castle: update wallust alpha to 90

options/podman.nix

@@ -39,6 +39,14 @@ in
         type = types.bool;
         default = config.profile.podman.servarr.enable;
       };
+      recyclarr.enable = mkOption {
+        type = types.bool;
+        default = config.profile.podman.servarr.enable;
+      };
+      rdtclient.enable = mkOption {
+        type = types.bool;
+        default = config.profile.podman.servarr.enable;
+      };
     };
   };
 }

options/services.nix

@@ -1,6 +1,6 @@
-{ lib, ... }:
+{ config, lib, ... }:
 let
-  inherit (lib) mkEnableOption;
+  inherit (lib) mkEnableOption mkOption types;
 in
 {
   options.profile.services = {
@@ -14,6 +14,10 @@ in
     openvpn.enable = mkEnableOption "openvpn";
     stubby.enable = mkEnableOption "stubby";
     jellyfin.enable = mkEnableOption "jellyfin";
+    jellyfin.jellyseerr.enable = mkOption {
+      type = types.bool;
+      default = config.profile.services.jellyfin.enable;
+    };
     rust-motd.enable = mkEnableOption "rust-motd";
     wireguard.enable = mkEnableOption "wireguard";
     photoprism.enable = mkEnableOption "photoprism";

profiles/castle.nix

@@ -40,7 +40,7 @@ in
         DP-2 = [ 8 9 10 ];
       };
       pyprland.wallpaper-dirs = [ "/nas/redmage/images/windows" ];
-      wallust.alpha = 80;
+      wallust.alpha = 90;
       swayosd.display = "DP-1";
       dunst.monitor = "1";
     };

profiles/homeserver.nix

@@ -32,6 +32,9 @@
       redmage-demo.enable = true;
       qbittorrent.enable = true;
       servarr.enable = true;
+      servarr.recyclarr.enable = false;
+      servarr.real-debrid-manager.enable = false;
+      servarr.rdtclient.enable = true;
     };
 
     docker = {

secrets/servarr.yaml

@@ -0,0 +1,25 @@
+servarr:
+    api_keys:
+        sonarr: ENC[AES256_GCM,data:nm0L0hVqehTiwqx5JScyRHdw4P3vqI4GUARzdDR1lxI=,iv:UE2f2tB/a6QRDEVOvJntE+J2bJ0xLLVvS6XvNz5WWLQ=,tag:jsKFuKYmHotslk53rm1poA==,type:str]
+        sonarr-anime: ENC[AES256_GCM,data:9RqHLCZ+uwv9a4MTCrXdT0SYFmXBswskV1vpXqwVjAM=,iv:OregkJGVXKuS9hIopgPmbYSBfZKot1Z4FmenQvfqZS0=,tag:j0zjTJ6aDRejvmBtIK/dCA==,type:str]
+        radarr: ENC[AES256_GCM,data:8ZqFXPubFTdUuNC0Neb/GQrBiWCfFBcc+kLEhmr04vY=,iv:IiVw1I9ugCKklqK16kY0R0BCmGzeFwSi1Ra8mSk87zU=,tag:IrFnI2adhitmpZB1T+ntDw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvcjY3WTZGRUFKWm5BcGR2
+            dWJ2TVZSY1phcitycnpDbG81UDg2M3dXbVJ3ClhlaG0rc1pNZWt6OXNWbEVaaUZu
+            S0xHSWlkVzBPdVFXZGJzZXF5RmpiZkEKLS0tIFovUS9kVXRzUlZYU2NyRXZYb1Zj
+            Sy91VlVMaTlGOW05bWRnMWo5Zm9FdkEK62c/Q2sBqL/m5FwBTglbHYVsN9X+iCvM
+            qtSsp6dVasPz//eXR7jIvvdwls/Sz64b2Ty8UIUEZCT/kI8E2/j0MQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-06-26T07:20:32Z"
+    mac: ENC[AES256_GCM,data:1hTsxSMKPQYToJMgDuLBffer8T/Uh8rw5y4uHk72BqpnCmrm2pVVQb2S3Pq+Fw2icw0BdmYmNTolA1651B4NT/6v6Z4mM10gu4BYlpeNWzPxRpVV52cLc+zD2acBvFxSvqOxPL+6lfAFRJHaUi2Wn0RKzt94RKNdgrRmhIYYDW4=,iv:oioh+NI8OMeeTEF0xLte4zkYwv26AlFj1IOYVoFfdAg=,tag:FwKFlcCoAd4d5yStJ4P5Xg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1

system/podman/servarr/default.nix

@@ -1,11 +1,12 @@
 { ... }:
 {
   imports = [
-    # ./real-debrid-manager.nix
+    ./real-debrid-manager.nix
     ./qbittorrent.nix
     ./sonarr.nix
     ./prowlarr.nix
     ./bazarr.nix
     ./radarr.nix
+    ./rdtclient.nix
   ];
 }

