diff --git a/flake.lock b/flake.lock index aed16fa..cab2ecb 100644 --- a/flake.lock +++ b/flake.lock @@ -14,11 +14,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1730835992, - "narHash": "sha256-XYr4WQMxJdZkrQlsouyURMY4iNL5SS2RlQ7XGnjEQBU=", + "lastModified": 1731622832, + "narHash": "sha256-uTdeXrKRhkBaDAGSxw7s8YYvbU2JN6bbWh2ngUjmnUM=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "5af11599eaec65b5b6e6e39d77b541db361c08aa", + "rev": "91ff8d93f089104d3d75c85758832252989c6a04", "type": "github" }, "original": { @@ -30,16 +30,16 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1730826392, - "narHash": "sha256-EuNOfMy7yVa1OqWwCtNtmdeIQeQCTCKBXgJdz0QCPIU=", + "lastModified": 1731600340, + "narHash": "sha256-7uQteE+Ywiu04Ymhl3G8IRH6JJXPyd0mg61tJJMeGvg=", "owner": "goauthentik", "repo": "authentik", - "rev": "665de8ef2211524f3cc13dce9344bd59c61c3a5c", + "rev": "66a4970014da49ceec0715e5dec8c9aa032a3146", "type": "github" }, "original": { "owner": "goauthentik", - "ref": "version/2024.10.1", + "ref": "version/2024.10.2", "repo": "authentik", "type": "github" } @@ -52,11 +52,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1730767100, - "narHash": "sha256-SGkgP2H+i1jewNFBuAs4+grutNrfm5by+JUERUdXIRo=", + "lastModified": 1731866540, + "narHash": "sha256-wAz/S5GLm+9Vp0kmUPsva3Mxp+VUnbEUZ8aBM1aEhhY=", "owner": "chaotic-cx", "repo": "nyx", - "rev": "f8969fe1947ed81785a9e52f62622c03d3e58971", + "rev": "0857914b69d90ba758e614298452636c6fdc9c7c", "type": "github" }, "original": { @@ -76,11 +76,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1730830166, - "narHash": "sha256-F2SA8PkrV+Ed8WZKwEimO2oBxQJFJU2ni/wqIbupX4Y=", + "lastModified": 1731712317, + "narHash": "sha256-NpkSAwLFTFRZx+C2yL0JCBnjnZQRs8PsWRqZ0S08Bc8=", "owner": "lilyinstarlight", "repo": "nixos-cosmic", - "rev": "49ee81f51e7449314af27915f3719cc76e9abe1f", + "rev": "0b0e62252fb3b4e6b0a763190413513be499c026", "type": "github" }, "original": { @@ -295,11 +295,11 @@ ] }, "locked": { - "lastModified": 1730633670, - "narHash": "sha256-ZFJqIXpvVKvzOVFKWNRDyIyAo+GYdmEPaYi1bZB6uf0=", + "lastModified": 1731535640, + "narHash": "sha256-2EckCJn4wxran/TsRiCOFcmVpep2m9EBKl99NBh2GnM=", "owner": "nix-community", "repo": "home-manager", - "rev": "8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661", + "rev": "35b055009afd0107b69c286fca34d2ad98940d57", "type": "github" }, "original": { @@ -315,16 +315,16 @@ ] }, "locked": { - "lastModified": 1726989464, - "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", + "lastModified": 1731880681, + "narHash": "sha256-FmYTkIyPBUxSWgA7DPIVTsCCMvSSbs56yOtHpLNSnKg=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", + "rev": "aecd341dfead1c3ef7a3c15468ecd71e8343b7c6", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.05", + "ref": "release-24.11", "repo": "home-manager", "type": "github" } @@ -336,11 +336,11 @@ ] }, "locked": { - "lastModified": 1730633670, - "narHash": "sha256-ZFJqIXpvVKvzOVFKWNRDyIyAo+GYdmEPaYi1bZB6uf0=", + "lastModified": 1731887066, + "narHash": "sha256-uw7K/RsYioJicV79Nl39yjtfhdfTDU2aRxnBgvFhkZ8=", "owner": "nix-community", "repo": "home-manager", - "rev": "8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661", + "rev": "f3a2ff69586f3a54b461526e5702b1a2f81e740a", "type": "github" }, "original": { @@ -351,11 +351,11 @@ }, "impermanence": { "locked": { - "lastModified": 1730403150, - "narHash": "sha256-W1FH5aJ/GpRCOA7DXT/sJHFpa5r8sq2qAUncWwRZ3Gg=", + "lastModified": 