mc-fucker/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: mc-fucker:742511ea27bc71028966b045215456e6632500d0
Branches Tags
mc-fucker:master
..
compare: mc-fucker:573c52e306b8308eacc975096341f271b09ee0a6
Branches Tags
mc-fucker:master

No commits in common. "742511ea27bc71028966b045215456e6632500d0" and "573c52e306b8308eacc975096341f271b09ee0a6" have entirely different histories.
742511ea27 ... 573c52e306

24 changed files with 527 additions and 780 deletions
Show stats Expand all files Collapse all files

511
modules/arrstack.nix Normal file
View file

@ -0,0 +1,511 @@
{ ... }:
let
cfg = import ./vars.nix;
autobrr_port = cfg.arrstack.autobrr.port;
bazarr_port = cfg.arrstack.bazarr.port;
jellyseerr_port = cfg.arrstack.jellyseerr.port;
lidarr_port = cfg.arrstack.lidarr.port;
prowlarr_port = cfg.arrstack.prowlarr.port;
radarr_port = cfg.arrstack.radarr.port;
sonarr_port = cfg.arrstack.sonarr.port;
tdarr_webport = cfg.arrstack.tdarr.webport;
tdarr_serverport = cfg.arrstack.tdarr.serverport;
whisparr_port = cfg.arrstack.whisparr.port;
sabnzbd_port = cfg.arrstack.sabnzbd.port;
outpost_port = cfg.authentik.outpostPort;
domain = "mc-fucker.cool";
in
{
users.groups.arr = {
gid = 1337;
};
users.users = {
arr = {
isSystemUser = true;
group = "arr";
uid = 1337;
};
mc-fucker.extraGroups = [ "arr" ];
};
networking.firewall.interfaces.podman0.allowedTCPPorts = [ 12421 28917 ];
networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ];
#container config
#virtualisation.oci-containers.containers.autobrr = {
# image = "ghcr.io/autobrr/autobrr";
# environment = {
# TZ = "Europe/Berlin";
# };
# ports = [
# "${autobrr_port}:${autobrr_port}"
# ];
# volumes = [
# "/var/lib/autobrr:/config"
# ];
# extraOptions = cfg.podman.extraOptions;
#};
virtualisation.oci-containers.containers.bazarr = {
image = "lscr.io/linuxserver/bazarr:latest";
environment = {
TZ = "Europe/Berlin";
PUID = "1337";
PGID = "1337";
};
ports = [
"${bazarr_port}:${bazarr_port}"
];
volumes = [
"/var/lib/bazarr:/config"
"/mnt/mergerfs/media:/data"
];
extraOptions = cfg.podman.extraOptions;
autoStart = false;
};
#virtualisation.oci-containers.containers.crossseed = {
# image = "docker.io/crossseed/cross-seed";
# environment = {
# TZ = "Europe/Berlin";
# PUID = "1337";
# PGID = "1337";
# };
# ports = [
# "${radarr_port}:${radarr_port}"
# ];
# volumes = [
# "/var/lib/radarr:/config"
# "/mnt/mergerfs/media:/data"
# "/mnt/box/files:/data/seedbox"
# ];
# extraOptions = cfg.podman.extraOptions;
#};
virtualisation.oci-containers.containers.jellyseerr = {
image = "docker.io/fallenbagel/jellyseerr";
environment = {
TZ = "Europe/Berlin";
};
ports = [
"${jellyseerr_port}:${jellyseerr_port}"
];
volumes = [
"/var/lib/jellyseerr:/app/config"
];
extraOptions = cfg.podman.extraOptions;
};
virtualisation.oci-containers.containers.lidarrtest = {
image = "docker.io/youegraillot/lidarr-on-steroids";
environment = {
TZ = "Europe/Berlin";
PUID = "1337";
PGID = "1337";
};
ports = [
"10101:8686"
"10100:6595"
];
volumes = [
"/var/lib/lidarrtest/lidarr:/config"
"/var/lib/lidarrtest/deemix:/config_deemix"
"/mnt/tmp/deemix:/downloads"
#"/mnt/mergerfs/media/music/Interpreten:/music"
#"/mnt/mergerfs/media:/data"
#"/mnt/box/files:/data/seedbox"
];
extraOptions = cfg.podman.extraOptions;
autoStart = false;
};
virtualisation.oci-containers.containers.lidarr = {
image = "lscr.io/linuxserver/lidarr:latest";
environment = {
TZ = "Europe/Berlin";
PUID = "1337";
PGID = "1337";
};
ports = [
"${lidarr_port}:${lidarr_port}"
];
volumes = [
"/var/lib/lidarr:/config"