system/podman/servarr/rdtclient.nix

@@ -0,0 +1,51 @@
+{ config, lib, ... }:
+let
+  podman = config.profile.podman;
+  name = "rdtclient";
+  cfg = podman.servarr.${name};
+  ip = "10.88.2.1";
+  image = "docker.io/rogerfar/rdtclient:latest";
+  root = "/nas/mediaserver/servarr";
+  volumeConfig = "${root}/${name}";
+  mediaVolume = "${root}/data/torrents";
+  domain = "${name}.tigor.web.id";
+  user = config.profile.user;
+  uid = toString user.uid;
+  gid = toString user.gid;
+  inherit (lib) mkIf;
+in
+{
+  config = mkIf (podman.enable && cfg.enable) {
+    services.caddy.virtualHosts.${domain}.extraConfig = ''
+      reverse_proxy ${ip}:6500
+    '';
+
+    system.activationScripts."podman-${name}" = ''
+      mkdir -p ${volumeConfig} ${mediaVolume}
+      chown ${uid}:${gid} ${volumeConfig} ${mediaVolume}
+    '';
+
+    virtualisation.oci-containers.containers.${name} = {
+      inherit image;
+      hostname = name;
+      autoStart = true;
+      # user = "${uid}:${gid}";
+      environment = {
+        TZ = "Asia/Jakarta";
+        PUID = uid;
+        PGID = gid;
+      };
+      volumes = [
+        "${volumeConfig}:/data/db"
+        "${mediaVolume}:/data/torrents"
+      ];
+      extraOptions = [
+        "--network=podman"
+        "--ip=${ip}"
+      ];
+      labels = {
+        "io.containers.autoupdate" = "registry";
+      };
+    };
+  };
+}

system/podman/servarr/real-debrid-manager.nix

@@ -1,26 +1,29 @@
 { config, lib, ... }:
 let
   podman = config.profile.podman;
-  cfg = podman.servarr.real-debrid-manager;
   name = "real-debrid-manager";
-  ip = "10.88.2.1";
-  image = "docker.io/hyperbunny77/realdebridmanager:latest";
-  volume = "/nas/mediaserver/servarr/real-debrid-manager";
-  domain = "rdm.tigor.web.id";
+  real-debrid-manager = podman.servarr.${name};
+  ip = "10.88.2.99";
+  image = "docker.io/hyperbunny77/realdebridmanager:2022.06.27";
+  root = "/nas/mediaserver/servarr";
+  configVolume = "${root}/real-debrid-manager";
+  mediaVolume = "${root}/data/torrents";
+  watchVolume = "${mediaVolume}/watch";
+  domain = "${name}.tigor.web.id";
   user = config.profile.user;
   uid = toString user.uid;
   gid = toString user.gid;
   inherit (lib) mkIf;
 in
 {
-  config = mkIf (podman.enable && cfg.enable) {
-    services.caddy.${domain}.extraConfig = ''
+  config = mkIf (podman.enable && real-debrid-manager.enable) {
+    services.caddy.virtualHosts.${domain}.extraConfig = ''
       reverse_proxy ${ip}:5000
     '';
 
     system.activationScripts."podman-${name}" = ''
-      mkdir -p ${volume}/{config,downloads,watch}
-      chown -R ${uid}:${gid} ${volume}/{config,downloads,watch}
+      mkdir -p ${configVolume} ${mediaVolume} ${watchVolume}
+      chown ${uid}:${gid} ${configVolume} ${mediaVolume} ${watchVolume}
     '';
 
     virtualisation.oci-containers.containers.${name} = {
@@ -28,14 +31,14 @@ in
       hostname = name;
       autoStart = true;
       user = "${uid}:${gid}";
-      enviroment = {
+      environment = {
         TZ = "Asia/Jakarta";
         rdmport = "5000";
       };
       volumes = [
-        "${volume}/config:/config"
-        "${volume}/downloads:/downloads"
-        "${volume}/watch:/watch"
+        "${configVolume}:/config"
+        "${mediaVolume}:/data/torrents"
+        "${watchVolume}:/watch"
       ];
       extraOptions = [
         "--network=podman"

system/podman/servarr/recyclarr.nix

@@ -0,0 +1,77 @@
+{ config, lib, pkgs, ... }:
+let
+  podman = config.profile.podman;
+  name = "recyclarr";
+  recyclarr = podman.servarr.${name};
+  ip = "10.88.2.100";
+  image = "ghcr.io/recyclarr/recyclarr:latest";
+  root = "/nas/mediaserver/servarr";
+  configVolume = "${root}/${name}";
+  user = config.profile.user;
+  uid = toString user.uid;
+  gid = toString user.gid;
+  inherit (lib) mkIf;
+in
+{
+  config = mkIf (podman.enable && recyclarr.enable) {
+
+    system.activationScripts."podman-${name}" = ''
+      mkdir -p ${configVolume} 
+      chown ${uid}:${gid} ${configVolume}
+    '';
+
+    sops.secrets =
+      let
+        opts = { sopsFile = ../../../secrets/servarr.yaml; };
+      in
+      {
+        "servarr/api_keys/sonarr" = opts;
+        "servarr/api_keys/sonarr-anime" = opts;
+        "servarr/api_keys/radarr" = opts;
+      };
+
+    sops.templates."recyclarr/recylarr.yml" = {
+      owner = user.name;
+      path = "${configVolume}/recyclarr.yml";
+      content = builtins.readFile ((pkgs.formats.yaml { }).generate "recyclarr.yml" {
+        sonarr = {
+          tv = {
+            base_url = "http://sonarr:8989";
+            api_key = config.sops.placeholders."servarr/api_keys/sonarr";
+            quality_definition.type = "series";
+            release_profiles = [
+              {
+                trash_ids = [ ];
+              }
+            ];
+          };
+          anime = {
+            base_url = "http://sonarr-anime:8989";
+            api_key = config.sops.placeholders."servarr/api_keys/sonarr-anime";
+            quality_definition.type = "anime";
+          };
+        };
+      });
+    };
+
+    virtualisation.oci-containers.containers.${name} = {
+      inherit image;
+      hostname = name;
+      autoStart = true;
+      user = "${uid}:${gid}";
+      environment = {
+        TZ = "Asia/Jakarta";
+      };
+      volumes = [
+        "${configVolume}:/config"
+      ];
+      extraOptions = [
+        "--ip=${ip}"
+        "--network=podman"
+      ];
+      labels = {
+        "io.containers.autoupdate" = "registry";
+      };
+    };
+  };
+}

system/podman/servarr/sonarr.nix

@@ -3,12 +3,16 @@ let
   podman = config.profile.podman;
   sonarr = podman.servarr.sonarr;
   name = "sonarr";
+  name-anime = "${name}-anime";
   ip = "10.88.2.3";
+  ip-anime = "10.88.2.33";
   image = "lscr.io/linuxserver/sonarr:latest";
   root = "/nas/mediaserver/servarr";
-  configVolume = "${root}/sonarr";
+  configVolume = "${root}/${name}";
+  configVolumeAnime = "${root}/${name-anime}";
   mediaVolume = "${root}/data";
   domain = "${name}.tigor.web.id";
+  domain-anime = "${name-anime}.tigor.web.id";
   user = config.profile.user;
   uid = toString user.uid;
   gid = toString user.gid;
@@ -20,9 +24,13 @@ in
       reverse_proxy ${ip}:8989
     '';
 
+    services.caddy.virtualHosts.${domain-anime}.extraConfig = ''
+      reverse_proxy ${ip-anime}:8989
+    '';
+
     system.activationScripts."podman-${name}" = ''
-      mkdir -p ${configVolume} ${mediaVolume}
-      chown ${uid}:${gid} ${mediaVolume} ${configVolume}
+      mkdir -p ${configVolume} ${mediaVolume} ${configVolumeAnime}
+      chown ${uid}:${gid} ${mediaVolume} ${configVolume} ${configVolumeAnime}
     '';
 
     virtualisation.oci-containers.containers.${name} = {
@@ -46,5 +54,27 @@ in
         "io.containers.autoupdate" = "registry";
       };
     };
+
+    virtualisation.oci-containers.containers.${name-anime} = {
+      inherit image;
+      hostname = name-anime;
+      autoStart = true;
+      environment = {
+        PUID = uid;
+        PGID = gid;
+        TZ = "Asia/Jakarta";
+      };
+      volumes = [
+        "${configVolumeAnime}:/config"
+        "${mediaVolume}:/data"
+      ];
+      extraOptions = [
+        "--ip=${ip-anime}"
+        "--network=podman"
+      ];
+      labels = {
+        "io.containers.autoupdate" = "registry";
+      };
+    };
   };
 }

system/services/jellyfin.nix

@@ -3,6 +3,7 @@ let
   cfg = config.profile.services.jellyfin;
   dataDir = "/nas/mediaserver/jellyfin";
   domain = "jellyfin.tigor.web.id";
+  domain-jellyseerr = "media.tigor.web.id";
   inherit (lib) mkIf;
   username = config.profile.user.name;
 in
@@ -17,9 +18,18 @@ in
     services.caddy.virtualHosts.${domain}.extraConfig = ''
       reverse_proxy 0.0.0.0:8096
     '';
+    services.caddy.virtualHosts.${domain-jellyseerr} = mkIf cfg.jellyseerr.enable {
+      extraConfig = ''
+        reverse_proxy 0.0.0.0:5055
+      '';
+    };
     services.jellyfin = {
       enable = true;
       inherit dataDir;
     };
+
+    services.jellyseerr = mkIf cfg.jellyseerr.enable {
+      enable = true;
+    };
   };
 }