5 files changed, 71 insertions, 48 deletions
diff --git a/profiles/homeserver/acme.nix b/profiles/homeserver/acme.nix
index 1880db2..e72e8fe 100644
--- a/profiles/homeserver/acme.nix
+++ b/profiles/homeserver/acme.nix
@@ -4,13 +4,13 @@
     defaults = {
       extraLegoFlags = [ "--dns.disable-cp" ];
       extraLegoRunFlags = ["--preferred-chain" "ISRG Root X1"];
-      email = ivi.email;
+      email = my.email;
       dnsProvider = "porkbun";
       environmentFile = config.secrets.porkbun.path;
     };
-    certs."${ivi.domain}" = {
+    certs."${my.domain}" = {
       # NOTE(ivi): use dns wildcard certs for local services
-      domain = "*.${ivi.domain}";
+      domain = "*.${my.domain}";
     };
   };
 }
diff --git a/profiles/homeserver/dns.nix b/profiles/homeserver/dns.nix
index 917c8bb..21ccf7e 100644
--- a/profiles/homeserver/dns.nix
+++ b/profiles/homeserver/dns.nix
@@ -1,4 +1,4 @@
-{ config, machine, inputs, lib, ... }: with lib; let
+{ config, machines, machine, inputs, lib, ... }: with lib; let
     dns = inputs.dns.lib;
   in {
   system.extraDependencies = collectFlakeInputs inputs.dns;
@@ -20,12 +20,12 @@
         ];
       };
       stub-zone = [ {
-        name = ivi.domain;
+        name = my.domain;
         stub-addr = "127.0.0.1@10053";
       } ];
       forward-zone = [
       {
-        name = "_acme-challenge.${ivi.domain}";
+        name = "_acme-challenge.${my.domain}";
         forward-addr = config.services.resolved.fallbackDns;
         forward-tls-upstream = true;
       }
@@ -45,15 +45,15 @@
 
     zones = with dns.combinators; let
       here = {
-        A = map a ivi.machines.serber.ipv4;
-        AAAA = map a ivi.machines.serber.ipv6;
+        A = map a machines.serber.ipv4;
+        AAAA = map a machines.serber.ipv6;
       };
     in {
-      ${ivi.domain}.data = dns.toString ivi.domain (here // {
+      ${my.domain}.data = dns.toString my.domain (here // {
         TTL = 60 * 60;
         SOA = {
             nameServer = "@";
-            adminEmail = "dns@${ivi.domain}";
+            adminEmail = "dns@${my.domain}";
             serial = 0;
         };
         NS = [ "@" ];
diff --git a/profiles/homeserver/nginx.nix b/profiles/homeserver/nginx.nix
index f869d3b..22fd74e 100644
--- a/profiles/homeserver/nginx.nix
+++ b/profiles/homeserver/nginx.nix
@@ -4,8 +4,8 @@
     type = types.attrsOf (types.submodule ({ name, ... }: {
       config = mkIf (name != "default") {
         forceSSL = mkDefault true;
-        sslCertificateKey = "/var/lib/acme/${ivi.domain}/key.pem";
-        sslCertificate = "/var/lib/acme/${ivi.domain}/fullchain.pem";
+        sslCertificateKey = "/var/lib/acme/${my.domain}/key.pem";
+        sslCertificate = "/var/lib/acme/${my.domain}/fullchain.pem";
       };
     }));
   };
diff --git a/profiles/homeserver/radicale.nix b/profiles/homeserver/radicale.nix
index f04a4a4..6f07245 100644
--- a/profiles/homeserver/radicale.nix
+++ b/profiles/homeserver/radicale.nix
@@ -1,6 +1,6 @@
 { lib, ... }: with lib; {
   services.nginx = {
-    virtualHosts."cal.${ivi.domain}"  = {
+    virtualHosts."cal.${my.domain}"  = {
       locations."/" = {
         proxyPass = "http://127.0.0.1:5232";
       };
diff --git a/profiles/homeserver/transmission.nix b/profiles/homeserver/transmission.nix
index 8b7b4fa..d871e96 100644
--- a/profiles/homeserver/transmission.nix
+++ b/profiles/homeserver/transmission.nix
@@ -1,53 +1,83 @@
-{ config, lib, pkgs, ... }: with lib; {
+{ config, lib, ... }: with lib; {
   virtualisation.docker.rootless = {
     enable = true;
     setSocketVariable = true;
   };
 
   users.groups.multimedia = { };
-  users.users.${ivi.username}.extraGroups = [ "multimedia" ];
+  users.users.${my.username}.extraGroups = [ "multimedia" ];
 
   systemd.tmpfiles.rules = [
     "d /data 0770 - multimedia - -"
   ];
 