"/var/lib/lidarr-extended/custom-cont-init.d:/custom-cont-init.d"
"/var/lib/lidarr-extended/custom-services.d:/custom-services.d"
"/mnt/mergerfs/media:/data"
#"/mnt/box/files:/mnt/seedbox"
"/mnt/ultracc/downloads:/mnt/ultracc"
];
extraOptions = cfg.podman.extraOptions;
autoStart = false;
};
virtualisation.oci-containers.containers.prowlarr = {
image = "lscr.io/linuxserver/prowlarr:latest";
environment = {
TZ = "Europe/Berlin";
};
ports = [
"${prowlarr_port}:${prowlarr_port}"
];
volumes = [
"/var/lib/prowlarr:/config"
];
extraOptions = cfg.podman.extraOptions;
};
virtualisation.oci-containers.containers.qbittorrent = {
image = "docker.io/binhex/arch-qbittorrentvpn";
environment = {
TZ = "Europe/Berlin";
PUID = "1337";
PGID = "1337";
VPN_ENABLED = "yes";
VPN_CLIENT = "wireguard";
VPN_PROV = "custom";
LAN_NETWORK = "192.168.178.0/24";
};
ports = [
"6881:6881"
"6881:6881/udp"
"8080:8080"
#"8118:8118"
];
volumes = [
"/var/lib/qbittorrent:/config"
"/mnt/mergerfs/media/qbittorrent:/data/qbittorrent"
];
#extraOptions = cfg.podman.extraOptions ++ [ "--cap-add=NET_ADMIN,NET_RAW" "--device=/dev/net/tun" ];
extraOptions = cfg.podman.extraOptions ++ [ ''--sysctl="net.ipv4.conf.all.src_valid_mark=1"'' "--privileged=true" "--ip=10.88.13.37" ];
autoStart = false;
};
virtualisation.oci-containers.containers.radarr = {
image = "lscr.io/linuxserver/radarr:latest";
environment = {
TZ = "Europe/Berlin";
PUID = "1337";
PGID = "1337";
};
ports = [
"${radarr_port}:${radarr_port}"
];
volumes = [
"/var/lib/radarr:/config"
"/mnt/mergerfs/media:/data"
#"/mnt/box/files:/mnt/seedbox"
"/mnt/ultracc/downloads:/mnt/ultracc"
];
extraOptions = cfg.podman.extraOptions;
autoStart = false;
};
virtualisation.oci-containers.containers.sonarr = {
image = "lscr.io/linuxserver/sonarr:develop";
environment = {
TZ = "Europe/Berlin";
PUID = "1337";
PGID = "1337";
};
ports = [
"${sonarr_port}:${sonarr_port}"
];
volumes = [
"/var/lib/sonarr:/config"
"/mnt/mergerfs/media:/data"
#"/mnt/box/files:/mnt/seedbox"
"/mnt/ultracc/downloads:/mnt/ultracc"
];
extraOptions = cfg.podman.extraOptions;
autoStart = false;
};
virtualisation.oci-containers.containers.sabnzbd = {
image = "lscr.io/linuxserver/sabnzbd:latest";
environment = {
TZ = "Europe/Berlin";
PUID = "1337";
PGID = "1337";
};
ports = [
"${sabnzbd_port}:8080"
];
volumes = [
"/var/lib/sabnzbd:/config"
"/mnt/mergerfs/media/usenet:/data/usenet"
"/mnt/cache/sabnzbd:/cache"
];
extraOptions = cfg.podman.extraOptions;
autoStart = false;
};
#virtualisation.oci-containers.containers.tdarr = {
# image = "ghcr.io/haveagitgat/tdarr";
# environment = {
# TZ = "Europe/Berlin";
# PUID = "1337";
# PGID = "1337";
# serverIP = "0.0.0.0";
# webUIPort = tdarr_webport;
# serverPort = tdarr_serverport;
# internalNode = "true";
# inContainer = "true";
# };
# ports = [
# "${tdarr_webport}:${tdarr_webport}"
# "${tdarr_serverport}:${tdarr_serverport}"
# ];
# volumes = [
# "/var/lib/tdarr/server:/app/server"
# "/var/lib/tdarr/configs:/app/configs"
# "/var/lib/tdarr/logs:/app/logs"
# "/mnt/mergerfs/media:/data"
# ];
# extraOptions = cfg.podman.extraOptions ++ [ "--device=/dev/dri:/dev/dri" ];
#};
virtualisation.oci-containers.containers.whisparr = {
image = "cr.hotio.dev/hotio/whisparr";
environment = {
TZ = "Europe/Berlin";
PUID = "1337";
PGID = "1337";
};
ports = [
"${whisparr_port}:${whisparr_port}"
];
volumes = [
"/var/lib/whisparr:/config"
"/mnt/mergerfs/media:/data"
#"/mnt/box/files:/mnt/seedbox"
"/mnt/ultracc/downloads:/mnt/ultracc"
];
extraOptions = cfg.podman.extraOptions;
