emenel/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

setting up media server

Browse source
This commit is contained in:
Matt Nish-Lapidus 2025-03-10 15:42:03 -04:00
parent d976ee4c71
commit 891036c7b7
6 changed files with 170 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

76
flake.lock generated
View file

@ -847,6 +847,29 @@
"type": "github"
}
},
"nixarr": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-sonarr": "nixpkgs-sonarr",
"vpnconfinement": "vpnconfinement",
"website-builder": "website-builder"
},
"locked": {
"lastModified": 1741596653,
"narHash": "sha256-tvS9L5Zxxftwo7l2dj/UfnlNBtdnQ0MwmdRDW27on78=",
"owner": "rasmus-kirk",
"repo": "nixarr",
"rev": "29b7be20d4871b0ebac2db7c1691ecd3e690283f",
"type": "github"
},
"original": {
"owner": "rasmus-kirk",
"repo": "nixarr",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1741325094,
@ -905,6 +928,22 @@
"type": "github"
}
},
"nixpkgs-sonarr": {
"locked": {
"lastModified": 1732219096,
"narHash": "sha256-gbvtOPW7K7v4EFo7Feo5s+SI7FMVrCOA5CgnuMhWO/Y=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "328abff1f7a707dc8da8e802f724f025521793ea",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"rev": "328abff1f7a707dc8da8e802f724f025521793ea",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1741445498,
@ -1102,6 +1141,7 @@
"niri": "niri",
"nix-flatpak": "nix-flatpak",
"nix-rice": "nix-rice",
"nixarr": "nixarr",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_4",
"nixpkgs-stable": "nixpkgs-stable_4",
@ -1323,6 +1363,42 @@
"type": "github"
}
},
"vpnconfinement": {
"locked": {
"lastModified": 1740921534,
"narHash": "sha256-orXe3m04DLTW3I19VVanClzpqeq7adnDTqKAD7aPbA8=",
"owner": "Maroka-chan",
"repo": "VPN-Confinement",
"rev": "5eb7dc3e901f4dbb085eb37f5785473a9ae78bc4",
"type": "github"
},
"original": {
"owner": "Maroka-chan",
"repo": "VPN-Confinement",
"type": "github"
}
},
"website-builder": {
"inputs": {
"nixpkgs": [
"nixarr",
"nixpkgs"
]
},
"locked": {
"lastModified": 1741594814,
"narHash": "sha256-YPAIywsWZVhQuy/cPJLi3PiWgoWDrqvQCBytXeSQYCk=",
"owner": "rasmus-kirk",
"repo": "website-builder",
"rev": "e0239195b33103a4923011d8e96ef39a3397631b",
"type": "github"
},
"original": {
"owner": "rasmus-kirk",
"repo": "website-builder",
"type": "github"
}
},
"wezterm": {
"inputs": {
"flake-utils": "flake-utils_2",

1
homes/media/default.nix
View file

@ -8,7 +8,6 @@
home = {
packages = with pkgs; [
cifs-utils
plex
beets
wezterm
];

5
hosts/eddie/configuration.nix
View file

@ -70,7 +70,6 @@
};
channel.enable = false; # remove nix-channel related tools & configs, we use flakes instead.
};
# Set your time zone.
@ -79,6 +78,10 @@
# Select internationalisation properties.
i18n.defaultLocale = "en_CA.UTF-8";
sops-config = {
key-file = "/home/emenel/.config/sops/age/keys.txt";
};
console = {
earlySetup = true;
colors =

38
hosts/media-server/configuration.nix
View file

@ -1,9 +1,9 @@
{ config, lib, nix-config, inputs, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
imports = with nix-config.nixosModules; [
./hardware-configuration.nix
sops-config
];
nixpkgs = {
@ -42,6 +42,7 @@
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.supportedFilesystems = [ "nfs" ];
networking.hostName = "media-server"; # Define your hostname.
# Pick only one of the below networking options.
@ -51,6 +52,10 @@
# Set your time zone.
time.timeZone = "America/Toronto";
sops-config = {
key-file = "/home/media/.config/sops/age/keys.txt";
};
# Define a user account. Don't forget to set a password with passwd.
users.users.media = {
isNormalUser = true;
@ -147,8 +152,37 @@
systemd.services.tailscaled.after = [ "NetworkManager-wait-online.service" ];
nixarr = {
enable = true;
mediaDir = "/data/media";
stateDir = "/data/media/.state/nixarr";
transmission = {
enable = true;
};
bazarr.enable = true;
lidarr.enable = true;
prowlarr.enable = true;
radarr.enable = true;
readarr.enable = true;
sonarr.enable = true;
jellyseerr.enable = true;
};
services.plex = {
enable = true;
};
fileSystems = {
"/mnt/filez/media" = {
device = "server:/filez/Media";
fsType = "nfs";
};
};
services.nfs.server.enable = true;
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "25.05"; # Did you read the comment?

22
hosts/media-server/secrets.yaml Normal file
View file

@ -0,0 +1,22 @@
filez: ENC[AES256_GCM,data:pOnl/B+dFc+Fks7Yb3c=,iv:V99CfTUmFq9ijFHU88OIvySvKw91a9hx0fXLikaAOdY=,tag:L1E2Wur2yVYaGeY+3Ku1WA==,type:str]
media-server: ENC[AES256_GCM,data:dqwbLUXItYrx7w==,iv:lo356taPBlPPD4CqtlbQzvUJRcym0SQc1sHMYW593vw=,tag:nzhLMzVnOc0eDa/7cfnLuA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age10k8v6pfm3p7cmsgn6wu5ufpcquqgpvqh76l23xf326et55dacc0qlr8fe8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFS1BoNnpoWnZGNGQreXVZ
RjNGUWhoYmJPbWplcFIwOU1mdlNOYmhkblU0CmFkNkg1ZDVxU1FNbnlUMXpKWXR1
elZ0RFZaRDRsMkVjcFhkMXU4Q1RYTDQKLS0tIHBRZlovWlFJUDFidzBnby9VNzlm
OFJGS2ljaTVFcWJDL3h2S0tLR3pyekkKBY4veCtc5cmVxoDeFf1LufbFhMHnYu7U
jWaEgDUHHPpiR7+4XZI+Es71kyM+0q2UK0KSU5227eDCLkFvRN5uYg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-15T16:32:18Z"
mac: ENC[AES256_GCM,data:drTH1sdk/KUXfeFXJVyB+21orb7maspVaDr2zZRT2z3PqLKtXVUHqSTaXKb7hETi052ibLqSfyrSCgpNcLMB4yAPrLz/u7nADcxvrnmugAkGgR/w4sK8YPNqw0F04Xx1GQV1SNcFi5lj2xBhRI862sUUiEkUEGM8UieVMgx5pFM=,iv:qBwza6BLls0WiW2DpDkb7PIt5vpjj3LmQaArDGgRXIo=,tag:W/REzW4zCNpptvbXDVCpCA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

52
modules/system/sops-config.nix
View file

@ -1,14 +1,25 @@
{ config, lib, pkgs, ... }:
let
cfg = config.sops-config;
{
sops = {
age.keyFile = "/home/emenel/.config/sops/age/keys.txt"; # must have no password!
defaultSopsFile = ./secrets.yaml;
secrets = {
filez = {};
media-server = {};
in {
options.sops-config = {
key-file = lib.mkOption {
type = lib.types.str;
default = "";
};
templates."media-server-secrets".content = ''
};
config = {
sops = {
age.keyFile = cfg.key-file; # must have no password!
defaultSopsFile = ./secrets.yaml;
secrets = {
filez = {};
media-server = {};
};
templates."media-server-secrets".content = ''
username=media
password=${config.sops.placeholder.media-server}
'';
@ -16,18 +27,19 @@ password=${config.sops.placeholder.media-server}
username=admin
password=${config.sops.placeholder.filez}
'';
};
environment.etc = {
"nixos/filez-secrets" = {
source = config.sops.templates."filez-secrets".path;
group = "users";
};
"nixos/media-server-secrets" = {
source = config.sops.templates."media-server-secrets".path;
group = "users";
};
};
environment.etc = {
"nixos/filez-secrets" = {
source = config.sops.templates."filez-secrets".path;
group = "users";
};
"nixos/media-server-secrets" = {
source = config.sops.templates."media-server-secrets".path;
group = "users";
};
};
};
}