diff options
| author | Mike Vink <ivi@vinkies.net> | 2024-01-11 20:40:41 +0100 |
|---|---|---|
| committer | Mike Vink <ivi@vinkies.net> | 2024-01-11 20:40:41 +0100 |
| commit | fa98e0837317a73d7027986fd45e19cbd6c01f23 (patch) | |
| tree | 64f08021f94c9d951ab16b614c3870229bc86e34 | |
| parent | 858861f83888801b4637e63c8ee3f0b52ab47ace (diff) | |
rrr
| -rw-r--r-- | machines/pump.nix | 5 | ||||
| -rw-r--r-- | profiles/core/home.nix | 1 | ||||
| -rw-r--r-- | profiles/core/neovim.nix | 4 | ||||
| -rw-r--r-- | profiles/homeserver/transmission.nix | 92 | ||||
| -rw-r--r-- | profiles/station/nonfree.nix | 6 | ||||
| -rw-r--r-- | secrets/sabnzb | 28 | ||||
| -rw-r--r-- | secrets/transmission | 28 |
7 files changed, 159 insertions, 5 deletions
diff --git a/machines/pump.nix b/machines/pump.nix index b21f326..69a2720 100644 --- a/machines/pump.nix +++ b/machines/pump.nix @@ -7,7 +7,10 @@ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - services.openssh.enable = true; + services.openssh = { + enable = true; + settings.X11Forwarding = true; + }; sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; networking.hostName = "pump"; networking.domain = "vinkies.net"; diff --git a/profiles/core/home.nix b/profiles/core/home.nix index 726a041..3e27540 100644 --- a/profiles/core/home.nix +++ b/profiles/core/home.nix @@ -1,5 +1,4 @@ { - inputs, config, pkgs, ... diff --git a/profiles/core/neovim.nix b/profiles/core/neovim.nix index b760226..b54f400 100644 --- a/profiles/core/neovim.nix +++ b/profiles/core/neovim.nix @@ -21,6 +21,10 @@ indent_style = "space"; indent_size = 2; }; + "*.nix" = { + indent_style = "space"; + indent_size = 2; + }; }; }; diff --git a/profiles/homeserver/transmission.nix b/profiles/homeserver/transmission.nix new file mode 100644 index 0000000..43e3781 --- /dev/null +++ b/profiles/homeserver/transmission.nix @@ -0,0 +1,92 @@ +{ config, lib, ... }: with lib; { + virtualisation.docker.rootless = { + enable = true; + setSocketVariable = true; + }; + + users.groups.multimedia = { }; + users.users.${ivi.username}.extraGroups = [ "multimedia" ]; + + systemd.tmpfiles.rules = [ + "d /data 0770 - multimedia - -" + ]; + + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ + "plexmediaserver" + ]; + + services.nginx = { + virtualHosts = { + "sonarr.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:8989"; }; }; + "radarr.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:7878"; }; }; + "bazarr.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:${toString config.services.bazarr.listenPort}"; }; }; + "readarr.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:8787"; }; }; + "prowlarr.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:9696"; }; }; + "transmission.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:9091"; }; }; + "sabnzb.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:8080"; }; }; + "lazylibrarian.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:5299"; }; }; + "plex.