1731242966, + "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=", "owner": "nix-community", "repo": "impermanence", - "rev": "0d09341beeaa2367bac5d718df1404bf2ce45e6f", + "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a", "type": "github" }, "original": { @@ -373,11 +373,11 @@ ] }, "locked": { - "lastModified": 1730625581, - "narHash": "sha256-vFxtzNCxtUIrmv8tluquZHjNTwMkCGtT0NCoVuwlqd4=", + "lastModified": 1731227601, + "narHash": "sha256-aGUQ6W/Oxd9xjH9RQbnUtC61sTK2fWlKr+J7kavT/RQ=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "e6195c6bfc037617e20d6d7d4d6c9cdeee6aba6d", + "rev": "7691d0ac1deb6ac7482c5a22fe1a14a34ca608b0", "type": "github" }, "original": { @@ -393,7 +393,7 @@ "flake-parts": "flake-parts_2", "flake-utils": "flake-utils_2", "nixpkgs": [ - "nixpkgs-unstable" + "nixpkgs-stable" ], "pre-commit-hooks-nix": "pre-commit-hooks-nix", "rust-overlay": "rust-overlay_2" @@ -444,11 +444,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1730779758, - "narHash": "sha256-5WI9AnsBwhLzVRnQm3Qn9oAbROnuLDQTpaXeyZCK8qw=", + "lastModified": 1731885500, + "narHash": "sha256-ZrztYfSOS33J+ewq5alBOSdnIyZ0/sr1iy7FyBe9zIg=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "0e3f3f017c14467085f15d42343a3aaaacd89bcb", + "rev": "c60b5c924c6188a0b3ca2e139ead3d0f92ae5db5", "type": "github" }, "original": { @@ -509,11 +509,11 @@ "rust-overlay": "rust-overlay_3" }, "locked": { - "lastModified": 1725418254, - "narHash": "sha256-2zPzPP9Eu5NxgJxTVcuCCX5xh7CWy7rYaLHfaAZS6H8=", + "lastModified": 1731473366, + "narHash": "sha256-sE2WfD3YyNrCROfRZKqMDR77g3KV4FXUaJ7NWe+A7ro=", "owner": "tpwrules", "repo": "nixos-apple-silicon", - "rev": "c5f944f49a052232015bb3c03524b69e3fdd2aa4", + "rev": "3eee753e4b074790342fadb1c4e7183d037ddac4", "type": "github" }, "original": { @@ -524,11 +524,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1730828750, - "narHash": "sha256-XrnZLkLiBYNlwV5gus/8DT7nncF1TS5la6Be7rdVOpI=", + "lastModified": 1731797098, + "narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "2e78b1af8025108ecd6edaa3ab09695b8a4d3d55", + "rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6", "type": "github" }, "original": { @@ -540,11 +540,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1730531603, - "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "lastModified": 1731676054, + "narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add", "type": "github" }, "original": { @@ -568,11 +568,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1730602179, - "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=", + "lastModified": 1731386116, + "narHash": "sha256-lKA770aUmjPHdTaJWnP3yQ9OI1TigenUqVC3wweqZuI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c", + "rev": "689fed12a013f56d4c4d3f612489634267d86529", "type": "github" }, "original": { @@ -600,43 +600,27 @@ }, "nixpkgs-stable_3": { "locked": { - "lastModified": 1730741070, - "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", + "lastModified": 1731755305, + "narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", + "rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_4": { - "locked": { - "lastModified": 1730602179, - "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-24.05", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1730531603, - "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", + "lastModified": 