onjen/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add lidarr and transmission to dalinar

Browse Source
This commit is contained in:
Johannes Rothe 2025-04-01 23:22:05 +02:00
parent dc582e9b4c
commit 057f4fa040
2 changed files with 58 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
hosts/dalinar/default.nix
View File

@ -82,6 +82,14 @@
sops.templates."searx-env".content = '' sops.templates."searx-env".content = ''
SEARX_SECRET_KEY=${config.sops.placeholder."searx/secret_key"} SEARX_SECRET_KEY=${config.sops.placeholder."searx/secret_key"}
''; '';
sops.secrets."transmission_rpc/user" = { };
sops.secrets."transmission_rpc/password" = { };
sops.templates."transmission-secrets.json".content = ''
{
"rpc-username": "${config.sops.placeholder."transmission_rpc/user"}",
"rpc-password": "${config.sops.placeholder."transmission_rpc/password"}"
}
'';
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
@ -301,6 +309,16 @@
reverse_proxy ${config.containers.searx.localAddress}:${builtins.toString config.containers.searx.config.services.searx.settings.server.port} reverse_proxy ${config.containers.searx.localAddress}:${builtins.toString config.containers.searx.config.services.searx.settings.server.port}
''; '';
}; };
"https://lidarr.dalinar.home.johannes-rothe.de" = {
extraConfig = ''
reverse_proxy lidarr:${builtins.toString config.containers.lidarr.config.services.lidarr.settings.server.port}
'';
};
"https://transmission.dalinar.home.johannes-rothe.de" = {
extraConfig = ''
reverse_proxy lidarr:${builtins.toString config.containers.lidarr.config.services.transmission.settings.rpc-port}
'';
};
"https://jellyfin.dalinar.home.johannes-rothe.de" = { "https://jellyfin.dalinar.home.johannes-rothe.de" = {
extraConfig = '' extraConfig = ''
reverse_proxy localhost:8096 reverse_proxy localhost:8096
@ -324,6 +342,7 @@
autoStart = true; autoStart = true;
ephemeral = true; ephemeral = true;
privateNetwork = true; privateNetwork = true;
# privateUsers = "pick";
hostAddress = "192.168.100.2"; hostAddress = "192.168.100.2";
localAddress = "192.168.100.3"; localAddress = "192.168.100.3";
bindMounts."/run/secrets/searx-env" = { bindMounts."/run/secrets/searx-env" = {
@ -351,13 +370,46 @@
enableTun = true; enableTun = true;
hostAddress = "192.168.100.4"; hostAddress = "192.168.100.4";
localAddress = "192.168.100.5"; localAddress = "192.168.100.5";
config = { ... }: { bindMounts."/run/secrets/tranmission.json" = {
isReadOnly = true;
hostPath = config.sops.templates."transmission-secrets.json".path;
};
config = { pkgs, ... }: {
system.stateVersion = "24.11"; system.stateVersion = "24.11";
networking.useHostResolvConf = lib.mkForce false; networking.useHostResolvConf = lib.mkForce false;
# Required workaround for tailscale exit nodes, see https://nixos.wiki/wiki/Tailscale # Required workaround for tailscale exit nodes, see https://nixos.wiki/wiki/Tailscale
networking.firewall.checkReversePath = "loose"; networking.firewall.checkReversePath = "loose";
networking.nftables.enable = true;
services.resolved.enable = true; services.resolved.enable = true;
# Tailscale is also used for local connectivity, since the exit node for
# some reason prevents local access
services.tailscale.enable = true; services.tailscale.enable = true;
services.transmission = {
enable = true;
openRPCPort = true;
credentialsFile = "/run/secrets/tranmission.json";
settings = {
rpc-port = 9091;
rpc-bind-address = "0.0.0.0";
rpc-whitelist-enabled = false;
rpc-authentication-required = true;
};
webHome = pkgs.flood-for-transmission;
};
# https://github.com/NixOS/nixpkgs/issues/258793
systemd.services.transmission.serviceConfig = {
RootDirectoryStartOnly = lib.mkForce false;
RootDirectory = lib.mkForce "";
PrivateMounts = lib.mkForce false;
PrivateUsers = lib.mkForce false;
};
services.lidarr = {
enable = true;
openFirewall = true;
};
}; };
}; };

7
hosts/dalinar/secrets.yaml
View File

@ -5,6 +5,9 @@ caddy:
ionos_dns_api_key: ENC[AES256_GCM,data:boZTsuMbYRHk16VAjPu1pw6Z/dRw8PCCb0VT5KKwiofq6FydBhZ7pLEpHy/q8UfZB0AEUtKNXxrTa8R1WFFAGwad9JqC49DBNxnhxT7yDppu1x8fI0s7U5AYZHIDekTXw22N5EmUT1zzMoFPogHkLr+JPiSGVSM=,iv:pg/RlPFOanMVjaMAu4DSXC/cLgPA6quSs4e4Z50Iyf0=,tag:83md4Psn21z3HtBL0cQIyA==,type:str] ionos_dns_api_key: ENC[AES256_GCM,data:boZTsuMbYRHk16VAjPu1pw6Z/dRw8PCCb0VT5KKwiofq6FydBhZ7pLEpHy/q8UfZB0AEUtKNXxrTa8R1WFFAGwad9JqC49DBNxnhxT7yDppu1x8fI0s7U5AYZHIDekTXw22N5EmUT1zzMoFPogHkLr+JPiSGVSM=,iv:pg/RlPFOanMVjaMAu4DSXC/cLgPA6quSs4e4Z50Iyf0=,tag:83md4Psn21z3HtBL0cQIyA==,type:str]
searx: searx:
secret_key: ENC[AES256_GCM,data:N8rfDlmDGltQOc+dcdCP0ghGMbEcdZWmoeH2tQTphKGLKg==,iv:JMUcI3ln2rm09FSy6A382soh6oaSvOCCfq1LeeyoE9g=,tag:z5fqLlLVmRpgvMUM2NI0RA==,type:str] secret_key: ENC[AES256_GCM,data:N8rfDlmDGltQOc+dcdCP0ghGMbEcdZWmoeH2tQTphKGLKg==,iv:JMUcI3ln2rm09FSy6A382soh6oaSvOCCfq1LeeyoE9g=,tag:z5fqLlLVmRpgvMUM2NI0RA==,type:str]
transmission_rpc:
user: ENC[AES256_GCM,data:w+gjEQ==,iv:Qyp2zvUBagrMMdUMN6ghIZuGxSMEvhh2/JPXtRtBJ7Q=,tag:6rOt4Goc7n0nrIycdbquhw==,type:str]
password: ENC[AES256_GCM,data:SUTKckSWqW94eshNkysVfA==,iv:WtuyR7Y9a7lyaZ9AbJyTiVVYVbJUsxHqtRU/5T1aO/E=,tag:eyveY9/aA1EQ2JXU2NrDYg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -29,8 +32,8 @@ sops:
SVMwSGwwWVo1RzZnSjB6Z0MraTBHZ00KiHCJ8M3xQ8+YH5+aOy3th5fYTEavHqa0 SVMwSGwwWVo1RzZnSjB6Z0MraTBHZ00KiHCJ8M3xQ8+YH5+aOy3th5fYTEavHqa0
bbzATd2uRW8K+RSW3NFpN2AMtn9GCGt6Hsw0kezhiBN8qZ4tneKxJg== bbzATd2uRW8K+RSW3NFpN2AMtn9GCGt6Hsw0kezhiBN8qZ4tneKxJg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-24T21:54:24Z" lastmodified: "2025-04-03T20:18:45Z"
mac: ENC[AES256_GCM,data:ptQt4xit3quAJ+S+BQe2vzZz7JcfTxs5Z3kMwb6TuL7f0uX6Cr/h6HEJOu4ERIgN2hFzScDSdwW6/0XW4IepdUxTIVW5TPMpxf9QrlhBRJd8hd41jHywEubN2bvSe/a3Nm1og5v603X0/jlyqLzhOFBZCYjEKVEL7c0fWyneo+U=,iv:AkK3hPgHwCdyOmyRxzL8X5Vud38H6N+2J/XHV08klFQ=,tag:IdngdAUy7ylWIjkgMLeAJg==,type:str] mac: ENC[AES256_GCM,data:OM78015iecHNG3p5m0CCe+76dkKo7wBe+i7Crl/A58K0bomDKm8jys2yDXJU1udEaJBwhQTUadIaPFHPyMhegPrnfAMcInUQP6aD9SQVAOByi1T/BrFvT0hQClKzskSEeGwnUb+hJYSMkojhkzx5MvEnX9WDdVfAKgHbj4+QxCM=,iv:F8h2gv7F998Lh3FAXEzedsFNRDxD8bzdShTVVwLzKSU=,tag:x44SQkD4PnGhVaIx1XlBug==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.9.4