From ec95ebb373413ce075e17df7d5000441dfdc4f6b Mon Sep 17 00:00:00 2001 From: mc-fucker Date: Mon, 6 May 2024 17:27:36 +0200 Subject: [PATCH] hopefully fixed stuff because git is garbage --- modules/arrstack.nix | 434 +++++++++++++++++++++++++++++++++---------- modules/vars.nix | 7 + 2 files changed, 348 insertions(+), 93 deletions(-) diff --git a/modules/arrstack.nix b/modules/arrstack.nix index e4250e3..61f0862 100644 --- a/modules/arrstack.nix +++ b/modules/arrstack.nix @@ -1,10 +1,15 @@ { ... }: let cfg = import ./vars.nix; + autobrr_port = cfg.arrstack.autobrr.port; bazarr_port = cfg.arrstack.bazarr.port; + jellyseerr_port = cfg.arrstack.jellyseerr.port; + lidarr_port = cfg.arrstack.lidarr.port; prowlarr_port = cfg.arrstack.prowlarr.port; radarr_port = cfg.arrstack.radarr.port; sonarr_port = cfg.arrstack.sonarr.port; + tdarr_webport = cfg.arrstack.tdarr.webport; + tdarr_serverport = cfg.arrstack.tdarr.serverport; whisparr_port = cfg.arrstack.whisparr.port; sabnzbd_port = cfg.arrstack.sabnzbd.port; outpost_port = cfg.authentik.outpostPort; @@ -12,24 +17,130 @@ let in { + users.groups.arr = { + gid = 1337; + }; + users.users = { + arr = { + isSystemUser = true; + group = "arr"; + uid = 1337; + }; + mc-fucker.extraGroups = [ "arr" ]; + }; + networking.firewall.interfaces.podman0.allowedTCPPorts = [ 12421 28917 ]; + networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ]; #container config + + #virtualisation.oci-containers.containers.autobrr = { + # image = "ghcr.io/autobrr/autobrr"; + # environment = { + # TZ = "Europe/Berlin"; + # }; + # ports = [ + # "${autobrr_port}:${autobrr_port}" + # ]; + # volumes = [ + # "/var/lib/autobrr:/config" + # ]; + # extraOptions = cfg.podman.extraOptions; + #}; + virtualisation.oci-containers.containers.bazarr = { image = "lscr.io/linuxserver/bazarr:latest"; environment = { TZ = "Europe/Berlin"; + PUID = "1337"; + PGID = "1337"; }; ports = [ "${bazarr_port}:${bazarr_port}" ]; volumes = [ "/var/lib/bazarr:/config" - "/mnt/arrstack:/data" - "/mnt/gdrive/movies:/data/media/movies" - "/mnt/gdrive/Serien:/data/media/tv" + "/mnt/mergerfs/media:/data" ]; extraOptions = cfg.podman.extraOptions; + autoStart = false; + }; + + #virtualisation.oci-containers.containers.crossseed = { + # image = "docker.io/crossseed/cross-seed"; + # environment = { + # TZ = "Europe/Berlin"; + # PUID = "1337"; + # PGID = "1337"; + # }; + # ports = [ + # "${radarr_port}:${radarr_port}" + # ]; + # volumes = [ + # "/var/lib/radarr:/config" + # "/mnt/mergerfs/media:/data" + # "/mnt/box/files:/data/seedbox" + # ]; + # extraOptions = cfg.podman.extraOptions; + #}; + + virtualisation.oci-containers.containers.jellyseerr = { + image = "docker.io/fallenbagel/jellyseerr"; + environment = { + TZ = "Europe/Berlin"; + }; + ports = [ + "${jellyseerr_port}:${jellyseerr_port}" + ]; + volumes = [ + "/var/lib/jellyseerr:/app/config" + ]; + extraOptions = cfg.podman.extraOptions; + }; + + virtualisation.oci-containers.containers.lidarrtest = { + image = "docker.io/youegraillot/lidarr-on-steroids"; + environment = { + TZ = "Europe/Berlin"; + PUID = "1337"; + PGID = "1337"; + }; + ports = [ + "10101:8686" + "10100:6595" + ]; + volumes = [ + "/var/lib/lidarrtest/lidarr:/config" + "/var/lib/lidarrtest/deemix:/config_deemix" + "/mnt/tmp/deemix:/downloads" + #"/mnt/mergerfs/media/music/Interpreten:/music" + #"/mnt/mergerfs/media:/data" + #"/mnt/box/files:/data/seedbox" + ]; + extraOptions = cfg.podman.extraOptions; + autoStart = false; + }; + + virtualisation.oci-containers.containers.lidarr = { + image = "lscr.io/linuxserver/lidarr:latest"; + environment = { + TZ = "Europe/Berlin"; + PUID = "1337"; + PGID = "1337"; + }; + ports = [ + "${lidarr_port}:${lidarr_port}" + ]; + volumes = [ + "/var/lib/lidarr:/config" + "/var/lib/lidarr-extended/custom-cont-init.d:/custom-cont-init.d" + "/var/lib/lidarr-extended/custom-services.d:/custom-services.d" + "/mnt/mergerfs/media:/data" + #"/mnt/box/files:/mnt/seedbox" + "/mnt/ultracc/downloads:/mnt/ultracc" + ]; + extraOptions = cfg.podman.extraOptions; + autoStart = false; }; virtualisation.oci-containers.containers.prowlarr = { @@ -46,73 +157,133 @@ in extraOptions = cfg.podman.extraOptions; }; + virtualisation.oci-containers.containers.qbittorrent = { + image = "docker.io/binhex/arch-qbittorrentvpn"; + environment = { + TZ = "Europe/Berlin"; + PUID = "1337"; + PGID = "1337"; + VPN_ENABLED = "yes"; + VPN_CLIENT = "wireguard"; + VPN_PROV = "custom"; + LAN_NETWORK = "192.168.178.0/24"; + }; + ports = [ + "6881:6881" + "6881:6881/udp" + "8080:8080" + #"8118:8118" + ]; + volumes = [ + "/var/lib/qbittorrent:/config" + "/mnt/mergerfs/media/qbittorrent:/data/qbittorrent" + ]; + #extraOptions = cfg.podman.extraOptions ++ [ "--cap-add=NET_ADMIN,NET_RAW" "--device=/dev/net/tun" ]; + extraOptions = cfg.podman.extraOptions ++ [ ''--sysctl="net.ipv4.conf.all.src_valid_mark=1"'' "--privileged=true" "--ip=10.88.13.37" ]; + autoStart = false; + }; + virtualisation.oci-containers.containers.radarr = { image = "lscr.io/linuxserver/radarr:latest"; environment = { TZ = "Europe/Berlin"; + PUID = "1337"; + PGID = "1337"; }; ports = [ "${radarr_port}:${radarr_port}" ]; volumes = [ "/var/lib/radarr:/config" - "/mnt/arrstack:/data" - "/mnt/gdrive/movies:/data/media/movies" - "/mnt/box/files:/data/seedbox" + "/mnt/mergerfs/media:/data" + #"/mnt/box/files:/mnt/seedbox" + "/mnt/ultracc/downloads:/mnt/ultracc" ]; extraOptions = cfg.podman.extraOptions; + autoStart = false; }; virtualisation.oci-containers.containers.sonarr = { - image = "lscr.io/linuxserver/sonarr:latest"; + image = "lscr.io/linuxserver/sonarr:develop"; environment = { TZ = "Europe/Berlin"; + PUID = "1337"; + PGID = "1337"; }; ports = [ "${sonarr_port}:${sonarr_port}" ]; volumes = [ "/var/lib/sonarr:/config" - "/mnt/arrstack:/data" - "/mnt/gdrive/Serien:/data/media/tv" - "/mnt/box/files:/data/seedbox" + "/mnt/mergerfs/media:/data" + #"/mnt/box/files:/mnt/seedbox" + "/mnt/ultracc/downloads:/mnt/ultracc" ]; extraOptions = cfg.podman.extraOptions; + autoStart = false; }; - virtualisation.oci-containers.containers.sabnzbd = { image = "lscr.io/linuxserver/sabnzbd:latest"; environment = { TZ = "Europe/Berlin"; + PUID = "1337"; + PGID = "1337"; }; ports = [ "${sabnzbd_port}:8080" ]; volumes = [ "/var/lib/sabnzbd:/config" - "/mnt/arrstack/usenet:/data/usenet" + "/mnt/mergerfs/media/usenet:/data/usenet" ]; extraOptions = cfg.podman.extraOptions; + autoStart = false; }; + #virtualisation.oci-containers.containers.tdarr = { + # image = "ghcr.io/haveagitgat/tdarr"; + # environment = { + # TZ = "Europe/Berlin"; + # PUID = "1337"; + # PGID = "1337"; + # serverIP = "0.0.0.0"; + # webUIPort = tdarr_webport; + # serverPort = tdarr_serverport; + # internalNode = "true"; + # inContainer = "true"; + # }; + # ports = [ + # "${tdarr_webport}:${tdarr_webport}" + # "${tdarr_serverport}:${tdarr_serverport}" + # ]; + # volumes = [ + # "/var/lib/tdarr/server:/app/server" + # "/var/lib/tdarr/configs:/app/configs" + # "/var/lib/tdarr/logs:/app/logs" + # "/mnt/mergerfs/media:/data" + # ]; + # extraOptions = cfg.podman.extraOptions ++ [ "--device=/dev/dri:/dev/dri" ]; + #}; + virtualisation.oci-containers.containers.whisparr = { image = "cr.hotio.dev/hotio/whisparr"; environment = { TZ = "Europe/Berlin"; - PUID = "911"; - PGID = "911"; + PUID = "1337"; + PGID = "1337"; }; ports = [ "${whisparr_port}:${whisparr_port}" ]; volumes = [ "/var/lib/whisparr:/config" - "/mnt/arrstack:/data" - "/mnt/genc/pron/whisparr:/data/media/ati" - #"/mnt/box/files:/data/seedbox" + "/mnt/mergerfs/media:/data" + #"/mnt/box/files:/mnt/seedbox" + "/mnt/ultracc/downloads:/mnt/ultracc" ]; extraOptions = cfg.podman.extraOptions; + autoStart = false; }; #webserver config @@ -122,92 +293,190 @@ in "bazarr.${domain}" = { forceSSL = true; enableACME = true; - locations = { + locations = + let + common = '' + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_redirect off; + ''; + in + { "/" = { proxyPass = "http://127.0.0.1:${outpost_port}"; + extraConfig = common; + }; + "/api" = { + proxyPass = "http://127.0.0.1:${bazarr_port}"; + extraConfig = common; + }; + }; + extraConfig = '' + access_log /var/log/nginx/bazarr.${domain}_access.log; + error_log /var/log/nginx/bazarr.${domain}_error.log; + ''; + }; + + "jellyseerr.${domain}" = { + forceSSL = true; + enableACME = true; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:${jellyseerr_port}"; extraConfig = '' - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_http_version 1.1; + proxy_set_header Referer $http_referer; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Real-Port $remote_port; + proxy_set_header X-Forwarded-Host $host:$remote_port; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-Port $remote_port; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Ssl on; + proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; + proxy_set_header Connection $http_connection; proxy_redirect off; - access_log /var/log/nginx/bazarr.${domain}_access.log; - error_log /var/log/nginx/bazarr.${domain}_error.log; + proxy_http_version 1.1; ''; }; }; + extraConfig = '' + access_log /var/log/nginx/jellyseerr.${domain}_access.log; + error_log /var/log/nginx/jellyseerr.${domain}_error.log; + ''; }; "prowlarr.${domain}" = { forceSSL = true; enableACME = true; - locations = { + locations = + let + common = '' + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_redirect off; + proxy_http_version 1.1; + ''; + in + { "/" = { proxyPass = "http://127.0.0.1:${outpost_port}"; - extraConfig = '' - #proxy_set_header Host $proxy_host; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_redirect off; - proxy_http_version 1.1; - access_log /var/log/nginx/prowlarr.${domain}_access.log; - error_log /var/log/nginx/prowlarr.${domain}_error.log; - ''; + extraConfig = common; + }; + "/api" = { + proxyPass = "http://127.0.0.1:${prowlarr_port}"; + extraConfig = common; }; }; + extraConfig = '' + access_log /var/log/nginx/prowlarr.${domain}_access.log; + error_log /var/log/nginx/prowlarr.${domain}_error.log; + ''; }; "radarr.${domain}" = { forceSSL = true; enableACME = true; - locations = { + locations = + let + common = '' + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_redirect off; + proxy_http_version 1.1; + ''; + in + { "/" = { proxyPass = "http://127.0.0.1:${outpost_port}"; - extraConfig = '' - #proxy_set_header Host $proxy_host; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_redirect off; - proxy_http_version 1.1; - access_log /var/log/nginx/radarr.