1731676054, + "narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", + "rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add", "type": "github" }, "original": { @@ -648,11 +632,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1730815137, - "narHash": "sha256-/SMEl8lpjVJOH5OQ11OLn6O2DeHb0yo3oIz1mi2bvWY=", + "lastModified": 1731919951, + "narHash": "sha256-vOM6ETpl1yu9KLi/icTmLJIPbbdJCdAVYUXZceO/Ce4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "78366fc8acbc8092d898f021354ab61ca161c412", + "rev": "04386ac325a813047fc314d4b4d838a5b1e3c7fe", "type": "github" }, "original": { @@ -678,11 +662,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1725103162, - "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", + "lastModified": 1731139594, + "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", + "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2", "type": "github" }, "original": { @@ -694,11 +678,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1730272153, - "narHash": "sha256-B5WRZYsRlJgwVHIV6DvidFN7VX7Fg9uuwkRW9Ha8z+w=", + "lastModified": 1731763621, + "narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2d2a9ddbe3f2c00747398f3dc9b05f7f2ebb0f53", + "rev": "c69a9bffbecde46b4b939465422ddc59493d3e4d", "type": "github" }, "original": { @@ -792,11 +776,11 @@ ] }, "locked": { - "lastModified": 1730687492, - "narHash": "sha256-xQVadjquBA/tFxDt5A55LJ1D1AvkVWsnrKC2o+pr8F4=", + "lastModified": 1731551344, + "narHash": "sha256-wr8OOqgw7M1pWfe4W7WA5lErzOVMg3zvrrxx/dy/nPo=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "41814763a2c597755b0755dbe3e721367a5e420f", + "rev": "27570abfd3461875f11fc07c9b01c141a6332b4f", "type": "github" }, "original": { @@ -848,15 +832,14 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_4", - "nixpkgs-stable": "nixpkgs-stable_4" + "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1730746162, - "narHash": "sha256-ZGmI+3AbT8NkDdBQujF+HIxZ+sWXuyT6X8B49etWY2g=", + "lastModified": 1731862312, + "narHash": "sha256-NVUTFxKrJp/hjehlF1IvkPnlRYg/O9HFVutbxOM8zNM=", "owner": "Mic92", "repo": "sops-nix", - "rev": "59d6988329626132eaf107761643f55eb979eef1", + "rev": "472741cf3fee089241ac9ea705bb2b9e0bfa2978", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 7c1ed89..295937e 100644 --- a/flake.nix +++ b/flake.nix @@ -9,7 +9,7 @@ nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; # nixpgs - nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05"; + nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11"; # Authentik authentik-nix = { @@ -30,14 +30,14 @@ }; home-manager-stable = { - url = "github:nix-community/home-manager/release-24.05"; + url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs-stable"; }; # Lanzaboote lanzaboote = { url = "github:nix-community/lanzaboote/v0.4.1"; - inputs.nixpkgs.follows = "nixpkgs-unstable"; + inputs.nixpkgs.follows = "nixpkgs-stable"; }; # Nix hardware diff --git a/hosts/nas/apps.nix b/hosts/nas/apps.nix index e1d3e4f..297ebde 100644 --- a/hosts/nas/apps.nix +++ b/hosts/nas/apps.nix @@ -1,8 +1,10 @@ { config, ... }: { - # imports = [ - # ../../modules/services/jellyfin - # ]; + imports = [ + ../../modules/apps/jellyseerr/jellyseerr.nix + ../../modules/apps/radarr/radarr.nix + ../../modules/apps/sonarr/sonarr.nix + ]; nas-apps = { beszel.enable = true; @@ -24,7 +26,7 @@ jellyfin.enable = true; - jellyseerr.enable = true; + jellyseerr.enable = false; manyfold.enable = true; @@ -63,11 +65,11 @@ httpsPort = "3301"; }; - radarr.enable = true; + radarr.enable = false; sabnzbd.enable = true; - sonarr.enable = true; + sonarr.enable = false; swag.enable = true; diff --git a/hosts/nas/boot.nix b/hosts/nas/boot.nix index 019daba..c72c9de 100644 --- a/hosts/nas/boot.nix +++ b/hosts/nas/boot.nix @@ -46,7 +46,7 @@ in systemd = { enable = true; # tpm2.enable = true; - enableTpm2 = true; + tpm2.enable = true; }; }; }; diff --git a/hosts/nas/configuration.nix b/hosts/nas/configuration.nix index 12b8408..eb71307 100755 --- a/hosts/nas/configuration.nix +++ b/hosts/nas/configuration.nix @@ -168,6 +168,8 @@ in "libvirtd" "nix-apps" "jallen-nas" + "media" + "nscd" ]; # Enable ‘sudo’ for the user. hashedPasswordFile = passwordFile; shell = pkgs.zsh; diff --git a/hosts/nas/networking.nix b/hosts/nas/networking.nix index 9ecee6c..d2f25d4 100644 --- a/hosts/nas/networking.nix +++ b/hosts/nas/networking.nix @@ -24,62 +24,14 @@ in # Disable Network Manager networkmanager.enable = true; - - # interfaces = { - # wlp7s0 = { - # useDHCP = true; - # ipv4.addresses = [ - # { - # address = ipAddress; - # prefixLength = 24; - # } - # ]; - # }; - # wlp6s0 = { - # useDHCP = true; - # ipv4.addresses = [ - # { - # address = ipAddress2; - # prefixLength = 24; - # } - # ]; - # }; - # }; - - # defaultGateway = { - # interface = "wlp7s0"; - # address = gateway; - # metric = 1; - # }; - - # nameservers = [ gateway ]; - - # wireless = { - # enable = false; - # userControlled.enable = true; - # # secretsFile = config.sops.secrets."wifi".path; - # environmentFile = config.sops.secrets."wifi".path; - # allowAuxiliaryImperativeNetworks = true; - # interfaces = [ - # "wlp6s0" - # "wlp7s0" - # ]; - # networks = { - # "Joey's Jungle 6G" = { - # pskRaw = "ext:PSK"; - # priority = 1000; - # # psk = "kR8v&3Qd"; - # extraConfig = '' - # key_mgmt=SAE - # ieee80211w=2 - # ''; - # }; - # "Joey's Jungle 5G" = { - # pskRaw = "ext:PSK"; - # priority = -100; - # }; - # }; - # }; + + nat = { + enable = true; + internalInterfaces = ["ve-+"]; + externalInterface = "wlp7s0"; + # Lazy IPv6 connectivity for the container + enableIPv6 = true; + }; firewall = { enable = true; @@ -91,50 +43,5 @@ in # always allow traffic from your Tailscale network trustedInterfaces = [ "tailscale0" ]; }; - - # nat = { - # enable = true; - # externalInterface = "wlp7s0"; - # internalInterfaces = [ "wg0" ]; - # }; - - # wireguard.interfaces = { - # # "wg0" is the network interface name. You can name the interface arbitrarily. - # wg0 = { - # # Determines the IP address and subnet of the server's end of the tunnel interface. - # ips = [ "10.0.100.1/24" ]; - - # # The port that WireGuard listens to. Must be accessible by the client. - # listenPort = 51820; - - # # This allows the wireguard server to route your traffic to the internet and hence be like a VPN - # # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients - # postSetup = '' - # ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.100.0/24 -o wlp7s0 -j MASQUERADE - # ''; - - # # This undoes the above command - # postShutdown = '' - # ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.100.0/24 -o wlp7s0 -j MASQUERADE - # ''; - - # # Path to the private key file. - # # - # # Note: The private key can also be included inline via the privateKey option, - # # but this makes the private key world-readable; thus, using privateKeyFile is - # # recommended. - # privateKeyFile = wireguard-private; - - # peers = [ - # # List of allowed peers. - # { # Feel free to give a meaning full name - # # Public key of the peer (not a file path). - # publicKey = wireguard-public; - # # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing. - # allowedIPs = [ "10.0.100.2/32" ]; - # } - # ]; - # }; - # }; }; } diff --git a/modules/apps/jellyseerr/jellyseerr.nix b/modules/apps/jellyseerr/jellyseerr.nix new file mode 100644 index 0000000..9b60dd3 --- /dev/null +++ b/modules/apps/jellyseerr/jellyseerr.nix @@ -0,0 +1,53 @@ +{ config, pkgs, lib, ... }: + +let + jellyseerrPort = 5055; + dataDir = "/var/lib/jellyseerr"; + downloadDir = "/downloads"; + mediaDir = "/media"; + jellyseerrUserId = config.users.users.nix-apps.uid; + jellyseerrGroupId = config.users.groups.jallen-nas.gid; + package = pkgs.unstable.jellyseerr; +in +{ + containers.jellyseerr = { + autoStart = true; + privateNetwork = true; + hostAddress = "10.0.1.18"; + localAddress = "10.0.1.52"; + hostAddress6 = "fc00::1"; + localAddress6 = "fc00::4"; + + config = { config, pkgs, lib, ... }: { + # Enable jellyseerr service + services.jellyseerr = { + enable = true; + port = jellyseerrPort; + # package = package; + openFirewall = true; + }; + + networking = { + firewall = { + enable = true; + allowedTCPPorts = [ jellyseerrPort ]; + }; + # Use systemd-resolved inside the container + # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 + useHostResolvConf = lib.mkForce false; + }; + + services.resolved.enable = true; + system.stateVersion = "23.11"; + }; + }; + + networking.nat = { + forwardPorts = [ + { + destination = "10.0.1.52:5055"; + sourcePort = jellyseerrPort; + } + ]; + }; +} \ No newline at end of file diff --git a/modules/apps/radarr/radarr.nix b/modules/apps/radarr/radarr.nix new file mode 100644 index 0000000..80f4a9a --- /dev/null +++ b/modules/apps/radarr/radarr.nix @@ -0,0 +1,106 @@ +{ config, pkgs, lib, ... }: + +let + radarrPort = 7878; + dataDir = "/var/lib/radarr"; + downloadDir = "/downloads"; + mediaDir = "/media"; + radarrUserId = config.users.users.nix-apps.uid; + radarrGroupId = config.users.groups.jallen-nas.gid; + package = pkgs.unstable.radarr; +in +{ + containers.radarr = { + autoStart = true; + privateNetwork = true; + hostAddress = "10.0.1.18"; + localAddress = "10.0.1.51"; + hostAddress6 = "fc00::1"; + localAddress6 = "fc00::3"; + + config = { config, pkgs, lib, ... }: { + # Enable radarr service + services.radarr = { + enable = true; + user = "radarr"; + group = "media"; + dataDir = dataDir; + package = package; + }; + + # Create required users and groups + users.users.radarr = { + isSystemUser = true; + uid = lib.mkForce radarrUserId; + group = "media"; + extraGroups = [ "downloads" ]; + }; + + users.groups = { + media = { gid = lib.mkForce radarrGroupId; }; + downloads = {}; + }; + + # System packages + environment.systemPackages = with pkgs; [ + sqlite + mono + mediainfo + ]; + + # Create and set permissions for required directories + system.activationScripts.radarr-dirs = '' + mkdir -p ${dataDir} + mkdir -p ${downloadDir} + mkdir -p ${mediaDir} + + chown -R radarr:media ${dataDir} + chown -R radarr:media ${downloadDir} + chown -R radarr:media ${mediaDir} + + chmod -R 775 ${dataDir} + chmod -R 775 ${downloadDir} + chmod -R 775 ${mediaDir} + + ''; + + networking = { + firewall = { + enable = true; + allowedTCPPorts = [ radarrPort ]; + }; + # Use systemd-resolved