diff --git a/modules/arrstack/autobrr.nix b/modules/arrstack/autobrr.nix new file mode 100644 index 0000000..b9c51bb --- /dev/null +++ b/modules/arrstack/autobrr.nix @@ -0,0 +1,28 @@ +{ config, ... }: +let + cfg = import /etc/nixos/modules/vars.nix; + autobrr_port = cfg.arrstack.autobrr.port; + outpost_port = cfg.authentik.outpostPort; + domain = "mc-fucker.cool"; +in +{ + + virtualisation.oci-containers.containers.autobrr = { + image = "ghcr.io/autobrr/autobrr"; + environment = { + TZ = "Europe/Berlin"; + }; + ports = [ + "${autobrr_port}:${autobrr_port}" + ]; + volumes = [ + "/var/lib/autobrr:/config" + ]; + extraOptions = cfg.podman.extraOptions; + }; + + #services.nginx.virtualHosts = { + + #}; +} +# vim: set et ts=2 sw=2 ai: diff --git a/modules/arrstack/bazarr.nix b/modules/arrstack/bazarr.nix new file mode 100644 index 0000000..a670529 --- /dev/null +++ b/modules/arrstack/bazarr.nix @@ -0,0 +1,62 @@ +{ config, ... }: +let + cfg = import /etc/nixos/modules/vars.nix; + bazarr_port = cfg.arrstack.bazarr.port; + outpost_port = cfg.authentik.outpostPort; + domain = "mc-fucker.cool"; +in +{ + + virtualisation.oci-containers.containers.bazarr = { + image = "lscr.io/linuxserver/bazarr:latest"; + environment = { + TZ = "Europe/Berlin"; + PUID = toString config.users.users.arr.uid; + PGID = toString config.users.groups.arr.gid; + }; + ports = [ + "${bazarr_port}:${bazarr_port}" + ]; + volumes = [ + "/var/lib/bazarr:/config" + "/mnt/mergerfs/media:/data" + ]; + extraOptions = cfg.podman.extraOptions; + autoStart = false; + }; + + services.nginx.virtualHosts = { + "bazarr.${domain}" = { + forceSSL = true; + enableACME = true; + locations = + let + common = '' + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_redirect off; + ''; + in + { + "/" = { + proxyPass = "http://127.0.0.1:${outpost_port}"; + extraConfig = common; + }; + "/api" = { + proxyPass = "http://127.0.0.1:${bazarr_port}"; + extraConfig = common; + }; + }; + extraConfig = '' + access_log /var/log/nginx/bazarr.${domain}_access.log; + error_log /var/log/nginx/bazarr.${domain}_error.log; + ''; + }; + }; +} +# vim: set et ts=2 sw=2 ai: diff --git a/modules/arrstack/crossseed.nix b/modules/arrstack/crossseed.nix new file mode 100644 index 0000000..1e834c5 --- /dev/null +++ b/modules/arrstack/crossseed.nix @@ -0,0 +1,35 @@ +{ config, ... }: +let + cfg = import /etc/nixos/modules/vars.nix; + crossseed_port = cfg.arrstack.crossseed.port; + #outpost_port = cfg.authentik.outpostPort; + #domain = "mc-fucker.cool"; +in +{ + + virtualisation.oci-containers.containers.crossseed = { + image = "docker.io/crossseed/cross-seed"; + cmd = [ "daemon" ]; + environment = { + TZ = "Europe/Berlin"; + PUID = toString config.users.users.arr.uid; + PGID = toString config.users.groups.arr.gid; + }; + ports = [ + "${crossseed_port}:${crossseed_port}" + ]; + volumes = [ + "/var/lib/cross-seed:/config" + #"/mnt/mergerfs/media:/data" + "/var/lib/qbittorrent/qBittorrent/data/BT_backup:/torrents" + "/mnt/mergerfs/media/qbittorrent:/data/qbittorrent" + ]; + extraOptions = cfg.podman.extraOptions; + }; + + + #services.nginx.virtualHosts = { + + #}; +} +# vim: set et ts=2 sw=2 ai: diff --git a/modules/arrstack/default.nix b/modules/arrstack/default.nix index 2ec88c3..51be8c4 100644 --- a/modules/arrstack/default.nix +++ b/modules/arrstack/default.nix @@ -1,6 +1,6 @@ -{ ... }: +{ config, ... }: let - cfg = import ./vars.nix; + cfg = import /etc/nixos/modules/vars.nix; autobrr_port = cfg.arrstack.autobrr.port; bazarr_port = cfg.arrstack.bazarr.port; jellyseerr_port = cfg.arrstack.jellyseerr.port; @@ -17,16 +17,16 @@ let in { - users.groups.arr = { - gid = 1337; - }; - users.users = { - arr = { - isSystemUser = true; - group = "arr"; - uid = 1337; + users = { + groups.arr.gid = 1337; + users = { + mc-fucker.extraGroups = [ "arr" ]; + arr = { + isSystemUser = true; + group = "arr"; + uid = 1337; + }; }; - mc-fucker.extraGroups = [ "arr" ]; }; networking.firewall.interfaces.podman0.allowedTCPPorts = [ 12421 28917 ]; @@ -34,220 +34,12 @@ in #container config - #virtualisation.oci-containers.containers.autobrr = { - # image = "ghcr.io/autobrr/autobrr"; - # environment = { - # TZ = "Europe/Berlin"; - # }; - # ports = [ - # "${autobrr_port}:${autobrr_port}" - # ]; - # volumes = [ - # "/var/lib/autobrr:/config" - # ]; - # extraOptions = cfg.podman.extraOptions; - #}; - - virtualisation.oci-containers.containers.bazarr = { - image = "lscr.io/linuxserver/bazarr:latest"; - environment = { - TZ = "Europe/Berlin"; - PUID = "1337"; - PGID = "1337"; - }; - ports = [ - "${bazarr_port}:${bazarr_port}" - ]; - volumes = [ - "/var/lib/bazarr:/config" - "/mnt/mergerfs/media:/data" - ]; - extraOptions = cfg.podman.extraOptions; - autoStart = false; - }; - - #virtualisation.oci-containers.containers.crossseed = { - # image = "docker.io/crossseed/cross-seed"; - # environment = { - # TZ = "Europe/Berlin"; - # PUID = "1337"; - # PGID = "1337"; - # }; - # ports = [ - # "${radarr_port}:${radarr_port}" - # ]; - # volumes = [ - # "/var/lib/radarr:/config" - # "/mnt/mergerfs/media:/data" - # "/mnt/box/files:/data/seedbox" - # ]; - # extraOptions = cfg.podman.extraOptions; - #}; - - virtualisation.oci-containers.containers.jellyseerr = { - image = "docker.io/fallenbagel/jellyseerr"; - environment = { - TZ = "Europe/Berlin"; - }; - ports = [ - "${jellyseerr_port}:${jellyseerr_port}" - ]; - volumes = [ - "/var/lib/jellyseerr:/app/config" - ]; - extraOptions = cfg.podman.extraOptions; - }; - - virtualisation.oci-containers.containers.lidarrtest = { - image = "docker.io/youegraillot/lidarr-on-steroids"; - environment = { - TZ = "Europe/Berlin"; - PUID = "1337"; - PGID = "1337"; - }; - ports = [ - "10101:8686" - "10100:6595" - ]; - volumes = [ - "/var/lib/lidarrtest/lidarr:/config" - "/var/lib/lidarrtest/deemix:/config_deemix" - "/mnt/tmp/deemix:/downloads" - #"/mnt/mergerfs/media/music/Interpreten:/music" - #"/mnt/mergerfs/media:/data" - #"/mnt/box/files:/data/seedbox" - ]; - extraOptions = cfg.podman.extraOptions; - autoStart = false; - }; - - virtualisation.oci-containers.containers.lidarr = { - image = "lscr.io/linuxserver/lidarr:latest"; - environment = { - TZ = "Europe/Berlin"; - PUID = "1337"; - PGID = "1337"; - }; - ports = [ - "${lidarr_port}:${lidarr_port}" - ]; - volumes = [ - "/var/lib/lidarr:/config" - "/var/lib/lidarr-extended/custom-cont-init.d:/custom-cont-init.d" - "/var/lib/lidarr-extended/custom-services.d:/custom-services.d" - "/mnt/mergerfs/media:/data" - #"/mnt/box/files:/mnt/seedbox" - "/mnt/ultracc/downloads:/mnt/ultracc" - ]; - extraOptions = cfg.podman.extraOptions; - autoStart = false; - }; - - virtualisation.oci-containers.containers.prowlarr = { - image = "lscr.io/linuxserver/prowlarr:latest"; - environment = { - TZ = "Europe/Berlin"; - }; - ports = [ - "${prowlarr_port}:${prowlarr_port}" - ]; - volumes = [ - "/var/lib/prowlarr:/config" - ]; - extraOptions = cfg.podman.extraOptions; - }; - - virtualisation.oci-containers.containers.qbittorrent = { - image = "docker.io/binhex/arch-qbittorrentvpn"; - environment = { - TZ = "Europe/Berlin"; - PUID = "1337"; - PGID = "1337"; - VPN_ENABLED = "yes"; - VPN_CLIENT = "wireguard"; - VPN_PROV = "custom"; - LAN_NETWORK = "192.168.178.0/24"; - }; - ports = [ - "6881:6881" - "6881:6881/udp" - "8080:8080" - #"8118:8118" - ]; - volumes = [ - "/var/lib/qbittorrent:/config" - "/mnt/mergerfs/media/qbittorrent:/data/qbittorrent" - ]; - #extraOptions = cfg.podman.extraOptions ++ [ "--cap-add=NET_ADMIN,NET_RAW" "--device=/dev/net/tun" ]; - extraOptions = cfg.podman.extraOptions ++ [ ''--sysctl="net.ipv4.conf.all.src_valid_mark=1"'' "--privileged=true" "--ip=10.88.13.37" ]; - autoStart = false; - }; - - virtualisation.oci-containers.containers.radarr = { - image = "lscr.io/linuxserver/radarr:latest"; - environment = { - TZ = "Europe/Berlin"; - PUID = "1337"; - PGID = "1337"; - }; - ports = [ - "${radarr_port}:${radarr_port}" - ]; - volumes = [ - "/var/lib/radarr:/config" - "/mnt/mergerfs/media:/data" - #"/mnt/box/files:/mnt/seedbox" - "/mnt/ultracc/downloads:/mnt/ultracc" - ]; - extraOptions = cfg.podman.extraOptions; - autoStart = false; - }; - - virtualisation.oci-containers.containers.sonarr = { - image = "lscr.io/linuxserver/sonarr:develop"; - environment = { - TZ = "Europe/Berlin"; - PUID = "1337"; - PGID = "1337"; - }; - ports = [ - "${sonarr_port}:${sonarr_port}" - ]; - volumes = [ - "/var/lib/sonarr:/config" - "/mnt/mergerfs/media:/data" - #"/mnt/box/files:/mnt/seedbox" - "/mnt/ultracc/downloads:/mnt/ultracc" - ]; - extraOptions = cfg.podman.extraOptions; - autoStart = false; - }; - - virtualisation.oci-containers.containers.sabnzbd = { - image = "lscr.io/linuxserver/sabnzbd:latest"; - environment = { - TZ = "Europe/Berlin"; - PUID = "1337"; - PGID = "1337"; - }; - ports = [ - "${sabnzbd_port}:8080" - ]; - volumes = [ - "/var/lib/sabnzbd:/config" - "/mnt/mergerfs/media/usenet:/data/usenet" - "/mnt/cache/sabnzbd:/cache" - ]; - extraOptions = cfg.podman.extraOptions; - autoStart = false; - }; - #virtualisation.oci-containers.containers.tdarr = { # image = "ghcr.io/haveagitgat/tdarr"; # environment = { # TZ = "Europe/Berlin"; - # PUID = "1337"; - # PGID = "1337"; + # PUID = toString config.users.users.arr.uid; + # PGID = toString config.users.groups.arr.gid; # serverIP = "0.0.0.0"; # webUIPort = tdarr_webport; # serverPort = tdarr_serverport; @@ -267,245 +59,22 @@ in # extraOptions = cfg.podman.extraOptions ++ [ "--device=/dev/dri:/dev/dri" ]; #}; - virtualisation.oci-containers.containers.whisparr = { - image = "cr.hotio.dev/hotio/whisparr"; - environment = { - TZ = "Europe/Berlin"; - PUID = "1337"; - PGID = "1337"; - }; - ports = [ - "${whisparr_port}:${whisparr_port}" - ]; - volumes = [ - "/var/lib/whisparr:/config" - "/mnt/mergerfs/media:/data" - #"/mnt/box/files:/mnt/seedbox" - "/mnt/ultracc/downloads:/mnt/ultracc" - ]; - extraOptions = cfg.podman.extraOptions; - autoStart = false; - }; - #webserver config - imports = [ ./nginx.nix ]; - - services.nginx.virtualHosts = { - "bazarr.