dot013/nix
1
0
Fork 0
Code Issues Pull Requests Activity

feat: media-server configuration/profile

Browse Source
This commit is contained in:
Gustavo "Guz" L. de Mello
2024-04-28 20:42:00 -03:00
parent a642c71d3f
commit a08d632524
6 changed files with 201 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
hosts/spacestation/services.nix
View File

@@ -96,5 +96,8 @@ in {
tailnetName = secrets.tailnet-name;
deviceIp = secrets.device-ip;
};
profiles.media-server.enable = true;
};
}

1
modules/nixos/profiles/default.nix
View File

@@ -1,6 +1,7 @@
{...}: {
imports = [
./locale.nix
./media-server.nix
];
options = {};
config = {};

84
modules/nixos/profiles/media-server.nix Normal file
View File

@@ -0,0 +1,84 @@
{ config
, lib
, pkgs
, ...
}:
let
cfg = config.profiles.media-server;
in
{
options.profiles.media-server = with lib;
with lib.types; {
enable = mkEnableOption "";
mediaDir = mkOption {
type = path;
default = "/data/media";
};
};
config = with lib;
mkIf cfg.enable {
services = {
jellyfin.enable = mkDefault true;
jellyfin.openFirewall = true;
jellyseerr.enable = mkDefault true;
prowlarr.enable = mkDefault true;
radarr.enable = mkDefault true;
sonarr.enable = mkDefault true;
qbittorrent.enable = mkDefault true;
};
systemd.services.media-server-setup = {
script =
let
services = config.services;
in
''
function setfacl() { ${pkgs.acl}/bin/setfacl "$@"; }
echo 'Creating ${toString cfg.mediaDir} folder'
mkdir -p ${toString cfg.mediaDir}
mkdir -p ${toString cfg.mediaDir + "/Downloads"}
mkdir -p ${toString cfg.mediaDir + "/Movies"}
mkdir -p ${toString cfg.mediaDir + "/Shows"}
${
if services.jellyfin.enable
then ''
echo 'Giving read-write permission to ${services.jellyfin.user} on ${toString cfg.mediaDir}'
setfacl -R -m u:${services.jellyfin.user}:rwx ${toString cfg.mediaDir}
''
else ""
}
${
if services.radarr.enable
then ''
echo 'Giving read-write permission to ${services.radarr.user} on ${toString cfg.mediaDir}'
setfacl -R -m u:${services.radarr.user}:rwx ${toString cfg.mediaDir}
''
else ""
}
${
if services.sonarr.enable
then ''
echo 'Giving read-write permission to ${services.sonarr.user} on ${toString cfg.mediaDir}'
setfacl -R -m u:${services.sonarr.user}:rwx ${toString cfg.mediaDir}
''
else ""
}
${
if services.qbittorrent.enable
then ''
echo 'Giving read-write permission to ${services.qbittorrent.user} on ${toString cfg.mediaDir}'
setfacl -R -m u:${services.qbittorrent.user}:rwx ${toString cfg.mediaDir}
''
else ""
}
'';
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
};
};
};
}

1
modules/nixos/services/default.nix
View File

@@ -2,6 +2,7 @@
imports = [
./adguardhome.nix
./forgejo
./qbittorrent.nix
./tailscale.nix
];
options = {};

78
modules/nixos/services/qbittorrent.nix Normal file
View File

@@ -0,0 +1,78 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.services.qbittorrent;
UID = 888;
GID = 888;
in {
options.services.qbittorrent = with lib;
with lib.types; {
enable = mkEnableOption "";
dataDir = mkOption {
type = path;
default = "/var/lib/qbittorrent";
};
user = mkOption {
type = str;
default = "qbittorrent";
};
group = mkOption {
type = str;
default = "qbittorrent";
};
port = mkOption {
type = port;
default = 8080;
};
openFirewall = mkOption {
type = bool;
default = false;
};
package = mkOption {
type = package;
default = pkgs.qbittorrent-nox;
};
};
config = with lib;
mkIf cfg.enable {
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [cfg.port];
};
systemd.services.qbittorrent = {
after = ["network.target"];
wantedBy = ["multi-user.target"];
serviceConfig = {
Type = "simple";
User = cfg.user;
Group = cfg.group;
ExecStartPre = let
preStartScript = pkgs.writeScript "qbittorrent-run-prestart" ''
#!${pkgs.bash}/bin/bash
if ! test -d "$QBT_PROFILE"; then
echo "Creating qBittorrent data directory in: $QBT_PROFILE"
install -d -m 0755 -o "${cfg.user}" -g "${cfg.group}" "$QBT_PROFILE"
fi
'';
in "!${preStartScript}";
ExecStart = "${cfg.package}/bin/qbittorrent-nox";
Restart = "on-success";
};
environment = {
QBT_PROFILE = cfg.dataDir;
QBT_WEBUI_PORT = toString cfg.port;
};
};
users.users."${cfg.user}" = {
group = cfg.group;
uid = UID;
};
users.groups."${cfg.group}" = {
gid = GID;
};
};
}

