chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

.
Some checks failed
Test action / kaas (push) Failing after 0s
Details

Browse source
This commit is contained in:
Chris Kruining 2025-12-31 00:41:52 +01:00
parent d2ee47f78c
commit ab9c4b4c14
No known key found for this signature in database
GPG key ID: EB894A3560CCCAD2
10 changed files with 243 additions and 103 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.just/machine.just
View file

@ -8,4 +8,4 @@
[no-exit-message] [no-exit-message]
@update machine: @update machine:
just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | sed ':a;N;$!ba;s/\n/, /g')" just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | sed ':a;N;$!ba;s/\n/, /g')"
nixos-rebuild switch -L --sudo --target-host {{ machine }} --flake ..#{{ machine }} nixos-rebuild switch -L --sudo --target-host {{ machine }} --flake ..#{{ machine }} --log-format internal-json -v |& nom --json

10
modules/nixos/desktop/cosmic/default.nix
View file

@ -5,7 +5,7 @@
inputs, inputs,
... ...
}: let }: let
inherit (lib) mkIf mkEnableOption mkForce; inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.desktop.cosmic; cfg = config.${namespace}.desktop.cosmic;
in { in {
@ -19,13 +19,7 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
services = { services = {
displayManager = { displayManager.cosmic-greeter.enable = true;
cosmic-greeter.enable = true;
autoLogin = {
enable = true;
user = "chris";
};
};
desktopManager.cosmic.enable = true; desktopManager.cosmic.enable = true;
}; };
}; };

8
modules/nixos/services/communication/matrix/default.nix
View file

@ -52,11 +52,15 @@ in {
# Since we'll be using OIDC for auth disable all local options # Since we'll be using OIDC for auth disable all local options
enable_registration = false; enable_registration = false;
enable_registration_without_verification = false; enable_registration_without_verification = false;
password_config.enabled = false; password_config.enabled = true;
backchannel_logout_enabled = true; backchannel_logout_enabled = true;
experimental_features = {
msc2965_enabled = true;
};
sso = { sso = {
client_whitelist = ["http://[::1]:9092"]; client_whitelist = ["http://[::1]:9092/" "https://auth.kruining.eu/"];
update_profile_information = true; update_profile_information = true;
}; };

35
modules/nixos/services/media/default.nix
View file

@ -35,13 +35,6 @@ in {
#========================================================================= #=========================================================================
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
podman-tui podman-tui
jellyfin
jellyfin-web
jellyfin-ffmpeg
jellyseerr
mediainfo
id3v2
yt-dlp
]; ];
#========================================================================= #=========================================================================
@ -56,9 +49,6 @@ in {
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
# "d '${cfg.path}/series' 0770 ${cfg.user} ${cfg.group} - -"
# "d '${cfg.path}/movies' 0770 ${cfg.user} ${cfg.group} - -"
# "d '${cfg.path}/music' 0770 ${cfg.user} ${cfg.group} - -"
"d '${cfg.path}/qbittorrent' 0770 ${cfg.user} ${cfg.group} - -" "d '${cfg.path}/qbittorrent' 0770 ${cfg.user} ${cfg.group} - -"
"d '${cfg.path}/sabnzbd' 0770 ${cfg.user} ${cfg.group} - -" "d '${cfg.path}/sabnzbd' 0770 ${cfg.user} ${cfg.group} - -"
"d '${cfg.path}/downloads/incomplete' 0770 ${cfg.user} ${cfg.group} - -" "d '${cfg.path}/downloads/incomplete' 0770 ${cfg.user} ${cfg.group} - -"
@ -77,34 +67,9 @@ in {
listenPort = 2005; listenPort = 2005;
}; };
flaresolverr = {
enable = true;
openFirewall = true;
port = 2007;
};
# port is harcoded in nixpkgs module
jellyfin = {
enable = true;
openFirewall = true;
user = cfg.user;
group = cfg.group;
};
postgresql = { postgresql = {
enable = true; enable = true;
}; };
caddy = {
enable = true;
virtualHosts = {
"jellyfin.kruining.eu".extraConfig = ''
reverse_proxy http://[::1]:8096
'';
}; };
}; };
};
systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL";
};
} }

10
modules/nixos/services/media/glance/default.nix
View file

@ -130,16 +130,6 @@ in {
} }
]; ];
} }
{
type = "videos";
channels = [
"UCXuqSBlHAE6Xw-yeJA0Tunw" # Linus Tech Tips
"UCR-DXc1voovS8nhAvccRZhg" # Jeff Geerling
"UCsBjURrPoezykLs9EqgamOA" # Fireship
"UCBJycsmduvYEL83R_U4JriQ" # Marques Brownlee
"UCHnyfMqiRRG1u-2MsSQLbXA" # Veritasium
];
}
]; ];
} }