autoStart = false;
};
#webserver config
imports = [ ./nginx.nix ];
services.nginx.virtualHosts = {
"bazarr.${domain}" = {
forceSSL = true;
enableACME = true;
locations =
let
common = ''
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_redirect off;
'';
in
{
"/" = {
proxyPass = "http://127.0.0.1:${outpost_port}";
extraConfig = common;
};
"/api" = {
proxyPass = "http://127.0.0.1:${bazarr_port}";
extraConfig = common;
};
};
extraConfig = ''
access_log /var/log/nginx/bazarr.${domain}_access.log;
error_log /var/log/nginx/bazarr.${domain}_error.log;
'';
};
"jellyseerr.${domain}" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
proxyPass = "http://127.0.0.1:${jellyseerr_port}";
extraConfig = ''
proxy_set_header Referer $http_referer;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Forwarded-Host $host:$remote_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_redirect off;
proxy_http_version 1.1;
'';
};
};
extraConfig = ''
access_log /var/log/nginx/jellyseerr.${domain}_access.log;
error_log /var/log/nginx/jellyseerr.${domain}_error.log;
'';
};
"prowlarr.${domain}" = {
forceSSL = true;
enableACME = true;
locations =
let
common = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_redirect off;
proxy_http_version 1.1;
'';
in
{
"/" = {
proxyPass = "http://127.0.0.1:${outpost_port}";
extraConfig = common;
};
"/api" = {
proxyPass = "http://127.0.0.1:${prowlarr_port}";
extraConfig = common;
};
};
extraConfig = ''
access_log /var/log/nginx/prowlarr.${domain}_access.log;
error_log /var/log/nginx/prowlarr.${domain}_error.log;
'';
};
"radarr.${domain}" = {
forceSSL = true;
enableACME = true;
locations =
let
common = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_redirect off;
proxy_http_version 1.1;
'';
in
{
"/" = {
proxyPass = "http://127.0.0.1:${outpost_port}";
extraConfig = common;
};
"/api" = {
proxyPass = "http://127.0.0.1:${radarr_port}";
extraConfig = common;
};
"/signalr" = {
proxyPass = "http://127.0.0.1:${radarr_port}";
extraConfig = common;
};
};
extraConfig = ''
access_log /var/log/nginx/radarr.${domain}_access.log;
error_log /var/log/nginx/radarr.${domain}_error.log;
'';
};
"sonarr.${domain}" = {
forceSSL = true;
enableACME = true;
locations =
let
common = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_redirect off;
proxy_http_version 1.1;
'';
in
{
"/" = {
proxyPass = "http://127.0.0.1:${outpost_port}";
extraConfig = common;
};
"/api" = {
proxyPass = "http://127.0.0.1:${sonarr_port}";
extraConfig = common;
};
};
extraConfig = ''
access_log /var/log/nginx/sonarr.${domain}_access.log;
error_log /var/log/nginx/sonarr.${domain}_error.log;
'';
};
"sabnzbd.${domain}" = {
forceSSL = true;
enableACME = true;
locations =
let
common = ''
client_max_body_size 100m;
proxy_set_header X-Forwarded-Host $host;
'';
in
{
"/" = {
proxyPass = "http://127.0.0.1:${outpost_port}";
extraConfig = common;
};
"/api" = {
proxyPass = "http://127.0.0.1:${sabnzbd_port}";
extraConfig = common;
};
};
extraConfig = ''
access_log /var/log/nginx/sabnzbd.${domain}_access.log;
error_log /var/log/nginx/sabnzbd.${domain}_error.log;
'';
};
"whisparr.${domain}" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
proxyPass = "http://127.0.0.1:${outpost_port}";
extraConfig = ''
#proxy_set_header Host $proxy_host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_redirect off;
proxy_http_version 1.1;
'';
};
};
extraConfig = ''
access_log /var/log/nginx/whisparr.${domain}_access.log;
error_log /var/log/nginx/whisparr.${domain}_error.log;
'';
};
};
}
# vim: set et ts=2 sw=2 ai:

