{ config, pkgs, ...}: { imports = [ ../modules/pods.nix ]; config = let baseEnv = { TZ = "America/Toronto"; PUID = "1000"; PGID = "1000"; }; dataDir = "/jelly/data"; configDir = "/jelly/conf"; in { sops.secrets.jellyfin-pia = {}; virtualisation.oci-containers = let cnt = config.virtualisation.oci-containers.containers; getPorts = l: builtins.concatMap (c: cnt."${c}".ports) l; in { containers = { wireguard = { # Derived from the pia-wg.tar.gz # which was built from the containerfile image = "localhost/pia-wg:latest"; volumes = [ # "${configDir}/wireguard:/config" # "${configDir}/wireguard_pia:/pia" ]; ports = getPorts [ "deluge" "sonarr" "radarr" "jellyseerr" "bazarr" "readarr" "prowlarr" ]; environment = { TZ = "America/Toronto"; LOC = "ca"; PIA_DNS = "false"; # - true/false PIA_PF = "false"; # - true/false PIA_CONNECT = "true"; # - true/false; connect to VPN after configuration has been created. Set to false to only create configuration file. Only effective for wireguard protocol. Default true. MAX_LATENCY = "0.2"; # - numeric value, in seconds AUTOCONNECT = "true"; # - true/false; this will test for and select the server with the lowest latency, it will override PREFERRED_REGION # PREFERRED_REGION = ""; # - the region ID for a PIA server DIP_TOKEN = "n"; VPN_PROTOCOL = "wireguard"; # - wireguard or openvpn; openvpn will default to openvpn_udp_standard, but can also specify openvpn_tcp/udp_standad/strong DISABLE_IPV6 = "no"; # - yes/no }; extraOptions = [ "--privileged" "--dns=1.1.1.1" "--env-file=${config.sops.secrets.jellyfin-pia.path}" "--cap-add=NET_ADMIN,NET_RAW,SYS_MODULE" "--cap-drop=MKNOD,AUDIT_WRITE" "--sysctl=net.ipv4.ip_forward=1" "--sysctl=net.ipv4.conf.all.src_valid_mark=1" "--sysctl=net.ipv6.conf.lo.disable_ipv6=1" "--sysctl=net.ipv6.conf.all.disable_ipv6=1" "--sysctl=net.ipv6.conf.default.disable_ipv6=1" ]; }; deluge = { image = "linuxserver/deluge:latest"; volumes = [ "${dataDir}:/data" "${configDir}/deluge:/config" ]; ports = [ "8112:8112" "34325:34325" "34325:34325/udp" "51413:51413" "51413:51413/udp" ]; environment = baseEnv // { }; extraOptions = [ "--pull=newer" "--network" "container:wireguard" ]; dependsOn = [ "wireguard" ]; }; jellyfin = { image = "jellyfin/jellyfin:latest"; volumes = [ "${dataDir}:/data" "${configDir}/jellyfin:/config" ]; ports = [ "8096:8096" ]; environment = baseEnv // { JELLYFIN_PublishedServerUrl = "127.0.0.1"; # NVIDIA_VISIBLE_DEVICES = "all"; }; extraOptions = [ # "--runtime=nvidia" # "--gpus=all" "--pull=newer" ]; }; jellyseerr = { image = "fallenbagel/jellyseerr:latest"; volumes = [ "${dataDir}:/data" "${configDir}/jellyseerr:/app/config" ]; ports = [ "5055:5055" ]; environment = baseEnv // { }; extraOptions = [ "--pull=newer" "--network" "container:wireguard" ]; dependsOn = [ "sonarr" "radarr" ]; }; radarr = { image = "linuxserver/radarr:latest"; volumes = [ "${dataDir}:/data" "${configDir}/radarr:/config" ]; ports = [ "7878:7878" ]; environment = baseEnv // { }; extraOptions = [ "--pull=newer" "--network" "container:wireguard" ]; dependsOn = [ "prowlarr" ]; }; sonarr = { image = "linuxserver/sonarr:latest"; volumes = [ "${dataDir}:/data" "${configDir}/sonarr:/config" ]; ports = [ "8989:8989" ]; environment = baseEnv // { }; extraOptions = [ "--pull=newer" "--network" "container:wireguard" ]; dependsOn = [ "prowlarr" ]; }; bazarr = { image = "linuxserver/bazarr:latest"; volumes = [ "${dataDir}:/data" "${configDir}/bazarr:/config" ]; ports = [ "6767:6767" ]; environment = baseEnv // { }; extraOptions = [ "--pull=newer" "--network" "container:wireguard" ]; dependsOn = [ "prowlarr" ]; }; readarr = { image = "linuxserver/readarr:nightly"; volumes = [ "${dataDir}:/data" "${configDir}/readarr:/config" ]; ports = [ "8787:8787" ]; environment = baseEnv // { }; extraOptions = [ "--pull=newer" "--network" "container:wireguard" ]; dependsOn = [ "prowlarr" ]; }; prowlarr = { image = "linuxserver/prowlarr:nightly"; volumes = [ "${configDir}/prowlarr:/config" ]; ports = [ "9696:9696" ]; environment = baseEnv // { }; extraOptions = [ "--pull=newer" "--network" "container:wireguard" ]; dependsOn = [ "deluge" ]; }; }; }; # TODO: Submit PR for nvidia podman services # systemd.services.podman-jellyfin.path = [pkgs.nvidia-podman]; }; }