39
secrets/spacestation-secrets.lesser.json
View File

@@ -3,14 +3,43 @@
"device-ip": "ENC[AES256_GCM,data:Ed6hS/9F52UGVLpAyw==,iv:sg9iVEmZxA2lNJoc0xwLRyDzoF1Cy48wp9CQf3zOOzQ=,tag:77RYGvjgw0QdZUsPcqVTvA==,type:str]",
"homelab-domain": "ENC[AES256_GCM,data:IQAkzgxJL4WsOqJ0RA==,iv:COJSPyCP33ZJJXz1blr4CTH3DfZ9oH/Em72VWlGWtO0=,tag:sLj91nAgVtvDiRcVzqgIsg==,type:str]",
"services": {
"adguard": {
"domain": "ENC[AES256_GCM,data:QquWEbgpXY13UMV9BTXplQ5LhSgv,iv:0AstA5oaS8714QME3QK0/aiv9Khqk1bLCcFdCEPn+IA=,tag:XXIWjIjHQ0gZFSFBHU49Ag==,type:str]",
"port": "ENC[AES256_GCM,data:4JC+Dg==,iv:jACiG3MB0u8mKFhghBN3VzLBGkUYeCC58fGOuLePJ+M=,tag:Lz4Q8U24aOfjIA4tK6yZwg==,type:float]"
},
"forgejo": {
"domain": "ENC[AES256_GCM,data:DJDExE7VVmAk4ZLhOkTfD2wBY5i1,iv:tnOgrKCpglvDyk75mnmeoiz2trmD3r3wCL2etHmALC4=,tag:rAiEK9U48cR1q+W7Zbkhvg==,type:str]",
"port": "ENC[AES256_GCM,data:ydSACw==,iv:0RWRLLCU8YyYmOmTawns2Iy+ABiBFbBqgQ10+buZNt0=,tag:3QW0NzbKeUkcfYh/5my3fA==,type:float]",
"actions-token": "ENC[AES256_GCM,data:eNZtfpBt0ZjgLrykGKGEL3gtKCHHE+UWaDATgi0QHBGj7ZZX7ROuKQ==,iv:J8wmqFVmi8sarGupw/F4PP20HdaGTrxC4pF8GERwZxs=,tag:wZve5TI4/NpacMpHtpBnoA==,type:str]"
},
"adguard": {
"domain": "ENC[AES256_GCM,data:QquWEbgpXY13UMV9BTXplQ5LhSgv,iv:0AstA5oaS8714QME3QK0/aiv9Khqk1bLCcFdCEPn+IA=,tag:XXIWjIjHQ0gZFSFBHU49Ag==,type:str]",
"port": "ENC[AES256_GCM,data:4JC+Dg==,iv:jACiG3MB0u8mKFhghBN3VzLBGkUYeCC58fGOuLePJ+M=,tag:Lz4Q8U24aOfjIA4tK6yZwg==,type:float]"
"jellyfin": {
"domain": "ENC[AES256_GCM,data:0XAqHmiw/9e3sIqMUk28sZ/2BBWafw==,iv:0auXERqDZFVVWpS2Y6b4jgqZHGv3tF7b83i6UTOBUNg=,tag:Xlgf6hyMKpfR2uEa/aUjsg==,type:str]",
"port": "ENC[AES256_GCM,data:E9A2Lw==,iv:J8GYwoLI/C7yc5fFu0Z6Qu7YPxHXvlyY5d36cWmm9Eg=,tag:fus1uxQxObj7mS3e7U4yTg==,type:float]"
},
"jellyseerr": {
"domain": "ENC[AES256_GCM,data:yWRvgk6vGt+VIuOA7RiwHQBfjftLbDpq,iv:acbAerP79Fq7hRhpnifQ876CI+gavGe3sQvM7RIalBw=,tag:CXHKHgKTLeJeyKko8dr1Qg==,type:str]",
"port": "ENC[AES256_GCM,data:TTvqPg==,iv:Mu+T9LJ626BWB/xt/KHb6PGX2oAWd4h4f34oz1RirHQ=,tag:5zYrwtZD13ljcFFNlvwWJA==,type:float]"
},
"jellystat": {
"domain": "ENC[AES256_GCM,data:JuOqn1eRSwgSmxGpI+cl8+rFPnTN+Wk=,iv:Wmp1jU2vaCZUaiAv/f6TQXdukWWHp1qr7Ay3YPbzDAA=,tag:pGc6PgHNR/uC5fkwXmTZ7w==,type:str]",
"port": "ENC[AES256_GCM,data:VLEiaQ==,iv:aN+vIsVK/snhGfjvmhsAcuGu06peqaa4uKJri14bgL4=,tag:A/vBY3vGS/PzlqtqFRpclg==,type:float]",
