xun/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

lots of stuff

Browse source
This commit is contained in:
xunuwu 2024-02-23 05:34:33 +01:00
parent 926f8b190b
commit 6bae0fa254
Signed by: xun
SSH key fingerprint: SHA256:Uot/1WoAjWAeqLOHA5vYy4phhVydsH7jCPmBjaPZfgI
42 changed files with 1109 additions and 73 deletions
Download patch file Download diff file Expand all files Collapse all files

436
system/services/containers/server/default.nix Normal file
View file

@ -0,0 +1,436 @@
{
lib,
config,
pkgs,
...
}: let
hostname = config.networking.hostName;
dashyConfig = {
pageInfo = {
#title = "Home Lab";
};
sections = [
{
name = "*arr";
icon = "hl-servarr";
items = [
{
title = "Sonarr";
icon = "hl-sonarr";
url = "http://${hostname}:8989";
}
{
title = "Radarr";
icon = "hl-radarr";
url = "http://${hostname}:7878";
}
{
title = "Prowlarr";
icon = "hl-prowlarr";
url = "http://${hostname}:9696";
}
];
}
{
name = "Management";
items = [
{
title = "Jellyseerr";
icon = "hl-jellyseerr";
url = "http://${hostname}:5055";
}
{
title = "Transmission";
icon = "hl-transmission";
url = "http://${hostname}:9091";
}
];
}
];
};
in {
imports = [
#./statistics
];
#virtualisation.docker = {
# enable = true;
# enableOnBoot = true;
# autoPrune.enable = true;
#};
systemd.tmpfiles.rules = [
"d /var/lib/code-server 0770 root root -"
"d /var/lib/movie-db 0770 root root -"
];
users.groups."media" = {}; # create media group
# this needs to be done manually since transmission is in a docker container
users.users."media" = {
isSystemUser = true;
group = "media";
};
systemd.services."${config.virtualisation.oci-containers.backend}-transmission".serviceConfig = {
StateDirectory = [
"${config.virtualisation.oci-containers.backend}/transmission/downloads"
"${config.virtualisation.oci-containers.backend}/transmission/config"
"${config.virtualisation.oci-containers.backend}/transmission/watch"
];
};
#systemd.services."${config.virtualisation.oci-containers.backend}-jellyfin".serviceConfig = {
# StateDirectory = [
# "${config.virtualisation.oci-containers.backend}/jellyfin/config"
# "${config.virtualisation.oci-containers.backend}/jellyfin/cache"
# "${config.virtualisation.oci-containers.backend}/jellyfin/media"
# ];
#};
services.jellyfin = {
enable = true;
openFirewall = true;
group = "media";
};
#services.radarr = {
# enable = true;
# group = "media";
# openFirewall = true; # 7878
#};
#services.sonarr = {
# enable = true;
# group = "media";
# openFirewall = true; # 8989
#};
#services.prowlarr = {
# enable = true;
# openFirewall = true; # 9696
#};
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
};
virtualisation.oci-containers = {
backend = "podman";
containers = {
gluetun = {
image = "qmcgaw/gluetun:latest";
volumes = [
"${config.sops.secrets.wireguard.path}:/gluetun/wireguard/wg0.conf"
];
ports = [
# Transmission port
## This bypasses the firewall, use 127.0.0.1:XXXX:XXXX
## if you only want it to be accessible locally
"9091:9091"
"127.0.0.1:8191:8191" # flaresolverr
"9696:9696" # prowlarr
"8989:8989" # sonarr
"7878:7878" # radarr
"8443:8443" # code-server
];
environment = {
VPN_SERVICE_PROVIDER = "airvpn";
VPN_TYPE = "wireguard";
SERVER_COUNTRIES = "Netherlands";
FIREWALL_VPN_INPUT_PORTS = "11936,8443";
};
extraOptions = [
"--cap-add=NET_ADMIN"
"--device=/dev/net/tun:/dev/net/tun"
];
};
code-server = {
image = "lscr.io/linuxserver/code-server:latest";
volumes = [
"/var/lib/code-server:/config"
];
environmentFiles = [
config.sops.secrets.code-server.path
];
extraOptions = [
"--network=container:gluetun"
];
};
jellyseerr = {
image = "fallenbagel/jellyseerr:latest";
ports = [
"5055:5055"
];
volumes = [
"/media/config/jellyseerr:/app/config"
];
extraOptions = [
"--network=host"
];
};
recyclarr = {
image = "ghcr.io/recyclarr/recyclarr";
volumes = [
#"/media/config/recyclarr:/config"
