add taskwarrior autotag

nixos/components/network/tinc/private.nix

@@ -26,7 +26,9 @@ let
     "transmission2.robi" = hosts.robi;
     "sonarr.robi" = hosts.robi;
     "radarr.robi" = hosts.robi;
-    "tadarr.robi" = hosts.robi;
+    "tdarr.robi" = hosts.robi;
+    "prowlarr.robi" = hosts.robi;
+    "jellyseerr.robi" = hosts.robi;
     # pepe
     "grafana.pepe" = hosts.pepe;
     "loki.pepe" = hosts.pepe;

nixos/machines/chungus/configuration.nix

@@ -22,11 +22,11 @@
     #./mail-fetcher.nix
 
     #./borg.nix
-    #./taskwarrior-pushover.nix
+    ./taskwarrior-autotag.nix
 
     ./media-share.nix
     ./media-audiobookshelf.nix
-    ./media-tdarr.nix
+    #./media-tdarr.nix
     ./media-jellyfin.nix
     ./media-youtube.nix
     ./media-castget.nix

nixos/machines/chungus/media-share.nix

@@ -15,16 +15,16 @@
     series = "/media/series";
     samples = "/media/samples";
   };
-  custom.samba-share.private = {
-    media = {
-      folder = "/media";
-      users = "media";
-    };
-    temp = {
-      folder = "/srv/tdarr/transcode_cache";
-      users = "media";
-    };
-  };
+  #custom.samba-share.private = {
+  #  media = {
+  #    folder = "/media";
+  #    users = "media";
+  #  };
+  #  temp = {
+  #    folder = "/srv/tdarr/transcode_cache";
+  #    users = "media";
+  #  };
+  #};
 
   users.groups."media".gid = config.ids.gids.transmission;
   users.users."media" = {

nixos/machines/chungus/media-youtube.nix

@@ -120,11 +120,11 @@ let
       target = "/media/youtube/channels/Jules";
       output = "%(channel)s S%(upload_date>%Y)sE%(upload_date>%m%d)s %(title)s.%(ext)s";
     };
-    UrknallWeltallLeben = {
-      url = "https://youtube.com/@UrknallWeltallLeben";
-      target = "/media/youtube/channels/Urknall Weltall Leben";
-      output = "%(channel)s S%(upload_date>%Y)sE%(upload_date>%m%d)s %(title)s.%(ext)s";
-    };
+    #UrknallWeltallLeben = {
+    #  url = "https://youtube.com/@UrknallWeltallLeben";
+    #  target = "/media/youtube/channels/Urknall Weltall Leben";
+    #  output = "%(channel)s S%(upload_date>%Y)sE%(upload_date>%m%d)s %(title)s.%(ext)s";
+    #};
     ColdMirrorProdukte = {
       url = "https://www.youtube.com/watch?list=PLDvBqWb1UAGckU8CEJ8kDsk3ii8bbHT-s";
       target = "/media/youtube/channels/ColdMirror ProduktBeschreibungen";

nixos/machines/chungus/rbackup.nix

@@ -23,12 +23,27 @@
       src = "root@robi:/var/lib/bitwarden_rs/";
       dst = "/mirror/bitwarden_rs";
     };
-    torrent = {
+    #torrent = {
+    #  sshKeyPath = config.sops.secrets.rsync_private_key.path;
+    #  src = "root@robi:/media/torrent/downloads/";
+    #  dst = "/media/torrent";
+    #  startAt = "00/5:00"; # every 5 hours
+    #};
+
+    radarr = {
       sshKeyPath = config.sops.secrets.rsync_private_key.path;
-      src = "root@robi:/media/torrent/downloads/";
-      dst = "/media/torrent";
-      startAt = "00/5:00"; # every 5 hours
+      src = "root@robi:/media/arr/radarr";
+      dst = "/media/arr/radarr";
+      delete = false;
     };
+    sonarr = {
+      sshKeyPath = config.sops.secrets.rsync_private_key.path;
+      src = "root@robi:/media/arr/sonarr";
+      dst = "/media/arr/sonarr";
+      delete = false;
+    };
+
+
   };
 
 

nixos/machines/chungus/taskwarrior-autotag.nix

@@ -0,0 +1,28 @@
+{ config, lib, pkgs, ... }:
+
+{
+  sops.secrets.autotagTaskwarriorCa = {
+    owner = "taskwarrior-autotag";
+    key = "taskwarriorCa";
+  };
+  sops.secrets.autotagTaskwarriorCertificate = {
+    owner = "taskwarrior-autotag";
+    key = "taskwarriorCertificate";
+  };
+  sops.secrets.autotagTaskwarriorKey = {
+    owner = "taskwarrior-autotag";
+    key = "taskwarriorKey";
+  };
+
+  services.taskwarrior-autotag = {
+    enable = true;
+    recurrence = "off";
+    onCalendar = "hourly";
+    server = "taskd.ingolf-wagner.de:53589";
+    caFile = config.sops.secrets.autotagTaskwarriorCa.path;
+    certificateFile = config.sops.secrets.autotagTaskwarriorCertificate.path;
+    keyFile = config.sops.secrets.autotagTaskwarriorKey.path;
+    credentials = "1337/palo/ad40dce8-4b38-4011-b032-60a91b6f22cd";
+  };
+
+}

nixos/machines/robi/configuration.nix

@@ -22,11 +22,12 @@
     ./nextcloud.nix
     ./packages.nix
     ./taskserver.nix
-    ./tinc.nix
     ./vaultwarden.nix
     ./nginx.nix
     ./nginx-wkd.nix
-    ./wireguard.nix
+
+    ./network-tinc.nix
+    ./network-wireguard.nix
 