${domain}" = { - forceSSL = true; - enableACME = true; - locations = - let - common = '' - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_redirect off; - ''; - in - { - "/" = { - proxyPass = "http://127.0.0.1:${outpost_port}"; - extraConfig = common; - }; - "/api" = { - proxyPass = "http://127.0.0.1:${bazarr_port}"; - extraConfig = common; - }; - }; - extraConfig = '' - access_log /var/log/nginx/bazarr.${domain}_access.log; - error_log /var/log/nginx/bazarr.${domain}_error.log; - ''; - }; - - "jellyseerr.${domain}" = { - forceSSL = true; - enableACME = true; - locations = { - "/" = { - proxyPass = "http://127.0.0.1:${jellyseerr_port}"; - extraConfig = '' - proxy_set_header Referer $http_referer; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Real-Port $remote_port; - proxy_set_header X-Forwarded-Host $host:$remote_port; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Forwarded-Port $remote_port; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Ssl on; - - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_redirect off; - proxy_http_version 1.1; - ''; - }; - }; - extraConfig = '' - access_log /var/log/nginx/jellyseerr.${domain}_access.log; - error_log /var/log/nginx/jellyseerr.${domain}_error.log; - ''; - }; - - "prowlarr.${domain}" = { - forceSSL = true; - enableACME = true; - locations = - let - common = '' - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_redirect off; - proxy_http_version 1.1; - ''; - in - { - "/" = { - proxyPass = "http://127.0.0.1:${outpost_port}"; - extraConfig = common; - }; - "/api" = { - proxyPass = "http://127.0.0.1:${prowlarr_port}"; - extraConfig = common; - }; - }; - extraConfig = '' - access_log /var/log/nginx/prowlarr.${domain}_access.log; - error_log /var/log/nginx/prowlarr.${domain}_error.log; - ''; - }; - - "radarr.${domain}" = { - forceSSL = true; - enableACME = true; - locations = - let - common = '' - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_redirect off; - proxy_http_version 1.1; - ''; - in - { - "/" = { - proxyPass = "http://127.0.0.1:${outpost_port}"; - extraConfig = common; - }; - "/api" = { - proxyPass = "http://127.0.0.1:${radarr_port}"; - extraConfig = common; - }; - "/signalr" = { - proxyPass = "http://127.0.0.1:${radarr_port}"; - extraConfig = common; - }; - }; - extraConfig = '' - access_log /var/log/nginx/radarr.${domain}_access.log; - error_log /var/log/nginx/radarr.${domain}_error.log; - ''; - }; - - "sonarr.${domain}" = { - forceSSL = true; - enableACME = true; - locations = - let - common = '' - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_redirect off; - proxy_http_version 1.1; - ''; - in - { - "/" = { - proxyPass = "http://127.0.0.1:${outpost_port}"; - extraConfig = common; - }; - "/api" = { - proxyPass = "http://127.0.0.1:${sonarr_port}"; - extraConfig = common; - }; - }; - extraConfig = '' - access_log /var/log/nginx/sonarr.${domain}_access.log; - error_log /var/log/nginx/sonarr.${domain}_error.log; - ''; - }; - - "sabnzbd.${domain}" = { - forceSSL = true; - enableACME = true; - locations = - let - common = '' - client_max_body_size 100m; - proxy_set_header X-Forwarded-Host $host; - ''; - in - { - "/" = { - proxyPass = "http://127.0.0.1:${outpost_port}"; - extraConfig = common; - }; - "/api" = { - proxyPass = "http://127.0.0.1:${sabnzbd_port}"; - extraConfig = common; - }; - }; - extraConfig = '' - access_log /var/log/nginx/sabnzbd.${domain}_access.log; - error_log /var/log/nginx/sabnzbd.