Compare commits

..

6 commits

14 changed files with 442 additions and 3 deletions

View file

@ -1,4 +1,7 @@
{ lib, ... }:
{ config, lib, ... }:
let
inherit (lib) mkOption mkEnableOption types;
in
{
options.profile.podman = {
enable = lib.mkEnableOption "podman";
@ -9,5 +12,33 @@
redmage.enable = lib.mkEnableOption "redmage podman";
redmage-demo.enable = lib.mkEnableOption "redmage-demo podman";
qbittorrent.enable = lib.mkEnableOption "qbittorrent podman";
servarr = {
enable = mkEnableOption "servarr group";
qbittorrent.enable = mkOption {
type = types.bool;
default = config.profile.podman.servarr.enable;
};
real-debrid-manager.enable = mkOption {
type = types.bool;
default = config.profile.podman.servarr.enable;
};
prowlarr.enable = mkOption {
type = types.bool;
default = config.profile.podman.servarr.enable;
};
radarr.enable = mkOption {
type = types.bool;
default = config.profile.podman.servarr.enable;
};
sonarr.enable = mkOption {
type = types.bool;
default = config.profile.podman.servarr.enable;
};
bazarr.enable = mkOption {
type = types.bool;
default = config.profile.podman.servarr.enable;
};
};
};
}

View file

@ -76,5 +76,12 @@
zathura.enable = lib.mkEnableOption "zathura";
floorp.enable = lib.mkEnableOption "floorp";
};
programs = {
yazi.enable = lib.mkOption {
type = lib.types.bool;
default = true;
};
};
};
}

View file

@ -31,6 +31,7 @@
redmage.enable = true;
redmage-demo.enable = true;
qbittorrent.enable = true;
servarr.enable = true;
};
docker = {

View file

@ -20,5 +20,6 @@
./steam.nix
./sudo.nix
./vial.nix
./yazi.nix
];
}

View file

@ -11,6 +11,7 @@ in
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
UseDns = true;
X11Forwarding = false;
PermitRootLogin = "no";
@ -29,8 +30,8 @@ in
bantime = "24h"; # Ban IPs for one day on the first ban
bantime-increment = {
enable = true; # Enable increment of bantime after each violation
formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
# multipliers = "1 2 4 8 16 32 64";
# formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
multipliers = "1 2 4 8 16 32 64";
maxtime = "168h"; # Do not ban for more than 1 week
overalljails = true; # Calculate the bantime based on all the violations
};

63
system/modules/yazi.nix Normal file
View file

@ -0,0 +1,63 @@
{ config, lib, ... }:
let
cfg = config.profile.programs.yazi;
inherit (lib) mkIf;
in
{
config = mkIf cfg.enable {
programs.yazi = {
enable = true;
settings = {
# https://yazi-rs.github.io/docs/configuration/yazi
yazi = {
manager = {
# 1/8 width for parent, 4/8 width for current, 3/8 width for preview
ratio = [ 1 4 3 ];
sort_by = "natural";
sort_sensitive = false;
sort_dir_first = true;
linemode = "permissions";
show_hidden = true;
show_symlink = true;
scrolloff = 5;
};
opener = {
edit = [
{ run = ''nvim "$@"''; block = true; desc = "Edit in Neovim"; }
];
play = [
{ run = ''mpv "$@"''; orphan = true; desc = "Play in MPV"; }
];
open = [
{ run = ''xdg-open "$@"''; desc = "Open"; }
];
};
open = {
rules = [
{
mime = "text/*";
use = "edit";
}
{
mime = "video/*";
use = "play";
}
{
mime = "application/json";
use = "edit";
}
# Multiple openers for a single rule
{
name = "*.html";
use = [ "open" "edit" ];
}
];
append_rules = [
{ name = "*"; use = "open"; }
];
};
};
};
};
};
}

View file

@ -47,5 +47,6 @@ in
./redmage.nix
./suwayomi.nix
./ytptube.nix
./servarr
];
}

View file

@ -0,0 +1,50 @@
{ config, lib, ... }:
let
podman = config.profile.podman;
bazarr = podman.servarr.bazarr;
name = "bazarr";
ip = "10.88.2.6";
image = "lscr.io/linuxserver/${name}:latest";
root = "/nas/mediaserver/servarr";
configVolume = "${root}/${name}";
mediaVolume = "${root}/data";
domain = "${name}.tigor.web.id";
user = config.profile.user;
uid = toString user.uid;
gid = toString user.gid;
inherit (lib) mkIf;
in
{
config = mkIf (podman.enable && bazarr.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:6767
'';
system.activationScripts."podman-${name}" = ''
mkdir -p ${configVolume}
chown ${uid}:${gid} ${mediaVolume} ${configVolume}
'';
virtualisation.oci-containers.containers.${name} = {
inherit image;
hostname = name;
autoStart = true;
environment = {
PUID = uid;
PGID = gid;
TZ = "Asia/Jakarta";
};
volumes = [
"${configVolume}:/config"
"${mediaVolume}:/data"
];
extraOptions = [
"--ip=${ip}"
"--network=podman"
];
labels = {
"io.containers.autoupdate" = "registry";
};
};
};
}

View file

@ -0,0 +1,11 @@
{ ... }:
{
imports = [
# ./real-debrid-manager.nix
./qbittorrent.nix
./sonarr.nix
./prowlarr.nix
./bazarr.nix
./radarr.nix
];
}

View file

@ -0,0 +1,68 @@
{ config, lib, ... }:
let
podman = config.profile.podman;
prowlarr = podman.servarr.prowlarr;
name = "prowlarr";
name-flaresolverr = "${name}-flaresolverr";
ip = "10.88.2.4";
ip-flaresolverr = "10.88.2.5";
image = "lscr.io/linuxserver/prowlarr:latest";
image-flaresolverr = "ghcr.io/flaresolverr/flaresolverr:latest";
root = "/nas/mediaserver/servarr";
configVolume = "${root}/prowlarr";
domain = "${name}.tigor.web.id";
user = config.profile.user;
uid = toString user.uid;
gid = toString user.gid;
inherit (lib) mkIf;
in
{
config = mkIf (podman.enable && prowlarr.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:9696
'';
system.activationScripts."podman-${name}" = ''
mkdir -p ${configVolume}
chown ${uid}:${gid} ${configVolume}
'';
virtualisation.oci-containers.containers.${name-flaresolverr} = {
image = image-flaresolverr;
hostname = name-flaresolverr;
autoStart = true;
environment = {
TZ = "Asia/Jakarta";
};
extraOptions = [
"--ip=${ip-flaresolverr}"
"--network=podman"
];
labels = {
"io.containers.autoupdate" = "registry";
};
};
virtualisation.oci-containers.containers.${name} = {
inherit image;
hostname = name;
autoStart = true;
environment = {
PUID = uid;
PGID = gid;
TZ = "Asia/Jakarta";
};
volumes = [
"${configVolume}:/config"
];
extraOptions = [
"--ip=${ip}"
"--network=podman"
];
labels = {
"io.containers.autoupdate" = "registry";
};
};
};
}

View file

@ -0,0 +1,56 @@
{ config, lib, ... }:
let
podman = config.profile.podman;
qbittorrent = podman.servarr.qbittorrent;
name = "qbittorrent-servarr";
ip = "10.88.2.2";
image = "lscr.io/linuxserver/qbittorrent:latest";
root = "/nas/mediaserver/servarr";
configVolume = "${root}/qbittorrent";
mediaVolume = "${root}/data/torrents";
domain = "${name}.tigor.web.id";
user = config.profile.user;
uid = toString user.uid;
gid = toString user.gid;
inherit (lib) mkIf;
in
{
config = mkIf (podman.enable && qbittorrent.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:8080
'';
system.activationScripts."podman-${name}" = ''
mkdir -p ${configVolume} ${mediaVolume}
chown ${uid}:${gid} ${mediaVolume} ${configVolume}
'';
virtualisation.oci-containers.containers.${name} = {
inherit image;
hostname = name;
autoStart = true;
environment = {
PUID = uid;
PGID = gid;
TZ = "Asia/Jakarta";
WEBUI_PORT = "8080";
TORRENTING_PORT = "6882";
};
volumes = [
"${configVolume}:/config"
"${mediaVolume}:/data/torrents"
];
ports = [
"6882:6882"
"6882:6882/udp"
];
extraOptions = [
"--ip=${ip}"
"--network=podman"
];
labels = {
"io.containers.autoupdate" = "registry";
};
};
};
}

View file

@ -0,0 +1,50 @@
{ config, lib, ... }:
let
podman = config.profile.podman;
name = "radarr";
radarr = podman.servarr.${name};
ip = "10.88.2.7";
image = "lscr.io/linuxserver/${name}:latest";
root = "/nas/mediaserver/servarr";
configVolume = "${root}/${name}";
mediaVolume = "${root}/data";
domain = "${name}.tigor.web.id";
user = config.profile.user;
uid = toString user.uid;
gid = toString user.gid;
inherit (lib) mkIf;
in
{
config = mkIf (podman.enable && radarr.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:7878
'';
system.activationScripts."podman-${name}" = ''
mkdir -p ${configVolume} ${mediaVolume}
chown ${uid}:${gid} ${mediaVolume} ${configVolume}
'';
virtualisation.oci-containers.containers.${name} = {
inherit image;
hostname = name;
autoStart = true;
environment = {
PUID = uid;
PGID = gid;
TZ = "Asia/Jakarta";
};
volumes = [
"${configVolume}:/config"
"${mediaVolume}:/data"
];
extraOptions = [
"--ip=${ip}"
"--network=podman"
];
labels = {
"io.containers.autoupdate" = "registry";
};
};
};
}

View file

@ -0,0 +1,49 @@
{ config, lib, ... }:
let
podman = config.profile.podman;
cfg = podman.servarr.real-debrid-manager;
name = "real-debrid-manager";
ip = "10.88.2.1";
image = "docker.io/hyperbunny77/realdebridmanager:latest";
volume = "/nas/mediaserver/servarr/real-debrid-manager";
domain = "rdm.tigor.web.id";
user = config.profile.user;
uid = toString user.uid;
gid = toString user.gid;
inherit (lib) mkIf;
in
{
config = mkIf (podman.enable && cfg.enable) {
services.caddy.${domain}.extraConfig = ''
reverse_proxy ${ip}:5000
'';
system.activationScripts."podman-${name}" = ''
mkdir -p ${volume}/{config,downloads,watch}
chown -R ${uid}:${gid} ${volume}/{config,downloads,watch}
'';
virtualisation.oci-containers.containers.${name} = {
inherit image;
hostname = name;
autoStart = true;
user = "${uid}:${gid}";
enviroment = {
TZ = "Asia/Jakarta";
rdmport = "5000";
};
volumes = [
"${volume}/config:/config"
"${volume}/downloads:/downloads"
"${volume}/watch:/watch"
];
extraOptions = [
"--network=podman"
"--ip=${ip}"
];
labels = {
"io.containers.autoupdate" = "registry";
};
};
};
}

View file

@ -0,0 +1,50 @@
{ config, lib, ... }:
let
podman = config.profile.podman;
sonarr = podman.servarr.sonarr;
name = "sonarr";
ip = "10.88.2.3";
image = "lscr.io/linuxserver/sonarr:latest";
root = "/nas/mediaserver/servarr";
configVolume = "${root}/sonarr";
mediaVolume = "${root}/data";
domain = "${name}.tigor.web.id";
user = config.profile.user;
uid = toString user.uid;
gid = toString user.gid;
inherit (lib) mkIf;
in
{
config = mkIf (podman.enable && sonarr.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:8989
'';
system.activationScripts."podman-${name}" = ''
mkdir -p ${configVolume} ${mediaVolume}
chown ${uid}:${gid} ${mediaVolume} ${configVolume}
'';
virtualisation.oci-containers.containers.${name} = {
inherit image;
hostname = name;
autoStart = true;
environment = {
PUID = uid;
PGID = gid;
TZ = "Asia/Jakarta";
};
volumes = [
"${configVolume}:/config"
"${mediaVolume}:/data"
];
extraOptions = [
"--ip=${ip}"
"--network=podman"
];
labels = {
"io.containers.autoupdate" = "registry";
};
};
};
}