"${pkgs.writeText "recyclarr.yml" ''
sonarr:
sonarr-main:
base_url: http://localhost:8989
api_key: !env_var SONARR_API_KEY
delete_old_custom_formats: true
replace_existing_custom_formats: true
quality_definition:
type: series
custom_formats:
- trash_ids:
# Unwanted
- 85c61753df5da1fb2aab6f2a47426b09 # BR-DISK
- 9c11cd3f07101cdba90a2d81cf0e56b4 # LQ
- 47435ece6b99a0b477caf360e79ba0bb # x265
# Misc
- ec8fa7296b64e8cd390a1600981f3923 # Repack/Proper
- eb3d5cc0a2be0db205fb823640db6a3c # Repack v2
- 44e7c4de10ae50265753082e5dc76047 # Repack v3
# Streaming Services
- d660701077794679fd59e8bdf4ce3a29 # AMZN
- f67c9ca88f463a48346062e8ad07713f # ATVP
- 36b72f59f4ea20aad9316f475f2d9fbb # DCU
- 89358767a60cc28783cdc3d0be9388a4 # DNSP
- 7a235133c87f7da4c8cccceca7e3c7a6 # HBO
- a880d6abc21e7c16884f3ae393f84179 # HMAX
- f6cce30f1733d5c8194222a7507909bb # HULU
- 0ac24a2a68a9700bcb7eeca8e5cd644c # iT
- d34870697c9db575f17700212167be23 # NF
- b2b980877494b560443631eb1f473867 # NLZ
- 1656adc6d7bb2c8cca6acfb6592db421 # PCOK
- c67a75ae4a1715f2bb4d492755ba4195 # PMTP
- 3ac5d84fce98bab1b531393e9c82f467 # QIBI
- c30d2958827d1867c73318a5a2957eb1 # RED
- ae58039e1319178e6be73caab5c42166 # SHO
- 1efe8da11bfd74fbbcd4d8117ddb9213 # STAN
- 5d2317d99af813b6529c7ebf01c83533 # VDL
- 77a7b25585c18af08f60b1547bb9b4fb # CC
# HQ Source Groups
- e6258996055b9fbab7e9cb2f75819294 # WEB Tier 01
- 58790d4e2fdcd9733aa7ae68ba2bb503 # WEB Tier 02
- d84935abd3f8556dcd51d4f27e22d0a6 # WEB Tier 03
- d0c516558625b04b363fa6c5c2c7cfd4 # WEB Scene
quality_profiles:
- name: TRaSH 720/1080
- trash_ids:
- 949c16fe0a8147f50ba82cc2df9411c9 # Anime BD Tier 01 (Top SeaDex Muxers)
- ed7f1e315e000aef424a58517fa48727 # Anime BD Tier 02 (SeaDex Muxers)
- 096e406c92baa713da4a72d88030b815 # Anime BD Tier 03 (SeaDex Muxers)
- 30feba9da3030c5ed1e0f7d610bcadc4 # Anime BD Tier 04 (SeaDex Muxers)
- 545a76b14ddc349b8b185a6344e28b04 # Anime BD Tier 05 (Remuxes)
- 25d2afecab632b1582eaf03b63055f72 # Anime BD Tier 06 (FanSubs)
- 0329044e3d9137b08502a9f84a7e58db # Anime BD Tier 07 (P2P/Scene)
- c81bbfb47fed3d5a3ad027d077f889de # Anime BD Tier 08 (Mini Encodes)
- e0014372773c8f0e1bef8824f00c7dc4 # Anime Web Tier 01 (Muxers)
- 19180499de5ef2b84b6ec59aae444696 # Anime Web Tier 02 (Top FanSubs)
- e6258996055b9fbab7e9cb2f75819294 # WEB Tier 01
- 58790d4e2fdcd9733aa7ae68ba2bb503 # WEB Tier 02
- c27f2ae6a4e82373b0f1da094e2489ad # Anime Web Tier 03 (Official Subs)
- d84935abd3f8556dcd51d4f27e22d0a6 # WEB Tier 03
- 4fd5528a3a8024e6b49f9c67053ea5f3 # Anime Web Tier 04 (Official Subs)
- 29c2a13d091144f63307e4a8ce963a39 # Anime Web Tier 05 (FanSubs)
- dc262f88d74c651b12e9d90b39f6c753 # Anime Web Tier 06 (FanSubs)
# Unwanted
- b4a1b3d705159cdca36d71e57ca86871 # Anime Raws
- e3515e519f3b1360cbfc17651944354c # Anime LQ Groups
- 15a05bc7c1a36e2b57fd628f8977e2fc # AV1
- 026d5aadd1a6b4e550b134cb6c72b3ca # Uncensored
- d2d7b8a9d39413da5f44054080e028a3 # v0
- 9c14d194486c4014d422adc64092d794 # Dubs Only
- 07a32f77690263bb9fda1842db7e273f # VOSTFR
# Optionals
- 273bd326df95955e1b6c26527d1df89b # v1
- 228b8ee9aa0a609463efca874524a6b8 # v2
- 0e5833d3af2cc5fa96a0c29cd4477feb # v3
- 4fc15eeb8f2f9a749f918217d4234ad8 # v4
- b2550eb333d27b75833e25b8c2557b38 # 10bit
# Streaming Services
- d660701077794679fd59e8bdf4ce3a29 # AMZN
- 7dd31f3dee6d2ef8eeaa156e23c3857e # B-Global
- 4c67ff059210182b59cdd41697b8cb08 # Bilibili
- 3e0b26604165f463f3e8e192261e7284 # CR
- 89358767a60cc28783cdc3d0be9388a4 # DSNP
- 1284d18e693de8efe0fe7d6b3e0b9170 # FUNi
- 570b03b3145a25011bf073274a407259 # HIDIVE
- d34870697c9db575f17700212167be23 # NF
- 44a8ee6403071dd7b8a3a8dd3fe8cb20 # VRV
quality_profiles:
- name: TRaSH Anime
- trash_ids:
- 418f50b10f1907201b6cfdf881f467b7 # Anime Dual Audio
quality_profiles:
- name: TRaSH Anime
score: 2000
radarr:
radarr-main:
base_url: http://localhost:7878