${domain}_access.log; - error_log /var/log/nginx/radarr.${domain}_error.log; - ''; + extraConfig = common; + }; + "/api" = { + proxyPass = "http://127.0.0.1:${radarr_port}"; + extraConfig = common; + }; + "/signalr" = { + proxyPass = "http://127.0.0.1:${radarr_port}"; + extraConfig = common; }; }; + extraConfig = '' + access_log /var/log/nginx/radarr.${domain}_access.log; + error_log /var/log/nginx/radarr.${domain}_error.log; + ''; }; "sonarr.${domain}" = { forceSSL = true; enableACME = true; - locations = { + locations = + let + common = '' + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + proxy_redirect off; + proxy_http_version 1.1; + ''; + in + { "/" = { proxyPass = "http://127.0.0.1:${outpost_port}"; - extraConfig = '' - #proxy_set_header Host $proxy_host; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_redirect off; - proxy_http_version 1.1; - access_log /var/log/nginx/sonarr.${domain}_access.log; - error_log /var/log/nginx/sonarr.${domain}_error.log; - ''; + extraConfig = common; + }; + "/api" = { + proxyPass = "http://127.0.0.1:${sonarr_port}"; + extraConfig = common; }; }; + extraConfig = '' + access_log /var/log/nginx/sonarr.${domain}_access.log; + error_log /var/log/nginx/sonarr.${domain}_error.log; + ''; + }; + + "sabnzbd.${domain}" = { + forceSSL = true; + enableACME = true; + locations = + let + common = '' + client_max_body_size 100m; + proxy_set_header X-Forwarded-Host $host; + ''; + in + { + "/" = { + proxyPass = "http://127.0.0.1:${outpost_port}"; + extraConfig = common; + }; + "/api" = { + proxyPass = "http://127.0.0.1:${sabnzbd_port}"; + extraConfig = common; + }; + }; + extraConfig = '' + access_log /var/log/nginx/sabnzbd.${domain}_access.log; + error_log /var/log/nginx/sabnzbd.${domain}_error.log; + ''; }; "whisparr.${domain}" = { @@ -226,34 +495,13 @@ in proxy_set_header Connection $http_connection; proxy_redirect off; proxy_http_version 1.1; - access_log /var/log/nginx/whisparr.${domain}_access.log; - error_log /var/log/nginx/whisparr.${domain}_error.log; - ''; - }; - }; - }; - - "sabnzbd.${domain}" = { - forceSSL = true; - enableACME = true; - locations = { - "/" = { - proxyPass = "http://127.0.0.1:${sabnzbd_port}"; - extraConfig = '' - client_max_body_size 100m; - # proxy_set_header Host $proxy_host; - # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # proxy_set_header X-Forwarded-Host $host; - # proxy_set_header X-Forwarded-Proto $scheme; - # proxy_set_header Upgrade $http_upgrade; - # proxy_set_header Connection $http_connection; - # proxy_redirect off; - # proxy_http_version 1.1; - access_log /var/log/nginx/sabnzbd.${domain}_access.log; - error_log /var/log/nginx/sabnzbd.${domain}_error.log; ''; }; }; + extraConfig = '' + access_log /var/log/nginx/whisparr.${domain}_access.log; + error_log /var/log/nginx/whisparr.${domain}_error.log; + ''; }; }; diff --git a/modules/vars.nix b/modules/vars.nix index f5f89c9..afe6d68 100644 --- a/modules/vars.nix +++ b/modules/vars.nix @@ -1,6 +1,7 @@ { arrstack = { + autobrr.port = "7474"; bazarr.port = "6767"; jellyseerr.port = "5055"; lidarr.port = "8686"; @@ -34,6 +35,8 @@ port = "8083"; }; + feishin.port = "9180"; + ihatemoney = { db = "ihatemoney"; domain = "geld.mc-fucker.cool"; @@ -69,6 +72,10 @@ navidrome.port = "4533"; + nextcloud = { + dbport = "54329"; + }; + podman = { extraOptions = [ "-l=io.containers.autoupdate=registry"