-  nixpkgs.config.allowUnfreePredicate = pkg:
-    builtins.elem (lib.getName pkg) [
-      "plexmediaserver"
-    ];
-
-  environment.systemPackages = [
-    pkgs.jellyfin-ffmpeg
-  ];
-
   services.nginx = {
     virtualHosts = {
-      "sonarr.${ivi.domain}"  = { locations."/" = { proxyPass = "http://127.0.0.1:8989"; }; };
-      "radarr.${ivi.domain}"  = { locations."/" = { proxyPass = "http://127.0.0.1:7878"; }; };
-      "bazarr.${ivi.domain}"  = { locations."/" = { proxyPass = "http://127.0.0.1:${toString config.services.bazarr.listenPort}"; }; };
-      "readarr.${ivi.domain}"  = { locations."/" = { proxyPass = "http://127.0.0.1:8787"; }; };
-      "prowlarr.${ivi.domain}"  = { locations."/" = { proxyPass = "http://127.0.0.1:9696"; }; };
-      "transmission.${ivi.domain}"  = { locations."/" = { proxyPass = "http://127.0.0.1:9091"; }; };
-      "jellyfin.${ivi.domain}"  = { locations."/" = { proxyPass = "http://127.0.0.1:8096"; }; };
+      "sonarr.${my.domain}"  = { locations."/" = { proxyPass = "http://127.0.0.1:8989"; }; };
+      "radarr.${my.domain}"  = { locations."/" = { proxyPass = "http://127.0.0.1:7878"; }; };
+      "bazarr.${my.domain}"  = { locations."/" = { proxyPass = "http://127.0.0.1:${toString config.services.bazarr.listenPort}"; }; };
+      # "readarr.${my.domain}"  = { locations."/" = { proxyPass = "http://127.0.0.1:8787"; }; };
+      "prowlarr.${my.domain}"  = { locations."/" = { proxyPass = "http://127.0.0.1:9696"; }; };
+      "transmission.${my.domain}"  = { locations."/" = { proxyPass = "http://127.0.0.1:9091"; }; };
+      "jellyfin.${my.domain}"  = { locations."/" = { proxyPass = "http://127.0.0.1:8096"; }; };
     };
   };
-  services = {
-    jellyfin = { enable = true; group = "multimedia"; };
-    sonarr = { enable = true; group = "multimedia"; };
-    radarr = { enable = true; group = "multimedia"; };
-    bazarr = { enable = true; group = "multimedia"; };
-    readarr = { enable = true; group = "multimedia"; };
-    prowlarr = { enable = true; };
-  };
+  # services = {
+  #   jellyfin = { enable = true; group = "multimedia"; };
+  #   sonarr = { enable = true; group = "multimedia"; };
+  #   radarr = { enable = true; group = "multimedia"; };
+  #   bazarr = { enable = true; group = "multimedia"; };
+  #   readarr = { enable = true; group = "multimedia"; };
+  #   prowlarr = { enable = true; };
+  # };
   virtualisation.oci-containers = {
     backend = "docker";
     containers = {
+      prowlarr = {
+        image = "linuxserver/prowlarr";
+        extraOptions = ["--net=host"];
+        volumes = [
+          "/data/config/prowlarr/data:/config"
+        ];
+      };
+      bazarr = {
+        image = "linuxserver/bazarr";
+        extraOptions = ["--net=host"];
+        volumes = [
+          "/data/media:/data"
+          "/data/config/prowlarr/data:/config"
+        ];
+      };
+      radarr = {
+        image = "linuxserver/radarr";
+        extraOptions = ["--net=host"];
+        volumes = [
+          "/data/media:/data"
+          "/data/config/radarr/data:/config"
+        ];
+      };
+      sonarr = {
+        image = "linuxserver/sonarr";
+        extraOptions = ["--net=host"];
+        volumes = [
+          "/data/media:/data"
+          "/data/config/sonarr/data:/config"
+        ];
+      };
+      jellyfin = {
+        image = "jellyfin/jellyfin";
+        extraOptions = ["--net=host"];
+        volumes = [
+          "/data/config/jellyfin/config:/config"
+          "/data/config/jellyfin/cache:/config"
+        ];
+      };
       transmission = {
         image = "haugene/transmission-openvpn";
         extraOptions = ["--cap-add=NET_ADMIN"];
         volumes = [
-          "/config/ovpn:/etc/openvpn/custom"
-          "/config/transmission:/config"
+          "/data/config/ovpn:/etc/openvpn/custom"
+          "/data/config/transmission:/config"
           "/data/torrents:/data/torrents"
         ];
         ports = [
@@ -59,13 +89,6 @@
           config.secrets.transmission.path
         ];
       };
-      # ytdl-sub = {
-      #   image = "ghcr.io/jmbannon/ytdl-sub:latest";
-      #   environment = {
-      #     TZ="";
-      #     DOCKER_MODS="linuxserver/mods:universal-cron";
-      #   };
-      # };
     };
   };
 }