xun/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos-config/system/services/containers/server/default.nix
xunuwu 4e5f0a6e0b
lots of stuff idk
2024-04-04 19:43:43 +02:00

704 lines
25 KiB
Nix
Raw Blame History

{
config,
pkgs,
...
}: {
imports = [
#./statistics
];
services.samba = {
enable = true;
package = pkgs.samba4Full;
openFirewall = true;
shares."torrent-downloads" = {
path = "/media/downloads/complete";
browseable = "yes";
"read only" = "yes";
"guest ok" = "no";
};
#shares."decky-cloud-save" = {
# path = "/media/gamesaves";
# browseable = "yes";
# "read only" = "no";
# "guest ok" = "no";
#};
extraConfig = ''
server smb encrypt = required
server min protocol = SMB3_00
'';
};
services.samba-wsdd = {
# This enables autodiscovery on windows since SMB1 (and thus netbios) support was discontinued
enable = true;
openFirewall = true;
};
#virtualisation.docker = {
# enable = true;
# enableOnBoot = true;
# autoPrune.enable = true;
#};
systemd.tmpfiles.rules = [
"d /var/lib/code-server 0750 root root -"
"d /var/lib/slskd 0750 root root -"
];
users.groups."media" = {}; # create media group
# this needs to be done manually since transmission is in a docker container
users.users."media" = {
isSystemUser = true;
group = "media";
};
systemd.services."${config.virtualisation.oci-containers.backend}-transmission".serviceConfig = {
StateDirectory = [
"${config.virtualisation.oci-containers.backend}/transmission/downloads"
"${config.virtualisation.oci-containers.backend}/transmission/config"
"${config.virtualisation.oci-containers.backend}/transmission/watch"
];
};
#security.acme = {
# acceptTerms = true;
# defaults.email = "xunuwu@gmail.com";
# certs."air.xun.cam" = {
# dnsProvider = "cloudflare";
# credentialsFile = config.sops.secrets.cloudflare.path;
# };
#};
#systemd.services."${config.virtualisation.oci-containers.backend}-jellyfin".serviceConfig = {
# StateDirectory = [
# "${config.virtualisation.oci-containers.backend}/jellyfin/config"
# "${config.virtualisation.oci-containers.backend}/jellyfin/cache"
# "${config.virtualisation.oci-containers.backend}/jellyfin/media"
# ];
#};
#services.jellyfin = {
# enable = true;
# openFirewall = true;
# group = "media";
#};
#services.radarr = {
# enable = true;
# group = "media";
# openFirewall = true; # 7878
#};
#services.sonarr = {
# enable = true;
# group = "media";
# openFirewall = true; # 8989
#};
#services.prowlarr = {
# enable = true;
# openFirewall = true; # 9696
#};
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
dockerSocket.enable = true;
};
virtualisation.oci-containers = {
backend = "podman";
containers = {
gluetun = {
image = "qmcgaw/gluetun:v3";
volumes = [
"${config.sops.secrets.wireguard.path}:/gluetun/wireguard/wg0.conf"
];
ports = [
# Transmission port
## This bypasses the firewall, use 127.0.0.1:XXXX:XXXX
## if you only want it to be accessible locally
"9091:9091"
"127.0.0.1:8191:8191" # flaresolverr
"9696:9696" # prowlarr
"8989:8989" # sonarr
"7878:7878" # radarr
#"8443:8443" # code-server
"5030:5030" # slskd
"5031:5031" # slskd https
"8096:8096" # jellyfin
];
environment = {
VPN_SERVICE_PROVIDER = "airvpn";
VPN_TYPE = "wireguard";
SERVER_COUNTRIES = "Netherlands";
FIREWALL_VPN_INPUT_PORTS = "11936,8096,14795";
};
extraOptions = [
"--cap-add=NET_ADMIN"
"--device=/dev/net/tun:/dev/net/tun"
];
};
slskd = {
image = "slskd/slskd";
volumes = [
"/var/lib/slskd:/app"
"/media/slskd/downloads:/downloads"
"/media/slskd/incomplete:/incomplete"
"/media/library/music:/shares/music"