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:32400"; }; }; + }; + }; + services = { + plex = { enable = true; group = "multimedia"; }; + sonarr = { enable = true; group = "multimedia"; }; + radarr = { enable = true; group = "multimedia"; }; + bazarr = { enable = true; group = "multimedia"; }; + readarr = { enable = true; group = "multimedia"; }; + prowlarr = { enable = true; }; + }; + virtualisation.oci-containers = { + backend = "docker"; + containers = { + transmission = { + image = "haugene/transmission-openvpn"; + extraOptions = ["--cap-add=NET_ADMIN"]; + volumes = [ + "/config/ovpn:/etc/openvpn/custom" + "/config/transmission:/config" + "/data/torrents:/data/torrents" + ]; + ports = [ + "9091:9091" + "5299:5299" + ]; + environmentFiles = [ + config.secrets.transmission.path + ]; + }; + lazylibrarian = { + image = "linuxserver/lazylibrarian"; + extraOptions = ["--network=container:transmission"]; + volumes = [ + "/config/lazylibrarian:/config" + "/data:/data" + ]; + environment = { + PUID="1000"; + PGID="1000"; + TZ="Etc/UTC"; + DOCKER_MODS="linuxserver/mods:lazylibrarian-ffmpeg"; + }; + }; + # sabnzbdvpn = { + # image = "linuxserver/sabnzbd"; + # extraOptions = ["--network=container:transmission"]; + # volumes = [ + # "/sabnzb/data:/data" + # "/sabnzb/config:/config" + # "/etc/localtime:/etc/localtime:ro" + # ]; + # ports = [ + # "8080:8080" + # "8090:8090" + # "8118:8118" + # ]; + # environmentFiles = [ + # config.secrets.sabnzb.path + # ]; + # }; + }; + }; +} diff --git a/profiles/station/nonfree.nix b/profiles/station/nonfree.nix index 0623765..cd6f5fc 100644 --- a/profiles/station/nonfree.nix +++ b/profiles/station/nonfree.nix @@ -16,9 +16,9 @@ "discord-canary" "slack" "citrix-workspace" - "steam" - "steam-original" - "steam-run" + "steam" + "steam-original" + "steam-run" ]; programs.steam = { diff --git a/secrets/sabnzb b/secrets/sabnzb new file mode 100644 index 0000000..3a7d33b --- /dev/null +++ b/secrets/sabnzb @@ -0,0 +1,28 @@ +{ + "data": "ENC[AES256_GCM,data:z2vDmKMT6bJOu7IEUtA87I/ytceAIE3GqeRfw+ETEEQxbiTOQgMQSAubstwKmuJyohiipMAcn1mzOTui6eP7PrXLG9mB57yF/QutZ8rQIyhC61qGEA9g6sGUvG9ONDf58zuV9qhWiBtYbRYxy5utwiuoCIzbX5SrtYo+HMhniS8LqrPKk+snfGK/KNcPvgWr758uMD5vtgP/8JpOrWaAXQm9MAn3YATb/x87T/Hie+Uac75eIRgSJ22iLEl1cDN5Z/5B+nZUCFmm/PHKRORNisdP6p7+2tieq+v0Kasi20pIz9g+tws2x1HFphxc/58hn+s5UsWTLae+VP/4MvBSUeuzalFR1pTKd3CwkIFiDE10tQLtYJmb2ZSAdWLzL9FD4B9PSxCa+a8iH4ES8tzLgZlE1Srzp4YEVd4MDWkP1v44YBHPXoJ2ba5wAFjR09wuDzJ4xUoyn4WlYhFu,iv:v4mO+KvlU8mpIj/LWV+K00MSybJqyvRhYCZlRPwzeLw=,tag:8OD4/MhCnH10L9oWW8IuVQ==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age10q9wse8dh0749ffj576q775q496pycucxlla9rjdq5rd7f4csyhqqrmkk0", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2c0dEWHd3OEt5RmFNWnZy\nenNaMGRsb0tUK2RYZWVHRmRZakFwUDNBaVNrCktOVS9hdzVDUWI4R0d5UGJaV1FX\nd3FqRXl2MGhmNmpUMHh1ZVFIeUwyQVEKLS0tIGFtYlRKVkVkSXdQaDJiaE9JN2Fs\nb04vSmd3d2xvekpyVkxCM3FwU2NaS2cK28L5B9KzJPR/XFkj5W51nv/2XmaYOQbB\nsZZrnDQOS/3MY7an24aNXgUMKGRhi+dymEupUiUjY6Kc9GpN3O0Jpw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1vvr5amtuf7cyhsmc8ge8ujlzpuwvwhleqafrjg2e8mcevnq2zs3qzzqq5m", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwQkk1aFBiYTZaVnFCRUtv\nR1ZUUStoUFZrSkxYZHFkaWdpaUx1b0RDU3c4CldJeDRQdGVmbTdBNWlsRi80c3pR\nWmdKWEZzL2gyeWRGeEI0dHpvVkxCWUUKLS0tIDFZVk0rZnY1VlZkRmgrRElWejgv\nT2NocUFuUWdJUHg0dTRUdS8vZFlJUU0Kh0jragJJUAg2te038Il+DKcq+tabX/U3\nfWXCgjN9pEnWgndguxWdJb/hjAHaADi8ZJpq6F6lym9qxYqNV7x13A==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1tzsvgxaxwvh4874d977fk0z7ghm4mqpm0c80vhxft87dv46p5uesq7mk42", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSNTZqUzVGblB0TWVuem9H\nSzFPdFZKVTZNZFpXUDBRRHFGdnd0ejIrQVhVCm96Rkhudld1aGpJTGk3N2k1aWhl\nWDR2T1RNUFBPZU5LZzQwK0Q1Y0pLUmcKLS0tIDNycXU0czlaM2lEVVNHNmtPTGNs\nMlJNU0huUkhKeEs5UG9UM2hxNVhEcmMK8Y51YrwKtD3SbnGYegGBcPCaac9GDyL6\n7fwZ7YLr42W0I4Go810U0tN6bVu7T32Ssmh5eTIAHZ/WgM3rPhfu8g==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-01-11T00:28:27Z", + "mac": "ENC[AES256_GCM,data:Lh1VY0l0JpJ5PfjZ3a1OKyBYZ/93g8kbJaOUIF2v2tJSTYCQu0z4mAdmKVv37/BmdfHJ+zc8DM9NEuniLqoRgNkOYQWGU/ze79Dy9ZEdObPD4l4xr2p5naSIuOVgPsdf1pnKHOM1rYN29LvknOvcuzocThDRCY9urCvtOFw4v4E=,iv:HYkz5DILMdAtsuarBZqh5QCfldvOhXqH7Oqltrio680=,tag:UEuaU1o9j6Zmb61p4S3r7Q==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +}
\ No newline at end of file diff --git a/secrets/transmission b/secrets/transmission new file mode 100644 index 0000000..bafefd2 --- /dev/null +++ b/secrets/transmission @@ -0,0 +1,28 @@ +{ + "data": "ENC[AES256_GCM,data:HIEzH2fOduTCkM1gdnZxjX381NsQXdcGIifhNA2JCO1uQTkw1hYMq0stbJfukxYrXB5+HtIF8nyyljA7hOf8ZiHIbvWQrKClVQCDYwWTuSVxpPr5bfmIgTLgRs2NDUwfCQF2dnu8gox/JOSvetPvRgXc5HC0Cutwn6lprXPde0LeQ0VQlKPtNtqzpvn57JLR6Eqdjg941gxxJhXb1KJ8UC1QLYB7eTTa37sr/O0PQwM=,iv:B13LEkSbrVgbjtqjQ5T6GDu30DQwsxzEmceOJ1NDDp8=,tag:BSgCGTygHKCNGb0aTZlUHA==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age10q9wse8dh0749ffj576q775q496pycucxlla9rjdq5rd7f4csyhqqrmkk0", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZY3pSSVd3UjdnK25WM2hx\nRGgxcFIveURzemlSR1c0L3VQendFWmtUMHc0Cm0wNWpONXVpQTNkTVlTZGROYjVB\nMUZTZEt0UGlYUHFTZ3NGdDF3eDF1R3cKLS0tIFBMcGZTN1FmSjI4dys1alJjNFpS\nUDFSVmg3QjY4VTRHTW5mam13ejV4MUEK9tCEn5hqBPETk+3oOyLoEySNZ9k3zcib\nWUGY+dxgq7ejBlkQUPK4L6flYw6MvGf6IVMmOORkXBjExiu0ElADBQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1vvr5amtuf7cyhsmc8ge8ujlzpuwvwhleqafrjg2e8mcevnq2zs3qzzqq5m", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZODVhSHAxVFo4em92MEgy\nOTZYSUE1ZG1BQ3BEajZHNk1KNHUwWVorQVhzCklzdTVxajhPb0dIbTA1ek1MZ1ho\nT3E5VGRHYml0VUZFWTc2SkRiY0VvckkKLS0tIEh1OVYwRTBtbnpnT2FpTnZBSktq\nTE9mNWkyZjJlWkJxT0UydDczTnNqOEUK5D+TDISQRIOz6q7t3zbCM1lqzRcBt3Yq\n8OPVJH2PQ9ZJj0Soy/OfzcihG0YPq+byuCDaCmZR7I9JXhOT/77UfQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1tzsvgxaxwvh4874d977fk0z7ghm4mqpm0c80vhxft87dv46p5uesq7mk42", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5aUVidG8rQTBvN1UwUG5C\nVlo2MTFrQjAwUDlOcTNpTVlpZTlzVjlJMkhvClJ1MnRvSkowQWtKVHBsblZHQ3Ey\nemNYWUxoSERmdDI5Tjl2T2p5ZjB1aVkKLS0tIERzUUx2ZjhDNk9xSktpblRBS1da\nZWQrVHJxRlFDN1NwY2VDS0RDL21VcHcKYGkO537Iy/x3FQZb2JvA4yCE7l7M60I2\n/8SvsCZeEa+f/ZIk9w6xWwkaMQ1OklK227ixn1tSayVFqnrqfvhewA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-01-10T22:48:11Z", + "mac": "ENC[AES256_GCM,data:4hGKrbj6obHwXp32TxtjGCgoIbI8bOD/NZvW0EKlmFNpqWB0YlUmK0t+fpdXGQw+uSndm/pld5oeS+7BnA1ASvHJYXJHY+FGEG2G5UJhybIH2enrNERfrqN8NeXzy5OQ8hSXvspFn6HmeDQ+XxA9eyulqBavp8StlOJ1XW4nnuM=,iv:jhjRaXnQaiohH3BlorfO3cmLcklvc+6YIVe84ewg+hk=,tag:Ik3l17pe3ln5tUj03il5+A==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +}
\ No newline at end of file |