ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: ringofstorms:e2fd02e9081bcee4f75764b674c00083d4ac6d30
Branches Tags
ringofstorms:master
..
compare: ringofstorms:7f10ef80c1e70d8cd79486098b1a53ed79954f00
Branches Tags
ringofstorms:master

No commits in common. "e2fd02e9081bcee4f75764b674c00083d4ac6d30" and "7f10ef80c1e70d8cd79486098b1a53ed79954f00" have entirely different histories.
e2fd02e908 ... 7f10ef80c1

5 changed files with 47 additions and 262 deletions
Download patch file Download diff file Expand all files Collapse all files

27
hosts/h001/mods/nixarr.nix
View file

@ -13,6 +13,32 @@ let
in in
{ {
config = { config = {
users.groups.media.gid = lib.mkForce 2000;
# Make sure enabled media services can write to the NFS mediaDir.
users.users.sonarr.extraGroups = lib.mkIf config.nixarr.sonarr.enable (lib.mkAfter [ "media" ]);
users.users.radarr.extraGroups = lib.mkIf config.nixarr.radarr.enable (lib.mkAfter [ "media" ]);
users.users.bazarr.extraGroups = lib.mkIf config.nixarr.bazarr.enable (lib.mkAfter [ "media" ]);
users.users.prowlarr.extraGroups = lib.mkIf config.nixarr.prowlarr.enable (lib.mkAfter [ "media" ]);
users.users.lidarr.extraGroups = lib.mkIf config.nixarr.lidarr.enable (lib.mkAfter [ "media" ]);
users.users.jellyfin.extraGroups = lib.mkIf config.nixarr.jellyfin.enable (lib.mkAfter [ "media" ]);
users.users.jellyseerr.extraGroups = lib.mkIf config.nixarr.jellyseerr.enable (lib.mkAfter [ "media" ]);
users.users.sabnzbd.extraGroups = lib.mkIf config.nixarr.sabnzbd.enable (lib.mkAfter [ "media" ]);
users.users.transmission.extraGroups = lib.mkIf config.nixarr.transmission.enable (lib.mkAfter [ "media" ]);
users.users.pinchflat.extraGroups = lib.mkAfter [ "media" ];
systemd.services.pinchflat.serviceConfig.UMask = "0002";
systemd.services.sonarr.serviceConfig.UMask = lib.mkIf config.nixarr.sonarr.enable "0002";
systemd.services.radarr.serviceConfig.UMask = lib.mkIf config.nixarr.radarr.enable "0002";
systemd.services.bazarr.serviceConfig.UMask = lib.mkIf config.nixarr.bazarr.enable "0002";
systemd.services.prowlarr.serviceConfig.UMask = lib.mkIf config.nixarr.prowlarr.enable "0002";
systemd.services.lidarr.serviceConfig.UMask = lib.mkIf config.nixarr.lidarr.enable "0002";
systemd.services.jellyfin.serviceConfig.UMask = lib.mkIf config.nixarr.jellyfin.enable "0002";
systemd.services.jellyseerr.serviceConfig.UMask = lib.mkIf config.nixarr.jellyseerr.enable "0002";
systemd.services.sabnzbd.serviceConfig.UMask = lib.mkIf config.nixarr.sabnzbd.enable "0002";
systemd.services.transmission.serviceConfig.UMask = lib.mkIf config.nixarr.transmission.enable "0002";
nixarr = { nixarr = {
enable = true; enable = true;
# mediaDir = "/drives/wd10/nixarr/media"; # mediaDir = "/drives/wd10/nixarr/media";
@ -78,4 +104,3 @@ in
}; };
}; };
} }

