databasus

suggestarr and bookshelf
2026-04-01 18:05:40 -05:00 · 2026-04-01 18:05:40 -05:00
6 changed files with 116 additions and 10 deletions
--- a/modules/nixos/services/bookshelf/default.nix
+++ b/modules/nixos/services/bookshelf/default.nix
@@ -0,0 +1,25 @@
+{
+  lib,
+  config,
+  namespace,
+  ...
+}:
+let
+  cfg = config.${namespace}.services."bookshelf";
+in
+{
+  imports = [
+    (lib.${namespace}.mkContainerService {
+      inherit config;
+      name = "bookshelf";
+      image = "ghcr.io/pennydreadful/bookshelf:hardcover";
+      internalPort = 8787;
+      volumes = [
+        "${cfg.configDir}/bookshelf:/config" 
+        "${cfg.configDir}/incomplete:/media/nas/main/appdata/incomplete"
+        "${cfg.dataDir}/books:/media/nas/main/books"
+      ];
+      environmentFiles = [ ];
+    })
+  ];
+}
--- a/modules/nixos/services/databasus/default.nix
+++ b/modules/nixos/services/databasus/default.nix
@@ -0,0 +1,23 @@
+{
+  lib,
+  config,
+  namespace,
+  ...
+}:
+let
+  cfg = config.${namespace}.services."databasus";
+in
+{
+  imports = [
+    (lib.${namespace}.mkContainerService {
+      inherit config;
+      name = "databasus";
+      image = "databasus/databasus";
+      internalPort = 4005;
+      volumes = [
+        "${cfg.configDir}/databasus:/databasus-data"
+      ];
+      environmentFiles = [ ];
+    })
+  ];
+}
--- a/modules/nixos/services/suggestarr/default.nix
+++ b/modules/nixos/services/suggestarr/default.nix
@@ -0,0 +1,23 @@
+{
+  lib,
+  config,
+  namespace,
+  ...
+}:
+let
+  cfg = config.${namespace}.services."suggestarr";
+in
+{
+  imports = [
+    (lib.${namespace}.mkContainerService {
+      inherit config;
+      name = "suggestarr";
+      image = "ciuse99/suggestarr";
+      internalPort = 5000;
+      volumes = [
+        "${cfg.configDir}/suggestarr:/app/config/config_files"
+      ];
+      environmentFiles = [ ];
+    })
+  ];
+}
--- a/systems/x86_64-linux/jallen-nas/apps.nix
+++ b/systems/x86_64-linux/jallen-nas/apps.nix
@@ -57,6 +57,10 @@ in
        port = 4823;
        # environmentFile = "/run/secrets/jallen-nas/authentik-env"; # TODO
      };
+      bookshelf = {
+        enable = true;
+        port = 8787;
+      };
      caddy = enabled;
      cockpit = {
        enable = true;
@@ -99,6 +103,11 @@ in
          envFile = config.sops.templates."ntfy.env".path;
        };
      };
+      databasus = {
+        enable = true;
+        port = 4005;
+        reverseProxy = enabled;
+      };
      dispatcharr = {
        enable = false;
        port = 9191;
@@ -319,19 +328,10 @@ in
          icon = "si:jellyfin";
        };
      };
-      seerr = {
-        enable = true;
-        port = 5055;
-        createUser = true;
-        reverseProxy = enabled;
-        hostedService = {
-          group = "Media";
-        };
-      };
      kavita = {
        enable = true;
        port = 5000;
-        reverseProxy = disabled;
+        reverseProxy = enabled;
      };
      lemonade = {
        enable = false;
@@ -430,6 +430,15 @@ in
        enable = true;
        port = 8008;
      };
+      seerr = {
+        enable = true;
+        port = 5055;
+        createUser = true;
+        reverseProxy = enabled;
+        hostedService = {
+          group = "Media";
+        };
+      };
      sparky-fitness-server = {
        enable = true;
        port = 3010;
@@ -442,6 +451,10 @@ in
          subdomain = "sparky";
        };
      };
+      suggestarr = {
+        enable = true;
+        port = 5001;
+      };
      sunshine = {
        enable = true;
        port = 47989;
--- a/systems/x86_64-linux/jallen-nas/nas-defaults.nix
+++ b/systems/x86_64-linux/jallen-nas/nas-defaults.nix
@@ -38,6 +38,7 @@ in
      "attic"
      "authentik"
      "authentikRac"
+      "bookshelf"
      "caddy"
      "calibre"
      "calibre-web"
@@ -45,6 +46,7 @@ in
      "collabora"
      "coturn"
      "crowdsec"
+      "databasus"
      "dispatcharr"
      "free-games-claimer"
      "gitea"
@@ -77,6 +79,7 @@ in
      "restic-server"
      "sparky-fitness"
      "sparky-fitness-server"
+      "suggestarr"
      "sunshine"
      "tdarr"
      "termix"
--- a/systems/x86_64-linux/jallen-nas/services.nix
+++ b/systems/x86_64-linux/jallen-nas/services.nix
@@ -29,6 +29,13 @@ in
          GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA public TO sparkyfitness;
          GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA pg_catalog TO sparkyfitness;
        "
+
+        psql -c "
+          ALTER ROLE databasus WITH PASSWORD 'databasus';
+          ALTER ROLE databasus BYPASSRLS;
+          GRANT CONNECT ON DATABASE nextcloud TO databasus;
+          GRANT pg_read_all_data TO databasus;
+        "
      '';
    };
  };
@@ -68,6 +75,7 @@ in
        "onlyoffice"
        "synapse"
        "sparkyfitness"
+        "suggestarr"
      ];
      ensureUsers = [
        {
@@ -94,6 +102,13 @@ in
          name = "sparkyfitness";
          ensureDBOwnership = true;
        }
+        {
+          name = "suggestarr";
+          ensureDBOwnership = true;
+        }
+        {
+          name = "databasus";
+        }
      ];
      # pg_hba.conf — use lib.mkForce to replace the module defaults entirely.
      #
@@ -116,6 +131,10 @@ in

        # Podman container network — sparkyfitness server connects via host LAN IP
        host    sparkyfitness   sparkyfitness     10.88.0.0/16         scram-sha-256
+
+        # Podman container network — suggestarr server connects via host LAN IP
+        host    suggestarr      suggestarr        10.88.0.0/16         scram-sha-256
+        host    all             databasus         10.88.0.0/16         scram-sha-256
      '';

      # identMap — maps OS usernames to PostgreSQL usernames for peer auth.
Author	SHA1	Message	Date
mjallen18	acc683bac3	databasus	2026-04-01 18:05:40 -05:00
mjallen18	166123e8fe	suggestarr and bookshelf	2026-04-01 18:05:40 -05:00