added programs needed for encoding

modules/arrstack.nix

@@ -1,511 +0,0 @@
-{ ... }:
-let
-  cfg = import ./vars.nix;
-  autobrr_port = cfg.arrstack.autobrr.port;
-  bazarr_port = cfg.arrstack.bazarr.port;
-  jellyseerr_port = cfg.arrstack.jellyseerr.port;
-  lidarr_port = cfg.arrstack.lidarr.port;
-  prowlarr_port = cfg.arrstack.prowlarr.port;
-  radarr_port = cfg.arrstack.radarr.port;
-  sonarr_port = cfg.arrstack.sonarr.port;
-  tdarr_webport = cfg.arrstack.tdarr.webport;
-  tdarr_serverport = cfg.arrstack.tdarr.serverport;
-  whisparr_port = cfg.arrstack.whisparr.port;
-  sabnzbd_port = cfg.arrstack.sabnzbd.port;
-  outpost_port = cfg.authentik.outpostPort;
-  domain = "mc-fucker.cool";
-in
-{
-
-  users.groups.arr = {
-    gid = 1337;
-  };
-  users.users = {
-    arr = {
-      isSystemUser = true;
-      group = "arr";
-      uid = 1337;
-    };
-    mc-fucker.extraGroups = [ "arr" ];
-  };
-
-  networking.firewall.interfaces.podman0.allowedTCPPorts = [ 12421 28917 ];
-  networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ];
-
-  #container config
-
-  #virtualisation.oci-containers.containers.autobrr = {
-  #  image = "ghcr.io/autobrr/autobrr";
-  #  environment = {
-  #    TZ = "Europe/Berlin";
-  #  };
-  #  ports = [
-  #    "${autobrr_port}:${autobrr_port}"
-  #  ];
-  #  volumes = [
-  #    "/var/lib/autobrr:/config"
-  #  ];
-  #  extraOptions = cfg.podman.extraOptions;
-  #};
-
-  virtualisation.oci-containers.containers.bazarr = {
-    image = "lscr.io/linuxserver/bazarr:latest";
-    environment = {
-      TZ = "Europe/Berlin";
-      PUID = "1337";
-      PGID = "1337";
-    };
-    ports = [
-      "${bazarr_port}:${bazarr_port}"
-    ];
-    volumes = [
-      "/var/lib/bazarr:/config"
-      "/mnt/mergerfs/media:/data"
-    ];
-    extraOptions = cfg.podman.extraOptions;
-    autoStart = false;
-  };
-
-  #virtualisation.oci-containers.containers.crossseed = {
-  #  image = "docker.io/crossseed/cross-seed";
-  #  environment = {
-  #    TZ = "Europe/Berlin";
-  #    PUID = "1337";
-  #    PGID = "1337";
-  #  };
-  #  ports = [
-  #    "${radarr_port}:${radarr_port}"
-  #  ];
-  #  volumes = [
-  #    "/var/lib/radarr:/config"
-  #    "/mnt/mergerfs/media:/data"
-  #    "/mnt/box/files:/data/seedbox"
-  #  ];
-  #  extraOptions = cfg.podman.extraOptions;
-  #};
-
-  virtualisation.oci-containers.containers.jellyseerr = {
-    image = "docker.io/fallenbagel/jellyseerr";
-    environment = {
-      TZ = "Europe/Berlin";
-    };
-    ports = [
-      "${jellyseerr_port}:${jellyseerr_port}"
-    ];
-    volumes = [
-      "/var/lib/jellyseerr:/app/config"
-    ];
-    extraOptions = cfg.podman.extraOptions;
-  };
-
-  virtualisation.oci-containers.containers.lidarrtest = {
-    image = "docker.io/youegraillot/lidarr-on-steroids";
-    environment = {
-      TZ = "Europe/Berlin";
-      PUID = "1337";
-      PGID = "1337";
-    };
-    ports = [
-      "10101:8686"
-      "10100:6595"
-    ];
-    volumes = [
-      "/var/lib/lidarrtest/lidarr:/config"
-      "/var/lib/lidarrtest/deemix:/config_deemix"
-      "/mnt/tmp/deemix:/downloads"
-      #"/mnt/mergerfs/media/music/Interpreten:/music"
-      #"/mnt/mergerfs/media:/data"
-      #"/mnt/box/files:/data/seedbox"
-    ];
-    extraOptions = cfg.podman.extraOptions;
-    autoStart = false;
-  };
-
-  virtualisation.oci-containers.containers.lidarr = {
-    image = "lscr.io/linuxserver/lidarr:latest";
-    environment = {
-      TZ = "Europe/Berlin";
-      PUID = "1337";
-      PGID = "1337";
-    };
-    ports = [
-      "${lidarr_port}:${lidarr_port}"
-    ];
-    volumes = [
-      "/var/lib/lidarr:/config"
-      "/var/lib/lidarr-extended/custom-cont-init.d:/custom-cont-init.d"
-      "/var/lib/lidarr-extended/custom-services.d:/custom-services.d"
-      "/mnt/mergerfs/media:/data"
-      #"/mnt/box/files:/mnt/seedbox"
-      "/mnt/ultracc/downloads:/mnt/ultracc"
-    ];
-    extraOptions = cfg.podman.extraOptions;
-    autoStart = false;
-  };
-
-  virtualisation.oci-containers.containers.prowlarr = {
-    image = "lscr.io/linuxserver/prowlarr:latest";
-    environment = {
-      TZ = "Europe/Berlin";
-    };
-    ports = [
-      "${prowlarr_port}:${prowlarr_port}"
-    ];
-    volumes = [
-      "/var/lib/prowlarr:/config"
-    ];
-    extraOptions = cfg.podman.extraOptions;
-  };
-
-  virtualisation.oci-containers.containers.qbittorrent = {
-    image = "docker.io/binhex/arch-qbittorrentvpn";
-    environment = {
-      TZ = "Europe/Berlin";
-      PUID = "1337";
-      PGID = "1337";
-      VPN_ENABLED = "yes";
-      VPN_CLIENT = "wireguard";
-      VPN_PROV = "custom";
-      LAN_NETWORK = "192.168.178.0/24";
-    };
-    ports = [
-      "6881:6881"
-      "6881:6881/udp"
-      "8080:8080"
-      #"8118:8118"
-    ];
-    volumes = [
-      "/var/lib/qbittorrent:/config"
-      "/mnt/mergerfs/media/qbittorrent:/data/qbittorrent"
-    ];
-    #extraOptions = cfg.podman.extraOptions ++ [ "--cap-add=NET_ADMIN,NET_RAW" "--device=/dev/net/tun" ];
