From 2c8b007e999135ae40de8a53465bf757db90d3e4 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Sat, 18 Nov 2023 12:49:47 +0100 Subject: [PATCH] set up arr stack on robi --- nixos/components/network/tinc/private.nix | 4 +- nixos/machines/chungus/media-share.nix | 20 ++++----- nixos/machines/chungus/rbackup.nix | 23 ++++++++-- nixos/machines/robi/configuration.nix | 6 ++- nixos/machines/robi/media-arr.nix | 42 +++++++++++++++++++ nixos/machines/robi/media-tdarr.nix | 51 +++++++++++++++++++++++ nixos/modules/services/rbackup.nix | 7 +++- 7 files changed, 135 insertions(+), 18 deletions(-) create mode 100644 nixos/machines/robi/media-tdarr.nix diff --git a/nixos/components/network/tinc/private.nix b/nixos/components/network/tinc/private.nix index 248ea07..2444f72 100644 --- a/nixos/components/network/tinc/private.nix +++ b/nixos/components/network/tinc/private.nix @@ -26,7 +26,9 @@ let "transmission2.robi" = hosts.robi; "sonarr.robi" = hosts.robi; "radarr.robi" = hosts.robi; - "tadarr.robi" = hosts.robi; + "tdarr.robi" = hosts.robi; + "prowlarr.robi" = hosts.robi; + "jellyseerr.robi" = hosts.robi; # pepe "grafana.pepe" = hosts.pepe; "loki.pepe" = hosts.pepe; diff --git a/nixos/machines/chungus/media-share.nix b/nixos/machines/chungus/media-share.nix index 35f9f99..fbcdfcf 100644 --- a/nixos/machines/chungus/media-share.nix +++ b/nixos/machines/chungus/media-share.nix @@ -15,16 +15,16 @@ series = "/media/series"; samples = "/media/samples"; }; - custom.samba-share.private = { - media = { - folder = "/media"; - users = "media"; - }; - temp = { - folder = "/srv/tdarr/transcode_cache"; - users = "media"; - }; - }; + #custom.samba-share.private = { + # media = { + # folder = "/media"; + # users = "media"; + # }; + # temp = { + # folder = "/srv/tdarr/transcode_cache"; + # users = "media"; + # }; + #}; users.groups."media".gid = config.ids.gids.transmission; users.users."media" = { diff --git a/nixos/machines/chungus/rbackup.nix b/nixos/machines/chungus/rbackup.nix index c3c8146..a25d9bf 100644 --- a/nixos/machines/chungus/rbackup.nix +++ b/nixos/machines/chungus/rbackup.nix @@ -23,12 +23,27 @@ src = "root@robi:/var/lib/bitwarden_rs/"; dst = "/mirror/bitwarden_rs"; }; - torrent = { + #torrent = { + # sshKeyPath = config.sops.secrets.rsync_private_key.path; + # src = "root@robi:/media/torrent/downloads/"; + # dst = "/media/torrent"; + # startAt = "00/5:00"; # every 5 hours + #}; + + radarr = { sshKeyPath = config.sops.secrets.rsync_private_key.path; - src = "root@robi:/media/torrent/downloads/"; - dst = "/media/torrent"; - startAt = "00/5:00"; # every 5 hours + src = "root@robi:/media/arr/radarr"; + dst = "/media/arr/radarr"; + delete = false; }; + sonarr = { + sshKeyPath = config.sops.secrets.rsync_private_key.path; + src = "root@robi:/media/arr/sonarr"; + dst = "/media/arr/sonarr"; + delete = false; + }; + + }; diff --git a/nixos/machines/robi/configuration.nix b/nixos/machines/robi/configuration.nix index 862f7e2..f569bab 100644 --- a/nixos/machines/robi/configuration.nix +++ b/nixos/machines/robi/configuration.nix @@ -22,11 +22,12 @@ ./nextcloud.nix ./packages.nix ./taskserver.nix - ./tinc.nix ./vaultwarden.nix ./nginx.nix ./nginx-wkd.nix - ./wireguard.nix + + ./network-tinc.nix + ./network-wireguard.nix ./media-share.nix ./media-jellyfin.nix @@ -34,6 +35,7 @@ ./media-transmission.nix ./media-transmission2.nix ./media-arr.nix + ./media-tdarr.nix ./social-jitsi.nix diff --git a/nixos/machines/robi/media-arr.nix b/nixos/machines/robi/media-arr.nix index 229bc18..4fd1632 100644 --- a/nixos/machines/robi/media-arr.nix +++ b/nixos/machines/robi/media-arr.nix @@ -1,17 +1,39 @@ { config, ... }: { + networking.firewall.interfaces.wg0.allowedTCPPorts = [ 7878 8989 ]; + + # download series services.sonarr = { enable = true; group = "media"; user = "media"; }; + # download movies services.radarr = { enable = true; group = "media"; user = "media"; }; + # better indexer apis + services.prowlarr = { + enable = true; + #group = "media"; + #user = "media"; + }; + + services.jellyseerr = { + enable = true; + }; + + services.permown."