diff --git a/modules/containers/default.nix b/modules/containers/default.nix new file mode 100644 index 0000000..57c3a41 --- /dev/null +++ b/modules/containers/default.nix @@ -0,0 +1,5 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ ./media.nix ]; +} diff --git a/modules/containers/media.nix b/modules/containers/media.nix new file mode 100644 index 0000000..09b1718 --- /dev/null +++ b/modules/containers/media.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +{ + containers.radarr = { + config = { config, pkgs, ... }: { services.radarr.enable = true; }; + bindMounts = { + "/dowloads" = { + hostPath = "/var/lib/Transmission/Downloads/completed/"; + isReadOnly = true; + }; + }; + }; + containers.sonarr = { + config = { config, pkgs, ... }: { services.sonarr.enable = true; }; + bindMounts = { + "/dowloads" = { + hostPath = "/var/lib/Transmission/Downloads/completed/"; + isReadOnly = true; + }; + }; + }; + containers.jackett = { + config = { config, pkgs, ... }: { services.jackett.enable = true; }; + }; + containers.transmission = { + config = { config, pkgs, ... }: { + # services.openvpn = { servers = { nordvpn = { }; }; }; + networking.firewall = { + enable = true; + # extraStopCommands = '' + # sudo iptables -N ALLOWVPN + # sudo iptables -N BLOCKALL + + # # allow access for the interfaces loopback, tun, and tap + # sudo iptables -A OUTPUT -o tun+ -j ACCEPT; + # sudo iptables -A OUTPUT -o tap+ -j ACCEPT; + # sudo iptables -A OUTPUT -o lo+ -j ACCEPT; + + # # route outgoing data via our created chains + # sudo iptables -A OUTPUT -j ALLOWVPN; + # sudo iptables -A OUTPUT -j BLOCKALL; + + # # block all disallowed connections + # sudo iptables -A BLOCKALL -j DROP + # ''; + }; + }; + bindMounts = { + "/var/lib/transmission" = { hostPath = "/home/moritz/Transmission/"; }; + }; + }; + +}