diff --git a/flake.nix b/flake.nix index 2e2fc2e..cdf68e8 100644 --- a/flake.nix +++ b/flake.nix @@ -67,7 +67,7 @@ hosts.nixos-laptop.modules = [ ./hosts/nixos-laptop ]; hosts.nixos-desktop.modules = [ ./hosts/nixos-desktop - # self.nixosModules.containers + self.nixosModules.containers self.nixosModules.gaming ]; diff --git a/modules/containers/media.nix b/modules/containers/media.nix index 2872903..2ac4ea2 100644 --- a/modules/containers/media.nix +++ b/modules/containers/media.nix @@ -1,87 +1,148 @@ { config, lib, pkgs, ... }: +let + dockerDir = "/home/moritz/Docker/"; + mediaDir = "/media/media/"; + puid = "1000"; + pgid = "100"; + timeZone = "Europe/Berlin"; +in { + home-manager.users.moritz = { + home.packages = with pkgs; [ docker-compose ]; + home.file = { + "Media/compose.yml".text = '' + version: '3.9' + services: + transmission-openvpn: + container_name: transmission + cap_add: + - NET_ADMIN + volumes: + - "${dockerDir}/Transmission:/data/" + environment: + - LOCAL_NETWORK=192.168.0.0/24 + - OPENVPN_PROVIDER=NORDVPN + - OPENVPN_USERNAME=''${OPENVPN_USERNAME} + - OPENVPN_PASSWORD=''${OPENVPN_PASSWORD} + - TRANSMISSION_ALT_SPEED_DOWN=70000 + - TRANSMISSION_ALT_SPEED_TIME_ENABLED=true + - TRANSMISSION_ALT_SPEED_UP=2000 + - TRANSMISSION_MAX_PEERS_GLOBAL=1000 + - TRANSMISSION_PEER_LIMIT_GLOBAL=1000 + - TRANSMISSION_PEER_LIMIT_PER_TORRENT=100 + - TRANSMISSION_RATIO_LIMIT=10 + - TRANSMISSION_RATIO_LIMIT_ENABLED=true + - TZ=${timeZone} + - ENABLE_UFW=true + - UFW_ALLOW_GW_NET=true + - PUID=${puid} + - PGID=${pgid} + logging: + driver: json-file + options: + max-size: 10m + ports: + - '9091:9091' + image: haugene/transmission-openvpn + restart: unless-stopped + networks: + - default -{ - virtualisation.oci-containers.containers = { - "transmission" = { - image = "haugene/transmission-openvpn"; - environmentFiles = [ /run/secrets/nordvpn ]; - environment = { - "LOCAL_NETWORK" = "192.168.0.0/24"; - "OPENVPN_PROVIDER" = "NORDVPN"; - "TRANSMISSION_ALT_SPEED_DOWN" = "70000"; - "TRANSMISSION_ALT_SPEED_TIME_ENABLED" = "true"; - "TRANSMISSION_ALT_SPEED_UP" = "2000"; - "TRANSMISSION_MAX_PEERS_GLOBAL" = "1000"; - "TRANSMISSION_PEER_LIMIT_GLOBAL" = "1000"; - "TRANSMISSION_PEER_LIMIT_PER_TORRENT" = "100"; - "TRANSMISSION_RATIO_LIMIT" = "10"; - "TRANSMISSION_RATIO_LIMIT_ENABLED" = "true"; - "TZ" = "DE"; - "ENABLE_UFW" = "true"; - "UFW_ALLOW_GW_NET" = "true"; - "PUID" = "1000"; - "PGID" = "100"; - }; - ports = [ "9091:9091" ]; - volumes = [ "/home/moritz/Docker/Transmission:/data/" ]; - extraOptions = [ "--cap-add=NET_ADMIN" ]; - }; + jackett: + image: lscr.io/linuxserver/jackett + container_name: jackett + environment: + - PUID=${puid} + - PGID=${pgid} + - TZ=${timeZone} + - AUTO_UPDATE=true #optional + volumes: + - "${dockerDir}/Jackett/config:/config" + - "${dockerDir}/Jackett/blackhole:/downloads" + ports: + - 9117:9117 + restart: unless-stopped + networks: + - default - "jackett" = { - image = "linuxserver/jackett"; - environment = { - "PUID" = "1000"; - "PGID" = "100"; - "TZ" = "DE"; - }; - volumes = [ - "/home/moritz/Docker/Jackett/config:/config" - "/home/moritz/Docker/Jackett/blackhole:/downloads" - ]; - ports = [ "9117:9117" ]; - }; + radarr: + image: lscr.io/linuxserver/radarr + container_name: radarr + environment: + - PUID=${puid} + - PGID=${pgid} + - TZ=${timeZone} + volumes: + - "${mediaDir}/movies:/movies" + - "${dockerDir}/Transmission/completed/movies:/downloads" + - "${dockerDir}/Radarr:/config" + ports: + - 7878:7878 + restart: unless-stopped + networks: + - default - "radarr" = { - image = "linuxserver/radarr"; - environment = { - "PUID" = "1000"; - "PGID" = "100"; - "TZ" = "DE"; + sonarr: + image: lscr.io/linuxserver/sonarr + container_name: sonarr + environment: + - PUID=${puid} + - PGID=${pgid} + - TZ=${timeZone} + volumes: + - "${mediaDir}/tv:/tv" + - "${dockerDir}/Transmission/completed/tv:/downloads" + - "${dockerDir}/Sonarr:/config" + ports: + - 8989:8989 + restart: unless-stopped + networks: + - default + + bazarr: + image: lscr.io/linuxserver/bazarr + container_name: bazarr + environment: + - PUID=${puid} + - PGID=${pgid} + - TZ=${timeZone} + volumes: + - "${mediaDir}/tv:/tv" + - "${mediaDir}/movies:/movies" + - "${dockerDir}/Bazarr:/config" + ports: + - 6767:6767 + restart: unless-stopped + networks: + - default + + networks: + default: + driver: bridge + ''; + "Media/start.sh" = { + text = '' + #!/usr/bin/env bash + sudo docker-compose --env-file /run/secrets/nordvpn --file /home/moritz/Media/compose.yml down + sudo docker-compose --env-file /run/secrets/nordvpn --file /home/moritz/Media/compose.yml up -d + ''; + executable = true; }; - volumes = [ - "/media/media/movies:/movies" - "/home/moritz/Docker/Transmission/completed/movies:/downloads" - "/home/moritz/Docker/Radarr:/config" - ]; - ports = [ "7878:7878" ]; - }; - "sonarr" = { - image = "linuxserver/sonarr"; - environment = { - "PUID" = "1000"; - "PGID" = "100"; - "TZ" = "DE"; - }; - volumes = [ - "/media/media/tv:/tv" - "/home/moritz/Docker/Transmission/completed/tv:/downloads" - "/home/moritz/Docker/Sonarr:/config" - ]; - ports = [ "8989:8989" ]; - }; - "bazarr" = { - image = "linuxserver/bazarr"; - environment = { - "PUID" = "1000"; - "PGID" = "100"; - "TZ" = "DE"; - }; - volumes = [ - "/media/media/tv:/tv" - "/media/media/movies:/movies" - "/home/moritz/Docker/Bazarr:/config" - ]; - ports = [ "6767:6767" ]; }; }; + # "bazarr" = { + # image = "linuxserver/bazarr"; + # environment = { + # "PUID" = "1000"; + # "PGID" = "100"; + # "TZ" = "DE"; + # }; + # volumes = [ + # "/media/media/tv:/tv" + # "/media/media/movies:/movies" + # "/home/moritz/Docker/Bazarr:/config" + # ]; + # ports = [ "6767:6767" ]; + # extraOptions = [ "--ip=172.17.0.6" ]; + # }; + # }; } diff --git a/modules/services/agenix.nix b/modules/services/agenix.nix index c421383..5ea8f1a 100644 --- a/modules/services/agenix.nix +++ b/modules/services/agenix.nix @@ -3,7 +3,10 @@ { services.sshd.enable = true; age.secrets = { - nordvpn.file = ../../secrets/nordvpn.age; + nordvpn = { + file = ../../secrets/nordvpn.age; + owner = "1000"; + }; davfs = { file = ../../secrets/davfs.age; mode = "600"; diff --git a/modules/services/default.nix b/modules/services/default.nix index b578db4..55186da 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: { - imports = [ ./dunst ./emacs ./agenix.nix ./picom.nix ]; + imports = [ ./dunst ./emacs ./agenix.nix ./diskstation ./picom.nix ]; home-manager.users.moritz.services = { kdeconnect.enable = true; };