50
modules/nixos/services/media/jellyfin/default.nix Normal file
View file

@ -0,0 +1,50 @@
{
pkgs,
config,
lib,
namespace,
inputs,
system,
...
}: let
inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption mkOption types;
cfg = config.${namespace}.services.media.jellyfin;
in {
options.${namespace}.services.media.jellyfin = {
enable = mkEnableOption "Enable jellyfin server";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
jellyfin
jellyfin-web
jellyfin-ffmpeg
mediainfo
id3v2
yt-dlp
];
services = {
# port is harcoded in nixpkgs module
jellyfin = {
enable = true;
openFirewall = true;
user = "media";
group = "media";
};
caddy = {
enable = true;
virtualHosts = {
"jellyfin.kruining.eu".extraConfig = ''
reverse_proxy http://[::1]:8096
'';
};
};
};
systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL";
};
}

158
modules/nixos/services/media/servarr/default.nix
View file

@ -11,6 +11,7 @@
inherit (lib) mkIf mkEnableOption mkOption types; inherit (lib) mkIf mkEnableOption mkOption types;
cfg = config.${namespace}.services.media.servarr; cfg = config.${namespace}.services.media.servarr;
servarr = import ./lib.nix {inherit lib;};
anyEnabled = cfg |> lib.attrNames |> lib.length |> (l: l > 0); anyEnabled = cfg |> lib.attrNames |> lib.length |> (l: l > 0);
in { in {
options.${namespace}.services.media = { options.${namespace}.services.media = {
@ -68,7 +69,7 @@ in {
}; };
}; };
} }
// (lib.optionalAttrs (service != "prowlarr") { // (lib.optionalAttrs (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) {
user = service; user = service;
group = "media"; group = "media";
}); });
@ -104,6 +105,12 @@ in {
group = "media"; group = "media";
}; };
flaresolverr = {
enable = true;
openFirewall = true;
port = 2007;
};
postgresql = { postgresql = {
ensureDatabases = cfg |> lib.attrNames; ensureDatabases = cfg |> lib.attrNames;
ensureUsers = ensureUsers =
@ -129,6 +136,7 @@ in {
}: (mkIf enable { }: (mkIf enable {
"${service}ApplyTerraform" = let "${service}ApplyTerraform" = let
config' = config; config' = config;
lib' = lib;
terraformConfiguration = inputs.terranix.lib.terranixConfiguration { terraformConfiguration = inputs.terranix.lib.terranixConfiguration {
inherit system; inherit system;
@ -140,13 +148,29 @@ in {
... ...
}: { }: {
config = { config = {
variable = { variable =
api_key = { cfg
|> lib'.mapAttrsToList (s: _: {
"${s}_api_key" = {
type = "string"; type = "string";
description = "${service} api key"; description = "${s} API key";
}; };
})
|> lib'.concat [
{
qbittorrent_api_key = {
type = "string";
description = "qbittorrent api key";
}; };
sabnzbd_api_key = {
type = "string";
description = "sabnzbd api key";
};
}
]
|> lib'.mkMerge;
terraform.required_providers.${service} = { terraform.required_providers.${service} = {
source = "devopsarr/${service}"; source = "devopsarr/${service}";
version = version =
@ -164,10 +188,11 @@ in {
provider.${service} = { provider.${service} = {
url = "http://127.0.0.1:${toString port}"; url = "http://127.0.0.1:${toString port}";
api_key = lib.tfRef "var.api_key"; api_key = lib.tfRef "var.${service}_api_key";
}; };
resource = { resource =
{
"${service}_root_folder" = mkIf (lib.elem service ["radarr" "sonarr" "whisparr"]) ( "${service}_root_folder" = mkIf (lib.elem service ["radarr" "sonarr" "whisparr"]) (
rootFolders rootFolders
|> lib.imap (i: f: lib.nameValuePair "local${toString i}" {path = f;}) |> lib.imap (i: f: lib.nameValuePair "local${toString i}" {path = f;})
@ -181,23 +206,98 @@ in {
priority = 1; priority = 1;
host = "localhost"; host = "localhost";
username = "admin"; username = "admin";
password = "poChieN5feeph0igeaCadeJ9Xux0ohmuy6ruH5ieThaPheib3iuzoo0ahw1aiceif1feegioh9Aimau0pai5thoh5ieH0aechohw"; password = lib.tfRef "var.qbittorrent_api_key";
# password = "poChieN5feeph0igeaCadeJ9Xux0ohmuy6ruH5ieThaPheib3iuzoo0ahw1aiceif1feegioh9Aimau0pai5thoh5ieH0aechohw";
url_base = "/"; url_base = "/";
port = 2008; port = 2008;
}; };
}; };
# "${service}_download_client_sabnzbd" = mkIf (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) { "${service}_download_client_sabnzbd" = mkIf (lib.elem service ["radarr" "sonarr" "lidarr" "whisparr"]) {
# "main" = { "main" = {
# name = "SABnzbd"; name = "SABnzbd";
enable = true;
priority = 1;
host = "localhost";
api_key = lib.tfRef "var.sabnzbd_api_key";
url_base = "/";
port = 8080;
};
};
}
// (lib.optionalAttrs (service == "prowlarr") (
cfg
|> lib'.filterAttrs (s: _: lib'.elem s ["radarr" "sonarr" "lidarr" "whisparr"])
|> lib'.mapAttrsToList (s: {port, ...}: {
"prowlarr_application_${s}"."main" = let
p = cfg.prowlarr.port or config'.services.prowlarr.settings.server.port or 9696;
in {
name = s;
sync_level = "addOnly";
base_url = "http://localhost:${toString port}";
prowlarr_url = "http://localhost:${toString p}";
api_key = lib.tfRef "var.${s}_api_key";
# sync_categories = [3000 3010 3030];
};
})
|> lib'.concat [
{
"prowlarr_indexer" = {
"nyaa" = {
enable = true;
app_profile_id = 1;
priority = 1;
name = "Nyaa";
implementation = "nyaa";
config_contract = "nyaa_settings";
protocol = "torrent";
fields = [
{
name = "targetType";
value = "";
}
];
};
"nzbgeek" = {
enable = true;
app_profile_id = 2;
priority = 1;
name = "NZBgeek";
implementation = "nzbgeek";
config_contract = "nzbgeek_settings";
protocol = "torrent";
fields = [
];
};
# "nzbgeek" = {
# enable = true; # enable = true;
# priority = 1;
# host = "localhost"; # app_profile_id = 1;
# url_base = "/"; # name = "NZBgeek";
# port = 8080; # implementation = "nzbgeek";
# }; # config_contract = "nzbgeek_settings";
# protocol = "torrent";
# fields = [
# # {
# # name = "";
# # value = "";
# # }
# ];
# }; # };
}; };
}
]
|> lib'.mkMerge
));
}; };
}) })
]; ];
@ -242,7 +342,7 @@ in {
then "plan" then "plan"
else "apply -auto-approve" else "apply -auto-approve"
} \ } \
-var-file='${config.sops.templates."${service}/config.tfvars".path}' -var-file='${config.sops.templates."servarr/config.tfvars".path}'
''; '';
serviceConfig = { serviceConfig = {
@ -295,26 +395,34 @@ in {
${lib.toUpper service}__AUTH__APIKEY="${config.sops.placeholder."${service}/apikey"}" ${lib.toUpper service}__AUTH__APIKEY="${config.sops.placeholder."${service}/apikey"}"
''; '';
}; };
"${service}/config.tfvars" = {
owner = service;
group = "media";
restartUnits = ["${service}.service"];
content = ''
api_key = "${config.sops.placeholder."${service}/apikey"}"
'';
};
}; };
})) }))
|> lib.concat [ |> lib.concat [
{ {
secrets = { secrets = {
"qbittorrent/password" = {};
"sabnzbd/apikey" = {}; "sabnzbd/apikey" = {};
"sabnzbd/sunnyweb/username" = {}; "sabnzbd/sunnyweb/username" = {};
"sabnzbd/sunnyweb/password" = {}; "sabnzbd/sunnyweb/password" = {};
}; };
templates = { templates = {
"servarr/config.tfvars" = {
owner = "media";
group = "media";
mode = "0440";
restartUnits = cfg |> lib.attrNames |> lib.map (s: "${s}.service");
content = ''
${
cfg
|> lib.attrNames
|> lib.map (s: "${s}_api_key = \"${config.sops.placeholder."${s}/apikey"}\"")
|> lib.join "\n"
}
qbittorrent_api_key = "${config.sops.placeholder."qbittorrent/password"}"
sabnzbd_api_key = "${config.sops.placeholder."sabnzbd/apikey"}"
'';
};
"sabnzbd/config.ini" = { "sabnzbd/config.ini" = {
owner = "sabnzbd"; owner = "sabnzbd";
group = "media"; group = "media";

