podman: auto update timer now force started on boot

home/programs/zsh.nix

@@ -27,8 +27,9 @@
       uptest = "sudo nixos-rebuild test --flake $HOME/dotfiles";
       dry = "sudo nixos-rebuild dry-activate --flake $HOME/dotfiles";
       jq = "gojq";
-      n = "neovide --fork";
+      n = "neovide";
       v = "nvim";
+      cd = "z";
     };
     dotDir = ".config/zsh";
     history = {

options/podman.nix

@@ -3,7 +3,8 @@
   options.profile.podman = {
     enable = lib.mkEnableOption "podman";
     caddy.enable = lib.mkEnableOption "caddy podman";
-    kavita.enable = lib.mkEnableOption "kavita podman";
     pihole.enable = lib.mkEnableOption "pihole podman";
+    suwayomi.enable = lib.mkEnableOption "suwayomi podman";
+    ytptube.enable = lib.mkEnableOption "metube podman";
   };
 }

options/services.nix

@@ -13,5 +13,6 @@ in
     syncthing.enable = mkEnableOption "syncthing";
     openvpn.enable = mkEnableOption "openvpn";
     stubby.enable = mkEnableOption "stubby";
+    jellyfin.enable = mkEnableOption "jellyfin";
   };
 }

profiles/homeserver.nix

@@ -10,6 +10,7 @@
     user = {
       name = "homeserver";
       fullName = "Homeserver";
+      getty.autoLogin = true;
     };
     system.stateVersion = "24.05";
 
@@ -25,6 +26,8 @@
     podman = {
       enable = true;
       pihole.enable = true;
+      suwayomi.enable = true;
+      ytptube.enable = true;
     };
 
     docker = {
@@ -41,6 +44,7 @@
       syncthing.enable = true;
       openvpn.enable = true;
       stubby.enable = true;
+      jellyfin.enable = true;
     };
   };
 }

system/podman/default.nix

@@ -10,10 +10,12 @@ in
     environment.systemPackages = with pkgs; [
       dive # look into docker image layers
       podman-tui # status of containers in the terminal
-      podman-compose # start group of containers for dev
     ];
 
-    systemd.timers."podman-auto-update".enable = true;
+    systemd.timers."podman-auto-update" = {
+      enable = true;
+      wantedBy = [ "multi-user.target" ];
+    };
     virtualisation.containers.enable = true;
     virtualisation.oci-containers.backend = "podman";
     virtualisation.podman = {
@@ -30,9 +32,16 @@ in
   };
 
 
+  # Taken IP-Range Subnets
+  #
+  # 10.1.1.0-4 -> Pihole
+  # 10.1.1.4-8 -> ytptube
+  # 10.1.1.8-12 -> Suwayomi
+  # 10.1.1.12-16 -> Suwayomi
   imports = [
     ./caddy.nix
-    ./kavita.nix
     ./pihole.nix
+    ./suwayomi.nix
+    ./ytptube.nix
   ];
 }

system/podman/kavita.nix

@@ -1,49 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-  user = config.profile.user;
-  podman = config.profile.podman;
-  volume = "/nas/kavita";
-  image = "lscr.io/linuxserver/kavita:latest";
-  gid = toString user.gid;
-  uid = toString user.uid;
-  gateway = "10.1.1.1";
-  subnet = "10.1.1.0/24";
-  ip = "10.1.1.3";
-  ip-range = "10.1.1.3/25";
-in
-{
-  config = lib.mkIf (podman.enable && podman.kavita.enable) {
-    services.caddy.virtualHosts."kavita.tigor.web.id".extraConfig = ''
-      reverse_proxy ${ip}:5000
-    '';
-
-    systemd.services.create-kavita-network = with config.virtualisation.oci-containers; {
-      serviceConfig.Type = "oneshot";
-      wantedBy = [ "${backend}-kavita.service" ];
-      script = ''${pkgs.podman}/bin/podman network exists kavita || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} kavita'';
-    };
-
-    system.activationScripts.docker-kavita = ''
-      mkdir -p ${volume}
-      chown -R ${user.name}:${gid} ${volume}
-    '';
-
-    virtualisation.oci-containers.containers.kavita = {
-      inherit image;
-      environment = {
-        PUID = uid;
-        PGID = gid;
-        TZ = "Asia/Jakarta";
-      };
-      extraOptions = [
-        "--network=kavita"
-        "--ip=${ip}"
-      ];
-      autoStart = true;
-      volumes = [
-        "${volume}/config:/config"
-        "${volume}/library:/library"
-      ];
-    };
-  };
-}

system/podman/pihole.nix

@@ -3,12 +3,13 @@ let
   name = "pihole";
   podman = config.profile.podman;
   pihole = podman.pihole;
-  inherit (lib) mkIf;
+  inherit (lib) mkIf strings attrsets;
   gateway = "10.1.1.1";
-  subnet = "10.1.1.0/29";
-  ip = "10.1.1.3";
-  ip-range = "10.1.1.3/29";
+  subnet = "10.1.1.0/30";
+  ip = "10.1.1.2";
+  ip-range = "10.1.1.2/30";
   image = "pihole/pihole:latest";
+  piholeDNSIPBind = "192.168.100.3";
 in
 {
   config = mkIf (podman.enable && pihole.enable) {
@@ -22,19 +23,27 @@ in
       sopsFile = ../../secrets/pihole.yaml;
     };
 
