nixos/components/network/tinc/private.nix

@@ -26,9 +26,7 @@ let
     "transmission2.robi" = hosts.robi;
     "sonarr.robi" = hosts.robi;
     "radarr.robi" = hosts.robi;
-    "tdarr.robi" = hosts.robi;
+    "tadarr.robi" = hosts.robi;
-    "prowlarr.robi" = hosts.robi;
-    "jellyseerr.robi" = hosts.robi;
     # pepe
     "grafana.pepe" = hosts.pepe;
     "loki.pepe" = hosts.pepe;

nixos/machines/chungus/configuration.nix

@@ -22,11 +22,11 @@
     #./mail-fetcher.nix
 
     #./borg.nix
-    ./taskwarrior-autotag.nix
+    #./taskwarrior-pushover.nix
 
     ./media-share.nix
     ./media-audiobookshelf.nix
-    #./media-tdarr.nix
+    ./media-tdarr.nix
     ./media-jellyfin.nix
     ./media-youtube.nix
     ./media-castget.nix

nixos/machines/chungus/media-share.nix

@@ -15,16 +15,16 @@
     series = "/media/series";
     samples = "/media/samples";
   };
-  #custom.samba-share.private = {
+  custom.samba-share.private = {
-  #  media = {
+    media = {
-  #    folder = "/media";
+      folder = "/media";
-  #    users = "media";
+      users = "media";
-  #  };
+    };
-  #  temp = {
+    temp = {
-  #    folder = "/srv/tdarr/transcode_cache";
+      folder = "/srv/tdarr/transcode_cache";
-  #    users = "media";
+      users = "media";
-  #  };
+    };
-  #};
+  };
 
   users.groups."media".gid = config.ids.gids.transmission;
   users.users."media" = {

nixos/machines/chungus/media-youtube.nix

@@ -120,11 +120,11 @@ let
       target = "/media/youtube/channels/Jules";
       output = "%(channel)s S%(upload_date>%Y)sE%(upload_date>%m%d)s %(title)s.%(ext)s";
     };
-    #UrknallWeltallLeben = {
+    UrknallWeltallLeben = {
-    #  url = "https://youtube.com/@UrknallWeltallLeben";
+      url = "https://youtube.com/@UrknallWeltallLeben";
-    #  target = "/media/youtube/channels/Urknall Weltall Leben";
+      target = "/media/youtube/channels/Urknall Weltall Leben";
-    #  output = "%(channel)s S%(upload_date>%Y)sE%(upload_date>%m%d)s %(title)s.%(ext)s";
+      output = "%(channel)s S%(upload_date>%Y)sE%(upload_date>%m%d)s %(title)s.%(ext)s";
-    #};
+    };
     ColdMirrorProdukte = {
       url = "https://www.youtube.com/watch?list=PLDvBqWb1UAGckU8CEJ8kDsk3ii8bbHT-s";
       target = "/media/youtube/channels/ColdMirror ProduktBeschreibungen";

nixos/machines/chungus/rbackup.nix

@@ -23,27 +23,12 @@
       src = "root@robi:/var/lib/bitwarden_rs/";
       dst = "/mirror/bitwarden_rs";
     };
-    #torrent = {
+    torrent = {
-    #  sshKeyPath = config.sops.secrets.rsync_private_key.path;
-    #  src = "root@robi:/media/torrent/downloads/";
-    #  dst = "/media/torrent";
-    #  startAt = "00/5:00"; # every 5 hours
-    #};
-
-    radarr = {
       sshKeyPath = config.sops.secrets.rsync_private_key.path;
-      src = "root@robi:/media/arr/radarr";
+      src = "root@robi:/media/torrent/downloads/";
-      dst = "/media/arr/radarr";
+      dst = "/media/torrent";
-      delete = false;
+      startAt = "00/5:00"; # every 5 hours
     };
-    sonarr = {
-      sshKeyPath = config.sops.secrets.rsync_private_key.path;
-      src = "root@robi:/media/arr/sonarr";
-      dst = "/media/arr/sonarr";
-      delete = false;
-    };
-
-
   };
 
 

nixos/machines/chungus/taskwarrior-autotag.nix

@@ -1,28 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  sops.secrets.autotagTaskwarriorCa = {
-    owner = "taskwarrior-autotag";
-    key = "taskwarriorCa";
-  };
-  sops.secrets.autotagTaskwarriorCertificate = {
-    owner = "taskwarrior-autotag";
-    key = "taskwarriorCertificate";
-  };
-  sops.secrets.autotagTaskwarriorKey = {
-    owner = "taskwarrior-autotag";
-    key = "taskwarriorKey";
-  };
-
-  services.taskwarrior-autotag = {
-    enable = true;
-    recurrence = "off";
-    onCalendar = "hourly";
-    server = "taskd.ingolf-wagner.de:53589";
-    caFile = config.sops.secrets.autotagTaskwarriorCa.path;
-    certificateFile = config.sops.secrets.autotagTaskwarriorCertificate.path;
-    keyFile = config.sops.secrets.autotagTaskwarriorKey.path;
-    credentials = "1337/palo/ad40dce8-4b38-4011-b032-60a91b6f22cd";
-  };
-
-}

nixos/machines/robi/configuration.nix

@@ -22,12 +22,11 @@
     ./nextcloud.nix
     ./packages.nix
     ./taskserver.nix
+    ./tinc.nix
     ./vaultwarden.nix
     ./nginx.nix
     ./nginx-wkd.nix
-
+    ./wireguard.nix
-    ./network-tinc.nix
-    ./network-wireguard.nix
 