28
modules/arrstack/autobrr.nix
View file

@ -1,28 +0,0 @@
{ config, ... }:
let
cfg = import /etc/nixos/modules/vars.nix;
autobrr_port = cfg.arrstack.autobrr.port;
outpost_port = cfg.authentik.outpostPort;
domain = "mc-fucker.cool";
in
{
virtualisation.oci-containers.containers.autobrr = {
image = "ghcr.io/autobrr/autobrr";
environment = {
TZ = "Europe/Berlin";
};
ports = [
"${autobrr_port}:${autobrr_port}"
];
volumes = [
"/var/lib/autobrr:/config"
];
extraOptions = cfg.podman.extraOptions;
};
#services.nginx.virtualHosts = {
#};
}
# vim: set et ts=2 sw=2 ai:

62
modules/arrstack/bazarr.nix
View file

@ -1,62 +0,0 @@
{ config, ... }:
let
cfg = import /etc/nixos/modules/vars.nix;
bazarr_port = cfg.arrstack.bazarr.port;
outpost_port = cfg.authentik.outpostPort;
domain = "mc-fucker.cool";
in
{
virtualisation.oci-containers.containers.bazarr = {
image = "lscr.io/linuxserver/bazarr:latest";
environment = {
TZ = "Europe/Berlin";
PUID = toString config.users.users.arr.uid;
PGID = toString config.users.groups.arr.gid;
};
ports = [
"${bazarr_port}:${bazarr_port}"
];
volumes = [
"/var/lib/bazarr:/config"
"/mnt/mergerfs/media:/data"
];
extraOptions = cfg.podman.extraOptions;
autoStart = false;
};
services.nginx.virtualHosts = {
"bazarr.${domain}" = {
forceSSL = true;
enableACME = true;
locations =
let
common = ''
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_redirect off;
'';
in
{
"/" = {
proxyPass = "http://127.0.0.1:${outpost_port}";
extraConfig = common;
};
"/api" = {
proxyPass = "http://127.0.0.1:${bazarr_port}";
extraConfig = common;
};
};
extraConfig = ''
access_log /var/log/nginx/bazarr.${domain}_access.log;
error_log /var/log/nginx/bazarr.${domain}_error.log;
'';
};
};
}
# vim: set et ts=2 sw=2 ai:

35
modules/arrstack/crossseed.nix
View file

@ -1,35 +0,0 @@
{ config, ... }:
let
cfg = import /etc/nixos/modules/vars.nix;
crossseed_port = cfg.arrstack.crossseed.port;
#outpost_port = cfg.authentik.outpostPort;
#domain = "mc-fucker.cool";
in
{
virtualisation.oci-containers.containers.crossseed = {
image = "docker.io/crossseed/cross-seed";
cmd = [ "daemon" ];
environment = {
TZ = "Europe/Berlin";
PUID = toString config.users.users.arr.uid;
PGID = toString config.users.groups.arr.gid;
};
ports = [
"${crossseed_port}:${crossseed_port}"
];
volumes = [
"/var/lib/cross-seed:/config"
#"/mnt/mergerfs/media:/data"
"/var/lib/qbittorrent/qBittorrent/data/BT_backup:/torrents"
"/mnt/mergerfs/media/qbittorrent:/data/qbittorrent"
];
extraOptions = cfg.podman.extraOptions;
};
#services.nginx.virtualHosts = {
#};
}
# vim: set et ts=2 sw=2 ai:

80
modules/arrstack/default.nix
View file

@ -1,80 +0,0 @@
{ config, ... }:
let
cfg = import /etc/nixos/modules/vars.nix;
autobrr_port = cfg.arrstack.autobrr.port;
bazarr_port = cfg.arrstack.bazarr.port;
jellyseerr_port = cfg.arrstack.jellyseerr.port;
lidarr_port = cfg.arrstack.lidarr.port;
prowlarr_port = cfg.arrstack.prowlarr.port;
radarr_port = cfg.arrstack.radarr.port;
sonarr_port = cfg.arrstack.sonarr.port;
tdarr_webport = cfg.arrstack.tdarr.webport;
tdarr_serverport = cfg.arrstack.tdarr.serverport;
whisparr_port = cfg.arrstack.whisparr.port;
sabnzbd_port = cfg.arrstack.sabnzbd.port;
outpost_port = cfg.authentik.outpostPort;
domain = "mc-fucker.cool";
in
{
users = {
groups.arr.gid = 1337;
users = {
mc-fucker.extraGroups = [ "arr" ];
arr = {
isSystemUser = true;
group = "arr";
uid = 1337;
};
};
};
networking.firewall.interfaces.podman0.allowedTCPPorts = [ 12421 28917 ];
networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ];
#container config
#virtualisation.oci-containers.containers.tdarr = {
# image = "ghcr.io/haveagitgat/tdarr";
# environment = {
# TZ = "Europe/Berlin";
# PUID = toString config.users.users.arr.uid;
# PGID = toString config.users.groups.arr.gid;
# serverIP = "0.0.0.0";
# webUIPort = tdarr_webport;
# serverPort = tdarr_serverport;
# internalNode = "true";
# inContainer = "true";
# };
# ports = [
# "${tdarr_webport}:${tdarr_webport}"
# "${tdarr_serverport}:${tdarr_serverport}"
# ];
# volumes = [
# "/var/lib/tdarr/server:/app/server"
# "/var/lib/tdarr/configs:/app/configs"
# "/var/lib/tdarr/logs:/app/logs"
# "/mnt/mergerfs/media:/data"
# ];
# extraOptions = cfg.podman.extraOptions ++ [ "--device=/dev/dri:/dev/dri" ];
#};
#webserver config
imports = [
/etc/nixos/modules/nginx.nix
./autobrr.nix
./bazarr.nix
./crossseed.nix
./lidarr.nix
./jellyseerr.nix
./prowlarr.nix
./qbittorrent.nix
./radarr.nix
./recyclarr.nix
./sabnzbd.nix
./sonarr.nix
./whisparr.nix
];
}
# vim: set et ts=2 sw=2 ai:

59
modules/arrstack/jellyseerr.nix
View file

@ -1,59 +0,0 @@
{ config, ... }:
let
cfg = import /etc/nixos/modules/vars.nix;
jellyseerr_port = cfg.arrstack.jellyseerr.port;
outpost_port = cfg.authentik.outpostPort;
domain = "mc-fucker.cool";
in
{
virtualisation.oci-containers.containers.jellyseerr = {
image = "docker.io/fallenbagel/jellyseerr";
environment = {
TZ = "Europe/Berlin";
};
ports = [
"${jellyseerr_port}:${jellyseerr_port}"
];
volumes = [
"/var/lib/jellyseerr:/app/config"
];
extraOptions = cfg.podman.extraOptions;
};
services.nginx.virtualHosts = {
"jellyseerr.${domain}" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
proxyPass = "http://127.0.0.1:${jellyseerr_port}";
extraConfig = ''
proxy_set_header Referer $http_referer;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-Port $remote_port;
proxy_set_header X-Forwarded-Host $host:$remote_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Port $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_redirect off;
proxy_http_version 1.1;
'';
};
};
extraConfig = ''
access_log /var/log/nginx/jellyseerr.${domain}_access.log;
error_log /var/log/nginx/jellyseerr.${domain}_error.log;
'';
};
};
}
# vim: set et ts=2 sw=2 ai:

58
modules/arrstack/lidarr.nix
View file

@ -1,58 +0,0 @@
{ config, ... }:
let
cfg = import /etc/nixos/modules/vars.nix;
lidarr_port = cfg.arrstack.lidarr.port;
#outpost_port = cfg.authentik.outpostPort;
#domain = "mc-fucker.cool";
in
{
virtualisation.oci-containers.containers.lidarrtest = {
image = "docker.io/youegraillot/lidarr-on-steroids";
environment = {
TZ = "Europe/Berlin";
PUID = toString config.users.users.arr.uid;
PGID = toString config.users.groups.arr.gid;
};
ports = [
"10101:8686"
"10100:6595"
];
volumes = [
"/var/lib/lidarrtest/lidarr:/config"
"/var/lib/lidarrtest/deemix:/config_deemix"
"/mnt/tmp/deemix:/downloads"
#"/mnt/mergerfs/media/music/Interpreten:/music"
#"/mnt/mergerfs/media:/data"
#"/mnt/box/files:/data/seedbox"
];
extraOptions = cfg.podman.extraOptions;
autoStart = false;
};
virtualisation.oci-containers.containers.lidarr = {
image = "lscr.io/linuxserver/lidarr:latest";
environment = {
TZ = "Europe/Berlin";
PUID = toString config.users.users.arr.uid;
PGID = toString config.users.groups.arr.gid;
};
ports = [
"${lidarr_port}:${lidarr_port}"
];
volumes = [
"/var/lib/lidarr:/config"
"/var/lib/lidarr-extended/custom-cont-init.d:/custom-cont-init.d"
"/var/lib/lidarr-extended/custom-services.d:/custom-services.d"
"/mnt/mergerfs/media:/data"
"/mnt/ultracc/downloads:/mnt/ultracc"
];
extraOptions = cfg.podman.extraOptions;
autoStart = false;
};
#services.nginx.virtualHosts = {
#};
}
# vim: set et ts=2 sw=2 ai:

60
modules/arrstack/prowlarr.nix
View file

@ -1,60 +0,0 @@
{ config, ... }:
let
cfg = import /etc/nixos/modules/vars.nix;
prowlarr_port = cfg.arrstack.prowlarr.port;
outpost_port = cfg.authentik.outpostPort;
domain = "mc-fucker.cool";
in
{
virtualisation.oci-containers.containers.prowlarr = {
image = "lscr.io/linuxserver/prowlarr:latest";
environment = {
TZ = "Europe/Berlin";
};
ports = [
"${prowlarr_port}:${prowlarr_port}"
];
volumes = [
"/var/lib/prowlarr:/config"
];
extraOptions = cfg.podman.extraOptions;
};
services.nginx.virtualHosts = {
"prowlarr.${domain}" = {
forceSSL = true;
enableACME = true;
locations =
let
common = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_redirect off;
proxy_http_version 1.1;
'';
in
{
"/" = {
proxyPass = "http://127.0.0.1:${outpost_port}";
extraConfig = common;
};
"/api" = {
proxyPass = "http://127.0.0.1:${prowlarr_port}";
extraConfig = common;
};
};
extraConfig = ''
access_log /var/log/nginx/prowlarr.${domain}_access.log;
error_log /var/log/nginx/prowlarr.${domain}_error.log;
'';
};
};
}
# vim: set et ts=2 sw=2 ai:

40
modules/arrstack/qbittorrent.nix
View file

@ -1,40 +0,0 @@
{ config, ... }:
let
cfg = import /etc/nixos/modules/vars.nix;
#bazarr_port = cfg.arrstack.bazarr.port;
#outpost_port = cfg.authentik.outpostPort;
#domain = "mc-fucker.cool";
in
{
virtualisation.oci-containers.containers.qbittorrent = {
image = "docker.io/binhex/arch-qbittorrentvpn";
environment = {
TZ = "Europe/Berlin";
PUID = toString config.users.users.arr.uid;
PGID = toString config.users.groups.arr.gid;
VPN_ENABLED = "yes";
VPN_CLIENT = "wireguard";
VPN_PROV = "custom";
LAN_NETWORK = "192.168.178.0/24";
};
ports = [
"6881:6881"
"6881:6881/udp"
"8080:8080"
#"8118:8118"
];
volumes = [
"/var/lib/qbittorrent:/config"
"/mnt/mergerfs/media/qbittorrent:/data/qbittorrent"
"/mnt/cache/qbittorrent:/cache"
];
#extraOptions = cfg.podman.extraOptions ++ [ "--cap-add=NET_ADMIN,NET_RAW" "--device=/dev/net/tun" ];
extraOptions = cfg.podman.extraOptions ++ [ ''--sysctl="net.ipv4.conf.all.src_valid_mark=1"'' "--privileged=true" "--ip=10.88.13.37" ];
autoStart = false;
};
#services.nginx.virtualHosts = {
#};
}
# vim: set et ts=2 sw=2 ai:

69
modules/arrstack/radarr.nix
View file

@ -1,69 +0,0 @@
{ config, ... }:
let
cfg = import /etc/nixos/modules/vars.nix;
radarr_port = cfg.arrstack.radarr.port;
outpost_port = cfg.authentik.outpostPort;
domain = "mc-fucker.cool";
in
{
virtualisation.oci-containers.containers.radarr = {
image = "lscr.io/linuxserver/radarr:latest";
environment = {
TZ = "Europe/Berlin";
PUID = toString config.users.users.arr.uid;
PGID = toString config.users.groups.arr.gid;
};
ports = [
"${radarr_port}:${radarr_port}"
];
volumes = [
"/var/lib/radarr:/config"
"/mnt/mergerfs/media:/data"
"/mnt/ultracc/downloads:/mnt/ultracc"
];
extraOptions = cfg.podman.extraOptions;
autoStart = false;
};
services.nginx.virtualHosts = {
"radarr.${domain}" = {
forceSSL = true;
enableACME = true;
locations =
let
common = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_redirect off;
proxy_http_version 1.1;
'';
in
{
"/" = {
proxyPass = "http://127.0.0.1:${outpost_port}";
extraConfig = common;
};
"/api" = {
proxyPass = "http://127.0.0.1:${radarr_port}";
extraConfig = common;
};
"/signalr" = {
proxyPass = "http://127.0.0.1:${radarr_port}";
extraConfig = common;
};
};
extraConfig = ''
access_log /var/log/nginx/radarr.${domain}_access.log;
error_log /var/log/nginx/radarr.${domain}_error.log;
'';
};
};
}
# vim: set et ts=2 sw=2 ai:

20
modules/arrstack/recyclarr.nix
View file

@ -1,20 +0,0 @@
{ config, ... }:
let
cfg = import /etc/nixos/modules/vars.nix;
in
{
virtualisation.oci-containers.containers.recyclarr = {
image = "ghcr.io/recyclarr/recyclarr";
environment = {
TZ = "Europe/Berlin";
};
volumes = [
"/var/lib/recyclarr:/config"
];
user = "1919:1919";
extraOptions = cfg.podman.extraOptions;
};
}
# vim: set et ts=2 sw=2 ai:

59
modules/arrstack/sabnzbd.nix
View file

@ -1,59 +0,0 @@
{ config, ... }:
let
cfg = import /etc/nixos/modules/vars.nix;
sabnzbd_port = cfg.arrstack.sabnzbd.port;
outpost_port = cfg.authentik.outpostPort;
domain = "mc-fucker.cool";
in
{
virtualisation.oci-containers.containers.sabnzbd = {
image = "lscr.io/linuxserver/sabnzbd:latest";
environment = {
TZ = "Europe/Berlin";
PUID = toString config.users.users.arr.uid;
PGID = toString config.users.groups.arr.gid;
};
ports = [
"${sabnzbd_port}:8080"
];
volumes = [
"/var/lib/sabnzbd:/config"
"/mnt/mergerfs/media/usenet:/data/usenet"
"/mnt/cache/sabnzbd:/cache"
];
extraOptions = cfg.podman.extraOptions;
autoStart = false;
};
services.nginx.virtualHosts = {
"sabnzbd.${domain}" = {
forceSSL = true;
enableACME = true;
locations =
let
common = ''
client_max_body_size 100m;
proxy_set_header X-Forwarded-Host $host;
'';
in
{
"/" = {
proxyPass = "http://127.0.0.1:${outpost_port}";
extraConfig = common;
};
"/api" = {
proxyPass = "http://127.0.0.1:${sabnzbd_port}";
extraConfig = common;
};
};
extraConfig = ''
access_log /var/log/nginx/sabnzbd.${domain}_access.log;
error_log /var/log/nginx/sabnzbd.${domain}_error.log;
'';
};
};
}
# vim: set et ts=2 sw=2 ai:

65
modules/arrstack/sonarr.nix
View file

@ -1,65 +0,0 @@
{ config, ... }:
let
cfg = import /etc/nixos/modules/vars.nix;
sonarr_port = cfg.arrstack.sonarr.port;
outpost_port = cfg.authentik.outpostPort;
domain = "mc-fucker.cool";
in
{
virtualisation.oci-containers.containers.sonarr = {
image = "lscr.io/linuxserver/sonarr:develop";
environment = {
TZ = "Europe/Berlin";
PUID = toString config.users.users.arr.uid;
PGID = toString config.users.groups.arr.gid;
};
ports = [
"${sonarr_port}:${sonarr_port}"
];
volumes = [
"/var/lib/sonarr:/config"
"/mnt/mergerfs/media:/data"
"/mnt/ultracc/downloads:/mnt/ultracc"
];
extraOptions = cfg.podman.extraOptions;
autoStart = false;
};
services.nginx.virtualHosts = {
"sonarr.${domain}" = {
forceSSL = true;
enableACME = true;
locations =
let
common = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_redirect off;
proxy_http_version 1.1;
'';
in
{
"/" = {
proxyPass = "http://127.0.0.1:${outpost_port}";
extraConfig = common;
};
"/api" = {
proxyPass = "http://127.0.0.1:${sonarr_port}";
extraConfig = common;
};
};
extraConfig = ''
access_log /var/log/nginx/sonarr.${domain}_access.log;
error_log /var/log/nginx/sonarr.${domain}_error.log;
'';
};
};
}
# vim: set et ts=2 sw=2 ai:

14
modules/arrstack/template
View file

@ -1,14 +0,0 @@
{ config, ... }:
let
cfg = import /etc/nixos/modules/vars.nix;
bazarr_port = cfg.arrstack.bazarr.port;
outpost_port = cfg.authentik.outpostPort;
domain = "mc-fucker.cool";
in
{
services.nginx.virtualHosts = {
};
}
# vim: set et ts=2 sw=2 ai:

58
modules/arrstack/whisparr.nix
View file

@ -1,58 +0,0 @@
{ config, ... }:
let
cfg = import /etc/nixos/modules/vars.nix;
whisparr_port = cfg.arrstack.whisparr.port;
outpost_port = cfg.authentik.outpostPort;
domain = "mc-fucker.cool";
in
{
virtualisation.oci-containers.containers.whisparr = {
image = "ghcr.io/hotio/whisparr";
environment = {
TZ = "Europe/Berlin";
PUID = toString config.users.users.arr.uid;
PGID = toString config.users.groups.arr.gid;
};
ports = [
"${whisparr_port}:${whisparr_port}"
];
volumes = [
"/var/lib/whisparr:/config"
"/mnt/mergerfs/media:/data"
"/mnt/ultracc/downloads:/mnt/ultracc"
];
extraOptions = cfg.podman.extraOptions;
autoStart = false;
};
services.nginx.virtualHosts = {
"whisparr.${domain}" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
proxyPass = "http://127.0.0.1:${outpost_port}";
extraConfig = ''
#proxy_set_header Host $proxy_host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_redirect off;
proxy_http_version 1.1;
'';
};
};
extraConfig = ''
access_log /var/log/nginx/whisparr.${domain}_access.log;
error_log /var/log/nginx/whisparr.${domain}_error.log;
'';
};
};
}
# vim: set et ts=2 sw=2 ai:

20
modules/encode/ab-av1_opus_no_default_bitrate.patch
View file

@ -1,20 +0,0 @@
diff --git a/src/ffmpeg.rs b/src/ffmpeg.rs
index bb2dcad..8790725 100644
--- a/src/ffmpeg.rs
+++ b/src/ffmpeg.rs
@@ -141,7 +141,6 @@ pub fn encode(
"copy"
});
- let set_ba_128k = audio_codec == "libopus" && !oargs.contains("-b:a");
let downmix_to_stereo = downmix_to_stereo && !oargs.contains("-ac");
let map = match video_only {
true => "0:v:0",
@@ -165,7 +164,6 @@ pub fn encode(
.arg2("-c:a", audio_codec)
.arg_if(matroska, "-dn") // "Only audio, video, and subtitles are supported for Matroska"
.arg2_if(downmix_to_stereo, "-ac", 2)
- .arg2_if(set_ba_128k, "-b:a", "128k")
.arg2_if(add_faststart, "-movflags", "+faststart")
.arg2_if(add_cues_to_front, "-cues_to_front", "y")
.arg(output)

27
modules/encode/default.nix
View file

@ -1,27 +0,0 @@
{ config, pkgs, lib, ... }:
{
environment.systemPackages = with pkgs; [
ab-av1
bc
ffmpeg_6-full
jq
mediainfo
];
nixpkgs.overlays = [
(
final: prev: {
ab-av1 = prev.ab-av1.overrideAttrs (
old: {
patches = (old.patches or []) ++ [
./ab-av1_opus_no_default_bitrate.patch
];
}
);
}
)
];
}
# vim: set et ts=2 sw=2 ai:

19
modules/generic.nix
View file

@ -93,17 +93,16 @@ in
boot.loader.timeout = 1; boot.loader.timeout = 1;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
btop
dig
eza
git
htop
nmap
pv
rclone
rxvt-unicode-unwrapped.terminfo
screen
wget wget
htop
git
screen
rxvt-unicode-unwrapped.terminfo
nmap
dig
rclone
pv
eza
(import ./vim.nix) (import ./vim.nix)
]; ];

3
modules/vars.nix
View file

@ -3,7 +3,6 @@
arrstack = { arrstack = {
autobrr.port = "7474"; autobrr.port = "7474";
bazarr.port = "6767"; bazarr.port = "6767";
crossseed.port = "2468";
jellyseerr.port = "5055"; jellyseerr.port = "5055";
lidarr.port = "8686"; lidarr.port = "8686";
prowlarr.port = "9696"; prowlarr.port = "9696";
@ -76,8 +75,6 @@
nextcloud = { nextcloud = {
dbport = "54329"; dbport = "54329";
port = "10443";
domain = "cloud.mc-fucker.cool";
}; };
podman = { podman = {

2
modules/zsh.nix
View file

@ -29,7 +29,7 @@ with import <nixpkgs> {};
"nt" = "(cd /tmp && nixos-rebuild test)"; "nt" = "(cd /tmp && nixos-rebuild test)";
"ns" = "nixos-rebuild switch"; "ns" = "nixos-rebuild switch";
"nsu" = "nixos-rebuild switch --upgrade"; "nsu" = "nixos-rebuild switch --upgrade";
"dfr" = "df -h | head -n +1; df -h -x overlay -x tmpfs | tail -n +2 | sort -nrk5"; "dfr" = "df -h | head -n +1; df -h | tail -n +2 | sort -nrk5";
"d" = ''du -ahx "$PWD" --exclude=/proc| sort -rh 2>/dev/null |head -40 | sort -rh 2>/dev/null''; "d" = ''du -ahx "$PWD" --exclude=/proc| sort -rh 2>/dev/null |head -40 | sort -rh 2>/dev/null'';
}; };
} }

2
packages/zabbix/agent2.nix
View file

@ -17,6 +17,8 @@ import ./versions.nix ({ version, hash, vendorHash ? throw "unsupported version
nativeBuildInputs = [ autoreconfHook pkg-config ]; nativeBuildInputs = [ autoreconfHook pkg-config ];
buildInputs = [ libiconv openssl pcre zlib ]; buildInputs = [ libiconv openssl pcre zlib ];
inherit (buildGoModule.go) GOOS GOARCH;
# need to provide GO* env variables & patch for reproducibility # need to provide GO* env variables & patch for reproducibility
postPatch = '' postPatch = ''
substituteInPlace src/go/Makefile.am \ substituteInPlace src/go/Makefile.am \

4
packages/zabbix/versions.nix
View file

@ -1,7 +1,7 @@
generic: { generic: {
latest = generic { latest = generic {
version = "7.0.6"; version = "7.0.3";
hash = "sha256-DXfODjhNbTCqc55ZZIBGqtoxqX/NfWJr2a+jfkIKLdA="; hash = "sha256-FzBZ9X8RcWFG2nk0XlprxS7O7mpcRBBmS4UAqVVZiyo=";
vendorHash = null; vendorHash = null;
}; };

3
systems/nasty/configuration.nix
View file

@ -8,7 +8,7 @@
./modules/physical.nix ./modules/physical.nix
./modules/borg-serve.nix ./modules/borg-serve.nix
./modules/jellyfin.nix ./modules/jellyfin.nix
./modules/arrstack ./modules/arrstack.nix
./modules/authentik-proxy.nix ./modules/authentik-proxy.nix
./modules/stash.nix ./modules/stash.nix
#./modules/nextcloud-aio.nix #./modules/nextcloud-aio.nix
@ -18,7 +18,6 @@
./modules/tvproxy.nix ./modules/tvproxy.nix
./modules/calibre-web.nix ./modules/calibre-web.nix
./modules/borg.nix ./modules/borg.nix
./modules/nctest.nix
]; ];
system.autoUpgrade = { system.autoUpgrade = {

9
systems/nasty/samba.nix
View file

@ -20,10 +20,7 @@
services.samba = { services.samba = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
settings = { shares = {
global = {
"map to guest" = "bad user";
};
"private" = { "private" = {
path = "/mnt/mergerfs/smb/%u"; path = "/mnt/mergerfs/smb/%u";
"read only" = "no"; "read only" = "no";
@ -34,10 +31,6 @@
path = "/mnt/mergerfs/media/software"; path = "/mnt/mergerfs/media/software";
"guest ok" = "yes"; "guest ok" = "yes";
}; };
"games" = {
path = "/mnt/mergerfs/media/games";
"guest ok" = "yes";
};
"movies" = { "movies" = {
path = "/mnt/mergerfs/media/movies"; path = "/mnt/mergerfs/media/movies";
"guest ok" = "yes"; "guest ok" = "yes";