Syzygial/NixMachines
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
092c3ec9ace5ded5f541cf5bb50449767da43a0d
NixMachines/machines/hippocampus/oci/jelly.nix

239 lines
6.4 KiB
Nix
Raw Blame History

{ config, pkgs, ...}: {
imports = [
../modules/pods.nix
];
config = let
baseEnv = {
TZ = "America/Toronto";
PUID = "1000";
PGID = "1000";
};
dataDir = "/jelly/data";
configDir = "/jelly/conf";
in {
sops.secrets.jellyfin-pia = {};
virtualisation.oci-containers = let
cnt = config.virtualisation.oci-containers.containers;
getPorts = l: builtins.concatMap (c: cnt."${c}".ports) l;
in {
containers = {
wireguard = {
# Derived from the pia-wg.tar.gz
# which was built from the containerfile
image = "localhost/pia-wg:latest";
volumes = [
# "${configDir}/wireguard:/config"
# "${configDir}/wireguard_pia:/pia"
];
ports = getPorts [
"deluge"
"sonarr"
"radarr"
"jellyseerr"
"bazarr"
"readarr"
"prowlarr"
];
environment = {
TZ = "America/Toronto";
LOC = "ca";
PIA_DNS = "false"; # - true/false
PIA_PF = "false"; # - true/false
PIA_CONNECT = "true"; # - true/false; connect to VPN after configuration has been created. Set to false to only create configuration file. Only effective for wireguard protocol. Default true.
MAX_LATENCY = "0.2"; # - numeric value, in seconds
AUTOCONNECT = "true"; # - true/false; this will test for and select the server with the lowest latency, it will override PREFERRED_REGION
# PREFERRED_REGION = ""; # - the region ID for a PIA server
DIP_TOKEN = "n";
VPN_PROTOCOL = "wireguard"; # - wireguard or openvpn; openvpn will default to openvpn_udp_standard, but can also specify openvpn_tcp/udp_standad/strong
DISABLE_IPV6 = "no"; # - yes/no
};
extraOptions = [
"--privileged" "--dns=1.1.1.1"
"--env-file=${config.sops.secrets.jellyfin-pia.path}"
"--cap-add=NET_ADMIN,NET_RAW,SYS_MODULE"
"--cap-drop=MKNOD,AUDIT_WRITE"
"--sysctl=net.ipv4.ip_forward=1"
"--sysctl=net.ipv4.conf.all.src_valid_mark=1"
"--sysctl=net.ipv6.conf.lo.disable_ipv6=1"
"--sysctl=net.ipv6.conf.all.disable_ipv6=1"
"--sysctl=net.ipv6.conf.default.disable_ipv6=1"
];
};
deluge = {
image = "linuxserver/deluge:latest";
volumes = [
"${dataDir}:/data"
"${configDir}/deluge:/config"
];
ports = [
"8112:8112"
"34325:34325"
"34325:34325/udp"
"51413:51413"
"51413:51413/udp"
];
environment = baseEnv // {
};
extraOptions = [
"--pull=newer"
"--network" "container:wireguard"
];
dependsOn = [
"wireguard"
];
};
jellyfin = {
image = "jellyfin/jellyfin:latest";
volumes = [
"${dataDir}:/data"
"${configDir}/jellyfin:/config"
];
ports = [
"8096:8096"
];
environment = baseEnv // {
JELLYFIN_PublishedServerUrl = "127.0.0.1";
# NVIDIA_VISIBLE_DEVICES = "all";
};
extraOptions = [
# "--runtime=nvidia"
# "--gpus=all"
"--pull=newer"
];
};
jellyseerr = {
image = "fallenbagel/jellyseerr:latest";
volumes = [
"${dataDir}:/data"
"${configDir}/jellyseerr:/app/config"
];
ports = [
"5055:5055"
];
environment = baseEnv // {
};
extraOptions = [
"--pull=newer"
"--network" "container:wireguard"
];
dependsOn = [
"sonarr"
"radarr"
];
};
radarr = {
image = "linuxserver/radarr:latest";
volumes = [
"${dataDir}:/data"
"${configDir}/radarr:/config"
];
ports = [
"7878:7878"
];
environment = baseEnv // {
};
extraOptions = [
"--pull=newer"
"--network" "container:wireguard"
];
dependsOn = [
"prowlarr"
];
};
sonarr = {
image = "linuxserver/sonarr:latest";
volumes = [
"${dataDir}:/data"
"${configDir}/sonarr:/config"
];
ports = [
"8989:8989"
];
environment = baseEnv // {
};
extraOptions = [
"--pull=newer"
"--network" "container:wireguard"
];
dependsOn = [
"prowlarr"
];
};
bazarr = {
image = "linuxserver/bazarr:latest";
volumes = [
"${dataDir}:/data"
"${configDir}/bazarr:/config"
];
ports = [
"6767:6767"
];
environment = baseEnv // {
};
extraOptions = [
"--pull=newer"
"--network" "container:wireguard"
];
dependsOn = [
"prowlarr"
];
};
readarr = {
image = "linuxserver/readarr:nightly";
volumes = [
"${dataDir}:/data"
"${configDir}/readarr:/config"
];
ports = [
"8787:8787"
];
environment = baseEnv // {
};
extraOptions = [
"--pull=newer"
"--network" "container:wireguard"
];
dependsOn = [
"prowlarr"
];
};
prowlarr = {
image = "linuxserver/prowlarr:nightly";
volumes = [
"${configDir}/prowlarr:/config"
];
ports = [
"9696:9696"
];
environment = baseEnv // {
};
extraOptions = [
"--pull=newer"
"--network" "container:wireguard"
];
dependsOn = [
"deluge"
];
};
};
};
# TODO: Submit PR for nvidia podman services
# systemd.services.podman-jellyfin.path = [pkgs.nvidia-podman];
};
}
Reference in New Issue View Git Blame Copy Permalink