type = types.str;
default = "1000";
};
timeZone = mkOption {
type = types.str;
default = "America/Chicago";
};
};
}

26
modules/apps/wireguard/default.nix
View File

@@ -1,26 +0,0 @@
{ lib, config, ... }:
with lib;
let
cfg = config.nas-apps.wireguard;
in
{
imports = [ ./options.nix ];
config = mkIf cfg.enable {
virtualisation.oci-containers.containers."${cfg.name}" = {
autoStart = cfg.autoStart;
image = cfg.image;
ports = [ "${cfg.port}:51820/udp" ];
extraOptions = [
"--cap-add=NET_ADMIN"
"--sysctl=\"net.ipv4.conf.all.src_valid_mark=1\""
];
volumes = [ "${cfg.configPath}:/config" ];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
};
};
}

47
modules/apps/wireguard/options.nix
View File

@@ -1,47 +0,0 @@
{ lib, ... }:
with lib;
{
options.nas-apps.wireguard = {
enable = mkEnableOption "wireguard docker service";
autoStart = mkOption {
type = types.bool;
default = true;
};
port = mkOption {
type = types.str;
default = "51820";
};
name = mkOption {
type = types.str;
default = "wireguard";
};
image = mkOption {
type = types.str;
default = "lscr.io/linuxserver/wireguard";
};
configPath = mkOption {
type = types.str;
default = "/media/nas/ssd/nix-app-data/wireguard";
};
puid = mkOption {
type = types.str;
default = "911";
};
pgid = mkOption {
type = types.str;
default = "1000";
};
timeZone = mkOption {
type = types.str;
default = "America/Chicago";
};
};
}

11
modules/default.nix
View File

@@ -2,31 +2,22 @@
{ {
imports = [ imports = [
./samba ./samba
./apps/beszel ./apps/arrs
./apps/beszel-agent
./apps/collabora ./apps/collabora
./apps/deluge ./apps/deluge
./apps/discover-wrapped ./apps/discover-wrapped
./apps/free-games-claimer ./apps/free-games-claimer
./apps/immich
./apps/jackett ./apps/jackett
./apps/jellyfin ./apps/jellyfin
./apps/jellyseerr ./apps/jellyseerr
./apps/manyfold ./apps/manyfold
./apps/mariadb ./apps/mariadb
./apps/mealie
./apps/mongodb ./apps/mongodb
./apps/nextcloud ./apps/nextcloud
./apps/ollama ./apps/ollama
./apps/open-webui ./apps/open-webui
./apps/orca-slicer
./apps/radarr
./apps/sabnzbd
./apps/sonarr
./apps/swag ./apps/swag
./apps/tdarr ./apps/tdarr
./apps/vscode
./apps/wireguard
./apps/your-spotify ./apps/your-spotify
]; ];
} }