-    extraOptions = cfg.podman.extraOptions ++ [ ''--sysctl="net.ipv4.conf.all.src_valid_mark=1"'' "--privileged=true" "--ip=10.88.13.37" ];
-    autoStart = false;
-  };
-
-  virtualisation.oci-containers.containers.radarr = {
-    image = "lscr.io/linuxserver/radarr:latest";
-    environment = {
-      TZ = "Europe/Berlin";
-      PUID = "1337";
-      PGID = "1337";
-    };
-    ports = [
-      "${radarr_port}:${radarr_port}"
-    ];
-    volumes = [
-      "/var/lib/radarr:/config"
-      "/mnt/mergerfs/media:/data"
-      #"/mnt/box/files:/mnt/seedbox"
-      "/mnt/ultracc/downloads:/mnt/ultracc"
-    ];
-    extraOptions = cfg.podman.extraOptions;
-    autoStart = false;
-  };
-
-  virtualisation.oci-containers.containers.sonarr = {
-    image = "lscr.io/linuxserver/sonarr:develop";
-    environment = {
-      TZ = "Europe/Berlin";
-      PUID = "1337";
-      PGID = "1337";
-    };
-    ports = [
-      "${sonarr_port}:${sonarr_port}"
-    ];
-    volumes = [
-      "/var/lib/sonarr:/config"
-      "/mnt/mergerfs/media:/data"
-      #"/mnt/box/files:/mnt/seedbox"
-      "/mnt/ultracc/downloads:/mnt/ultracc"
-    ];
-    extraOptions = cfg.podman.extraOptions;
-    autoStart = false;
-  };
-
-  virtualisation.oci-containers.containers.sabnzbd = {
-    image = "lscr.io/linuxserver/sabnzbd:latest";
-    environment = {
-      TZ = "Europe/Berlin";
-      PUID = "1337";
-      PGID = "1337";
-    };
-    ports = [
-      "${sabnzbd_port}:8080"
-    ];
-    volumes = [
-      "/var/lib/sabnzbd:/config"
-      "/mnt/mergerfs/media/usenet:/data/usenet"
-      "/mnt/cache/sabnzbd:/cache"
-    ];
-    extraOptions = cfg.podman.extraOptions;
-    autoStart = false;
-  };
-
-  #virtualisation.oci-containers.containers.tdarr = {
-  #  image = "ghcr.io/haveagitgat/tdarr";
-  #  environment = {
-  #    TZ = "Europe/Berlin";
-  #    PUID = "1337";
-  #    PGID = "1337";
-  #    serverIP = "0.0.0.0";
-  #    webUIPort = tdarr_webport;
-  #    serverPort = tdarr_serverport;
-  #    internalNode = "true";
-  #    inContainer = "true";
-  #  };
-  #  ports = [
-  #    "${tdarr_webport}:${tdarr_webport}"
-  #    "${tdarr_serverport}:${tdarr_serverport}"
-  #  ];
-  #  volumes = [
-  #    "/var/lib/tdarr/server:/app/server"
-  #    "/var/lib/tdarr/configs:/app/configs"
-  #    "/var/lib/tdarr/logs:/app/logs"
-  #    "/mnt/mergerfs/media:/data"
-  #  ];
-  #  extraOptions = cfg.podman.extraOptions ++ [ "--device=/dev/dri:/dev/dri" ];
-  #};
-
-  virtualisation.oci-containers.containers.whisparr = {
-    image = "cr.hotio.dev/hotio/whisparr";
-    environment = {
-      TZ = "Europe/Berlin";
-      PUID = "1337";
-      PGID = "1337";
-    };
-    ports = [
-      "${whisparr_port}:${whisparr_port}"
-    ];
-    volumes = [
-      "/var/lib/whisparr:/config"
-      "/mnt/mergerfs/media:/data"
-      #"/mnt/box/files:/mnt/seedbox"
-      "/mnt/ultracc/downloads:/mnt/ultracc"
-    ];
-    extraOptions = cfg.podman.extraOptions;
-    autoStart = false;
-  };
-
-  #webserver config
-  imports = [ ./nginx.nix ];
-
-  services.nginx.virtualHosts = {
-    "bazarr.${domain}" = {
-      forceSSL = true;
-      enableACME = true;
-      locations =
-      let
-        common = ''
-          proxy_set_header    X-Real-IP $remote_addr;
-          proxy_set_header    Host $host;
-          proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
-          proxy_set_header    X-Forwarded-Proto $scheme;
-          proxy_http_version  1.1;
-          proxy_set_header    Upgrade $http_upgrade;
-          proxy_set_header    Connection "Upgrade";
-          proxy_redirect      off;
-        '';
-      in
-      {
-        "/" = {
-          proxyPass = "http://127.0.0.1:${outpost_port}";
-          extraConfig = common;
-        };
-        "/api" = {
-          proxyPass = "http://127.0.0.1:${bazarr_port}";
-          extraConfig = common;
-        };
-      };
-      extraConfig = ''
-        access_log          /var/log/nginx/bazarr.${domain}_access.log;
-        error_log           /var/log/nginx/bazarr.${domain}_error.log;
-      '';
-    };
-
-    "jellyseerr.${domain}" = {
-      forceSSL = true;
-      enableACME = true;
-      locations = {
-        "/" = {
-          proxyPass = "http://127.0.0.1:${jellyseerr_port}";
-          extraConfig = ''
-            proxy_set_header    Referer             $http_referer;
-            proxy_set_header    Host                $host;
-            proxy_set_header    X-Real-IP           $remote_addr;
-            proxy_set_header    X-Real-Port         $remote_port;
-            proxy_set_header    X-Forwarded-Host    $host:$remote_port;
-            proxy_set_header    X-Forwarded-Server  $host;
-            proxy_set_header    X-Forwarded-Port    $remote_port;
-            proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
-            proxy_set_header    X-Forwarded-Proto   $scheme;
-            proxy_set_header    X-Forwarded-Ssl     on;
-
-            proxy_set_header    Upgrade $http_upgrade;
-            proxy_set_header    Connection $http_connection;
-            proxy_redirect      off;
