diff --git a/services/self_host/jellyfin.nix b/services/self_host/jellyfin.nix index a0e558f..dd7548a 100644 --- a/services/self_host/jellyfin.nix +++ b/services/self_host/jellyfin.nix @@ -6,79 +6,121 @@ lib, }: let cfg = config.service.selfhost.jellyfin; + wireguard-key = config.age.secrets."wireguard-secret".path; in { config = lib.mkIf cfg { + virtualisation = { + docker.enable = true; + oci-containers = { + backend = "docker"; + containers = { + gluetun = { + image = "qmcgaw/gluetun:latest"; + autoStart = true; + extraOptions = [ + "--cap-add=NET_ADMIN" + "--device=/dev/net/tun" + ]; + environment = { + VPN_SERVICE_PROVIDER = "mullvad"; + VPN_TYPE = "wireguard"; + WIREGUARD_PRIVATE_KEY = builtins.readFile wireguard-key; + BLOCK_MALICIOUS = "off"; + BLOCK_SURVEILLANCE = "off"; + BLOCK_ADS = "off"; + WIREGUARD_ADDRESSES = "10.70.168.94/32"; + SERVER_COUNTRIES = "Sweden"; + SERVER_CITIES = "Stockholm"; + SERVER_HOSTNAMES = "se-sto-wg-206"; + TZ = "Europe/Paris"; + }; + ports = [ + "8080:8080" + "7878:7878" + "8989:8989" + "9696:9696" + ]; + }; + qbittorrent = { + image = "lscr.io/linuxserver/qbittorrent:latest"; + autoStart = true; + extraOptions = [ + "--network=container:gluetun" + ]; + environment = { + PUID = "1000"; + PGID = "991"; + WEBUI_PORT = "8080"; + TZ = "Europe/Paris"; + }; + volumes = [ + "/mnt/data/qbittorrent/config:/config" + "/mnt/data/downloads:/downloads" + ]; + }; + radarr = { + image = "lscr.io/linuxserver/radarr:latest"; + autoStart = true; + extraOptions = [ + "--network=container:gluetun" + ]; + environment = { + PUID = "1000"; + PGID = "991"; + TZ = "Europe/Paris"; + }; + volumes = [ + "/mnt/data/radarr/config:/config" + "/mnt/data:/data" + ]; + }; + sonarr = { + image = "lscr.io/linuxserver/sonarr:latest"; + autoStart = true; + extraOptions = [ + "--network=container:gluetun" + ]; + environment = { + PUID = "1000"; + PGID = "991"; + TZ = "Europe/Paris"; + }; + volumes = [ + "/mnt/data/sonarr/config:/config" + "/mnt/data:/data" + ]; + }; + prowlarr = { + image = "lscr.io/linuxserver/prowlarr:latest"; + autoStart = true; + extraOptions = [ + "--network=container:gluetun" + ]; + environment = { + PUID = "1000"; + PGID = "991"; + TZ = "Europe/Paris"; + }; + volumes = [ + "/mnt/data/prowlarr/config:/config" + ]; + }; + }; + }; + }; users = { groups.datausers = { }; users = { jellyfin.extraGroups = [ "datausers" ]; - radarr.extraGroups = [ "datausers" ]; - sonarr.extraGroups = [ "datausers" ]; }; }; services = { jellyfin = { enable = true; - dataDir = "/mnt/data/media"; + dataDir = "/mnt/data/jellyfin"; openFirewall = true; }; - - qbittorrent = { - enable = true; - openFirewall = true; - user = "qbittorrent"; - group = "datausers"; - - webuiPort = 8137; - - serverConfig = { - Preferences = { - Downloads = { - SavePath = "/mnt/data/downloads"; - TempPathEnabled = false; - }; - General = { - Locale = "fr_FR"; - }; - WebUI = { - Username = "raphael"; - Password_PBKDF2 = "@ByteArray(CmH/e4LVehCMTT2BUTVo5g==:VqhgnDIsg0owhZqINmi6O0Ac3tXgz6JYAkxB7sqSH18VPQ6R6Tz9jT2a6KXtld4wG6ld41nFXSst0UqRFTUTUw==)"; - }; - }; - }; - }; - - flaresolverr = { - enable = true; - openFirewall = true; - port = 8191; - }; - - sonarr = { - enable = true; - dataDir = "/var/lib/sonarr"; - user = "sonarr"; - group = "datausers"; - openFirewall = true; - }; - - radarr = { - enable = true; - dataDir = "/var/lib/radarr"; - user = "radarr"; - group = "datausers"; - openFirewall = true; - }; - - prowlarr = { - enable = true; - dataDir = "/var/lib/prowlarr"; - openFirewall = true; - }; - - bazarr.enable = true; - nginx.virtualHosts = { "jellyfin.enium.eu" = { enableACME = true;