"${config.sops.secrets.slskd.path}:/app/slskd.yml"
];
dependsOn = ["gluetun"];
extraOptions = [
"--network=container:gluetun"
];
};
beets = {
image = "lscr.io/linuxserver/beets:latest";
volumes = [
"/media/config/beets:/config"
"/media/library/music:/music"
"/media/slskd/downloads:/downloads"
];
};
jellyfin = {
image = "jellyfin/jellyfin";
volumes = [
"/media/config/jellyfin/config:/config"
"/media/config/jellyfin/cache:/cache"
"/media/library:/library"
];
dependsOn = ["gluetun"];
extraOptions = [
"--network=container:gluetun"
];
};
#betanin = {
# image = "sentriz/betanin";
# ports = [
# "9393:9393"
# ];
# volumes = [
# "/media/config/betanin/data:/b/.local/share/betanin"
# "/media/config/betanin/config:/b/.config/betanin"
# "/media/config/betanin/beets:/b/.config/beets/"
# "${pkgs.writeText "config.yaml" ''
# # --------------- Main ---------------
#
# library: library.db
# directory: /music
# statefile: state.pickle
#
# # --------------- Plugins ---------------
#
# plugins: []
# pluginpath: []
#
# # --------------- Import ---------------
#
# clutter: ["Thumbs.DB", ".DS_Store"]
# ignore: [".*", "*~", "System Volume Information", "lost+found"]
# ignore_hidden: yes
#
# import:
# # common options
# write: yes
# copy: yes
# move: no
# timid: no
# quiet: no
# log:
# # other options
# default_action: apply
# languages: []
# quiet_fallback: skip
# none_rec_action: ask
# # rare options
# link: no
# hardlink: no
# reflink: no
# delete: no
# resume: ask
# incremental: no
# incremental_skip_later: no
# from_scratch: no
# autotag: yes
# singletons: no
# detail: no
# flat: no
# group_albums: no
# pretend: false
# search_ids: []
# duplicate_keys:
# album: albumartist album
# item: artist title
# duplicate_action: ask
# duplicate_verbose_prompt: no
# bell: no
# set_fields: {}
# ignored_alias_types: []
# singleton_album_disambig: yes
#
# # --------------- Paths ---------------
#
# path_sep_replace: _
# drive_sep_replace: _
# asciify_paths: false
# art_filename: cover
# max_filename_length: 0
# replace:
# # Replace bad characters with _
# # prohibited in many filesystem paths
# '[<>:\?\*\|]': _
# # double quotation mark "
# '\"': _
# # path separators: \ or /
# '[\\/]': _
# # starting and closing periods
# '^\.': _
# '\.$': _
# # control characters
# '[\x00-\x1f]': _
# # dash at the start of a filename (causes command line ambiguity)
# '^-': _
# # Replace bad characters with nothing
# # starting and closing whitespace
# '\s+$': ''\'''\'
# '^\s+': ''\'''\'
#
# aunique:
# keys: albumartist album
# disambiguators: albumtype year label catalognum albumdisambig releasegroupdisambig
# bracket: '[]'
#
# sunique:
# keys: artist title
# disambiguators: year trackdisambig
# bracket: '[]'
#
# # --------------- Tagging ---------------
#
# per_disc_numbering: no
# original_date: no
# artist_credit: no
# id3v23: no
# va_name: "Various Artists"
# paths:
# default: $albumartist/$album%aunique{}/$track $title
# singleton: Non-Album/$artist/$title
# comp: Compilations/$album%aunique{}/$track $title
#
# # --------------- Performance ---------------
#
# threaded: yes
# timeout: 5.0
#
# # --------------- UI ---------------
#
# verbose: 0
# terminal_encoding:
#
# ui:
# terminal_width: 80
# length_diff_thresh: 10.0
# color: yes
# colors:
# text_success: ['bold', 'green']
# text_warning: ['bold', 'yellow']
# text_error: ['bold', 'red']
# text_highlight: ['bold', 'red']
# text_highlight_minor: ['white']
# action_default: ['bold', 'cyan']
# action: ['bold', 'cyan']
# # New Colors
# text: ['normal']
# text_faint: ['faint']
# import_path: ['bold', 'blue']
# import_path_items: ['bold', 'blue']
# added: ['green']
# removed: ['red']
# changed: ['yellow']
# added_highlight: ['bold', 'green']
# removed_highlight: ['bold', 'red']
# changed_highlight: ['bold', 'yellow']
# text_diff_added: ['bold', 'red']
# text_diff_removed: ['bold', 'red']
# text_diff_changed: ['bold', 'red']
# action_description: ['white']
# import:
# indentation:
# match_header: 2
# match_details: 2
# match_tracklist: 5
# layout: column
#
# # --------------- Search ---------------
#
# format_item: $artist - $album - $title
# format_album: $albumartist - $album
# time_format: '%Y-%m-%d %H:%M:%S'
# format_raw_length: no
#
# sort_album: albumartist+ album+
# sort_item: artist+ album+ disc+ track+
# sort_case_insensitive: yes
#
# # --------------- Autotagger ---------------
#
# overwrite_null:
# album: []
# track: []
# musicbrainz:
# enabled: yes
# host: musicbrainz.org
# https: no
# ratelimit: 1
# ratelimit_interval: 1.0
# searchlimit: 5
# extra_tags: []
# genres: no
# external_ids:
# discogs: no
# bandcamp: no
# spotify: no
# deezer: no
# beatport: no
# tidal: no
#
# match:
# strong_rec_thresh: 0.04
# medium_rec_thresh: 0.25
# rec_gap_thresh: 0.25
# max_rec:
# missing_tracks: medium
# unmatched_tracks: medium
# distance_weights:
# source: 2.0
# artist: 3.0
# album: 3.0
# media: 1.0
# mediums: 1.0
# year: 1.0
# country: 0.5
# label: 0.5
# catalognum: 0.5
# albumdisambig: 0.5
# album_id: 5.0
# tracks: 2.0
# missing_tracks: 0.9
# unmatched_tracks: 0.6
# track_title: 3.0
# track_artist: 2.0
# track_index: 1.0
# track_length: 2.0
# track_id: 5.0
# preferred:
# countries: []
# media: []
# original_year: no
# ignored: []
# required: []
# ignored_media: []
# ignore_data_tracks: yes
# ignore_video_tracks: yes
# track_length_grace: 10
# track_length_max: 30
# album_disambig_fields: data_source media year country label catalognum albumdisambig
# singleton_disambig_fields: data_source index track_alt album
# ''}:/b/.config/beets/config.yaml"
# "/media/music:/music"
# "/media/slskd/downloads:/downloads"
# ];
#};
#beets = {
# image = "lscr.io/linuxserver/beets:latest";
# volumes = [
# "/media/config/beets:/config"
# "/media/music:/music"
# "/media/slskd/downloads:/downloads"
# ];
#};
code-server = {
image = "lscr.io/linuxserver/code-server:latest";
volumes = [
"/var/lib/code-server:/config"
];
environmentFiles = [
config.sops.secrets.code-server.path
];
dependsOn = ["gluetun"];
extraOptions = [
#"--group-add ${config.security.acme.defaults.group}"
"--network=container:gluetun"
];
};
#jellyseerr = {
# image = "fallenbagel/jellyseerr:latest";
# ports = [
# "5055:5055"
# ];
# volumes = [
# "/media/config/jellyseerr:/app/config"
# ];
# extraOptions = [
# "--network=host"
# ];
#};
recyclarr = {
image = "ghcr.io/recyclarr/recyclarr";
volumes = [
#"/media/config/recyclarr:/config"
"${pkgs.writeText "recyclarr.yml" ''
sonarr:
sonarr-main:
base_url: http://localhost:8989
api_key: !env_var SONARR_API_KEY
delete_old_custom_formats: true
replace_existing_custom_formats: true
quality_definition:
type: series
custom_formats:
- trash_ids:
# Unwanted
- 85c61753df5da1fb2aab6f2a47426b09 # BR-DISK
- 9c11cd3f07101cdba90a2d81cf0e56b4 # LQ
- 47435ece6b99a0b477caf360e79ba0bb # x265
# Misc
- ec8fa7296b64e8cd390a1600981f3923 # Repack/Proper
- eb3d5cc0a2be0db205fb823640db6a3c # Repack v2
- 44e7c4de10ae50265753082e5dc76047 # Repack v3