2
modules/nixos/services/media/servarr/lib.nix Normal file
View file

@ -0,0 +1,2 @@
{lib, ...}: {
}

1
systems/x86_64-linux/manwe/default.nix
View file

@ -24,6 +24,7 @@
application = { application = {
steam.enable = true; steam.enable = true;
zen.enable = true;
}; };
editor = { editor = {

28
systems/x86_64-linux/ulmo/default.nix
View file

@ -38,6 +38,31 @@
''; '';
}; };
# virtualisation = {
# containers.enable = true;
# podman = {
# enable = true;
# dockerCompat = true;
# };
# oci-containers = {
# backend = "podman";
# containers = {
# homey = {
# image = "ghcr.io/athombv/homey-shs:latest";
# autoStart = true;
# privileged = true;
# volumes = [
# "/home/chris/.homey-shs:/homey/user"
# ];
# ports = [
# "4859:4859"
# ];
# };
# };
# };
# };
sneeuwvlok = { sneeuwvlok = {
services = { services = {
backup.borg.enable = true; backup.borg.enable = true;
@ -170,6 +195,7 @@
media.glance.enable = true; media.glance.enable = true;
media.mydia.enable = true; media.mydia.enable = true;
media.nfs.enable = true; media.nfs.enable = true;
media.jellyfin.enable = true;
media.servarr = { media.servarr = {
radarr = { radarr = {
enable = true; enable = true;
@ -199,7 +225,7 @@
prowlarr = { prowlarr = {
enable = true; enable = true;
debug = true; # debug = true;
port = 2004; port = 2004;
}; };
}; };