From fdedd6fe4d57a7eebba187cc598d3bdbeb0e2abe Mon Sep 17 00:00:00 2001 From: Zuckerberg Date: Sat, 9 Apr 2022 19:20:15 -0400 Subject: [PATCH] Basic NAS services --- common/server/samba.nix | 2 +- machines/storage/s0/configuration.nix | 139 +++++++++++++++++++++++++- 2 files changed, 139 insertions(+), 2 deletions(-) diff --git a/common/server/samba.nix b/common/server/samba.nix index b7d0544..c47fc26 100644 --- a/common/server/samba.nix +++ b/common/server/samba.nix @@ -83,6 +83,6 @@ "d /var/spool/samba 1777 root root -" ]; - users.groups.public_data = {}; + users.groups.public_data.gid = 994; }; } \ No newline at end of file diff --git a/machines/storage/s0/configuration.nix b/machines/storage/s0/configuration.nix index 95e24c7..68dc9d8 100644 --- a/machines/storage/s0/configuration.nix +++ b/machines/storage/s0/configuration.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, lib, mkVpnContainer, ... }: { imports =[ @@ -32,5 +32,142 @@ openFirewall = true; dataDir = "/data/plex"; }; + + services.jellyfin = { + enable = true; + openFirewall = true; + }; + + services.navidrome = { + enable = true; + settings = { + Address = "127.0.0.1"; + Port = 4533; + MusicFolder = "/data/samba/Public/Plex/Music"; + }; + }; + users.users.${config.services.plex.user}.extraGroups = [ "public_data" ]; + users.users.${config.services.jellyfin.user}.extraGroups = [ "public_data" ]; + users.users.googlebot.extraGroups = [ "transmission" ]; + users.groups.transmission.gid = config.ids.gids.transmission; + + containers.vpn = mkVpnContainer pkgs "/data/samba/Public/Plex" { + services.prowlarr.enable = true; + services.sonarr.enable = true; + services.bazarr.enable = true; + services.radarr.enable = true; + services.lidarr.enable = true; + users.groups.transmission.members = [ "prowlarr" "sonarr" "bazarr" "radarr" "lidarr" ]; + services.transmission = { + enable = true; + performanceNetParameters = true; + settings = { + /* directory settings */ + # "watch-dir" = "/srv/storage/Transmission/To-Download"; + # "watch-dir-enabled" = true; + "download-dir" = "/var/lib/transmission/Downloads"; + "incomplete-dir" = "/var/lib/transmission/.incomplete"; + "incomplete-dir-enabled" = true; + + /* web interface, accessible from local network */ + "rpc-enabled" = true; + "rpc-bind-address" = "0.0.0.0"; + "rpc-whitelist" = "127.0.0.1,192.168.*.*,172.16.*.*"; + "rpc-host-whitelist" = "void,192.168.*.*,172.16.*.*"; + "rpc-host-whitelist-enabled" = false; + + "port-forwarding-enabled" = true; + "peer-port" = 50023; + "peer-port-random-on-start" = false; + + "encryption" = 1; + "lpd-enabled" = true; /* local peer discovery */ + "dht-enabled" = true; /* dht peer discovery in swarm */ + "pex-enabled" = true; /* peer exchange */ + + /* ip blocklist */ + "blocklist-enabled" = true; + "blocklist-updates-enabled" = true; + "blocklist-url" = "https://github.com/Naunter/BT_BlockLists/raw/master/bt_blocklists.gz"; + + /* download speed settings */ + # "speed-limit-down" = 1200; + # "speed-limit-down-enabled" = false; + # "speed-limit-up" = 500; + # "speed-limit-up-enabled" = true; + + /* seeding limit */ + "ratio-limit" = 10; + "ratio-limit-enabled" = true; + + "download-queue-enabled" = true; + "download-queue-size" = 20; # gotta go fast + }; + }; + users.groups.public_data.members = [ "prowlarr" "sonarr" "bazarr" "radarr" "lidarr" "transmission" ]; + users.groups.public_data.gid = 994; + }; + # containers cannot unlock their own secrets right now. unlock it here + age.secrets."pia-login.conf".file = ../../../secrets/pia-login.conf; + boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + # forwarding for vpn container + networking.nat.enable = true; + networking.nat.internalInterfaces = [ + "ve-vpn" # vpn container + ]; + networking.nat.externalInterface = "eth0"; + + # unpackerr + # flaresolverr + + services.nginx.enable = true; + services.nginx.virtualHosts."bazarr.s0".locations."/".proxyPass = "http://172.16.100.2:6767"; + services.nginx.virtualHosts."radarr.s0".locations."/".proxyPass = "http://172.16.100.2:7878"; + services.nginx.virtualHosts."lidarr.s0".locations."/".proxyPass = "http://172.16.100.2:8686"; + services.nginx.virtualHosts."sonarr.s0".locations."/".proxyPass = "http://172.16.100.2:8989"; + services.nginx.virtualHosts."prowlarr.s0".locations."/".proxyPass = "http://172.16.100.2:9696"; + services.nginx.virtualHosts."music.s0".locations."/".proxyPass = "http://localhost:4533"; + services.nginx.virtualHosts."plex.s0".locations."/" = { + proxyPass = "http://localhost:32400"; + proxyWebsockets = true; + }; + services.nginx.virtualHosts."jellyfin.s0".locations."/" = { + proxyPass = "http://localhost:8096"; + proxyWebsockets = true; + }; + services.nginx.virtualHosts."transmission.s0".locations."/" = { + proxyPass = "http://172.16.100.2:9091"; + proxyWebsockets = true; + }; + + nixpkgs.overlays = [ + (final: prev: { + radarr = prev.radarr.overrideAttrs (old: rec { + installPhase = '' + runHook preInstall + mkdir -p $out/{bin,share/${old.pname}-${old.version}} + cp -r * $out/share/${old.pname}-${old.version}/. + makeWrapper "${final.dotnet-runtime}/bin/dotnet" $out/bin/Radarr \ + --add-flags "$out/share/${old.pname}-${old.version}/Radarr.dll" \ + --prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ + final.curl final.sqlite final.libmediainfo final.mono final.openssl final.icu final.zlib ]} + runHook postInstall + ''; + }); + + prowlarr = prev.prowlarr.overrideAttrs (old: { + installPhase = '' + runHook preInstall + mkdir -p $out/{bin,share/${old.pname}-${old.version}} + cp -r * $out/share/${old.pname}-${old.version}/. + makeWrapper "${final.dotnet-runtime}/bin/dotnet" $out/bin/Prowlarr \ + --add-flags "$out/share/${old.pname}-${old.version}/Prowlarr.dll" \ + --prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath [ + final.curl final.sqlite final.libmediainfo final.mono final.openssl final.icu final.zlib ]} + runHook postInstall + ''; + }); + }) + ]; }