inside the container + # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 + useHostResolvConf = lib.mkForce false; + }; + + services.resolved.enable = true; + system.stateVersion = "23.11"; + }; + + # Bind mount directories from host + bindMounts = { + "/var/lib/radarr" = { + hostPath = "/media/nas/ssd/nix-app-data/radarr"; + isReadOnly = false; + }; + "/downloads" = { + hostPath = "/media/nas/ssd/ssd_app_data/downloads"; + isReadOnly = false; + }; + "/media" = { + hostPath = "/media/nas/main/movies"; + isReadOnly = false; + }; + }; + }; + + networking.nat = { + forwardPorts = [ + { + destination = "10.0.1.51:7878"; + sourcePort = radarrPort; + } + ]; + }; +} \ No newline at end of file diff --git a/modules/apps/sonarr/sonarr.nix b/modules/apps/sonarr/sonarr.nix new file mode 100644 index 0000000..9106d63 --- /dev/null +++ b/modules/apps/sonarr/sonarr.nix @@ -0,0 +1,104 @@ +{ config, pkgs, lib, ... }: + +let + sonarrPort = 8989; + dataDir = "/var/lib/sonarr"; + downloadDir = "/downloads"; + mediaDir = "/media"; + sonarrUserId = config.users.users.nix-apps.uid; + sonarrGroupId = config.users.groups.jallen-nas.gid; +in +{ + containers.sonarr = { + autoStart = true; + privateNetwork = true; + hostAddress = "10.0.1.18"; + localAddress = "10.0.1.50"; + hostAddress6 = "fc00::1"; + localAddress6 = "fc00::2"; + + config = { config, pkgs, lib, ... }: { + # Enable Sonarr service + services.sonarr = { + enable = true; + user = "sonarr"; + group = "media"; + dataDir = dataDir; + }; + + # Create required users and groups + users.users.sonarr = { + isSystemUser = true; + uid = lib.mkForce sonarrUserId; + group = "media"; + extraGroups = [ "downloads" ]; + }; + + users.groups = { + media = { gid = lib.mkForce sonarrGroupId; }; + downloads = {}; + }; + + # System packages + environment.systemPackages = with pkgs; [ + sqlite + mono + mediainfo + ]; + + # Create and set permissions for required directories + system.activationScripts.sonarr-dirs = '' + mkdir -p ${dataDir} + mkdir -p ${downloadDir} + mkdir -p ${mediaDir} + + chown -R sonarr:media ${dataDir} + chown -R sonarr:media ${downloadDir} + chown -R sonarr:media ${mediaDir} + + chmod -R 775 ${dataDir} + chmod -R 775 ${downloadDir} + chmod -R 775 ${mediaDir} + + ''; + + networking = { + firewall = { + enable = true; + allowedTCPPorts = [ sonarrPort ]; + }; + # Use systemd-resolved inside the container + # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 + useHostResolvConf = lib.mkForce false; + }; + + services.resolved.enable = true; + system.stateVersion = "23.11"; + }; + + # Bind mount directories from host + bindMounts = { + "/var/lib/sonarr" = { + hostPath = "/media/nas/ssd/nix-app-data/sonarr"; + isReadOnly = false; + }; + "/downloads" = { + hostPath = "/media/nas/ssd/ssd_app_data/downloads"; + isReadOnly = false; + }; + "/media" = { + hostPath = "/media/nas/main/tv"; + isReadOnly = false; + }; + }; + }; + + networking.nat = { + forwardPorts = [ + { + destination = "10.0.1.50:8989"; + sourcePort = 8989; + } + ]; + }; +} \ No newline at end of file diff --git a/modules/samba/default.nix b/modules/samba/default.nix index 4f99659..a685559 100644 --- a/modules/samba/default.nix +++ b/modules/samba/default.nix @@ -1,7 +1,9 @@ -{ lib, pkgs, config, ... }: +{ lib, config, ... }: with lib; -let cfg = config.nas-samba; -in { +let + cfg = config.nas-samba; +in +{ imports = [ ./options.nix ]; config = mkIf cfg.enable { @@ -22,42 +24,50 @@ in { }; }; + networking.firewall.enable = true; + networking.firewall.allowPing = true; + services.samba = { enable = true; - securityType = "user"; openFirewall = true; - extraConfig = '' - workgroup = WORKGROUP - server string = smbnix - netbios name = smbnix - security = user - #use sendfile = yes - #max protocol = smb2 - # note: localhost is the ipv6 localhost ::1 - hosts allow = ${cfg.hostsAllow} 127.0.0.1 localhost - hosts deny = 0.0.0.0/0 - guest account = nobody - map to guest = bad user - force user = nix-apps - ''; - shares = let - make = name: share: - nameValuePair "${name}" { - path = share.sharePath; - public = if share.enableTimeMachine then "no" else "yes"; - browseable = if share.browseable then "yes" else "no"; - writable = "yes"; - "read only" = if share.readOnly then "yes" else "no"; - "guest ok" = if share.guestOk then "yes" else "no"; - "create mask" = share.createMask; - "directory mask" = share.directoryMask; - "fruit:aapl" = if share.enableTimeMachine then "yes" else "no"; - "fruit:time machine" = if share.enableTimeMachine then "yes" else "no"; - "vfs objects" = "catia fruit streams_xattr"; - "fruit:time machine max size" = share.timeMachineMaxSize; - }; - in mapAttrs' make cfg.shares; + # settings = { + # create-mode = 664; + # force directory mode = 2770 + # workgroup = WORKGROUP + # server string = jallen-nas + # netbios name = jallen-nas + # security = user + # #use sendfile = yes + # #max protocol = smb2 + # # note: localhost is the ipv6 localhost ::1 + # hosts allow = ${cfg.hostsAllow} 127.0.0.1 localhost + # hosts deny = 0.0.0.0/0 + # guest account = nobody + # map to guest = bad user + # usershare allow guests = yes + # }; + settings = + let + make = + name: share: + nameValuePair "${name}" { + path = share.sharePath; + public = if share.enableTimeMachine then "no" else "yes"; + private = if !share.public || share.enableTimeMachine then "yes" else "no"; + browseable = if share.browseable then "yes" else "no"; + writable = "yes"; + "force group" = "jallen-nas"; + "read only" = if share.readOnly then "yes" else "no"; + "guest ok" = if share.guestOk then "yes" else "no"; + "create mask" = share.createMask; + "directory mask" = share.directoryMask; + "fruit:aapl" = if share.enableTimeMachine then "yes" else "no"; + "fruit:time machine" = if share.enableTimeMachine then "yes" else "no"; + "vfs objects" = "catia fruit streams_xattr"; + "fruit:time machine max size" = share.timeMachineMaxSize; + }; + in + mapAttrs' make cfg.shares; }; }; } - # private = if !share.public || share.enableTimeMachine then "yes" else "no"; \ No newline at end of file diff --git a/share/amd/default.nix b/share/amd/default.nix index 205c25e..dd18869 100644 --- a/share/amd/default.nix +++ b/share/amd/default.nix @@ -25,10 +25,10 @@ in # Hardware configs hardware = { # Enable graphics - opengl = { + graphics = { enable = true; + enable32Bit = true; extraPackages = [ pkgs.unstable.mesa ]; - driSupport32Bit = true; extraPackages32 = [ pkgs.unstable.pkgsi686Linux.mesa ]; }; }; diff --git a/share/nvidia/default.nix b/share/nvidia/default.nix index 46f0597..ec87284 100644 --- a/share/nvidia/default.nix +++ b/share/nvidia/default.nix @@ -47,11 +47,10 @@ in nvidiaSettings = cfg.nvidiaSettings; }; - # Enable OpenGL - opengl = { + # Enable graphics + graphics = { enable = true; - driSupport = true; - driSupport32Bit = true; + enable32Bit = true; }; };