22
hosts/h001/mods/pinchflat.nix
View file

@ -12,9 +12,6 @@ let
inherit (pkgs) system; inherit (pkgs) system;
config.allowUnfree = true; config.allowUnfree = true;
}; };
gid = 186;
uid = 186;
in in
{ {
disabledModules = [ declaration ]; disabledModules = [ declaration ];
@ -32,23 +29,17 @@ in
}; };
}; };
users = { users.users.pinchflat.isSystemUser = true;
groups.pinchflat.gid = gid; users.users.pinchflat.group = "pinchflat";
users.pinchflat = { users.users.pinchflat.extraGroups = lib.mkAfter [
isSystemUser = true; "media"
group = "pinchflat";
uid = uid;
};
};
systemd.tmpfiles.rules = [
"d '${config.services.pinchflat.mediaDir}' 0775 pinchflat pinchflat - -"
]; ];
users.groups.pinchflat = { };
systemd.services.pinchflat.serviceConfig = { systemd.services.pinchflat.serviceConfig = {
DynamicUser = lib.mkForce false; DynamicUser = lib.mkForce false;
User = "pinchflat"; User = "pinchflat";
Group = "pinchflat"; Group = "pinchflat";
UMask = "0002";
}; };
# Use Nixarr vpn # Use Nixarr vpn
@ -63,6 +54,7 @@ in
} }
]; ];
services.nginx = { services.nginx = {
virtualHosts = { virtualHosts = {
"pinchflat" = { "pinchflat" = {

4
hosts/h002/flake.nix
View file

@ -10,8 +10,6 @@
beszel.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/beszel"; beszel.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/beszel";
ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim"; ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";
nixarr.url = "github:rasmus-kirk/nixarr";
}; };
outputs = outputs =
@ -72,10 +70,8 @@
}; };
}) })
inputs.nixarr.nixosModules.default
./hardware-configuration.nix ./hardware-configuration.nix
./nfs-data.nix ./nfs-data.nix
./nfs-data-users-nixarr.nix
( (
{ {
config, config,

242
hosts/h002/nfs-data-users-nixarr.nix
View file

@ -1,242 +0,0 @@
{ lib, config, ... }:
# This file sets up perms for MEDIA only (not state dirs) on this system since we are running nixarr on another host but NFS mounting the data drive from here.
let
globals = config.util-nixarr.globals;
nixarr = {
mediaDir = "/data/nixarr/media";
};
pinchflatMediaDir = "/data/pinchflat/media";
pinchflat = true;
pinchflatId = 186;
# Matches up to my h001/mods/nixarr|pinchflat.nix files
audiobookshelf = false;
jellyfin = true;
komga = false;
lidarr = false;
plex = false;
radarr = true;
readarr-audiobook = false;
readarr = false;
sabnzbd = true;
sonarr = true;
transmission = true;
whisparr = false;
in
lib.mkMerge [
(lib.mkIf pinchflat {
users = {
groups.pinchflat.gid = pinchflatId;
users.pinchflat = {
isSystemUser = true;
group = "pinchflat";
uid = pinchflatId;
};
};
systemd.tmpfiles.rules = [
"d '${pinchflatMediaDir}' 0775 pinchflat pinchflat - -"
];
})
(lib.mkIf audiobookshelf {
users = {
groups.${globals.audiobookshelf.group}.gid = globals.gids.${globals.audiobookshelf.group};
users.${globals.audiobookshelf.user} = {
isSystemUser = true;
group = globals.audiobookshelf.group;
uid = globals.uids.${globals.audiobookshelf.user};
};
};
systemd.tmpfiles.rules = [
"d '${nixarr.mediaDir}/library/audiobooks' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
"d '${nixarr.mediaDir}/library/podcasts' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
];
})
(lib.mkIf jellyfin {
users = {
groups.${globals.jellyfin.group}.gid = globals.gids.${globals.jellyfin.group};
users.${globals.jellyfin.user} = {
isSystemUser = true;
group = globals.jellyfin.group;
uid = globals.uids.${globals.jellyfin.user};
};
};
systemd.tmpfiles.rules = [
"d '${nixarr.mediaDir}/library' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
"d '${nixarr.mediaDir}/library/shows' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
"d '${nixarr.mediaDir}/library/movies' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
"d '${nixarr.mediaDir}/library/music' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
"d '${nixarr.mediaDir}/library/books' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
"d '${nixarr.mediaDir}/library/audiobooks' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
];
})
(lib.mkIf komga {
users = {
groups.${globals.komga.group}.gid = globals.gids.${globals.komga.group};
users.${globals.komga.user} = {
isSystemUser = true;
group = globals.komga.group;
uid = globals.uids.${globals.komga.user};
};
};
systemd.tmpfiles.rules = [
"d '${nixarr.mediaDir}/library' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
"d '${nixarr.mediaDir}/library/books' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
];
})
(lib.mkIf lidarr {
users = {
groups.${globals.lidarr.group}.gid = globals.gids.${globals.lidarr.group};
users.${globals.lidarr.user} = {
isSystemUser = true;
group = globals.lidarr.group;
uid = globals.uids.${globals.lidarr.user};
};
};
systemd.tmpfiles.rules = [
"d '${nixarr.mediaDir}/library' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
"d '${nixarr.mediaDir}/library/music' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
];
})
(lib.mkIf plex {
users = {
groups.${globals.plex.group}.gid = globals.gids.${globals.plex.group};
users.${globals.plex.user} = {
isSystemUser = true;
group = globals.plex.group;
uid = globals.uids.${globals.plex.user};
};
};
systemd.tmpfiles.rules = [
"d '${nixarr.mediaDir}/library' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
"d '${nixarr.mediaDir}/library/shows' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
"d '${nixarr.mediaDir}/library/movies' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
"d '${nixarr.mediaDir}/library/music' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
"d '${nixarr.mediaDir}/library/books' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
"d '${nixarr.mediaDir}/library/audiobooks' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
];
})
(lib.mkIf radarr {
systemd.tmpfiles.rules = [
"d '${nixarr.mediaDir}/library' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
"d '${nixarr.mediaDir}/library/movies' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
];
users = {
groups.${globals.radarr.group}.gid = globals.gids.${globals.radarr.group};
users.${globals.radarr.user} = {
isSystemUser = true;
group = globals.radarr.group;
uid = globals.uids.${globals.radarr.user};
};
};
})
(lib.mkIf readarr-audiobook {
users = {
groups.${globals.readarr-audiobook.group}.gid = globals.gids.${globals.readarr-audiobook.group};
users.${globals.readarr-audiobook.user} = {
isSystemUser = true;
group = globals.readarr-audiobook.group;
uid = globals.uids.${globals.readarr-audiobook.user};
};
};
systemd.tmpfiles.rules = [
"d '${nixarr.mediaDir}/library' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
"d '${nixarr.mediaDir}/library/audiobooks' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
];
})
(lib.mkIf readarr {
users = {
groups.${globals.readarr.group}.gid = globals.gids.${globals.readarr.group};
users.${globals.readarr.user} = {
isSystemUser = true;
group = globals.readarr.group;
uid = globals.uids.${globals.readarr.user};
};
};
systemd.tmpfiles.rules = [
"d '${nixarr.mediaDir}/library' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
"d '${nixarr.mediaDir}/library/books' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
];
})
(lib.mkIf sabnzbd {
users = {
groups.${globals.sabnzbd.group}.gid = globals.gids.${globals.sabnzbd.group};
users.${globals.sabnzbd.user} = {
isSystemUser = true;
group = globals.sabnzbd.group;
uid = globals.uids.${globals.sabnzbd.user};
};
};
systemd.tmpfiles.rules = [
"d '${nixarr.mediaDir}/usenet' 0755 ${globals.sabnzbd.user} ${globals.sabnzbd.group} - -"
"d '${nixarr.mediaDir}/usenet/.incomplete' 0755 ${globals.sabnzbd.user} ${globals.sabnzbd.group} - -"
"d '${nixarr.mediaDir}/usenet/.watch' 0755 ${globals.sabnzbd.user} ${globals.sabnzbd.group} - -"
"d '${nixarr.mediaDir}/usenet/manual' 0775 ${globals.sabnzbd.user} ${globals.sabnzbd.group} - -"
"d '${nixarr.mediaDir}/usenet/lidarr' 0775 ${globals.sabnzbd.user} ${globals.sabnzbd.group} - -"
"d '${nixarr.mediaDir}/usenet/radarr' 0775 ${globals.sabnzbd.user} ${globals.sabnzbd.group} - -"
"d '${nixarr.mediaDir}/usenet/sonarr' 0775 ${globals.sabnzbd.user} ${globals.sabnzbd.group} - -"
"d '${nixarr.mediaDir}/usenet/readarr' 0775 ${globals.sabnzbd.user} ${globals.sabnzbd.group} - -"
];
})
(lib.mkIf sonarr {
users = {
groups.${globals.sonarr.group}.gid = globals.gids.${globals.sonarr.group};
users.${globals.sonarr.user} = {
isSystemUser = true;
group = globals.sonarr.group;
uid = globals.uids.${globals.sonarr.user};
};
};
systemd.tmpfiles.rules = [
"d '${nixarr.mediaDir}/library' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
"d '${nixarr.mediaDir}/library/shows' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
];
})
(lib.mkIf transmission {
users = {
groups.${globals.transmission.group}.gid = globals.gids.${globals.transmission.group};
users.${globals.transmission.user} = {
isSystemUser = true;
group = globals.transmission.group;
uid = globals.uids.${globals.transmission.user};
};
};
systemd.tmpfiles.rules = [
"d '${nixarr.mediaDir}/torrents' 0755 ${globals.transmission.user} ${globals.transmission.group} - -"
"d '${nixarr.mediaDir}/torrents/.incomplete' 0755 ${globals.transmission.user} ${globals.transmission.group} - -"
"d '${nixarr.mediaDir}/torrents/.watch' 0755 ${globals.transmission.user} ${globals.transmission.group} - -"
"d '${nixarr.mediaDir}/torrents/manual' 0755 ${globals.transmission.user} ${globals.transmission.group} - -"
"d '${nixarr.mediaDir}/torrents/lidarr' 0755 ${globals.transmission.user} ${globals.transmission.group} - -"
"d '${nixarr.mediaDir}/torrents/radarr' 0755 ${globals.transmission.user} ${globals.transmission.group} - -"
"d '${nixarr.mediaDir}/torrents/sonarr' 0755 ${globals.transmission.user} ${globals.transmission.group} - -"
"d '${nixarr.mediaDir}/torrents/readarr' 0755 ${globals.transmission.user} ${globals.transmission.group} - -"
];
})
(lib.mkIf whisparr {
users = {
groups.${globals.whisparr.group}.gid = globals.gids.${globals.whisparr.group};
users.${globals.whisparr.user} = {
isSystemUser = true;
group = globals.whisparr.group;
uid = globals.uids.${globals.whisparr.user};
};
};
systemd.tmpfiles.rules = [
"d '${nixarr.mediaDir}/library' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
"d '${nixarr.mediaDir}/library/xxx' 0775 ${globals.libraryOwner.user} ${globals.libraryOwner.group} - -"
];
})
]

14
hosts/h002/nfs-data.nix
View file

@ -6,6 +6,20 @@
}: }:
lib.mkMerge [ lib.mkMerge [
({ ({
users.groups.media = {
gid = 2000;
};
# Keep exported paths group-writable for media services.
# `2` (setgid) makes new files inherit group `media`.
systemd.tmpfiles.rules = [
"d /data/nixarr 2775 root media - -"
"d /data/nixarr/media 2775 root media - -"
"d /data/pinchflat 2775 root media - -"
"d /data/pinchflat/media 2775 root media - -"
];
services.nfs.server = { services.nfs.server = {
enable = true; enable = true;
exports = '' exports = ''