+    networking.nameservers = [ piholeDNSIPBind ];
 
-    systemd.services.create-kavita-network = {
+
+    systemd.services."create-${name}-network" = {
       serviceConfig = {
         Type = "oneshot";
         RemainAfterExit = true;
       };
-      wantedBy = [ "podman-pihole.service" ];
+      wantedBy = [ "podman-${name}.service" ];
       script = ''${pkgs.podman}/bin/podman network exists ${name} || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} ${name}'';
     };
 
+    # We have refresh the custom.list dns list when caddy virtual hosts changes,
+    # the easiest way to do so is to restart the pihole container.
+    #
+    # This works by collecting all the virtual hosts defined in caddy
+    # and check if the length of the list changes, if it does, we restart the pihole container.
+    systemd.services."podman-${name}".restartTriggers = attrsets.mapAttrsToList (name: _: name) config.services.caddy.virtualHosts;
     environment.etc."pihole/custom.list" = {
       # Copy file instead of symlink
-      mode = "0400";
+      mode = "0444";
 
       # Creates a pihole custom.list file with the following pattern:
       #
@@ -52,7 +61,7 @@ in
         )}
         '';
     };
-    virtualisation.oci-containers.containers.pihole = {
+    virtualisation.oci-containers.containers.${name} = {
       inherit image;
       environment = {
         TZ = "Asia/Jakarta";
@@ -65,7 +74,7 @@ in
         DNS_FQDN_REQUIRED = "false";
       };
       ports = [
-        "192.168.100.4:53:53/udp"
+        "${piholeDNSIPBind}:53:53/udp"
         "67:67/udp"
       ];
       volumes = [

system/podman/suwayomi.nix

@@ -0,0 +1,81 @@
+{ config, lib, pkgs, ... }:
+let
+  name = "suwayomi";
+  name-flaresolverr = "${name}-flaresolverr";
+  domain = "manga.tigor.web.id";
+  podman = config.profile.podman;
+  suwayomi = podman.suwayomi;
+  inherit (lib) mkIf;
+  subnet = "10.1.1.8/29";
+  gateway = "10.1.1.9";
+  ip = "10.1.1.10";
+  ip-flaresolverr = "10.1.1.11";
+  ip-range = "10.1.1.10/29";
+  image = "ghcr.io/suwayomi/tachidesk:latest";
+  image-flaresolverr = "ghcr.io/flaresolverr/flaresolverr:latest";
+  volume = "/nas/podman/suwayomi";
+  user = config.profile.user;
+  uid = toString user.uid;
+  gid = toString user.gid;
+in
+{
+  config = mkIf (podman.enable && suwayomi.enable) {
+    services.caddy.virtualHosts.${domain}.extraConfig = ''
+      reverse_proxy ${ip}:4567
+    '';
+
+    systemd.services."create-${name}-network" = {
+      serviceConfig = {
+        Type = "oneshot";
+        RemainAfterExit = true;
+      };
+      wantedBy = [ "podman-${name}.service" ];
+      script = ''${pkgs.podman}/bin/podman network exists ${name} || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} ${name}'';
+    };
+
+    system.activationScripts."podman-${name}" = ''
+      mkdir -p ${volume}
+      chown -R ${uid}:${gid} ${volume}
+    '';
+
+    virtualisation.oci-containers.containers.${name} = {
+      inherit image;
+      autoStart = true;
+      user = "${uid}:${gid}";
+      environment = {
+        TZ = "Asia/Jakarta";
+        DOWNLOAD_AS_CBZ = "true";
+        AUTO_DOWNLOAD_CHAPTERS = "true";
+        AUTO_DOWNLOAD_EXCLUDE_UNREAD = "false";
+        EXTENSION_REPOS = ''["https://raw.githubusercontent.com/keiyoushi/extensions/repo/index.min.json"]'';
+        MAX_SOURCES_IN_PARALLEL = "20";
+        UPDATE_EXCLUDE_UNREAD = "false";
+        UPDATE_EXCLUDE_STARTED = "false";
+        UPDATE_INTERVAL = "6"; # 6 Hours interval
+        UPDATE_MANGA_INFO = "true";
+        FLARESOLVERR_ENABLED = "true";
+        FLARESOLVERR_URL = "http://${ip-flaresolverr}:8191";
+      };
+      volumes = [
+        "${volume}:/home/suwayomi/.local/share/Tachidesk"
+      ];
+      extraOptions = [
+        "--ip=${ip}"
+        "--network=${name}"
+      ];
+      dependsOn = [ "${name}-flaresolverr" ];
+    };
+
+    virtualisation.oci-containers.containers.${name-flaresolverr} = {
+      image = image-flaresolverr;
+      autoStart = true;
+      environment = {
+        TZ = "Asia/Jakarta";
+      };
+      extraOptions = [
+        "--ip=${ip-flaresolverr}"
+        "--network=${name}"
+      ];
+    };
+  };
+}

