diff options
| -rw-r--r-- | machines/pump-netboot.nix | 1 | ||||
| -rw-r--r-- | profiles/homeserver/transmission.nix | 57 | ||||
| -rw-r--r-- | secrets/tailscale | 8 |
3 files changed, 54 insertions, 12 deletions
diff --git a/machines/pump-netboot.nix b/machines/pump-netboot.nix index ce6b877..5125440 100644 --- a/machines/pump-netboot.nix +++ b/machines/pump-netboot.nix @@ -33,6 +33,7 @@ boot.zfs.forceImportRoot = false; networking.hostId = "7da046cb"; + boot.initrd.availableKernelModules = [ "e1000e" ]; boot.initrd.network = { enable = true; ssh = { diff --git a/profiles/homeserver/transmission.nix b/profiles/homeserver/transmission.nix index d871e96..4be0d1b 100644 --- a/profiles/homeserver/transmission.nix +++ b/profiles/homeserver/transmission.nix @@ -1,11 +1,34 @@ -{ config, lib, ... }: with lib; { +{ config, lib, ... }: with lib; let + multimediaUsernames = [ + "prowlarr" + "sonarr" + "radarr" + "bazarr" + "jellyfin" + "transmission" + ]; + mkMultimediaUsers = names: mergeAttrsList (imap0 (i: name: {${name} = { + uid = 2007 + i; + isSystemUser = true; + group = name; + createHome = false; + };}) names); + mkMultimediaGroups = names: mergeAttrsList (map (name: {${name} = { };}) names); + in { virtualisation.docker.rootless = { enable = true; setSocketVariable = true; }; - users.groups.multimedia = { }; - users.users.${my.username}.extraGroups = [ "multimedia" ]; + users.groups = { + multimedia = { + gid = 1994; + members = multimediaUsernames; + }; + } // mkMultimediaGroups multimediaUsernames; + users.users = { + ${my.username}.extraGroups = [ "multimedia" ]; + } // mkMultimediaUsers multimediaUsernames; systemd.tmpfiles.rules = [ "d /data 0770 - multimedia - -" @@ -36,6 +59,10 @@ prowlarr = { image = "linuxserver/prowlarr"; extraOptions = ["--net=host"]; + environment = { + PUID = "${toString config.users.users.prowlarr.uid}"; + PGID = "${toString config.users.groups.multimedia.gid}"; + }; volumes = [ "/data/config/prowlarr/data:/config" ]; @@ -43,38 +70,52 @@ bazarr = { image = "linuxserver/bazarr"; extraOptions = ["--net=host"]; + environment = { + PUID = "${toString config.users.users.bazarr.uid}"; + PGID = "${toString config.users.groups.multimedia.gid}"; + }; volumes = [ "/data/media:/data" - "/data/config/prowlarr/data:/config" + "/data/config/bazarr/data:/config" ]; }; radarr = { image = "linuxserver/radarr"; extraOptions = ["--net=host"]; + environment = { + PUID = "${toString config.users.users.radarr.uid}"; + PGID = "${toString config.users.groups.multimedia.gid}"; + }; volumes = [ - "/data/media:/data" + "/data:/data" "/data/config/radarr/data:/config" ]; }; sonarr = { image = "linuxserver/sonarr"; extraOptions = ["--net=host"]; + environment = { + PUID = "${toString config.users.users.sonarr.uid}"; + PGID = "${toString config.users.groups.multimedia.gid}"; + }; volumes = [ - "/data/media:/data" + "/data:/data" "/data/config/sonarr/data:/config" ]; }; jellyfin = { image = "jellyfin/jellyfin"; extraOptions = ["--net=host"]; + user = "${toString config.users.users.jellyfin.uid}:${toString config.users.groups.multimedia.gid}"; volumes = [ + "/data/media:/media" "/data/config/jellyfin/config:/config" - "/data/config/jellyfin/cache:/config" + "/data/config/jellyfin/cache:/cache" ]; }; transmission = { image = "haugene/transmission-openvpn"; - extraOptions = ["--cap-add=NET_ADMIN"]; + extraOptions = ["--cap-add=NET_ADMIN" "--group-add=${toString config.users.groups.multimedia.gid}"]; volumes = [ "/data/config/ovpn:/etc/openvpn/custom" "/data/config/transmission:/config" diff --git a/secrets/tailscale b/secrets/tailscale index eebe44b..d807b3c 100644 --- a/secrets/tailscale +++ b/secrets/tailscale @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:L0qnmtrP3ZI5mxkHuoT9xEF/od+hw0OZBMz9Q9024mkUaavvtUtTeP2vyo7yjWWjsRR5ha1gCFYB,iv:7q9tE4MOtCfsHR6tmFtzq5YPVE2riRZ+AHxV+dSUA1Q=,tag:Od1bqvv8h/FD0/aG3Ge1sA==,type:str]", + "data": "ENC[AES256_GCM,data:BhalEDjLu/jyr++gq0OxcZkpbBB42Yn1/rCaI74ECyQdx1rc19c5m54m94KfkLXZ1KXOMe9M7/uPg/6cgNoe,iv:TT4zsEgPv64gOjLBBSawIJxkbBeAYr9uGevNryoGFkc=,tag:g3T2bCJwWwP846vPyKJZvA==,type:str]", "sops": { "kms": null, "gcp_kms": null, @@ -19,10 +19,10 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTZk0zbGl3cE5JTldVaGU1\nZ1AwMVpod2swejVsVDFjM3VQVEtqRjM1VmdrCnFsRzM1aDVhZE00YnFQTnozNG5h\ndGZYNk1WUU5pdDZkSWZXYVpPekM1clkKLS0tIHZ2SThXMjFTdzhicjE5SE5qd3o4\nZFZPQytCaE9QTUtLaHFHZHZRSkN6cGcKS4+8Y7maCbuwOtjQKc/M4l3w/L6M1ZVB\nFVClHX5Ru6IlfPlfZhjIiWV1IqKExsIJewmAxP9EFMw2y5ex0Qxj9A==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2024-01-09T10:48:16Z", - "mac": "ENC[AES256_GCM,data:VAuJs/+bjP1V3Tijp1D1BIPhVFD60+Mjst1F7CjSKalADzJF2NjA3LpHIgqpyd7YIxqlLVsKpoYEaXHD7psDqjGPPuJRQEogyZoDo3T3Fgn6hqMEhepH8VOLp2uO3vSK7lZW9EPiJF0mxllswe+KJCZhiLU8J15n553Xlqicy7E=,iv:ldKwByzmiXgneeAMJdh78asY49HnbJYXlHEvSas9XHE=,tag:2cojSvWgOfe8IqZ7pmu9oA==,type:str]", + "lastmodified": "2024-07-14T09:35:40Z", + "mac": "ENC[AES256_GCM,data:r4vM54o3s+7a6BNOPIiSi7cFViJaumQNT2vLSHGYfncZGgOpFu9tfhK3gVSrrn32uLHpYt9o8AShgoU9FfUZAudnaJu+c2cmXMmUElcOF7W5jcUM643caI7F/sKgPOnTDmxhpt2F3ecQ3dm59akHqfdQpX9497WR4/LJpVOcZQc=,iv:sIgdKy+B6do8bp8mkbKydaee/PFPt6vpbQOuOIC09UM=,tag:9pvtVi0Y5MDX1UJP2sllUA==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", - "version": "3.8.1" + "version": "3.9.0" } }
\ No newline at end of file |