-            proxy_http_version  1.1;
-          '';
-        };
-      };
-      extraConfig = ''
-        access_log          /var/log/nginx/jellyseerr.${domain}_access.log;
-        error_log           /var/log/nginx/jellyseerr.${domain}_error.log;
-      '';
-    };
-
-    "prowlarr.${domain}" = {
-      forceSSL = true;
-      enableACME = true;
-      locations =
-      let
-        common = ''
-          proxy_set_header    Host $host;
-          proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
-          proxy_set_header    X-Forwarded-Host $host;
-          proxy_set_header    X-Forwarded-Proto $scheme;
-          proxy_set_header    Upgrade $http_upgrade;
-          proxy_set_header    Connection $http_connection;
-          proxy_redirect      off;
-          proxy_http_version  1.1;
-        '';
-      in
-      {
-        "/" = {
-          proxyPass = "http://127.0.0.1:${outpost_port}";
-          extraConfig = common;
-        };
-        "/api" = {
-          proxyPass = "http://127.0.0.1:${prowlarr_port}";
-          extraConfig = common;
-        };
-      };
-      extraConfig = ''
-        access_log          /var/log/nginx/prowlarr.${domain}_access.log;
-        error_log           /var/log/nginx/prowlarr.${domain}_error.log;
-      '';
-    };
-
-    "radarr.${domain}" = {
-      forceSSL = true;
-      enableACME = true;
-      locations =
-      let
-        common = ''
-          proxy_set_header    Host $host;
-          proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
-          proxy_set_header    X-Forwarded-Host $host;
-          proxy_set_header    X-Forwarded-Proto $scheme;
-          proxy_set_header    Upgrade $http_upgrade;
-          proxy_set_header    Connection $http_connection;
-          proxy_redirect      off;
-          proxy_http_version  1.1;
-        '';
-      in
-      {
-        "/" = {
-          proxyPass = "http://127.0.0.1:${outpost_port}";
-          extraConfig = common;
-        };
-        "/api" = {
-          proxyPass = "http://127.0.0.1:${radarr_port}";
-          extraConfig = common;
-        };
-        "/signalr" = {
-          proxyPass = "http://127.0.0.1:${radarr_port}";
-          extraConfig = common;
-        };
-      };
-      extraConfig = ''
-        access_log          /var/log/nginx/radarr.${domain}_access.log;
-        error_log           /var/log/nginx/radarr.${domain}_error.log;
-      '';
-    };
-
-    "sonarr.${domain}" = {
-      forceSSL = true;
-      enableACME = true;
-      locations =
-      let
-        common = ''
-          proxy_set_header    Host $host;
-          proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
-          proxy_set_header    X-Forwarded-Host $host;
-          proxy_set_header    X-Forwarded-Proto $scheme;
-          proxy_set_header    Upgrade $http_upgrade;
-          proxy_set_header    Connection $http_connection;
-          proxy_redirect      off;
-          proxy_http_version  1.1;
-        '';
-      in
-      {
-        "/" = {
-          proxyPass = "http://127.0.0.1:${outpost_port}";
-          extraConfig = common;
-        };
-        "/api" = {
-          proxyPass = "http://127.0.0.1:${sonarr_port}";
-          extraConfig = common;
-        };
-      };
-      extraConfig = ''
-        access_log          /var/log/nginx/sonarr.${domain}_access.log;
-        error_log           /var/log/nginx/sonarr.${domain}_error.log;
-      '';
-    };
-
-    "sabnzbd.${domain}" = {
-      forceSSL = true;
-      enableACME = true;
-      locations =
-      let
-        common = ''
-          client_max_body_size  100m;
-          proxy_set_header    X-Forwarded-Host $host;
-        '';
-      in
-      {
-        "/" = {
-          proxyPass = "http://127.0.0.1:${outpost_port}";
-          extraConfig = common;
-        };
-        "/api" = {
-          proxyPass = "http://127.0.0.1:${sabnzbd_port}";
-          extraConfig = common;
-        };
-      };
-      extraConfig = ''
-        access_log          /var/log/nginx/sabnzbd.${domain}_access.log;
-        error_log           /var/log/nginx/sabnzbd.${domain}_error.log;
-      '';
-    };
-
-    "whisparr.${domain}" = {
-      forceSSL = true;
-      enableACME = true;
-      locations = {
-        "/" = {
-          proxyPass = "http://127.0.0.1:${outpost_port}";
-          extraConfig = ''
-            #proxy_set_header    Host $proxy_host;
-            proxy_set_header    Host $host;
-            proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header    X-Forwarded-Host $host;
-            proxy_set_header    X-Forwarded-Proto $scheme;
-            proxy_set_header    Upgrade $http_upgrade;
-            proxy_set_header    Connection $http_connection;
-            proxy_redirect      off;
-            proxy_http_version  1.1;
-          '';
-        };
-      };
-      extraConfig = ''
-        access_log          /var/log/nginx/whisparr.${domain}_access.log;
-        error_log           /var/log/nginx/whisparr.${domain}_error.log;
-      '';
-    };
-
-  };
-
-}
-# vim: set et ts=2 sw=2 ai:

modules/arrstack/autobrr.nix

@@ -0,0 +1,28 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+  autobrr_port = cfg.arrstack.autobrr.port;
+  outpost_port = cfg.authentik.outpostPort;
+  domain = "mc-fucker.cool";
+in
+{
+
+  virtualisation.oci-containers.containers.autobrr = {
+    image = "ghcr.io/autobrr/autobrr";
+    environment = {
+      TZ = "Europe/Berlin";
+    };
+    ports = [
+      "${autobrr_port}:${autobrr_port}"
+    ];
+    volumes = [
+      "/var/lib/autobrr:/config"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+  };
+
+  #services.nginx.virtualHosts = {
+
+  #};
+}
+# vim: set et ts=2 sw=2 ai:

modules/arrstack/bazarr.nix

@@ -0,0 +1,62 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+  bazarr_port = cfg.arrstack.bazarr.port;
+  outpost_port = cfg.authentik.outpostPort;
+  domain = "mc-fucker.cool";
+in
+{
+
+  virtualisation.oci-containers.containers.bazarr = {
+    image = "lscr.io/linuxserver/bazarr:latest";
+    environment = {
+      TZ = "Europe/Berlin";
+      PUID = toString config.users.users.arr.uid;
+      PGID = toString config.users.groups.arr.gid;
+    };
+    ports = [
+      "${bazarr_port}:${bazarr_port}"
+    ];
+    volumes = [
+      "/var/lib/bazarr:/config"
+      "/mnt/mergerfs/media:/data"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+    autoStart = false;
+  };
+
+  services.nginx.virtualHosts = {
+    "bazarr.${domain}" = {
+      forceSSL = true;
+      enableACME = true;
+      locations =
+      let
+        common = ''
+          proxy_set_header    X-Real-IP $remote_addr;
+          proxy_set_header    Host $host;
+          proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header    X-Forwarded-Proto $scheme;
+          proxy_http_version  1.1;
+          proxy_set_header    Upgrade $http_upgrade;
+          proxy_set_header    Connection "Upgrade";
+          proxy_redirect      off;
+        '';
+      in
+      {
+        "/" = {
+          proxyPass = "http://127.0.0.1:${outpost_port}";
+          extraConfig = common;
+        };
+        "/api" = {
+          proxyPass = "http://127.0.0.1:${bazarr_port}";
+          extraConfig = common;
+        };
+      };
+      extraConfig = ''
+        access_log          /var/log/nginx/bazarr.${domain}_access.log;
+        error_log           /var/log/nginx/bazarr.${domain}_error.log;
+      '';
+    };
+  };
+}
+# vim: set et ts=2 sw=2 ai:

modules/arrstack/crossseed.nix

@@ -0,0 +1,35 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+  crossseed_port = cfg.arrstack.crossseed.port;
+  #outpost_port = cfg.authentik.outpostPort;
+  #domain = "mc-fucker.cool";
+in
+{
+
+  virtualisation.oci-containers.containers.crossseed = {
+    image = "docker.io/crossseed/cross-seed";
+    cmd = [ "daemon" ];
+    environment = {
+      TZ = "Europe/Berlin";
+      PUID = toString config.users.users.arr.uid;
+      PGID = toString config.users.groups.arr.gid;
+    };
+    ports = [
+      "${crossseed_port}:${crossseed_port}"
+    ];
+    volumes = [
+      "/var/lib/cross-seed:/config"
+      #"/mnt/mergerfs/media:/data"
+      "/var/lib/qbittorrent/qBittorrent/data/BT_backup:/torrents"
+      "/mnt/mergerfs/media/qbittorrent:/data/qbittorrent"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+  };
+
+
+  #services.nginx.virtualHosts = {
+
+  #};
+}
+# vim: set et ts=2 sw=2 ai:

modules/arrstack/default.nix

@@ -0,0 +1,80 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+  autobrr_port = cfg.arrstack.autobrr.port;
+  bazarr_port = cfg.arrstack.bazarr.port;
+  jellyseerr_port = cfg.arrstack.jellyseerr.port;
+  lidarr_port = cfg.arrstack.lidarr.port;
+  prowlarr_port = cfg.arrstack.prowlarr.port;
+  radarr_port = cfg.arrstack.radarr.port;
+  sonarr_port = cfg.arrstack.sonarr.port;
+  tdarr_webport = cfg.arrstack.tdarr.webport;
+  tdarr_serverport = cfg.arrstack.tdarr.serverport;
+  whisparr_port = cfg.arrstack.whisparr.port;
+  sabnzbd_port = cfg.arrstack.sabnzbd.port;
+  outpost_port = cfg.authentik.outpostPort;
+  domain = "mc-fucker.cool";
+in
+{
+
+  users = {
+    groups.arr.gid = 1337;
+    users = {
+      mc-fucker.extraGroups = [ "arr" ];
+      arr = {
+        isSystemUser = true;
+        group = "arr";
+        uid = 1337;
+      };
+    };
+  };
+
+  networking.firewall.interfaces.podman0.allowedTCPPorts = [ 12421 28917 ];
+  networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ];
+
+  #container config
+
+  #virtualisation.oci-containers.containers.tdarr = {
+  #  image = "ghcr.io/haveagitgat/tdarr";
+  #  environment = {
+  #    TZ = "Europe/Berlin";
+  #    PUID = toString config.users.users.arr.uid;
+  #    PGID = toString config.users.groups.arr.gid;
+  #    serverIP = "0.0.0.0";
+  #    webUIPort = tdarr_webport;
+  #    serverPort = tdarr_serverport;
+  #    internalNode = "true";
+  #    inContainer = "true";
+  #  };
+  #  ports = [
+  #    "${tdarr_webport}:${tdarr_webport}"
+  #    "${tdarr_serverport}:${tdarr_serverport}"
+  #  ];
+  #  volumes = [
+  #    "/var/lib/tdarr/server:/app/server"
+  #    "/var/lib/tdarr/configs:/app/configs"
+  #    "/var/lib/tdarr/logs:/app/logs"
+  #    "/mnt/mergerfs/media:/data"
+  #  ];
+  #  extraOptions = cfg.podman.extraOptions ++ [ "--device=/dev/dri:/dev/dri" ];
+  #};
+
+  #webserver config
+  imports = [
+    /etc/nixos/modules/nginx.nix
+    ./autobrr.nix
+    ./bazarr.nix
+    ./crossseed.nix
+    ./lidarr.nix
+    ./jellyseerr.nix
+    ./prowlarr.nix
+    ./qbittorrent.nix
+    ./radarr.nix
+    ./recyclarr.nix
+    ./sabnzbd.nix
+    ./sonarr.nix
+    ./whisparr.nix
+  ];
+
+}
+# vim: set et ts=2 sw=2 ai:

modules/arrstack/jellyseerr.nix

@@ -0,0 +1,59 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+  jellyseerr_port = cfg.arrstack.jellyseerr.port;
+  outpost_port = cfg.authentik.outpostPort;
+  domain = "mc-fucker.cool";
+in
+{
+
+  virtualisation.oci-containers.containers.jellyseerr = {
+    image = "docker.io/fallenbagel/jellyseerr";
+    environment = {
+      TZ = "Europe/Berlin";
+    };
+    ports = [
+      "${jellyseerr_port}:${jellyseerr_port}"
+    ];
+    volumes = [
+      "/var/lib/jellyseerr:/app/config"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+  };
+
+  services.nginx.virtualHosts = {
+
+    "jellyseerr.${domain}" = {
+      forceSSL = true;
+      enableACME = true;
+      locations = {
+        "/" = {
+          proxyPass = "http://127.0.0.1:${jellyseerr_port}";
+          extraConfig = ''
+            proxy_set_header    Referer             $http_referer;
+            proxy_set_header    Host                $host;
+            proxy_set_header    X-Real-IP           $remote_addr;
+            proxy_set_header    X-Real-Port         $remote_port;
+            proxy_set_header    X-Forwarded-Host    $host:$remote_port;
+            proxy_set_header    X-Forwarded-Server  $host;
+            proxy_set_header    X-Forwarded-Port    $remote_port;
+            proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+            proxy_set_header    X-Forwarded-Proto   $scheme;
+            proxy_set_header    X-Forwarded-Ssl     on;
+
+            proxy_set_header    Upgrade $http_upgrade;
+            proxy_set_header    Connection $http_connection;
+            proxy_redirect      off;
+            proxy_http_version  1.1;
+          '';
+        };
+      };
+      extraConfig = ''
+        access_log          /var/log/nginx/jellyseerr.${domain}_access.log;
+        error_log           /var/log/nginx/jellyseerr.${domain}_error.log;
+      '';
+    };
+
+  };
+}
+# vim: set et ts=2 sw=2 ai:

modules/arrstack/lidarr.nix

@@ -0,0 +1,58 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+  lidarr_port = cfg.arrstack.lidarr.port;
+  #outpost_port = cfg.authentik.outpostPort;
+  #domain = "mc-fucker.cool";
+in
+{
+
+   virtualisation.oci-containers.containers.lidarrtest = {
+    image = "docker.io/youegraillot/lidarr-on-steroids";
+    environment = {
+      TZ = "Europe/Berlin";
+      PUID = toString config.users.users.arr.uid;
+      PGID = toString config.users.groups.arr.gid;
+    };
+    ports = [
+      "10101:8686"
+      "10100:6595"
+    ];
+    volumes = [
+      "/var/lib/lidarrtest/lidarr:/config"
+      "/var/lib/lidarrtest/deemix:/config_deemix"
+      "/mnt/tmp/deemix:/downloads"
+      #"/mnt/mergerfs/media/music/Interpreten:/music"
+      #"/mnt/mergerfs/media:/data"
+      #"/mnt/box/files:/data/seedbox"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+    autoStart = false;
+  };
+
+  virtualisation.oci-containers.containers.lidarr = {
+    image = "lscr.io/linuxserver/lidarr:latest";
+    environment = {
+      TZ = "Europe/Berlin";
+      PUID = toString config.users.users.arr.uid;
+      PGID = toString config.users.groups.arr.gid;
+    };
+    ports = [
+      "${lidarr_port}:${lidarr_port}"
+    ];
+    volumes = [
+      "/var/lib/lidarr:/config"
+      "/var/lib/lidarr-extended/custom-cont-init.d:/custom-cont-init.d"
+      "/var/lib/lidarr-extended/custom-services.d:/custom-services.d"
+      "/mnt/mergerfs/media:/data"
+      "/mnt/ultracc/downloads:/mnt/ultracc"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+    autoStart = false;
+  };
+
+  #services.nginx.virtualHosts = {
+
+  #};
+}
+# vim: set et ts=2 sw=2 ai:

modules/arrstack/prowlarr.nix

@@ -0,0 +1,60 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+  prowlarr_port = cfg.arrstack.prowlarr.port;
+  outpost_port = cfg.authentik.outpostPort;
+  domain = "mc-fucker.cool";
+in
+{
+
+  virtualisation.oci-containers.containers.prowlarr = {
+    image = "lscr.io/linuxserver/prowlarr:latest";
+    environment = {
+      TZ = "Europe/Berlin";
+    };
+    ports = [
+      "${prowlarr_port}:${prowlarr_port}"
+    ];
+    volumes = [
+      "/var/lib/prowlarr:/config"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+  };
+
+  services.nginx.virtualHosts = {
+
+  "prowlarr.${domain}" = {
+      forceSSL = true;
+      enableACME = true;
+      locations =
+      let
+        common = ''
+          proxy_set_header    Host $host;
+          proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header    X-Forwarded-Host $host;
+          proxy_set_header    X-Forwarded-Proto $scheme;
+          proxy_set_header    Upgrade $http_upgrade;
+          proxy_set_header    Connection $http_connection;
+          proxy_redirect      off;
+          proxy_http_version  1.1;
+        '';
+      in
+      {
+        "/" = {
+          proxyPass = "http://127.0.0.1:${outpost_port}";
+          extraConfig = common;
+        };
+        "/api" = {
+          proxyPass = "http://127.0.0.1:${prowlarr_port}";
+          extraConfig = common;
+        };
+      };
+      extraConfig = ''
+        access_log          /var/log/nginx/prowlarr.${domain}_access.log;
+        error_log           /var/log/nginx/prowlarr.${domain}_error.log;
+      '';
+    };
+
+  };
+}
+# vim: set et ts=2 sw=2 ai:

modules/arrstack/qbittorrent.nix

@@ -0,0 +1,40 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+  #bazarr_port = cfg.arrstack.bazarr.port;
+  #outpost_port = cfg.authentik.outpostPort;
+  #domain = "mc-fucker.cool";
+in
+{
+
+   virtualisation.oci-containers.containers.qbittorrent = {
+    image = "docker.io/binhex/arch-qbittorrentvpn";
+    environment = {
+      TZ = "Europe/Berlin";
+      PUID = toString config.users.users.arr.uid;
+      PGID = toString config.users.groups.arr.gid;
+      VPN_ENABLED = "yes";
+      VPN_CLIENT = "wireguard";
+      VPN_PROV = "custom";
+      LAN_NETWORK = "192.168.178.0/24";
+    };
+    ports = [
+      "6881:6881"
+      "6881:6881/udp"
+      "8080:8080"
+      #"8118:8118"
+    ];
+    volumes = [
+      "/var/lib/qbittorrent:/config"
+      "/mnt/mergerfs/media/qbittorrent:/data/qbittorrent"
+      "/mnt/cache/qbittorrent:/cache"
+    ];
+    #extraOptions = cfg.podman.extraOptions ++ [ "--cap-add=NET_ADMIN,NET_RAW" "--device=/dev/net/tun" ];
+    extraOptions = cfg.podman.extraOptions ++ [ ''--sysctl="net.ipv4.conf.all.src_valid_mark=1"'' "--privileged=true" "--ip=10.88.13.37" ];
+    autoStart = false;
+  };
+
+  #services.nginx.virtualHosts = {
+  #};
+}
+# vim: set et ts=2 sw=2 ai:

modules/arrstack/radarr.nix

@@ -0,0 +1,69 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+  radarr_port = cfg.arrstack.radarr.port;
+  outpost_port = cfg.authentik.outpostPort;
+  domain = "mc-fucker.cool";
+in
+{
+
+  virtualisation.oci-containers.containers.radarr = {
+    image = "lscr.io/linuxserver/radarr:latest";
+    environment = {
+      TZ = "Europe/Berlin";
+      PUID = toString config.users.users.arr.uid;
+      PGID = toString config.users.groups.arr.gid;
+    };
+    ports = [
+      "${radarr_port}:${radarr_port}"
+    ];
+    volumes = [
+      "/var/lib/radarr:/config"
+      "/mnt/mergerfs/media:/data"
+      "/mnt/ultracc/downloads:/mnt/ultracc"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+    autoStart = false;
+  };
+
+  services.nginx.virtualHosts = {
+    "radarr.${domain}" = {
+      forceSSL = true;
+      enableACME = true;
+      locations =
+      let
+        common = ''
+          proxy_set_header    Host $host;
+          proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header    X-Forwarded-Host $host;
+          proxy_set_header    X-Forwarded-Proto $scheme;
+          proxy_set_header    Upgrade $http_upgrade;
+          proxy_set_header    Connection $http_connection;
+          proxy_redirect      off;
+          proxy_http_version  1.1;
+        '';
+      in
+      {
+        "/" = {
+          proxyPass = "http://127.0.0.1:${outpost_port}";
+          extraConfig = common;
+        };
+        "/api" = {
+          proxyPass = "http://127.0.0.1:${radarr_port}";
+          extraConfig = common;
+        };
+        "/signalr" = {
+          proxyPass = "http://127.0.0.1:${radarr_port}";
+          extraConfig = common;
+        };
+      };
+      extraConfig = ''
+        access_log          /var/log/nginx/radarr.${domain}_access.log;
+        error_log           /var/log/nginx/radarr.${domain}_error.log;
+      '';
+    };
+
+  };
+
+}
+# vim: set et ts=2 sw=2 ai:

modules/arrstack/recyclarr.nix

@@ -0,0 +1,20 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+in
+{
+
+  virtualisation.oci-containers.containers.recyclarr = {
+    image = "ghcr.io/recyclarr/recyclarr";
+    environment = {
+      TZ = "Europe/Berlin";
+    };
+    volumes = [
+      "/var/lib/recyclarr:/config"
+    ];
+    user = "1919:1919";
+    extraOptions = cfg.podman.extraOptions;
+  };
+
+}
+# vim: set et ts=2 sw=2 ai:

modules/arrstack/sabnzbd.nix

@@ -0,0 +1,59 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+  sabnzbd_port = cfg.arrstack.sabnzbd.port;
+  outpost_port = cfg.authentik.outpostPort;
+  domain = "mc-fucker.cool";
+in
+{
+
+  virtualisation.oci-containers.containers.sabnzbd = {
+    image = "lscr.io/linuxserver/sabnzbd:latest";
+    environment = {
+      TZ = "Europe/Berlin";
+      PUID = toString config.users.users.arr.uid;
+      PGID = toString config.users.groups.arr.gid;
+    };
+    ports = [
+      "${sabnzbd_port}:8080"
+    ];
+    volumes = [
+      "/var/lib/sabnzbd:/config"
+      "/mnt/mergerfs/media/usenet:/data/usenet"
+      "/mnt/cache/sabnzbd:/cache"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+    autoStart = false;
+  };
+
+  services.nginx.virtualHosts = {
+
+    "sabnzbd.${domain}" = {
+      forceSSL = true;
+      enableACME = true;
+      locations =
+      let
+        common = ''
+          client_max_body_size  100m;
+          proxy_set_header    X-Forwarded-Host $host;
+        '';
+      in
+      {
+        "/" = {
+          proxyPass = "http://127.0.0.1:${outpost_port}";
+          extraConfig = common;
+        };
+        "/api" = {
+          proxyPass = "http://127.0.0.1:${sabnzbd_port}";
+          extraConfig = common;
+        };
+      };
+      extraConfig = ''
+        access_log          /var/log/nginx/sabnzbd.${domain}_access.log;
+        error_log           /var/log/nginx/sabnzbd.${domain}_error.log;
+      '';
+    };
+
+  };
+}
+# vim: set et ts=2 sw=2 ai:

modules/arrstack/sonarr.nix

@@ -0,0 +1,65 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+  sonarr_port = cfg.arrstack.sonarr.port;
+  outpost_port = cfg.authentik.outpostPort;
+  domain = "mc-fucker.cool";
+in
+{
+
+  virtualisation.oci-containers.containers.sonarr = {
+    image = "lscr.io/linuxserver/sonarr:develop";
+    environment = {
+      TZ = "Europe/Berlin";
+      PUID = toString config.users.users.arr.uid;
+      PGID = toString config.users.groups.arr.gid;
+    };
+    ports = [
+      "${sonarr_port}:${sonarr_port}"
+    ];
+    volumes = [
+      "/var/lib/sonarr:/config"
+      "/mnt/mergerfs/media:/data"
+      "/mnt/ultracc/downloads:/mnt/ultracc"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+    autoStart = false;
+  };
+
+  services.nginx.virtualHosts = {
+
+    "sonarr.${domain}" = {
+      forceSSL = true;
+      enableACME = true;
+      locations =
+      let
+        common = ''
+          proxy_set_header    Host $host;
+          proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header    X-Forwarded-Host $host;
+          proxy_set_header    X-Forwarded-Proto $scheme;
+          proxy_set_header    Upgrade $http_upgrade;
+          proxy_set_header    Connection $http_connection;
+          proxy_redirect      off;
+          proxy_http_version  1.1;
+        '';
+      in
+      {
+        "/" = {
+          proxyPass = "http://127.0.0.1:${outpost_port}";
+          extraConfig = common;
+        };
+        "/api" = {
+          proxyPass = "http://127.0.0.1:${sonarr_port}";
+          extraConfig = common;
+        };
+      };
+      extraConfig = ''
+        access_log          /var/log/nginx/sonarr.${domain}_access.log;
+        error_log           /var/log/nginx/sonarr.${domain}_error.log;
+      '';
+    };
+
+  };
+}
+# vim: set et ts=2 sw=2 ai:

modules/arrstack/template

@@ -0,0 +1,14 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+  bazarr_port = cfg.arrstack.bazarr.port;
+  outpost_port = cfg.authentik.outpostPort;
+  domain = "mc-fucker.cool";
+in
+{
+
+  services.nginx.virtualHosts = {
+
+  };
+}
+# vim: set et ts=2 sw=2 ai:

modules/arrstack/whisparr.nix

@@ -0,0 +1,58 @@
+{ config, ... }:
+let
+  cfg = import /etc/nixos/modules/vars.nix;
+  whisparr_port = cfg.arrstack.whisparr.port;
+  outpost_port = cfg.authentik.outpostPort;
+  domain = "mc-fucker.cool";
+in
+{
+
+  virtualisation.oci-containers.containers.whisparr = {
+    image = "ghcr.io/hotio/whisparr";
+    environment = {
+      TZ = "Europe/Berlin";
+      PUID = toString config.users.users.arr.uid;
+      PGID = toString config.users.groups.arr.gid;
+    };
+    ports = [
+      "${whisparr_port}:${whisparr_port}"
+    ];
+    volumes = [
+      "/var/lib/whisparr:/config"
+      "/mnt/mergerfs/media:/data"
+      "/mnt/ultracc/downloads:/mnt/ultracc"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+    autoStart = false;
+  };
+
+  services.nginx.virtualHosts = {
+
+    "whisparr.${domain}" = {
+      forceSSL = true;
+      enableACME = true;
+      locations = {
+        "/" = {
+          proxyPass = "http://127.0.0.1:${outpost_port}";
+          extraConfig = ''
+            #proxy_set_header    Host $proxy_host;
+            proxy_set_header    Host $host;
+            proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header    X-Forwarded-Host $host;
+            proxy_set_header    X-Forwarded-Proto $scheme;
+            proxy_set_header    Upgrade $http_upgrade;
+            proxy_set_header    Connection $http_connection;
+            proxy_redirect      off;
+            proxy_http_version  1.1;
+          '';
+        };
+      };
+      extraConfig = ''
+        access_log          /var/log/nginx/whisparr.${domain}_access.log;
+        error_log           /var/log/nginx/whisparr.${domain}_error.log;
+      '';
+    };
+
+  };
+}
+# vim: set et ts=2 sw=2 ai:

modules/encode/ab-av1_opus_no_default_bitrate.patch

@@ -0,0 +1,20 @@
+diff --git a/src/ffmpeg.rs b/src/ffmpeg.rs
+index bb2dcad..8790725 100644
+--- a/src/ffmpeg.rs
++++ b/src/ffmpeg.rs
+@@ -141,7 +141,6 @@ pub fn encode(
+         "copy"
+     });
+ 
+-    let set_ba_128k = audio_codec == "libopus" && !oargs.contains("-b:a");
+     let downmix_to_stereo = downmix_to_stereo && !oargs.contains("-ac");
+     let map = match video_only {
+         true => "0:v:0",
+@@ -165,7 +164,6 @@ pub fn encode(
+         .arg2("-c:a", audio_codec)
+         .arg_if(matroska, "-dn") // "Only audio, video, and subtitles are supported for Matroska"
+         .arg2_if(downmix_to_stereo, "-ac", 2)
+-        .arg2_if(set_ba_128k, "-b:a", "128k")
+         .arg2_if(add_faststart, "-movflags", "+faststart")
+         .arg2_if(add_cues_to_front, "-cues_to_front", "y")
+         .arg(output)

modules/encode/default.nix

@@ -0,0 +1,27 @@
+{ config, pkgs, lib, ... }:
+{
+
+  environment.systemPackages = with pkgs; [
+    ab-av1
+    bc
+    ffmpeg_6-full
+    jq
+    mediainfo
+  ];
+
+
+  nixpkgs.overlays = [
+    (
+      final: prev: {
+        ab-av1 = prev.ab-av1.overrideAttrs (
+          old: {
+            patches = (old.patches or []) ++ [
+              ./ab-av1_opus_no_default_bitrate.patch
+            ];
+          }
+        );
+      }
+    )
+  ];
+}
+# vim: set et ts=2 sw=2 ai:

modules/generic.nix

@@ -93,16 +93,17 @@ in
   boot.loader.timeout = 1;
 
   environment.systemPackages = with pkgs; [
-    wget
-    htop
-    git
-    screen
-    rxvt-unicode-unwrapped.terminfo
-    nmap
+    btop
     dig
-    rclone
-    pv
     eza
+    git
+    htop
+    nmap
+    pv
+    rclone
+    rxvt-unicode-unwrapped.terminfo
+    screen
+    wget
     (import ./vim.nix)
   ];
 

modules/vars.nix

@@ -3,6 +3,7 @@
   arrstack = {
     autobrr.port = "7474";
     bazarr.port = "6767";
+    crossseed.port = "2468";
     jellyseerr.port = "5055";
     lidarr.port = "8686";
     prowlarr.port = "9696";
@@ -75,6 +76,8 @@
 
   nextcloud = {
     dbport = "54329";
+    port = "10443";
+    domain = "cloud.mc-fucker.cool";
   };
 
   podman = {

modules/zsh.nix

@@ -29,7 +29,7 @@ with import <nixpkgs> {};
     "nt" = "(cd /tmp && nixos-rebuild test)";
     "ns" = "nixos-rebuild switch";
     "nsu" = "nixos-rebuild switch --upgrade";
-    "dfr" = "df -h | head -n +1; df -h | tail -n +2 | sort -nrk5";
+    "dfr" = "df -h | head -n +1; df -h -x overlay -x tmpfs | tail -n +2 | sort -nrk5";
     "d" = ''du -ahx "$PWD" --exclude=/proc| sort -rh 2>/dev/null |head -40 | sort -rh 2>/dev/null'';
   };
 }

packages/zabbix/agent2.nix

@@ -17,8 +17,6 @@ import ./versions.nix ({ version, hash, vendorHash ? throw "unsupported version
     nativeBuildInputs = [ autoreconfHook pkg-config ];
     buildInputs = [ libiconv openssl pcre zlib ];
 
-    inherit (buildGoModule.go) GOOS GOARCH;
-
     # need to provide GO* env variables & patch for reproducibility
     postPatch = ''
       substituteInPlace src/go/Makefile.am \

packages/zabbix/versions.nix

@@ -1,7 +1,7 @@
 generic: {
   latest = generic {
-    version = "7.0.3";
-    hash = "sha256-FzBZ9X8RcWFG2nk0XlprxS7O7mpcRBBmS4UAqVVZiyo=";
+    version = "7.0.6";
+    hash = "sha256-DXfODjhNbTCqc55ZZIBGqtoxqX/NfWJr2a+jfkIKLdA=";
     vendorHash = null;
   };
 

systems/nasty/configuration.nix

@@ -8,7 +8,7 @@
       ./modules/physical.nix
       ./modules/borg-serve.nix
       ./modules/jellyfin.nix
-      ./modules/arrstack.nix
+      ./modules/arrstack
       ./modules/authentik-proxy.nix
       ./modules/stash.nix
       #./modules/nextcloud-aio.nix
@@ -18,6 +18,7 @@
       ./modules/tvproxy.nix
       ./modules/calibre-web.nix
       ./modules/borg.nix
+      ./modules/nctest.nix
     ];
 
   system.autoUpgrade = {

systems/nasty/samba.nix

@@ -20,7 +20,10 @@
   services.samba = {
     enable = true;
     openFirewall = true;
-    shares = {
+    settings = {
+      global = {
+        "map to guest" = "bad user";
+      };
       "private" = {
         path = "/mnt/mergerfs/smb/%u";
         "read only" = "no";
@@ -31,6 +34,10 @@
         path = "/mnt/mergerfs/media/software";
         "guest ok" = "yes";
       };
+      "games" = {
+        path = "/mnt/mergerfs/media/games";
+        "guest ok" = "yes";
+      };
       "movies" = {
         path = "/mnt/mergerfs/media/movies";
         "guest ok" = "yes";