api_key: !env_var RADARR_API_KEY
quality_definition:
type: movie
delete_old_custom_formats: true
replace_existing_custom_formats: true
custom_formats:
- trash_ids:
# HD Bluray + WEB
# Movie Versions
- 0f12c086e289cf966fa5948eac571f44 # Hybrid
- 570bc9ebecd92723d2d21500f4be314c # Remaster
- eca37840c13c6ef2dd0262b141a5482f # 4K Remaster
- e0c07d59beb37348e975a930d5e50319 # Criterion Collection
- 9d27d9d2181838f76dee150882bdc58c # Masters of Cinema
- 957d0f44b592285f26449575e8b1167e # Special Edition
- eecf3a857724171f968a66cb5719e152 # IMAX
- 9f6cbff8cfe4ebbc1bde14c7b7bec0de # IMAX Enhanced
# HQ Release Groups
- ed27ebfef2f323e964fb1f61391bcb35 # HD Bluray Tier 01
- c20c8647f2746a1f4c4262b0fbbeeeae # HD Bluray Tier 02
- c20f169ef63c5f40c2def54abaf4438e # WEB Tier 01
- 403816d65392c79236dcb6dd591aeda4 # WEB Tier 02
- af94e0fe497124d1f9ce732069ec8c3b # WEB Tier 03
# Misc
- e7718d7a3ce595f289bfee26adc178f5 # Repack/Proper
- ae43b294509409a6a13919dedd4764c4 # Repack2
# Unwanted
- ed38b889b31be83fda192888e2286d83 # BR-DISK
- 90a6f9a284dff5103f6346090e6280c8 # LQ
- dc98083864ea246d05a42df0d05f81cc # x265
- b8cd450cbfa689c0259a01d9e29ba3d6 # 3D
# Streaming Services
- b3b3a6ac74ecbd56bcdbefa4799fb9df # AMZN
- 40e9380490e748672c2522eaaeb692f7 # ATVP
- cc5e51a9e85a6296ceefe097a77f12f4 # BCORE
- 84272245b2988854bfb76a16e60baea5 # DNSP
- 509e5f41146e278f9eab1ddaceb34515 # DBO
- 5763d1b0ce84aff3b21038eea8e9b8ad # HMAX
- 526d445d4c16214309f0fd2b3be18a89 # Hulu
- 2a6039655313bf5dab1e43523b62c374 # MA
- 170b1d363bd8516fbf3a3eb05d4faff6 # NF
- bf7e73dd1d85b12cc527dc619761c840 # Pathe
- c9fd353f8f5f1baf56dc601c4cb29920 # PCOK
- e36a0ba1bc902b26ee40818a1d59b8bd # PMTP
- c2863d2a50c9acad1fb50e53ece60817 # STAN
quality_profiles:
- name: TRaSH 720/1080
''}:/config/recyclarr.yml"
];
environmentFiles = [
config.sops.secrets.serverenv.path
];
environment = {
PUID = toString config.users.users."media".uid;
PGID = toString config.users.groups."media".gid;
};
extraOptions = [
"--network=host"
];
};
prowlarr = {
image = "lscr.io/linuxserver/prowlarr:latest";
volumes = [
"/media/config/prowlarr:/config"
];
environment = {
PUID = toString config.users.users."media".uid;
PGID = toString config.users.groups."media".gid;
};
dependsOn = ["gluetun"];
extraOptions = [
"--network=container:gluetun"
];
};
sonarr = {
image = "lscr.io/linuxserver/sonarr:latest";
volumes = [
"/media/config/sonarr:/config"
"/media/tvseries:/tv"
"/media/downloads:/downloads"
];
environment = {
PUID = toString config.users.users."media".uid;
PGID = toString config.users.groups."media".gid;
};
dependsOn = ["gluetun"];
extraOptions = [
"--network=container:gluetun"
];
};
radarr = {
image = "lscr.io/linuxserver/radarr:latest";
volumes = [
"/media/config/radarr:/config"
"/media/movies:/movies"
"/media/downloads:/downloads"
];
environment = {
PUID = toString config.users.users."media".uid;
PGID = toString config.users.groups."media".gid;
};
dependsOn = ["gluetun"];
extraOptions = [
"--network=container:gluetun"
];
};
flaresolverr = {
image = "flaresolverr/flaresolverr";
environment = {
LOG_LEVEL = "info";
};
dependsOn = ["gluetun"];
extraOptions = [
"--network=container:gluetun"
];
};
transmission = {
image = "linuxserver/transmission:latest";
volumes = [
"/media/downloads:/downloads"
"/media/config/transmission/config:/config"
"/media/config/transmission/watch:/watch"
];
environment = {
PUID = toString config.users.users."media".uid;
PGID = toString config.users.groups."media".gid;
PEERPORT = "11936";
USER = "xun";
PASS = "password123";
};
dependsOn = ["gluetun"];
extraOptions = [
"--network=container:gluetun"
];
};
dashy = {
image = "lissy93/dashy";
ports = [
"8080:80"
];
volumes = [
"${(pkgs.formats.yaml {}).generate "conf.yml" dashyConfig}:/app/public/conf.yml"
];
extraOptions = [
"--network=host"
];
};
};
};
}