system/podman/ytptube.nix

@@ -0,0 +1,94 @@
+{ config, lib, pkgs, ... }:
+let
+  name = "ytptube";
+  podman = config.profile.podman;
+  inherit (lib) mkIf;
+  gateway = "10.1.1.5";
+  subnet = "10.1.1.4/30";
+  ip = "10.1.1.6";
+  ip-range = "10.1.1.6/30";
+  image = "ghcr.io/arabcoders/${name}:latest";
+  volume = "/nas/mediaserver/${name}";
+  domain = "${name}.tigor.web.id";
+  user = config.profile.user;
+  uid = toString user.uid;
+  gid = toString user.gid;
+in
+{
+  config = mkIf (podman.enable && podman.${name}.enable) {
+    services.caddy.virtualHosts.${domain}.extraConfig = ''
+      reverse_proxy ${ip}:8081
+    '';
+
+    systemd.services."create-${name}-network" = {
+      serviceConfig = {
+        Type = "oneshot";
+        RemainAfterExit = true;
+      };
+      wantedBy = [ "podman-${name}.service" ];
+      script = ''${pkgs.podman}/bin/podman network exists ${name} || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} ${name}'';
+    };
+
+
+    system.activationScripts."podman-${name}" = ''
+      mkdir -p ${volume}
+      chown -R ${uid}:${gid} ${volume}
+    '';
+
+    environment.etc."podman/${name}/ytdlp.json" = {
+      # https://github.com/arabcoders/ytptube?tab=readme-ov-file#ytdlpjson-file
+      source = (pkgs.formats.json { }).generate "config.json" {
+        windowsfilenames = true;
+        writesubtitles = true;
+        writeinfojson = true;
+        writethumbnail = true;
+        writeautomaticsub = false;
+        merge_output_format = "mkv";
+        live_from_start = true;
+        format_sort = [ "codec:abc:m4a" ];
+        subtitleslangs = [ "en" ];
+        postprocessors = [
+          # this processor convert the downloaded thumbnail to jpg.
+          {
+            key = "FFmpegThumbnailsConvertor";
+            format = "jpg";
+          }
+          # This processor convert subtitles to srt format.
+          {
+            key = "FFmpegSubtitlesConvertor";
+            format = "srt";
+          }
+          # This processor embed metadata & info.json file into the final mkv file.
+          {
+            key = "FFmpegMetadata";
+            add_infojson = true;
+            add_metadata = true;
+          }
+          # This process embed subtitles into the final file if it doesn't have subtitles embedded
+          {
+            key = "FFmpegEmbedSubtitle";
+            already_have_subtitle = false;
+          }
+        ];
+      };
+      mode = "0444";
+    };
+
+    virtualisation.oci-containers.containers.${name} = {
+      inherit image;
+      autoStart = true;
+      user = "${uid}:${gid}";
+      environment = {
+        TZ = "Asia/Jakarta";
+      };
+      volumes = [
+        "${volume}:/downloads"
+        "/etc/podman/${name}/ytdlp.json:/config/ytdlp.json"
+      ];
+      extraOptions = [
+        "--ip=${ip}"
+        "--network=${name}"
+      ];
+    };
+  };
+}

system/services/default.nix

@@ -10,5 +10,6 @@
     ./kavita.nix
     ./openvpn.nix
     ./stubby.nix
+    ./jellyfin.nix
   ];
 }

system/services/jellyfin.nix

@@ -0,0 +1,25 @@
+{ config, lib, ... }:
+let
+  cfg = config.profile.services.jellyfin;
+  dataDir = "/nas/mediaserver/jellyfin";
+  domain = "jellyfin.tigor.web.id";
+  inherit (lib) mkIf;
+  username = config.profile.user.name;
+in
+{
+  config = mkIf cfg.enable {
+    users.users.${username}.extraGroups = [ "jellyfin" ];
+    users.users.jellyfin.extraGroups = [ username ];
+    system.activationScripts.jellyfin-prepare = ''
+      mkdir -p ${dataDir}
+      chmod -R 0777 /nas/mediaserver
+    '';
+    services.caddy.virtualHosts.${domain}.extraConfig = ''
+      reverse_proxy 0.0.0.0:8096
+    '';
+    services.jellyfin = {
+      enable = true;
+      inherit dataDir;
+    };
+  };
+}

system/services/stubby.nix

@@ -1,12 +1,12 @@
 { config, lib, pkgs, ... }:
 let
   cfg = config.profile.services.stubby;
-  inherit (lib) mkIf;
+  inherit (lib) mkIf lists;
 in
 {
   config = mkIf cfg.enable {
     networking.resolvconf.useLocalResolver = false;
-    networking.nameservers = [ "192.168.100.5" ];
+    networking.nameservers = lists.optional (!config.profile.podman.pihole.enable) "192.168.100.5";
     services.stubby = {
       enable = true;
       settings = pkgs.stubby.passthru.settingsExample // {