     ./media-share.nix
     ./media-jellyfin.nix
@@ -35,7 +34,6 @@
     ./media-transmission.nix
     ./media-transmission2.nix
     ./media-arr.nix
-    ./media-tdarr.nix
 
     ./social-jitsi.nix
 

nixos/machines/robi/media-arr.nix

@@ -1,39 +1,17 @@
 { config, ... }:
 {
-  networking.firewall.interfaces.wg0.allowedTCPPorts = [ 7878 8989 ];
-
-  # download series
   services.sonarr = {
     enable = true;
     group = "media";
     user = "media";
   };
 
-  # download movies
   services.radarr = {
     enable = true;
     group = "media";
     user = "media";
   };
 
-  # better indexer apis
-  services.prowlarr = {
-    enable = true;
-    #group = "media";
-    #user = "media";
-  };
-
-  services.jellyseerr = {
-    enable = true;
-  };
-
-  services.permown."/media/arr" = {
-    owner = "media";
-    group = "media";
-    directory-mode = "770";
-    file-mode = "770";
-  };
-
   services.nginx.virtualHosts = {
     "radarr.${config.networking.hostName}.private" = {
       extraConfig = ''
@@ -55,26 +33,6 @@
         proxyWebsockets = true;
       };
     };
-    "prowlarr.${config.networking.hostName}.private" = {
-      extraConfig = ''
-        allow ${config.tinc.private.subnet};
-        deny all;
-      '';
-      locations."/" = {
-        proxyPass = "http://localhost:9696";
-        proxyWebsockets = true;
-      };
-    };
-    "jellyseerr.${config.networking.hostName}.private" = {
-      extraConfig = ''
-        allow ${config.tinc.private.subnet};
-        deny all;
-      '';
-      locations."/" = {
-        proxyPass = "http://localhost:${toString config.services.jellyseerr.port}";
-        proxyWebsockets = true;
-      };
-    };
   };
 
 }

nixos/machines/robi/media-tdarr.nix

@@ -1,51 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
-
-  # https://docs.tdarr.io/docs/installation/docker/run-compose
-  virtualisation.oci-containers = {
-    containers.tdarr = {
-      volumes = [
-        "/media/arr/tdarr/server:/app/server"
-        "/media/arr/tdarr/configs:/app/configs"
-        "/media/arr/tdarr/logs:/app/logs"
-        "/media/arr/tdarr/transcode_cache:/temp"
-        "/media:/media"
-      ];
-      environment = {
-        serverIP = "0.0.0.0";
-        serverPort = "8266";
-        webUIPort = "8265";
-        internalNode = "true";
-        inContainer = "true";
-        nodeName = "robi";
-        TZ = "Europe/Berlin";
-        PUID = toString config.users.users.media.uid;
-        PGID = toString config.users.groups.media.gid;
-      };
-      ports = [
-        "8265:8265" # WebUI
-        "8266:8266" # server port
-      ];
-      image = "ghcr.io/haveagitgat/tdarr:latest"; # Warning: if the tag does not change, the image will not be updated
-      #extraOptions = [ "--network=bridge" ];
-    };
-  };
-
-  #networking.firewall.interfaces.wq0.allowedTCPPorts = [ 8266 ];
-  #networking.firewall.interfaces.wq0.allowedUDPPorts = [ 8266 ];
-
-  #networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ 8266 ];
-  #networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ 8266 ];
-
-  services.nginx.virtualHosts."tdarr.${config.networking.hostName}.private" = {
-    extraConfig = ''
-      allow ${config.tinc.private.subnet};
-      deny all;
-    '';
-    locations."/" = {
-      proxyPass = "http://localhost:8265";
-      proxyWebsockets = true;
-    };
-  };
-
-}

nixos/machines/robi/telegraf.nix

@@ -8,18 +8,9 @@
       };
       # https://github.com/influxdata/telegraf/tree/master/plugins/inputs < all them plugins
       inputs = {
-        cpu = {
+        cpu = { };
-          percpu = true;
-          totalcpu = true;
-        };
-        disk = { };
         diskio = { };
-        kernel = { };
-        mem = { };
         processes = { };
-        netstat = { };
-        net = { };
-        system = { };
         systemd_units = { };
         nginx.urls = [ "http://localhost/nginx_status" ];
       };

nixos/machines/robi/wireguard.nix

@@ -1,6 +1,6 @@
 { pkgs, config, ... }:
 {
-  # networking.firewall.trustedInterfaces = [ "wg0" ];
+  networking.firewall.trustedInterfaces = [ "wg0" ];
   networking.firewall.allowedUDPPorts = [ 51820 ];
   sops.secrets.wireguard_private = { };
   boot.kernel.sysctl."net.ipv4.ip_forward" = true;

nixos/modules/services/rbackup.nix

@@ -19,7 +19,7 @@ let
       rsync \
           --rsh=${escape ssh} \
           --append -avz \
-          ${optionalString plan.delete "--delete"} \
+          --delete \
           "$rsync_src/" \
           "$rsync_dst"
     '';
@@ -45,11 +45,6 @@ in
               default = "hourly";
               type = with types; nullOr str; # TODO systemd.time(7)'s calendar event
             };
-            delete = mkOption {
-              type = types.bool;
-              default = true;
-              description = "delete old files (adds the --delete argument to rsync)";
-            };
             timerConfig = mkOption {
               type = with types; attrsOf str;
               default = optionalAttrs (config.startAt != null) {