146
system/services/containers/server/statistics/default.nix Normal file
View file

@ -0,0 +1,146 @@
{config, ...}: {
services.grafana = {
enable = true;
settings = {
server = {
http_addr = "0.0.0.0";
};
};
};
services.loki = {
enable = true;
configuration = {
server.http_listen_port = 3030;
auth_enabled = false;
ingester = {
lifecycler = {
address = "127.0.0.1";
ring = {
kvstore = {
store = "inmemory";
};
replication_factor = 1;
};
};
chunk_idle_period = "1h";
max_chunk_age = "1h";
chunk_target_size = 999999;
chunk_retain_period = "30s";
max_transfer_retries = 0;
};
schema_config = {
configs = [
{
from = "2022-06-06";
store = "boltdb-shipper";
object_store = "filesystem";
schema = "v11";
index = {
prefix = "index_";
period = "24h";
};
}
];
};
storage_config = {
boltdb_shipper = {
active_index_directory = "/var/lib/loki/boltdb-shipper-active";
cache_location = "/var/lib/loki/boltdb-shipper-cache";
cache_ttl = "24h";
shared_store = "filesystem";
};
filesystem = {
directory = "/var/lib/loki/chunks";
};
};
limits_config = {
reject_old_samples = true;
reject_old_samples_max_age = "168h";
};
chunk_store_config = {
max_look_back_period = "0s";
};
table_manager = {
retention_deletes_enabled = false;
retention_period = "0s";
};
compactor = {
working_directory = "/var/lib/loki";
shared_store = "filesystem";
compactor_ring = {
kvstore = {
store = "inmemory";
};
};
};
};
};
services.promtail = {
enable = true;
configuration = {
server = {
http_listen_port = 3031;
grpc_listen_port = 0;
};
positions = {
filename = "/tmp/positions.yaml";
};
clients = [
{
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
}
];
scrape_configs = [
{
job_name = "journal";
journal = {
max_age = "12h";
labels = {
job = "systemd-journal";
host = "${config.networking.hostName}";
};
};
relabel_configs = [
{
source_labels = ["__journal__systemd_unit"];
target_label = "unit";
}
];
}
];
};
# extraFlags
};
services.prometheus = {
enable = true;
port = 9001;
exporters = {
node = {
enable = true;
enabledCollectors = ["systemd"];
port = 9002;
};
};
scrapeConfigs = [
{
job_name = "${config.networking.hostName}";
static_configs = [
{
targets = ["127.0.0.1:${toString config.services.prometheus.exporters.node.port}"];
}
];
}
];
};
}