# Streaming Services
- d660701077794679fd59e8bdf4ce3a29 # AMZN
- f67c9ca88f463a48346062e8ad07713f # ATVP
- 36b72f59f4ea20aad9316f475f2d9fbb # DCU
- 89358767a60cc28783cdc3d0be9388a4 # DNSP
- 7a235133c87f7da4c8cccceca7e3c7a6 # HBO
- a880d6abc21e7c16884f3ae393f84179 # HMAX
- f6cce30f1733d5c8194222a7507909bb # HULU
- 0ac24a2a68a9700bcb7eeca8e5cd644c # iT
- d34870697c9db575f17700212167be23 # NF
- b2b980877494b560443631eb1f473867 # NLZ
- 1656adc6d7bb2c8cca6acfb6592db421 # PCOK
- c67a75ae4a1715f2bb4d492755ba4195 # PMTP
- 3ac5d84fce98bab1b531393e9c82f467 # QIBI
- c30d2958827d1867c73318a5a2957eb1 # RED
- ae58039e1319178e6be73caab5c42166 # SHO
- 1efe8da11bfd74fbbcd4d8117ddb9213 # STAN
- 5d2317d99af813b6529c7ebf01c83533 # VDL
- 77a7b25585c18af08f60b1547bb9b4fb # CC
# HQ Source Groups
- e6258996055b9fbab7e9cb2f75819294 # WEB Tier 01
- 58790d4e2fdcd9733aa7ae68ba2bb503 # WEB Tier 02
- d84935abd3f8556dcd51d4f27e22d0a6 # WEB Tier 03
- d0c516558625b04b363fa6c5c2c7cfd4 # WEB Scene
quality_profiles:
- name: TRaSH 720/1080
- trash_ids:
- 949c16fe0a8147f50ba82cc2df9411c9 # Anime BD Tier 01 (Top SeaDex Muxers)
- ed7f1e315e000aef424a58517fa48727 # Anime BD Tier 02 (SeaDex Muxers)
- 096e406c92baa713da4a72d88030b815 # Anime BD Tier 03 (SeaDex Muxers)
- 30feba9da3030c5ed1e0f7d610bcadc4 # Anime BD Tier 04 (SeaDex Muxers)
- 545a76b14ddc349b8b185a6344e28b04 # Anime BD Tier 05 (Remuxes)
- 25d2afecab632b1582eaf03b63055f72 # Anime BD Tier 06 (FanSubs)
- 0329044e3d9137b08502a9f84a7e58db # Anime BD Tier 07 (P2P/Scene)
- c81bbfb47fed3d5a3ad027d077f889de # Anime BD Tier 08 (Mini Encodes)
- e0014372773c8f0e1bef8824f00c7dc4 # Anime Web Tier 01 (Muxers)
- 19180499de5ef2b84b6ec59aae444696 # Anime Web Tier 02 (Top FanSubs)
- e6258996055b9fbab7e9cb2f75819294 # WEB Tier 01
- 58790d4e2fdcd9733aa7ae68ba2bb503 # WEB Tier 02
- c27f2ae6a4e82373b0f1da094e2489ad # Anime Web Tier 03 (Official Subs)
- d84935abd3f8556dcd51d4f27e22d0a6 # WEB Tier 03
- 4fd5528a3a8024e6b49f9c67053ea5f3 # Anime Web Tier 04 (Official Subs)
- 29c2a13d091144f63307e4a8ce963a39 # Anime Web Tier 05 (FanSubs)
- dc262f88d74c651b12e9d90b39f6c753 # Anime Web Tier 06 (FanSubs)
# Unwanted
- b4a1b3d705159cdca36d71e57ca86871 # Anime Raws
- e3515e519f3b1360cbfc17651944354c # Anime LQ Groups
- 15a05bc7c1a36e2b57fd628f8977e2fc # AV1
- 026d5aadd1a6b4e550b134cb6c72b3ca # Uncensored
- d2d7b8a9d39413da5f44054080e028a3 # v0
- 9c14d194486c4014d422adc64092d794 # Dubs Only
- 07a32f77690263bb9fda1842db7e273f # VOSTFR
# Optionals
- 273bd326df95955e1b6c26527d1df89b # v1
- 228b8ee9aa0a609463efca874524a6b8 # v2
- 0e5833d3af2cc5fa96a0c29cd4477feb # v3
- 4fc15eeb8f2f9a749f918217d4234ad8 # v4
- b2550eb333d27b75833e25b8c2557b38 # 10bit
# Streaming Services
- d660701077794679fd59e8bdf4ce3a29 # AMZN
- 7dd31f3dee6d2ef8eeaa156e23c3857e # B-Global
- 4c67ff059210182b59cdd41697b8cb08 # Bilibili
- 3e0b26604165f463f3e8e192261e7284 # CR
- 89358767a60cc28783cdc3d0be9388a4 # DSNP
- 1284d18e693de8efe0fe7d6b3e0b9170 # FUNi
- 570b03b3145a25011bf073274a407259 # HIDIVE
- d34870697c9db575f17700212167be23 # NF
- 44a8ee6403071dd7b8a3a8dd3fe8cb20 # VRV
quality_profiles:
- name: TRaSH Anime
- trash_ids:
- 418f50b10f1907201b6cfdf881f467b7 # Anime Dual Audio
quality_profiles:
- name: TRaSH Anime
score: 2000
radarr:
radarr-main:
base_url: http://localhost:7878
api_key: !env_var RADARR_API_KEY
quality_definition:
type: movie
delete_old_custom_formats: true
replace_existing_custom_formats: true
custom_formats:
- trash_ids:
# HD Bluray + WEB
# Movie Versions
- 0f12c086e289cf966fa5948eac571f44 # Hybrid