/media/arr" = { + owner = "media"; + group = "media"; + directory-mode = "770"; + file-mode = "770"; + }; + services.nginx.virtualHosts = { "radarr.${config.networking.hostName}.private" = { extraConfig = '' @@ -33,6 +55,26 @@ proxyWebsockets = true; }; }; + "prowlarr.${config.networking.hostName}.private" = { + extraConfig = '' + allow ${config.tinc.private.subnet}; + deny all; + ''; + locations."/" = { + proxyPass = "http://localhost:9696"; + proxyWebsockets = true; + }; + }; + "jellyseerr.${config.networking.hostName}.private" = { + extraConfig = '' + allow ${config.tinc.private.subnet}; + deny all; + ''; + locations."/" = { + proxyPass = "http://localhost:${toString config.services.jellyseerr.port}"; + proxyWebsockets = true; + }; + }; }; } diff --git a/nixos/machines/robi/media-tdarr.nix b/nixos/machines/robi/media-tdarr.nix new file mode 100644 index 0000000..cd2c418 --- /dev/null +++ b/nixos/machines/robi/media-tdarr.nix @@ -0,0 +1,51 @@ +{ config, lib, pkgs, ... }: +{ + + # https://docs.tdarr.io/docs/installation/docker/run-compose + virtualisation.oci-containers = { + containers.tdarr = { + volumes = [ + "/media/arr/tdarr/server:/app/server" + "/media/arr/tdarr/configs:/app/configs" + "/media/arr/tdarr/logs:/app/logs" + "/media/arr/tdarr/transcode_cache:/temp" + "/media:/media" + ]; + environment = { + serverIP = "0.0.0.0"; + serverPort = "8266"; + webUIPort = "8265"; + internalNode = "true"; + inContainer = "true"; + nodeName = "robi"; + TZ = "Europe/Berlin"; + PUID = toString config.users.users.media.uid; + PGID = toString config.users.groups.media.gid; + }; + ports = [ + "8265:8265" # WebUI + "8266:8266" # server port + ]; + image = "ghcr.io/haveagitgat/tdarr:latest"; # Warning: if the tag does not change, the image will not be updated + #extraOptions = [ "--network=bridge" ]; + }; + }; + + #networking.firewall.interfaces.wq0.allowedTCPPorts = [ 8266 ]; + #networking.firewall.interfaces.wq0.allowedUDPPorts = [ 8266 ]; + + #networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ 8266 ]; + #networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ 8266 ]; + + services.nginx.virtualHosts."tdarr.${config.networking.hostName}.private" = { + extraConfig = '' + allow ${config.tinc.private.subnet}; + deny all; + ''; + locations."/" = { + proxyPass = "http://localhost:8265"; + proxyWebsockets = true; + }; + }; + +} diff --git a/nixos/modules/services/rbackup.nix b/nixos/modules/services/rbackup.nix index ca861c1..68296e7 100644 --- a/nixos/modules/services/rbackup.nix +++ b/nixos/modules/services/rbackup.nix @@ -19,7 +19,7 @@ let rsync \ --rsh=${escape ssh} \ --append -avz \ - --delete \ + ${optionalString plan.delete "--delete"} \ "$rsync_src/" \ "$rsync_dst" ''; @@ -45,6 +45,11 @@ in default = "hourly"; type = with types; nullOr str; # TODO systemd.time(7)'s calendar event }; + delete = mkOption { + type = types.bool; + default = true; + description = "delete old files (adds the --delete argument to rsync)"; + }; timerConfig = mkOption { type = with types; attrsOf str; default = optionalAttrs (config.startAt != null) {