48
system/services/containers/server/statistics/loki.yaml Normal file
View file

@ -0,0 +1,48 @@
auth_enabled: false
server:
http_listen_port: 3100
ingester:
lifecycler:
address: 0.0.0.0
ring:
kvstore:
store: inmemory
replication_factor: 1
final_sleep: 0s
chunk_idle_period: 1h # Any chunk not receiving new logs in this time will be flushed
max_chunk_age: 1h # All chunks will be flushed when they hit this age, default is 1h
chunk_target_size: 1048576 # Loki will attempt to build chunks up to 1.5MB, flushing first if chunk_idle_period or max_chunk_age is reached first
chunk_retain_period: 30s # Must be greater than index read cache TTL if using an index cache (Default index read cache TTL is 5m)
max_transfer_retries: 0 # Chunk transfers disabled
schema_config:
configs:
- from: 2020-10-24
store: boltdb-shipper
object_store: filesystem
schema: v11
index:
prefix: index_
period: 24h
storage_config:
boltdb_shipper:
active_index_directory: /var/lib/loki/boltdb-shipper-active
cache_location: /var/lib/loki/boltdb-shipper-cache
cache_ttl: 24h # Can be increased for faster performance over longer query periods, uses more disk space
shared_store: filesystem
filesystem:
directory: /var/lib/loki/chunks
limits_config:
reject_old_samples: true
reject_old_samples_max_age: 168h
chunk_store_config:
max_look_back_period: 0s
table_manager:
retention_deletes_enabled: false
retention_period: 0s

3
system/services/flatpak.nix Normal file
View file

@ -0,0 +1,3 @@
{
services.flatpak.enable = true;
}

10
system/services/transmission.nix Normal file
View file

@ -0,0 +1,10 @@
{
lib,
config,
self,
...
}: {
services.transmission = {
enable = true;
};
}

81
system/services/wireguard.nix Normal file
View file

@ -0,0 +1,81 @@
{
config,
pkgs,
...
}: {
#networking.wg-quick.interfaces."wg0".configFile = config.sops.secrets.wireguard.path;
# Sets tailscale to a high priority, to make sure tailscale
# traffic dosent go through wireguard (which wont work)
#systemd.services.tailscaled.serviceConfig = {
# ExecStartPost = "${pkgs.iproute2}/bin/ip rule add pref 65 table 52";
# ExecStopPost = "${pkgs.iproute2}/bin/ip rule del pref 65 table 52";
#};
## https://wiki.archlinux.org/title/WireGuard#systemd-networkd:_routing_all_traffic_over_WireGuard
#environment.systemPackages = [pkgs.wireguard-tools];
#systemd.network = {
# netdevs."99-wg0" = {
# netdevConfig = {
# Name = "wg0";
# Kind = "wireguard";
# Description = "WireGuard tunnel wg0";
# };
# wireguardConfig = {
# ListenPort = 51871;
# PrivateKeyFile = config.sops.secrets.wg-private.path;
# };
# wireguardPeers = [
# {
# wireguardPeerConfig = {
# PublicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
# PresharedKeyFile = config.sops.secrets.wg-preshared.path;
# AllowedIPs = [
# "0.0.0.0"
# ];
# Endpoint = "62.102.148.206:1637";
# };
# }
# ];
# };
# networks."50-wg0" = {
# name = "wg0";
# address = ["10.154.4.37/24"];
# dns = ["10.128.0.1"];
# domains = ["~."];
# networkConfig = {
# DNSDefaultRoute = true;
# };
# routingPolicyRules = [
# {
# routingPolicyRuleConfig = {
# FirewallMark = 34952;
# InvertRule = true;
# Table = 1000;
# Priority = 10;
# };
# }
# {
# ## Allow local connections
# routingPolicyRuleConfig = {
# To = "192.168.0.0/24";
# Priority = 9;
# };
# }
# ];
# routes = [
# {
# routeConfig = {
# Gateway = "10.128.0.1";
# GatewayOnLink = true;
# Table = 1000;
# };
# }
# ];
# };
#};
}