2024-10-21 12:31:30 +07:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
lib,
|
|
|
|
pkgs,
|
|
|
|
...
|
|
|
|
}:
|
2024-08-20 21:32:35 +07:00
|
|
|
let
|
|
|
|
name = "soulseek";
|
|
|
|
podman = config.profile.podman;
|
|
|
|
inherit (lib) mkIf;
|
|
|
|
ip = "10.88.60.80";
|
|
|
|
image = "ghcr.io/fletchto99/nicotine-plus-docker:latest";
|
|
|
|
rootVolume = "/nas/podman/soulseek";
|
|
|
|
rootVolumeMusic = "/nas/Syncthing/Sync/Music";
|
|
|
|
domain = "${name}.tigor.web.id";
|
|
|
|
user = config.profile.user;
|
|
|
|
uid = toString user.uid;
|
|
|
|
gid = toString user.gid;
|
|
|
|
in
|
|
|
|
{
|
|
|
|
config = mkIf (podman.enable && podman.${name}.enable) {
|
|
|
|
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
2024-09-04 20:33:25 +07:00
|
|
|
@require_auth not remote_ip private_ranges
|
|
|
|
|
2024-10-28 21:38:34 +07:00
|
|
|
basic_auth @require_auth {
|
|
|
|
{$AUTH_USERNAME} {$AUTH_PASSWORD}
|
2024-09-04 20:33:25 +07:00
|
|
|
}
|
|
|
|
|
2024-08-20 21:32:35 +07:00
|
|
|
reverse_proxy ${ip}:6080
|
|
|
|
'';
|
|
|
|
|
2024-11-24 20:16:30 +07:00
|
|
|
services.nginx.virtualHosts.${domain} = {
|
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
|
|
|
proxyPass = "http://${ip}:6080";
|
|
|
|
proxyWebsockets = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-08-20 21:32:35 +07:00
|
|
|
system.activationScripts."podman-${name}" = ''
|
|
|
|
mkdir -p ${rootVolume}/{config,downloads,incomplete}
|
|
|
|
chown ${uid}:${gid} ${rootVolume} ${rootVolume}/{config,downloads,incomplete}
|
|
|
|
'';
|
|
|
|
|
2024-08-21 21:18:54 +07:00
|
|
|
# Soulseek only autoscans on startup
|
|
|
|
#
|
|
|
|
# Once a day at 4am, restart the container to trigger a rescan
|
|
|
|
systemd =
|
|
|
|
let
|
|
|
|
serviceName = "podman-${name}-autorestart";
|
|
|
|
in
|
|
|
|
{
|
|
|
|
services.${serviceName} = {
|
|
|
|
description = "Podman container ${name} autorestart";
|
|
|
|
serviceConfig = {
|
|
|
|
Type = "oneshot";
|
|
|
|
ExecStart = "${pkgs.podman}/bin/podman restart ${name}";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
timers.${serviceName} = {
|
|
|
|
description = "Podman container ${name} autorestart";
|
|
|
|
timerConfig = {
|
|
|
|
OnCalendar = "*-*-* 04:00:00";
|
|
|
|
};
|
|
|
|
wantedBy = [ "timers.target" ];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-08-20 21:32:35 +07:00
|
|
|
virtualisation.oci-containers.containers.${name} = {
|
|
|
|
inherit image;
|
|
|
|
hostname = name;
|
|
|
|
autoStart = true;
|
|
|
|
environment = {
|
|
|
|
TZ = "Asia/Jakarta";
|
|
|
|
PUID = uid;
|
|
|
|
PGID = gid;
|
|
|
|
};
|
|
|
|
volumes = [
|
|
|
|
"${rootVolume}/config:/config"
|
|
|
|
"${rootVolume}/incomplete:/data/incomplete_downloads"
|
|
|
|
"${rootVolumeMusic}:/data/shared"
|
|
|
|
];
|
2024-10-21 12:31:30 +07:00
|
|
|
ports = [ "2234-2239:2234-2239" ];
|
2024-08-20 21:32:35 +07:00
|
|
|
extraOptions = [
|
|
|
|
"--network=podman"
|
|
|
|
"--ip=${ip}"
|
|
|
|
"--security-opt=seccomp=unconfined"
|
|
|
|
"--device=/dev/dri:/dev/dri"
|
|
|
|
];
|
|
|
|
labels = {
|
|
|
|
"io.containers.autoupdate" = "registry";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
}
|