- 570bc9ebecd92723d2d21500f4be314c # Remaster
- eca37840c13c6ef2dd0262b141a5482f # 4K Remaster
- e0c07d59beb37348e975a930d5e50319 # Criterion Collection
- 9d27d9d2181838f76dee150882bdc58c # Masters of Cinema
- 957d0f44b592285f26449575e8b1167e # Special Edition
- eecf3a857724171f968a66cb5719e152 # IMAX
- 9f6cbff8cfe4ebbc1bde14c7b7bec0de # IMAX Enhanced
# HQ Release Groups
- ed27ebfef2f323e964fb1f61391bcb35 # HD Bluray Tier 01
- c20c8647f2746a1f4c4262b0fbbeeeae # HD Bluray Tier 02
- c20f169ef63c5f40c2def54abaf4438e # WEB Tier 01
- 403816d65392c79236dcb6dd591aeda4 # WEB Tier 02
- af94e0fe497124d1f9ce732069ec8c3b # WEB Tier 03
# Misc
- e7718d7a3ce595f289bfee26adc178f5 # Repack/Proper
- ae43b294509409a6a13919dedd4764c4 # Repack2
# Unwanted
- ed38b889b31be83fda192888e2286d83 # BR-DISK
- 90a6f9a284dff5103f6346090e6280c8 # LQ
- dc98083864ea246d05a42df0d05f81cc # x265
- b8cd450cbfa689c0259a01d9e29ba3d6 # 3D
# Streaming Services
- b3b3a6ac74ecbd56bcdbefa4799fb9df # AMZN
- 40e9380490e748672c2522eaaeb692f7 # ATVP
- cc5e51a9e85a6296ceefe097a77f12f4 # BCORE
- 84272245b2988854bfb76a16e60baea5 # DNSP
- 509e5f41146e278f9eab1ddaceb34515 # DBO
- 5763d1b0ce84aff3b21038eea8e9b8ad # HMAX
- 526d445d4c16214309f0fd2b3be18a89 # Hulu
- 2a6039655313bf5dab1e43523b62c374 # MA
- 170b1d363bd8516fbf3a3eb05d4faff6 # NF
- bf7e73dd1d85b12cc527dc619761c840 # Pathe
- c9fd353f8f5f1baf56dc601c4cb29920 # PCOK
- e36a0ba1bc902b26ee40818a1d59b8bd # PMTP
- c2863d2a50c9acad1fb50e53ece60817 # STAN
quality_profiles:
- name: TRaSH 720/1080
''}:/config/recyclarr.yml"
];
environmentFiles = [
config.sops.secrets.serverenv.path
];
environment = {
PUID = toString config.users.users."media".uid;
PGID = toString config.users.groups."media".gid;
};
extraOptions = [
"--network=host"
];
};
prowlarr = {
image = "lscr.io/linuxserver/prowlarr:latest";
volumes = [
"/media/config/prowlarr:/config"
];
environment = {
PUID = toString config.users.users."media".uid;
PGID = toString config.users.groups."media".gid;
};
dependsOn = ["gluetun"];
extraOptions = [
"--network=container:gluetun"
];
};
sonarr = {
image = "lscr.io/linuxserver/sonarr:latest";
volumes = [
"/media/config/sonarr:/config"
"/media/library/tvseries:/tv"
"/media/downloads:/downloads"
];
environment = {
PUID = toString config.users.users."media".uid;
PGID = toString config.users.groups."media".gid;
};
dependsOn = ["gluetun"];
extraOptions = [
"--network=container:gluetun"
];
};
radarr = {
image = "lscr.io/linuxserver/radarr:latest";
volumes = [
"/media/config/radarr:/config"
"/media/library/movies:/movies"
"/media/downloads:/downloads"
];
environment = {
PUID = toString config.users.users."media".uid;
PGID = toString config.users.groups."media".gid;
};
dependsOn = ["gluetun"];
extraOptions = [
"--network=container:gluetun"
];
};
flaresolverr = {
image = "flaresolverr/flaresolverr";
environment = {
LOG_LEVEL = "info";
};
dependsOn = ["gluetun"];
extraOptions = [
"--network=container:gluetun"
];
};
transmission = {
image = "linuxserver/transmission:latest";
volumes = [
"/media/downloads:/downloads"
"/media/config/transmission/config:/config"
"/media/config/transmission/watch:/watch"
];
environment = {
PUID = toString config.users.users."media".uid;
PGID = toString config.users.groups."media".gid;
PEERPORT = "11936";
USER = "xun";
PASS = "password123";
};
dependsOn = ["gluetun"];
extraOptions = [
"--network=container:gluetun"
];
};
};
};
}
Reference in a new issue View git blame Copy permalink