chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
sneeuwvlok/_modules/system/services/media.nix
Chris Kruining 5ba5d55108
started migration to snowfall
2025-07-28 14:34:09 +02:00

167 lines
4.1 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
let
inherit (lib) mkIf;
user = "media";
group = "media";
directory = "/var/media";
in
{
options.modules.services.media = let
inherit (lib.options) mkEnableOption;
in {
enable = mkEnableOption "Media tools";
};
imports = let
extras = fetchTarball {
url = "https://github.com/onny/nixos-nextcloud-testumgebung/archive/fa6f062830b4bc3cedb9694c1dbf01d5fdf775ac.tar.gz";
sha256 = "0gzd0276b8da3ykapgqks2zhsqdv4jjvbv97dsxg0hgrhb74z0fs";
};
in [
"${extras}/nextcloud-extras.nix"
];
config = mkIf config.modules.services.media.enable {
environment.systemPackages = with pkgs; [
podman-tui
jellyfin
jellyfin-web
jellyfin-ffmpeg
jellyseerr
mediainfo
id3v2
yt-dlp
];
# need to permit these outdated packages until servarr finally upgrades at some point...
permittedInsecurePackages = [
"dotnet-sdk-6.0.428"
"aspnetcore-runtime-6.0.36"
];
users = {
users.${user} = {
isSystemUser = true;
group = group;
};
groups.${group} = {};
};
systemd.tmpfiles.rules = [
"d '${directory}/series' 0700 ${user} ${group} - -"
"d '${directory}/movies' 0700 ${user} ${group} - -"
"d '${directory}/music' 0700 ${user} ${group} - -"
"d '${directory}/qbittorrent' 0700 ${user} ${group} - -"
"d '${directory}/sabnzbd' 0700 ${user} ${group} - -"
"d '${directory}/reiverr/config' 0700 ${user} ${group} - -"
"d '${directory}/downloads/incomplete' 0700 ${user} ${group} - -"
"d '${directory}/downloads/done' 0700 ${user} ${group} - -"
];
services = let
serviceConf = {
enable = true;
openFirewall = true;
user = user;
group = group;
};
in {
jellyfin = serviceConf;
radarr = serviceConf;
sonarr = serviceConf;
bazarr = serviceConf;
lidarr = serviceConf;
lanraragi = {
enable = true;
port = 6969;
};
jellyseerr = {
enable = true;
openFirewall = true;
};
prowlarr = {
enable = true;
openFirewall = true;
};
qbittorrent = {
enable = true;
openFirewall = true;
dataDir = "${directory}/qbittorrent";
port = 5000;
user = user;
group = group;
};
sabnzbd = {
enable = true;
openFirewall = true;
configFile = "${directory}/sabnzbd/config.ini";
user = user;
group = group;
};
caddy = {
enable = true;
virtualHosts = {
"media.kruining.eu".extraConfig = ''
import auth
reverse_proxy http://127.0.0.1:9494
'';
"jellyfin.kruining.eu".extraConfig = ''
reverse_proxy http://127.0.0.1:8096
'';
# "series.kruining.eu".extraConfig = ''
# reverse_proxy http://127.0.0.1:8989
# '';
# "movies.kruining.eu".extraConfig = ''
# reverse_proxy http://127.0.0.1:7878
# '';
# "indexer.kruining.eu".extraConfig = ''
# reverse_proxy http://127.0.0.1:9696
# '';
# "torrents.kruining.eu".extraConfig = ''
# reverse_proxy http://127.0.0.1:5000
# '';
# "usenet.kruining.eu".extraConfig = ''
# reverse_proxy http://127.0.0.1:8080
# '';
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 6969 ];
modules.virtualisation.podman.enable = true;
virtualisation = {
oci-containers = {
backend = "podman";
containers = {
flaresolverr = {
image = "flaresolverr/flaresolverr";
autoStart = true;
ports = [ "127.0.0.1:8191:8191" ];
};
reiverr = {
image = "ghcr.io/aleksilassila/reiverr:v2.2.0";
autoStart = true;
ports = [ "127.0.0.1:9494:9494" ];
volumes = [ "${directory}/reiverr/config:/config" ];
};
};
};
};
systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL";
};
}
Reference in a new issue View git blame Copy permalink