"db_password": "ENC[AES256_GCM,data:PSns4kHm0502Reo0iEOP,iv:VKULz9m+HAZqwI2QyKUAQ2x9977Qfj3j4sz9TzSssIA=,tag:EaFlN8gIVtBCeEGsCRG9UQ==,type:str]"
},
"prowlarr": {
"domain": "ENC[AES256_GCM,data:cfeDhy+TD6SVUEgKlCNo0/NkWw5GZg==,iv:X3AXVcWPYJXUSdtkHH/Kkv2+fuztL3/f/ZOFu0iW4hs=,tag:gwxL14I8UUH1K0OEQrLgfQ==,type:str]",
"port": "ENC[AES256_GCM,data:sn6HCA==,iv:ghIKe2IeTBtCQfLN9mLrVYbb2cii1cb+UKFL0DtiNWc=,tag:2X40jOxNbLR0FboTa4xONg==,type:float]"
},
"qbittorrent": {
"domain": "ENC[AES256_GCM,data:U2QUvsdFxhwLJO89QlFa37WxdDA2,iv:vbO9lc7jovM5KrU9n57h8PmSZxZSvSMIEZ1Sqe+L+ew=,tag:TYB9djUpDoYFmJ1qylE97w==,type:str]",
"port": "ENC[AES256_GCM,data:EYXJ/Q==,iv:ByiAPEg8n0p0ZZWkSssrpdEYl8NMqrGsFLcFwiyttQ4=,tag:b5hzfPPWj/N3ZtzNEe/2xQ==,type:float]"
},
"radarr": {
"domain": "ENC[AES256_GCM,data:tbuhPJRqWNs47GofrHLrIPr8JI0=,iv:UpotCjNr4070MsBIlkTTtliekHegOJe976xjrc3So3s=,tag:yeu1lL3ldIYZ/FMzb4igbw==,type:str]",
"port": "ENC[AES256_GCM,data:e/JFRg==,iv:4EH69nzM2buQ3v56+tVUSjaYDlhfevA5fStA5FpSwxE=,tag:Maw8kdf3eF0dQeDOjVrDrw==,type:float]"
},
"sonarr": {
"domain": "ENC[AES256_GCM,data:ElXSeC+fok18BtlzsQujUkWhVRg=,iv:bK91RHb66zGpmVf2qjDSWTLbSDm/hwmrhbcZ8+870RQ=,tag:T2aHrofrlqK6qhMHy8Xg5w==,type:str]",
"port": "ENC[AES256_GCM,data:5gAdwQ==,iv:6h+9iJWLjG8/s8+KVyVbCBL3T1tfpQdA0kBHY8/nuDM=,tag:/eY4dmkppBCj/ZucyLyFvA==,type:float]"
}
},
"sops": {
@@ -24,8 +53,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnL3dCY1VLMmoxRFRmS0Ir\nV0ppTnI0RE5ZMjcvRGNPWkNxWFdJYTBDTG00ClRGQkh1UStGTmc0RE5aNy9nL3FI\nbHJIa3hLR0ZkTjd6WkFzOFkzeFdMNUEKLS0tIDBidk93Qy9LenFlSGZ2aEpuTUFt\nWVM2eS9UdXAvbzE4eEdKMjVEM3RLdm8KKeIhk+YOKVL9Y19lLyb6/Pxv8rbewK2e\nLm96jx+LOMOCFcQGxuFKWqQbTB4br/cPvRKSY5jFmFWqVg7pCPTAzQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-04-11T18:25:11Z",
"mac": "ENC[AES256_GCM,data:68Knkm4T7GteUXCN6TZy+E5LDIgNnRuNlu/2iBbGeJBAovKFiOdP0vUkvqBQL8zkTJk4y5QQKAtu8w9V0MtL9dp61z9nhRbiCbGNkjGoFLfsedTGvifR0HfHy1r4tZKc7A10gn8706q72BEJ+2x3m+6mb2Xh95erXEPl/nyKJZ0=,iv:E96M8LjI2UHced4iNEVkRo2uZWDQR5QudFqyj0JEenw=,tag:MIrn+aJljyFqWbX8R/nckw==,type:str]",
"lastmodified": "2024-04-28T23:36:35Z",
"mac": "ENC[AES256_GCM,data:vEWskDUDKWAcGiWiOWkVTmukDf/hMb+3IiCGacoGs4t44BBRRHuw8Mk6nwz7jBsYykDO1a6JZP5nmCu1V2USSfxfrw4cHaPv/FQ50r5Q8XhF4AJquIaEfx8sKb499ZCVdtTHjTjTgiJOE/mr0x/0OGjtic0EesfF402metRAiLI=,iv:kMJ652qKmwk/mU6Nulcsr3AOadvY5Rbs7lhaj2Ee0/g=,tag:uP6Gltjha97gGI8D6jG2vQ==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"