${domain}_error.log; - ''; - }; - - "whisparr.${domain}" = { - forceSSL = true; - enableACME = true; - locations = { - "/" = { - proxyPass = "http://127.0.0.1:${outpost_port}"; - extraConfig = '' - #proxy_set_header Host $proxy_host; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_redirect off; - proxy_http_version 1.1; - ''; - }; - }; - extraConfig = '' - access_log /var/log/nginx/whisparr.${domain}_access.log; - error_log /var/log/nginx/whisparr.${domain}_error.log; - ''; - }; - - }; + imports = [ + /etc/nixos/modules/nginx.nix + ./autobrr.nix + ./bazarr.nix + ./crossseed.nix + ./lidarr.nix + ./jellyseerr.nix + ./prowlarr.nix + ./qbittorrent.nix + ./radarr.nix + ./recyclarr.nix + ./sabnzbd.nix + ./sonarr.nix + ./whisparr.nix + ]; } # vim: set et ts=2 sw=2 ai: diff --git a/modules/arrstack/jellyseerr.nix b/modules/arrstack/jellyseerr.nix new file mode 100644 index 0000000..d10a195 --- /dev/null +++ b/modules/arrstack/jellyseerr.nix @@ -0,0 +1,59 @@ +{ config, ... }: +let + cfg = import /etc/nixos/modules/vars.nix; + jellyseerr_port = cfg.arrstack.jellyseerr.port; + outpost_port = cfg.authentik.outpostPort; + domain = "mc-fucker.cool"; +in +{ + + virtualisation.oci-containers.containers.jellyseerr = { + image = "docker.io/fallenbagel/jellyseerr"; + environment = { + TZ = "Europe/Berlin"; + }; + ports = [ + "${jellyseerr_port}:${jellyseerr_port}" + ]; + volumes = [ + "/var/lib/jellyseerr:/app/config" + ]; + extraOptions = cfg.podman.extraOptions; + }; + + services.nginx.virtualHosts = { + + "jellyseerr.${domain}" = { + forceSSL = true; + enableACME = true; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:${jellyseerr_port}"; + extraConfig = '' + proxy_set_header Referer $http_referer; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Real-Port $remote_port; + proxy_set_header X-Forwarded-Host $host:$remote_port; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-Port $remote_port; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Ssl on; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_redirect off; + proxy_http_version 1.1; + ''; + }; + }; + extraConfig = '' + access_log /var/log/nginx/jellyseerr.${domain}_access.log; + error_log /var/log/nginx/jellyseerr.${domain}_error.log; + ''; + }; + + }; +} +# vim: set et ts=2 sw=2 ai: diff --git a/modules/arrstack/lidarr.nix b/modules/arrstack/lidarr.nix new file mode 100644 index 0000000..9b455de --- /dev/null +++ b/modules/arrstack/lidarr.nix @@ -0,0 +1,58 @@ +{ config, ... }: +let + cfg = import /etc/nixos/modules/vars.nix; + lidarr_port = cfg.arrstack.lidarr.port; + #outpost_port = cfg.authentik.outpostPort; + #domain = "mc-fucker.cool"; +in +{ + + virtualisation.oci-containers.containers.lidarrtest = { + image = "docker.io/youegraillot/lidarr-on-steroids"; + environment = { + TZ = "Europe/Berlin"; + PUID = toString config.users.users.arr.uid; + PGID = toString config.users.groups.arr.gid; + }; + ports = [ + "10101:8686" + "10100:6595" + ]; + volumes = [ + "/var/lib/lidarrtest/lidarr:/config" + "/var/lib/lidarrtest/deemix:/config_deemix" + "/mnt/tmp/deemix:/downloads" + #"/mnt/mergerfs/media/music/Interpreten:/music" + #"/mnt/mergerfs/media:/data" + #"/mnt/box/files:/data/seedbox" + ]; + extraOptions = cfg.podman.extraOptions; + autoStart = false; + }; + + virtualisation.oci-containers.containers.lidarr = { + image = "lscr.io/linuxserver/lidarr:latest"; + environment = { + TZ = "Europe/Berlin"; + PUID = toString config.users.users.arr.uid; + PGID = toString config.users.groups.arr.gid; + }; + ports = [ + "${lidarr_port}:${lidarr_port}" + ]; + volumes = [ + "/var/lib/lidarr:/config" + "/var/lib/lidarr-extended/custom-cont-init.d:/custom-cont-init.d" + "/var/lib/lidarr-extended/custom-services.d:/custom-services.d" + "/mnt/mergerfs/media:/data" + "/mnt/ultracc/downloads:/mnt/ultracc" + ]; + extraOptions = cfg.podman.extraOptions; + autoStart = false; + }; + + #services.nginx.virtualHosts = { + + #}; +} +# vim: set et ts=2 sw=2 ai: diff --git a/modules/arrstack/prowlarr.nix b/modules/arrstack/prowlarr.nix new file mode 100644 index 0000000..2eb64bc --- /dev/null +++ b/modules/arrstack/prowlarr.nix @@ -0,0 +1,60 @@ +{ config, ... }: +let + cfg = import /etc/nixos/modules/vars.nix; + prowlarr_port = cfg.arrstack.prowlarr.port; + outpost_port = cfg.authentik.outpostPort; + domain = "mc-fucker.cool"; +in +{ + + virtualisation.oci-containers.containers.prowlarr = { + image = "lscr.io/linuxserver/prowlarr:latest"; + environment = { + TZ = "Europe/Berlin"; + }; + ports = [ + "${prowlarr_port}:${prowlarr_port}" + ]; + volumes = [ + "/var/lib/prowlarr:/config" + ]; + extraOptions = cfg.podman.extraOptions; + }; + + services.nginx.virtualHosts = { + + "prowlarr.${domain}" = { + forceSSL = true; + enableACME = true; + locations = + let + common = '' + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_redirect off; + proxy_http_version 1.1; + ''; + in + { + "/" = { + proxyPass = "http://127.0.0.1:${outpost_port}"; + extraConfig = common; + }; + "/api" = { + proxyPass = "http://127.0.0.1:${prowlarr_port}"; + extraConfig = common; + }; + }; + extraConfig = '' + access_log /var/log/nginx/prowlarr.${domain}_access.log; + error_log /var/log/nginx/prowlarr.${domain}_error.log; + ''; + }; + + }; +} +# vim: set et ts=2 sw=2 ai: diff --git a/modules/arrstack/qbittorrent.nix b/modules/arrstack/qbittorrent.nix new file mode 100644 index 0000000..20ea5d4 --- /dev/null +++ b/modules/arrstack/qbittorrent.nix @@ -0,0 +1,40 @@ +{ config, ... }: +let + cfg = import /etc/nixos/modules/vars.nix; + #bazarr_port = cfg.arrstack.bazarr.port; + #outpost_port = cfg.authentik.outpostPort; + #domain = "mc-fucker.cool"; +in +{ + + virtualisation.oci-containers.containers.qbittorrent = { + image = "docker.io/binhex/arch-qbittorrentvpn"; + environment = { + TZ = "Europe/Berlin"; + PUID = toString config.users.users.arr.uid; + PGID = toString config.users.groups.arr.gid; + VPN_ENABLED = "yes"; + VPN_CLIENT = "wireguard"; + VPN_PROV = "custom"; + LAN_NETWORK = "192.168.178.0/24"; + }; + ports = [ + "6881:6881" + "6881:6881/udp" + "8080:8080" + #"8118:8118" + ]; + volumes = [ + "/var/lib/qbittorrent:/config" + "/mnt/mergerfs/media/qbittorrent:/data/qbittorrent" + "/mnt/cache/qbittorrent:/cache" + ]; + #extraOptions = cfg.podman.extraOptions ++ [ "--cap-add=NET_ADMIN,NET_RAW" "--device=/dev/net/tun" ]; + extraOptions = cfg.podman.extraOptions ++ [ ''--sysctl="net.ipv4.conf.all.src_valid_mark=1"'' "--privileged=true" "--ip=10.88.13.37" ]; + autoStart = false; + }; + + #services.nginx.virtualHosts = { + #}; +} +# vim: set et ts=2 sw=2 ai: diff --git a/modules/arrstack/radarr.nix b/modules/arrstack/radarr.nix new file mode 100644 index 0000000..73905d1 --- /dev/null +++ b/modules/arrstack/radarr.nix @@ -0,0 +1,69 @@ +{ config, ... }: +let + cfg = import /etc/nixos/modules/vars.nix; + radarr_port = cfg.arrstack.radarr.port; + outpost_port = cfg.authentik.outpostPort; + domain = "mc-fucker.cool"; +in +{ + + virtualisation.oci-containers.containers.radarr = { + image = "lscr.io/linuxserver/radarr:latest"; + environment = { + TZ = "Europe/Berlin"; + PUID = toString config.users.users.arr.uid; + PGID = toString config.users.groups.arr.gid; + }; + ports = [ + "${radarr_port}:${radarr_port}" + ]; + volumes = [ + "/var/lib/radarr:/config" + "/mnt/mergerfs/media:/data" + "/mnt/ultracc/downloads:/mnt/ultracc" + ]; + extraOptions = cfg.podman.extraOptions; + autoStart = false; + }; + + services.nginx.virtualHosts = { + "radarr.${domain}" = { + forceSSL = true; + enableACME = true; + locations = + let + common = '' + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_redirect off; + proxy_http_version 1.1; + ''; + in + { + "/" = { + proxyPass = "http://127.0.0.1:${outpost_port}"; + extraConfig = common; + }; + "/api" = { + proxyPass = "http://127.0.0.1:${radarr_port}"; + extraConfig = common; + }; + "/signalr" = { + proxyPass = "http://127.0.0.1:${radarr_port}"; + extraConfig = common; + }; + }; + extraConfig = '' + access_log /var/log/nginx/radarr.${domain}_access.log; + error_log /var/log/nginx/radarr.${domain}_error.log; + ''; + }; + + }; + +} +# vim: set et ts=2 sw=2 ai: diff --git a/modules/arrstack/recyclarr.nix b/modules/arrstack/recyclarr.nix new file mode 100644 index 0000000..aeca578 --- /dev/null +++ b/modules/arrstack/recyclarr.nix @@ -0,0 +1,20 @@ +{ config, ... }: +let + cfg = import /etc/nixos/modules/vars.nix; +in +{ + + virtualisation.oci-containers.containers.recyclarr = { + image = "ghcr.io/recyclarr/recyclarr"; + environment = { + TZ = "Europe/Berlin"; + }; + volumes = [ + "/var/lib/recyclarr:/config" + ]; + user = "1919:1919"; + extraOptions = cfg.podman.extraOptions; + }; + +} +# vim: set et ts=2 sw=2 ai: diff --git a/modules/arrstack/sabnzbd.nix b/modules/arrstack/sabnzbd.nix new file mode 100644 index 0000000..28b89a5 --- /dev/null +++ b/modules/arrstack/sabnzbd.nix @@ -0,0 +1,59 @@ +{ config, ... }: +let + cfg = import /etc/nixos/modules/vars.nix; + sabnzbd_port = cfg.arrstack.sabnzbd.port; + outpost_port = cfg.authentik.outpostPort; + domain = "mc-fucker.cool"; +in +{ + + virtualisation.oci-containers.containers.sabnzbd = { + image = "lscr.io/linuxserver/sabnzbd:latest"; + environment = { + TZ = "Europe/Berlin"; + PUID = toString config.users.users.arr.uid; + PGID = toString config.users.groups.arr.gid; + }; + ports = [ + "${sabnzbd_port}:8080" + ]; + volumes = [ + "/var/lib/sabnzbd:/config" + "/mnt/mergerfs/media/usenet:/data/usenet" + "/mnt/cache/sabnzbd:/cache" + ]; + extraOptions = cfg.podman.extraOptions; + autoStart = false; + }; + + services.nginx.virtualHosts = { + + "sabnzbd.${domain}" = { + forceSSL = true; + enableACME = true; + locations = + let + common = '' + client_max_body_size 100m; + proxy_set_header X-Forwarded-Host $host; + ''; + in + { + "/" = { + proxyPass = "http://127.0.0.1:${outpost_port}"; + extraConfig = common; + }; + "/api" = { + proxyPass = "http://127.0.0.1:${sabnzbd_port}"; + extraConfig = common; + }; + }; + extraConfig = '' + access_log /var/log/nginx/sabnzbd.${domain}_access.log; + error_log /var/log/nginx/sabnzbd.