From 44be975d4be88b98d8b5b332b8bc5c667162ad33 Mon Sep 17 00:00:00 2001 From: Tigor Hutasuhut Date: Tue, 20 Aug 2024 21:32:35 +0700 Subject: [PATCH] server: added soulseek podman and navidrome services --- options/podman.nix | 1 + options/services.nix | 1 + profiles/homeserver.nix | 2 ++ secrets/soulseek.yaml | 22 ++++++++++++++ system/podman/default.nix | 1 + system/podman/soulseek.nix | 55 +++++++++++++++++++++++++++++++++++ system/services/default.nix | 1 + system/services/navidrome.nix | 24 +++++++++++++++ 8 files changed, 107 insertions(+) create mode 100644 secrets/soulseek.yaml create mode 100644 system/podman/soulseek.nix create mode 100644 system/services/navidrome.nix diff --git a/options/podman.nix b/options/podman.nix index e55b9b5..5a58ca2 100644 --- a/options/podman.nix +++ b/options/podman.nix @@ -16,6 +16,7 @@ in minecraft.enable = mkEnableOption "minecraft server podman"; memos.enable = mkEnableOption "memos podman"; morphos.enable = mkEnableOption "morphos podman"; + soulseek.enable = mkEnableOption "soulseek podman"; servarr = { enable = mkEnableOption "servarr group"; diff --git a/options/services.nix b/options/services.nix index 0642bba..43e198e 100644 --- a/options/services.nix +++ b/options/services.nix @@ -21,5 +21,6 @@ in rust-motd.enable = mkEnableOption "rust-motd"; wireguard.enable = mkEnableOption "wireguard"; photoprism.enable = mkEnableOption "photoprism"; + navidrome.enable = mkEnableOption "navidrome"; }; } diff --git a/profiles/homeserver.nix b/profiles/homeserver.nix index 5722640..08cf07d 100644 --- a/profiles/homeserver.nix +++ b/profiles/homeserver.nix @@ -40,6 +40,7 @@ minecraft.enable = true; memos.enable = true; morphos.enable = true; + soulseek.enable = true; }; docker = { @@ -67,6 +68,7 @@ rust-motd.enable = true; wireguard.enable = true; photoprism.enable = true; + navidrome.enable = true; }; }; } diff --git a/secrets/soulseek.yaml b/secrets/soulseek.yaml new file mode 100644 index 0000000..881ab00 --- /dev/null +++ b/secrets/soulseek.yaml @@ -0,0 +1,22 @@ +soulseek: + env: ENC[AES256_GCM,data:r9AABW2U8Zr4fnYwF66SkJts/ljRyLsqpXQZWMQdtRpe6bkSY+s7hwXYVexjp1UVruLcAu+x7A==,iv:rngXQd3Xn/8nl5fE33BDQl++EGdHMMJPvg9KQfDA/II=,tag:r5WvaCGpo6pq8SgYEwv3UA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRZWNVU2szamhkZFlBcjF1 + UDZxZHJqZjRETCs1YlpHUTFtUmFWWGErbENJClNJNWxkVVc1YXBxdVRXVCt2SGRy + SVdRY2lYOW9Ob1d6ZUkrYWJ2Yno4WlkKLS0tIFBMT3FGdVhWRDVaTnNYTlpuZ2x1 + M3NzdHlsL2hENll3QnVBaXBiN2JPRzgKytdiV9iYS69v1+ub790lu4sPaMe4Auac + dnYZHUyMBFqvHjdQH+y4wYZ+k/O6vLwWJE0uR7ErhShrpLQmYVwdAw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-08-20T12:21:42Z" + mac: ENC[AES256_GCM,data:n4zNdElxX38hgAUpVNpbfSlyFedriNoB1jXB8whrXVVu/X7Y5GX2Jg1sxNjLGrY/UXHen2sc7v25iz+2eM/IGXZhKn9ZOfuLUedRyR4wJP48h1RsPt9a20Mo6dTsUKHnyHBbbGA2iLlmt815yUtEwQPbj28SMGh1Ir6ppxNrLvI=,iv:3lC6pSyB1K7gN8yHhfaLL8JEa9pwTSKqMKgTlxDK9XU=,tag:fALAy3QdW0iTIu+vv4T5qw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/system/podman/default.nix b/system/podman/default.nix index 1175063..9de113a 100644 --- a/system/podman/default.nix +++ b/system/podman/default.nix @@ -50,6 +50,7 @@ in ./redmage-demo.nix ./redmage.nix ./servarr + ./soulseek.nix ./suwayomi.nix ./ytptube.nix ]; diff --git a/system/podman/soulseek.nix b/system/podman/soulseek.nix new file mode 100644 index 0000000..6144c85 --- /dev/null +++ b/system/podman/soulseek.nix @@ -0,0 +1,55 @@ +{ config, lib, ... }: +let + name = "soulseek"; + podman = config.profile.podman; + inherit (lib) mkIf; + ip = "10.88.60.80"; + image = "ghcr.io/fletchto99/nicotine-plus-docker:latest"; + rootVolume = "/nas/podman/soulseek"; + rootVolumeMusic = "/nas/Syncthing/Sync/Music"; + domain = "${name}.tigor.web.id"; + user = config.profile.user; + uid = toString user.uid; + gid = toString user.gid; +in +{ + config = mkIf (podman.enable && podman.${name}.enable) { + services.caddy.virtualHosts.${domain}.extraConfig = '' + reverse_proxy ${ip}:6080 + ''; + + system.activationScripts."podman-${name}" = '' + mkdir -p ${rootVolume}/{config,downloads,incomplete} + chown ${uid}:${gid} ${rootVolume} ${rootVolume}/{config,downloads,incomplete} + ''; + + virtualisation.oci-containers.containers.${name} = { + inherit image; + hostname = name; + autoStart = true; + environment = { + TZ = "Asia/Jakarta"; + PUID = uid; + PGID = gid; + }; + volumes = [ + "${rootVolume}/config:/config" + "${rootVolume}/incomplete:/data/incomplete_downloads" + "${rootVolumeMusic}:/data/shared" + ]; + ports = [ + "2234-2239:2234-2239" + ]; + extraOptions = [ + "--network=podman" + "--ip=${ip}" + "--security-opt=seccomp=unconfined" + "--device=/dev/dri:/dev/dri" + ]; + labels = { + "io.containers.autoupdate" = "registry"; + }; + }; + }; + +} diff --git a/system/services/default.nix b/system/services/default.nix index 0a82fce..81266e1 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -6,6 +6,7 @@ ./forgejo.nix ./jellyfin.nix ./kavita.nix + ./navidrome.nix ./nextcloud.nix ./openvpn.nix ./rust-motd.nix diff --git a/system/services/navidrome.nix b/system/services/navidrome.nix new file mode 100644 index 0000000..828ff16 --- /dev/null +++ b/system/services/navidrome.nix @@ -0,0 +1,24 @@ +{ config, lib, ... }: +let + cfg = config.profile.services.navidrome; + user = config.profile.user; + inherit (lib) mkIf; +in +{ + config = mkIf cfg.enable { + services.caddy.virtualHosts."navidrome.tigor.web.id".extraConfig = '' + reverse_proxy 0.0.0.0:${toString config.services.navidrome.settings.Port} + ''; + + users.groups.navidrome.members = [ user.name ]; + users.groups.${user.name}.members = [ "navidrome" ]; + + services.navidrome = { + enable = true; + settings = { + Address = "0.0.0.0"; + MusicFolder = "/nas/Syncthing/Sync/Music"; + }; + }; + }; +}