     ./media-share.nix
     ./media-jellyfin.nix
@@ -34,6 +35,7 @@
     ./media-transmission.nix
     ./media-transmission2.nix
     ./media-arr.nix
+    ./media-tdarr.nix
 
     ./social-jitsi.nix
 

nixos/machines/robi/media-arr.nix

@@ -1,17 +1,39 @@
 { config, ... }:
 {
+  networking.firewall.interfaces.wg0.allowedTCPPorts = [ 7878 8989 ];
+
+  # download series
   services.sonarr = {
     enable = true;
     group = "media";
     user = "media";
   };
 
+  # download movies
   services.radarr = {
     enable = true;
     group = "media";
     user = "media";
   };
 
+  # better indexer apis
+  services.prowlarr = {
+    enable = true;
+    #group = "media";
+    #user = "media";
+  };
+
+  services.jellyseerr = {
+    enable = true;
+  };
+
+  services.permown."/media/arr" = {
+    owner = "media";
+    group = "media";
+    directory-mode = "770";
+    file-mode = "770";
+  };
+
   services.nginx.virtualHosts = {
     "radarr.${config.networking.hostName}.private" = {
       extraConfig = ''
@@ -33,6 +55,26 @@
         proxyWebsockets = true;
       };
     };
+    "prowlarr.${config.networking.hostName}.private" = {
+      extraConfig = ''
+        allow ${config.tinc.private.subnet};
+        deny all;
+      '';
+      locations."/" = {
+        proxyPass = "http://localhost:9696";
+        proxyWebsockets = true;
+      };
+    };
+    "jellyseerr.${config.networking.hostName}.private" = {
+      extraConfig = ''
+        allow ${config.tinc.private.subnet};
+        deny all;
+      '';
+      locations."/" = {
+        proxyPass = "http://localhost:${toString config.services.jellyseerr.port}";
+        proxyWebsockets = true;
+      };
+    };
   };
 
 }

nixos/machines/robi/media-tdarr.nix

@@ -0,0 +1,51 @@
+{ config, lib, pkgs, ... }:
+{
+
+  # https://docs.tdarr.io/docs/installation/docker/run-compose
+  virtualisation.oci-containers = {
+    containers.tdarr = {
+      volumes = [
+        "/media/arr/tdarr/server:/app/server"
+        "/media/arr/tdarr/configs:/app/configs"
+        "/media/arr/tdarr/logs:/app/logs"
+        "/media/arr/tdarr/transcode_cache:/temp"
+        "/media:/media"
+      ];
+      environment = {
+        serverIP = "0.0.0.0";
+        serverPort = "8266";
+        webUIPort = "8265";
+        internalNode = "true";
+        inContainer = "true";
+        nodeName = "robi";
+        TZ = "Europe/Berlin";
+        PUID = toString config.users.users.media.uid;
+        PGID = toString config.users.groups.media.gid;
+      };
+      ports = [
+        "8265:8265" # WebUI
+        "8266:8266" # server port
+      ];
+      image = "ghcr.io/haveagitgat/tdarr:latest"; # Warning: if the tag does not change, the image will not be updated
+      #extraOptions = [ "--network=bridge" ];
+    };
+  };
+
+  #networking.firewall.interfaces.wq0.allowedTCPPorts = [ 8266 ];
+  #networking.firewall.interfaces.wq0.allowedUDPPorts = [ 8266 ];
+
+  #networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ 8266 ];
+  #networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ 8266 ];
+
+  services.nginx.virtualHosts."tdarr.${config.networking.hostName}.private" = {
+    extraConfig = ''
+      allow ${config.tinc.private.subnet};
+      deny all;
+    '';
+    locations."/" = {
+      proxyPass = "http://localhost:8265";
+      proxyWebsockets = true;
+    };
+  };
+
+}

nixos/machines/robi/network-wireguard.nix

@@ -1,6 +1,6 @@
 { pkgs, config, ... }:
 {
-  networking.firewall.trustedInterfaces = [ "wg0" ];
+  # networking.firewall.trustedInterfaces = [ "wg0" ];
   networking.firewall.allowedUDPPorts = [ 51820 ];
   sops.secrets.wireguard_private = { };
   boot.kernel.sysctl."net.ipv4.ip_forward" = true;

nixos/machines/robi/telegraf.nix

@@ -8,9 +8,18 @@
       };
       # https://github.com/influxdata/telegraf/tree/master/plugins/inputs < all them plugins
       inputs = {
-        cpu = { };
+        cpu = {
+          percpu = true;
+          totalcpu = true;
+        };
+        disk = { };
         diskio = { };
+        kernel = { };
+        mem = { };
         processes = { };
+        netstat = { };
+        net = { };
+        system = { };
         systemd_units = { };
         nginx.urls = [ "http://localhost/nginx_status" ];
       };

nixos/modules/services/rbackup.nix

@@ -19,7 +19,7 @@ let
       rsync \
           --rsh=${escape ssh} \
           --append -avz \
-          --delete \
+          ${optionalString plan.delete "--delete"} \
           "$rsync_src/" \
           "$rsync_dst"
     '';
@@ -45,6 +45,11 @@ in
               default = "hourly";
               type = with types; nullOr str; # TODO systemd.time(7)'s calendar event
             };
+            delete = mkOption {
+              type = types.bool;
+              default = true;
+              description = "delete old files (adds the --delete argument to rsync)";
+            };
             timerConfig = mkOption {
               type = with types; attrsOf str;
               default = optionalAttrs (config.startAt != null) {