aaaa

2025-01-07 01:03:44 -08:00 · 2025-01-07 01:03:44 -08:00 · 3433afa69c
commit 3433afa69c
parent de16652855
7 changed files with 125 additions and 37 deletions
--- a/nixos/base.nix
+++ b/nixos/base.nix
@ -42,7 +42,7 @@

  services.openssh.enable = lib.mkDefault true;

-
+  documentation.man.generateCaches = lib.mkForce false;

  nixpkgs = {
    overlays = [
--- a/nixos/hosts/pihole/default.nix
+++ b/nixos/hosts/pihole/default.nix
@ -27,7 +27,7 @@
  
  virtualisation.oci-containers.containers = {
    pihole = {
-      image = "registry-1.docker.io/pihole/pihole";
+      image = "docker.io/pihole/pihole";
      ports = [
        "53:53/tcp"
        "53:53/udp"
--- a/nixos/hosts/seedbox/arr.nix
+++ b/nixos/hosts/seedbox/arr.nix
@ -0,0 +1,38 @@
+{ config, ... }: {
+  nixpkgs.config.permittedInsecurePackages = [
+    "aspnetcore-runtime-6.0.36"
+    "aspnetcore-runtime-wrapped-6.0.36"
+    "dotnet-sdk-6.0.428"
+    "dotnet-sdk-wrapped-6.0.428"
+  ];
+
+  users.groups.data = {
+    gid = 1069;
+  };
+  users.users.data = {
+    uid = 1069;
+    isNormalUser = true;
+    group = "data";
+  };
+
+  internal.nas0.mountGid = config.users.groups.data.gid;
+  internal.nas0.mountUid = config.users.users.data.uid;
+
+  services.lidarr.enable = true;
+  services.lidarr.user = "data";
+  services.lidarr.group = "data";
+
+  services.sonarr.enable = true;
+  services.sonarr.user = "data";
+  services.sonarr.group = "data";
+
+  services.radarr.enable = true;
+  services.radarr.user = "data";
+  services.radarr.group = "data";
+
+  services.prowlarr.enable = true;
+
+  systemd.units.radarr.upheldBy = ["mnt-nas0.mount"];
+  systemd.units.lidarr.upheldBy = ["mnt-nas0.mount"];
+  systemd.units.sonarr.upheldBy = ["mnt-nas0.mount"];
+}
--- a/nixos/hosts/seedbox/default.nix
+++ b/nixos/hosts/seedbox/default.nix
@ -6,6 +6,10 @@
    ../../features/nas0.nix
    ../../features/podman.nix
    ../../features/telemetry/transmission.nix
+
+    ./transmission.nix
+    ./arr.nix
+    ./nginx.nix
  ];

  networking.hostName = "seedbox";
@ -14,39 +18,4 @@

  internal.nas0.useSMB = true;
  internal.nas0.lazyMount = false;
-
-  sops.secrets.protonvpn_username = {};
-  sops.secrets.protonvpn_password = {};
-
-  sops.templates."transmission.env" = {
-    content = ''
-OPENVPN_PROVIDER=PROTONVPN
-OPENVPN_CONFIG=mx.protonvpn.udp
-OPENVPN_USERNAME=${config.sops.placeholder.protonvpn_username}+pmp
-OPENVPN_PASSWORD=${config.sops.placeholder.protonvpn_password}
-LOCAL_NETWORK=100.64.0.0/10
-'';
-  };
-  
-  virtualisation.oci-containers.containers = {
-    torrenty = {
-      image = "docker.io/haugene/transmission-openvpn";
-      ports = [ "9091:9091" ];
-      environmentFiles = [
-        config.sops.templates."transmission.env".path
-      ];
-      volumes = [
-        "/mnt/nas0/public/Torrents:/data"
-        "/mnt/nas0/public/Movies:/Movies"
-        "/mnt/nas0/public/Anime:/Anime"
-        "/mnt/nas0/public/AnimeMovies:/AnimeMovies"
-        "/mnt/nas0/public/Shows:/Shows"
-        "config:/config"
-      ];
-      extraOptions = [
-        "--privileged"
-      ];
-      autoStart = true;
-    };
-  };
 }
--- a/nixos/hosts/seedbox/nginx.nix
+++ b/nixos/hosts/seedbox/nginx.nix
@ -0,0 +1,33 @@
+{ lib, pkgs, ... }: {
+  services.nginx = {
+    enable = true;
+    recommendedBrotliSettings = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedZstdSettings = true;
+
+    virtualHosts."seedbox.hoki-porgy.ts.net" = {
+      listen = [
+        { addr = "0.0.0.0"; port = 80; }
+        { addr = "[::]"; port = 80; }
+      ]; 
+      serverAliases = ["seedbox"];
+
+      locations = let commonProxy = port: {
+        recommendedProxySettings = true;
+        proxyWebsockets = true;
+        proxyPass = "http://127.0.0.1:${toString port}";
+      }; in {
+        "^~ /prowlarr" = commonProxy 9696;
+        "^~ /lidarr" = commonProxy 8686;
+        "^~ /radarr" = commonProxy 7878;
+        "^~ /sonarr" = commonProxy 8989;
+        "/transmission" = commonProxy 9091;
+        "/" = {
+          root = ./www;
+          index = "index.html";
+        };
+      };
+    };
+  };
+}
--- a/nixos/hosts/seedbox/transmission.nix
+++ b/nixos/hosts/seedbox/transmission.nix
@ -0,0 +1,39 @@
+{ config, ... }: {
+  sops.secrets.protonvpn_username = {};
+  sops.secrets.protonvpn_password = {};
+
+  sops.templates."transmission.env" = {
+    content = ''
+OPENVPN_PROVIDER=PROTONVPN
+OPENVPN_CONFIG=mx.protonvpn.udp
+OPENVPN_USERNAME=${config.sops.placeholder.protonvpn_username}+pmp
+OPENVPN_PASSWORD=${config.sops.placeholder.protonvpn_password}
+LOCAL_NETWORK=100.64.0.0/10
+'';
+  };
+  
+  virtualisation.oci-containers.containers = {
+    torrenty = {
+      image = "docker.io/haugene/transmission-openvpn";
+      ports = [ "9091:9091" ];
+      environmentFiles = [
+        config.sops.templates."transmission.env".path
+      ];
+      volumes = [
+        "/mnt/nas0/public/Torrents:/data"
+        "/mnt/nas0/public/Movies:/Movies"
+        "/mnt/nas0/public/Anime:/Anime"
+        "/mnt/nas0/public/AnimeMovies:/AnimeMovies"
+        "/mnt/nas0/public/Shows:/Shows"
+        "config:/config"
+      ];
+      extraOptions = [
+        "--privileged"
+      ];
+      autoStart = true;
+    };
+  };
+
+  systemd.units.podman-torrenty.upheldBy = ["mnt-nas0.mount"];
+  systemd.units.podman-torrenty.enable = true;
+}
--- a/nixos/hosts/seedbox/www/index.html
+++ b/nixos/hosts/seedbox/www/index.html
@ -0,0 +1,9 @@
+<!DOCTYPE html>
+<p>user: foxfox</p>
+<ul>
+  <li><a href="/prowlarr">prowlarr</a> (trackers)</li>
+  <li><a href="/lidarr">lidarr</a> (music)</li>
+  <li><a href="/radarr">radarr</a> (movies)</li>
+  <li><a href="/sonarr">sonarr</a> (shows)</li>
+  <li><a href="/transmission">transmission</a> (torrent client)</li>
+</ul>