${domain}_error.log; + ''; + }; + + }; +} +# vim: set et ts=2 sw=2 ai: diff --git a/modules/arrstack/sonarr.nix b/modules/arrstack/sonarr.nix new file mode 100644 index 0000000..e95ef2f --- /dev/null +++ b/modules/arrstack/sonarr.nix @@ -0,0 +1,65 @@ +{ config, ... }: +let + cfg = import /etc/nixos/modules/vars.nix; + sonarr_port = cfg.arrstack.sonarr.port; + outpost_port = cfg.authentik.outpostPort; + domain = "mc-fucker.cool"; +in +{ + + virtualisation.oci-containers.containers.sonarr = { + image = "lscr.io/linuxserver/sonarr:develop"; + environment = { + TZ = "Europe/Berlin"; + PUID = toString config.users.users.arr.uid; + PGID = toString config.users.groups.arr.gid; + }; + ports = [ + "${sonarr_port}:${sonarr_port}" + ]; + volumes = [ + "/var/lib/sonarr:/config" + "/mnt/mergerfs/media:/data" + "/mnt/ultracc/downloads:/mnt/ultracc" + ]; + extraOptions = cfg.podman.extraOptions; + autoStart = false; + }; + + services.nginx.virtualHosts = { + + "sonarr.${domain}" = { + forceSSL = true; + enableACME = true; + locations = + let + common = '' + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_redirect off; + proxy_http_version 1.1; + ''; + in + { + "/" = { + proxyPass = "http://127.0.0.1:${outpost_port}"; + extraConfig = common; + }; + "/api" = { + proxyPass = "http://127.0.0.1:${sonarr_port}"; + extraConfig = common; + }; + }; + extraConfig = '' + access_log /var/log/nginx/sonarr.${domain}_access.log; + error_log /var/log/nginx/sonarr.${domain}_error.log; + ''; + }; + + }; +} +# vim: set et ts=2 sw=2 ai: diff --git a/modules/arrstack/template b/modules/arrstack/template new file mode 100644 index 0000000..882d942 --- /dev/null +++ b/modules/arrstack/template @@ -0,0 +1,14 @@ +{ config, ... }: +let + cfg = import /etc/nixos/modules/vars.nix; + bazarr_port = cfg.arrstack.bazarr.port; + outpost_port = cfg.authentik.outpostPort; + domain = "mc-fucker.cool"; +in +{ + + services.nginx.virtualHosts = { + + }; +} +# vim: set et ts=2 sw=2 ai: diff --git a/modules/arrstack/whisparr.nix b/modules/arrstack/whisparr.nix new file mode 100644 index 0000000..72a03b3 --- /dev/null +++ b/modules/arrstack/whisparr.nix @@ -0,0 +1,58 @@ +{ config, ... }: +let + cfg = import /etc/nixos/modules/vars.nix; + whisparr_port = cfg.arrstack.whisparr.port; + outpost_port = cfg.authentik.outpostPort; + domain = "mc-fucker.cool"; +in +{ + + virtualisation.oci-containers.containers.whisparr = { + image = "ghcr.io/hotio/whisparr"; + environment = { + TZ = "Europe/Berlin"; + PUID = toString config.users.users.arr.uid; + PGID = toString config.users.groups.arr.gid; + }; + ports = [ + "${whisparr_port}:${whisparr_port}" + ]; + volumes = [ + "/var/lib/whisparr:/config" + "/mnt/mergerfs/media:/data" + "/mnt/ultracc/downloads:/mnt/ultracc" + ]; + extraOptions = cfg.podman.extraOptions; + autoStart = false; + }; + + services.nginx.virtualHosts = { + + "whisparr.${domain}" = { + forceSSL = true; + enableACME = true; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:${outpost_port}"; + extraConfig = '' + #proxy_set_header Host $proxy_host; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_redirect off; + proxy_http_version 1.1; + ''; + }; + }; + extraConfig = '' + access_log /var/log/nginx/whisparr.${domain}_access.log; + error_log /var/log/nginx/whisparr.${domain}_error.log; + ''; + }; + + }; +} +# vim: set et ts=2 sw=2 ai: