{ config, lib, pkgs, inputs, ... }: { # Setup hardware # imports = [ inputs.nixos-hardware.nixosModules.common-cpu-intel ]; # Sops setup for this machine sops.secrets = { "borg-ssh-key" = { sopsFile = ../../secrets/perception/borg.yaml; format = "yaml"; }; "borg-password" = { sopsFile = ../../secrets/perception/borg.yaml; format = "yaml"; }; "podgrab" = { owner = "podgrab"; format = "binary"; sopsFile = ../../secrets/perception/podgrab; }; }; # Setup system configuration nathan = { services = { borg = { enable = true; extraExcludes = [ "/var/log" "/mnt" "/var/lib/tdarr" ]; passwordFile = config.sops.secrets."borg-password".path; sshKey = config.sops.secrets."borg-ssh-key".path; }; }; config = { setupGrub = false; nix = { autoUpdate = true; autoGC = true; }; harden = false; }; }; # Configure bootloader boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.efiSysMountPoint = "/boot/efi"; boot.kernelParams = [ "net.ifnames=0" ]; # Configure networking networking = { domain = "mccarty.io"; useDHCP = true; # Open ports in firewall firewall = { allowedTCPPorts = [ ]; allowedUDPPorts = [ ]; }; }; # Setup home manager home-manager.users.nathan = import ./home.nix; ## Media Streaming setup # Setup hardware hardware.opengl = { enable = true; driSupport = true; driSupport32Bit = true; extraPackages = with pkgs; [ libva vaapiIntel libvdpau-va-gl vaapiVdpau ]; }; # Newer kernel boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_3; # Run plex and the like in containers, these applications get... a little fucky when run directly # on nixos virtualisation.oci-containers.containers = { # Configure plex "plex" = { image = "lscr.io/linuxserver/plex:latest"; environment = { "PUID" = "1000"; "PGID" = "1000"; "TZ" = "America/New_York"; "VERSION" = "latest"; }; ports = [ "32400:32400" "1900:1900" "3005:3005" "5353:5353" "8324:8324" "32410:32410" "32412:32412" "32413:32413" "32414:32414" "32469:32469" ]; volumes = [ "/var/lib/plex:/config" "/mnt/plex:/media" "/mnt/music:/music" ]; extraOptions = [ "--device=/dev/dri:/dev/dri" ]; }; # Configure jellyfin "jellyfin" = { image = "lscr.io/linuxserver/jellyfin:latest"; environment = { "PUID" = "1000"; "PGID" = "1000"; "TZ" = "America/New_York"; "DOCKER_MODS" = "linuxserver/mods:jellyfin-opencl-intel"; }; ports = [ "8096:8096" "8920:8920" ]; volumes = [ "/var/lib/jellyfin:/config" "/mnt/plex:/media" "/mnt/music:/music" ]; extraOptions = [ "--device=/dev/dri:/dev/dri" ]; }; # Configure jellyseerr - Requests for jellyfin "jellyseerr" = { image = "fallenbagel/jellyseerr:latest"; environment = { "TZ" = "America/New_York"; }; ports = [ "5055:5055" ]; volumes = [ "/var/lib/jellyseerr:/app/config" ]; }; # Configure wizarr - Account management for jellyfin "wizarr" = { image = "ghcr.io/wizarrrr/wizarr"; environment = { "TZ" = "America/New_York"; "APP_URL" = "https://wizarr.mccarty.io"; "DISABLE_BUILTIN_AUTH" = "false"; }; ports = [ "5690:5690" ]; volumes = [ "/var/lib/wizarr:/data/database" ]; }; # Configure kavita "kavita" = { image = "kizaing/kavita:latest"; ports = [ "5000:5000" ]; volumes = [ "/var/lib/kavita:/kavita/config" "/mnt/books:/books" ]; }; # Configure tatulli - Plex Stats "tautulli" = { image = "lscr.io/linuxserver/tautulli:latest"; environment = { "PUID" = "1000"; "PGID" = "1000"; "TZ" = "America/New_York"; }; ports = [ "8181:8181" ]; volumes = [ "/var/lib/tautulli:/config" ]; dependsOn = [ "plex" ]; }; # Configure sabnzbd - Usenet "sabnzbd" = { image = "lscr.io/linuxserver/sabnzbd:latest"; environment = { "PUID" = "1000"; "PGID" = "1000"; "TZ" = "America/New_York"; "DOCKER_MODS" = "linuxserver/mods:sabnzbd-par2cmdline-turbo"; }; ports = [ "8080:8080" ]; volumes = [ "/var/lib/sabnzbd:/config" "/mnt/scratch/sabnzbd/download-complete:/downloads" "/mnt/scratch/sabnzbd/download:/incomplete-downloads" ]; }; # Configure tdarr - automatic transcoding and homogenization "tdarr" = { image = "ghcr.io/haveagitgat/tdarr"; environment = { "PUID" = "1000"; "PGID" = "1000"; "TZ" = "America/New_York"; "internalNode" = "true"; "inContainer" = "true"; }; ports = [ "8265:8265" "8266:8266" "8267:8267" ]; volumes = [ "/var/lib/tdarr/configs:/app/configs" "/var/lib/tdarr/server:/app/server" "/var/lib/tdarr/logs:/app/logs" "/var/lib/tdarr/cache:/app/cache" "/mnt/plex:/media" ]; extraOptions = [ "--device=/dev/dri:/dev/dri" ]; }; # Configure sonarr - TV "sonarr" = { image = "lscr.io/linuxserver/sonarr:latest"; environment = { "PUID" = "1000"; "PGID" = "1000"; "TZ" = "America/New_York"; }; ports = [ "8989:8989" ]; volumes = [ "/var/lib/sonarr:/config" "/mnt/plex:/media" "/mnt/scratch/sabnzbd/download-complete:/downloads" ]; dependsOn = [ "sabnzbd" "plex" ]; }; # Configure radarr - Movies "radarr" = { image = "lscr.io/linuxserver/radarr:latest"; environment = { "PUID" = "1000"; "PGID" = "1000"; "TZ" = "America/New_York"; }; ports = [ "7878:7878" ]; volumes = [ "/var/lib/radarr:/config" "/mnt/plex:/media" "/mnt/scratch/sabnzbd/download-complete:/downloads" ]; dependsOn = [ "sabnzbd" "plex" ]; }; # Configure lidarr - Music "lidarr" = { image = "lscr.io/linuxserver/lidarr:latest"; environment = { "PUID" = "1000"; "PGID" = "1000"; "TZ" = "America/New_York"; }; ports = [ "8686:8686" ]; volumes = [ "/var/lib/lidarr:/config" "/mnt/music:/music" "/mnt/scratch/sabnzbd/download-complete:/downloads" ]; dependsOn = [ "sabnzbd" ]; }; # Configure bazarr - Subtitles "bazarr" = { image = "lscr.io/linuxserver/bazarr:latest"; environment = { "PUID" = "1000"; "PGID" = "1000"; "TZ" = "America/New_York"; }; ports = [ "6767:6767" ]; volumes = [ "/var/lib/bazarr:/config" "/mnt/plex:/media" ]; dependsOn = [ "plex" ]; }; }; # Setup podgrab services.podgrab = { enable = true; port = 4242; passwordFile = config.sops.secrets.podgrab.path; }; # Make the containers depend on their mounts systemd.services = { "podman-tdarr" = { after = [ "mnt-plex.mount" ]; }; "podman-plex" = { after = [ "mnt-music.mount" "mnt-plex.mount" ]; }; "podman-jellyfin" = { after = [ "mnt-music.mount" "mnt-plex.mount" ]; }; "podman-sabnzbd" = { after = [ "mnt-scratch.mount" ]; }; "podman-lidarr" = { after = [ "mnt-music.mount" ]; }; }; }