server: added soulseek podman and navidrome services

2024-08-20 21:32:35 +07:00 · 2024-08-20 21:32:35 +07:00 · 44be975d4b
parent 9b1e86cde4
commit 44be975d4b
8 changed files with 107 additions and 0 deletions
--- a/options/podman.nix
+++ b/options/podman.nix
@ -16,6 +16,7 @@ in
    minecraft.enable = mkEnableOption "minecraft server podman";
    memos.enable = mkEnableOption "memos podman";
    morphos.enable = mkEnableOption "morphos podman";
+    soulseek.enable = mkEnableOption "soulseek podman";

    servarr = {
      enable = mkEnableOption "servarr group";
--- a/options/services.nix
+++ b/options/services.nix
@ -21,5 +21,6 @@ in
    rust-motd.enable = mkEnableOption "rust-motd";
    wireguard.enable = mkEnableOption "wireguard";
    photoprism.enable = mkEnableOption "photoprism";
+    navidrome.enable = mkEnableOption "navidrome";
  };
 }
--- a/profiles/homeserver.nix
+++ b/profiles/homeserver.nix
@ -40,6 +40,7 @@
      minecraft.enable = true;
      memos.enable = true;
      morphos.enable = true;
+      soulseek.enable = true;
    };

    docker = {
@ -67,6 +68,7 @@
      rust-motd.enable = true;
      wireguard.enable = true;
      photoprism.enable = true;
+      navidrome.enable = true;
    };
  };
 }
--- a/secrets/soulseek.yaml
+++ b/secrets/soulseek.yaml
@ -0,0 +1,22 @@
+soulseek:
+    env: ENC[AES256_GCM,data:r9AABW2U8Zr4fnYwF66SkJts/ljRyLsqpXQZWMQdtRpe6bkSY+s7hwXYVexjp1UVruLcAu+x7A==,iv:rngXQd3Xn/8nl5fE33BDQl++EGdHMMJPvg9KQfDA/II=,tag:r5WvaCGpo6pq8SgYEwv3UA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRZWNVU2szamhkZFlBcjF1
+            UDZxZHJqZjRETCs1YlpHUTFtUmFWWGErbENJClNJNWxkVVc1YXBxdVRXVCt2SGRy
+            SVdRY2lYOW9Ob1d6ZUkrYWJ2Yno4WlkKLS0tIFBMT3FGdVhWRDVaTnNYTlpuZ2x1
+            M3NzdHlsL2hENll3QnVBaXBiN2JPRzgKytdiV9iYS69v1+ub790lu4sPaMe4Auac
+            dnYZHUyMBFqvHjdQH+y4wYZ+k/O6vLwWJE0uR7ErhShrpLQmYVwdAw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-08-20T12:21:42Z"
+    mac: ENC[AES256_GCM,data:n4zNdElxX38hgAUpVNpbfSlyFedriNoB1jXB8whrXVVu/X7Y5GX2Jg1sxNjLGrY/UXHen2sc7v25iz+2eM/IGXZhKn9ZOfuLUedRyR4wJP48h1RsPt9a20Mo6dTsUKHnyHBbbGA2iLlmt815yUtEwQPbj28SMGh1Ir6ppxNrLvI=,iv:3lC6pSyB1K7gN8yHhfaLL8JEa9pwTSKqMKgTlxDK9XU=,tag:fALAy3QdW0iTIu+vv4T5qw==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
--- a/system/podman/default.nix
+++ b/system/podman/default.nix
@ -50,6 +50,7 @@ in
    ./redmage-demo.nix
    ./redmage.nix
    ./servarr
+    ./soulseek.nix
    ./suwayomi.nix
    ./ytptube.nix
  ];
--- a/system/podman/soulseek.nix
+++ b/system/podman/soulseek.nix
@ -0,0 +1,55 @@
+{ config, lib, ... }:
+let
+  name = "soulseek";
+  podman = config.profile.podman;
+  inherit (lib) mkIf;
+  ip = "10.88.60.80";
+  image = "ghcr.io/fletchto99/nicotine-plus-docker:latest";
+  rootVolume = "/nas/podman/soulseek";
+  rootVolumeMusic = "/nas/Syncthing/Sync/Music";
+  domain = "${name}.tigor.web.id";
+  user = config.profile.user;
+  uid = toString user.uid;
+  gid = toString user.gid;
+in
+{
+  config = mkIf (podman.enable && podman.${name}.enable) {
+    services.caddy.virtualHosts.${domain}.extraConfig = ''
+      reverse_proxy ${ip}:6080
+    '';
+
+    system.activationScripts."podman-${name}" = ''
+      mkdir -p ${rootVolume}/{config,downloads,incomplete}
+      chown ${uid}:${gid} ${rootVolume} ${rootVolume}/{config,downloads,incomplete}
+    '';
+
+    virtualisation.oci-containers.containers.${name} = {
+      inherit image;
+      hostname = name;
+      autoStart = true;
+      environment = {
+        TZ = "Asia/Jakarta";
+        PUID = uid;
+        PGID = gid;
+      };
+      volumes = [
+        "${rootVolume}/config:/config"
+        "${rootVolume}/incomplete:/data/incomplete_downloads"
+        "${rootVolumeMusic}:/data/shared"
+      ];
+      ports = [
+        "2234-2239:2234-2239"
+      ];
+      extraOptions = [
+        "--network=podman"
+        "--ip=${ip}"
+        "--security-opt=seccomp=unconfined"
+        "--device=/dev/dri:/dev/dri"
+      ];
+      labels = {
+        "io.containers.autoupdate" = "registry";
+      };
+    };
+  };
+
+}
--- a/system/services/default.nix
+++ b/system/services/default.nix
@ -6,6 +6,7 @@
    ./forgejo.nix
    ./jellyfin.nix
    ./kavita.nix
+    ./navidrome.nix
    ./nextcloud.nix
    ./openvpn.nix
    ./rust-motd.nix
--- a/system/services/navidrome.nix
+++ b/system/services/navidrome.nix
@ -0,0 +1,24 @@
+{ config, lib, ... }:
+let
+  cfg = config.profile.services.navidrome;
+  user = config.profile.user;
+  inherit (lib) mkIf;
+in
+{
+  config = mkIf cfg.enable {
+    services.caddy.virtualHosts."navidrome.tigor.web.id".extraConfig = ''
+      reverse_proxy 0.0.0.0:${toString config.services.navidrome.settings.Port}
+    '';
+
+    users.groups.navidrome.members = [ user.name ];
+    users.groups.${user.name}.members = [ "navidrome" ];
+
+    services.navidrome = {
+      enable = true;
+      settings = {
+        Address = "0.0.0.0";
+        MusicFolder = "/nas/Syncthing/Sync/Music";
+      };
+    };
+  };
+}