feat(limonka)!: jellyfin and transmission config

Add config for the `jellyfin` service
Add config for the `transmission` service
Fix networking issue (DNS died after some time)
Rename `jeeves_password` secret
Fix deprecated `passwordFile` -> `hashedPasswordFile`
This commit is contained in:
reo101 2023-11-17 16:03:25 +02:00
parent bdda5d9182
commit 4afa641a4d
Signed by: reo101
GPG key ID: 675AA7EF13964ACB
5 changed files with 73 additions and 2 deletions

View file

@ -1,10 +1,13 @@
{ inputs, outputs, lib, pkgs, config, ... }:
{
imports = [
inputs.hardware.nixosModules.common-cpu-amd
inputs.hardware.nixosModules.common-gpu-amd
(import ./disko.nix { inherit inputs outputs; })
inputs.agenix.nixosModules.default
./network.nix
./wireguard.nix
./jellyfin.nix
];
nixpkgs = {
@ -57,14 +60,15 @@
];
# NOTE: made with `mkpasswd -m sha-516`
age.secrets."home/jeeves_password".file = ../../../../secrets/home/jeeves_password.age;
age.secrets."jeeves_password".file = ../../../../secrets/home/jeeves_password.age;
users = {
mutableUsers = true;
users = {
jeeves = {
isNormalUser = true;
shell = pkgs.zsh;
passwordFile = config.age.secrets."home/jeeves_password".path;
hashedPasswordFile = config.age.secrets."jeeves_password".path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBj8ZGcvI80WrJWV+dNy1a3L973ydSNqtwcVHzurDUaW (none)"
];
@ -73,6 +77,7 @@
"networkmanager"
"audio"
"docker"
"transmission"
];
};
};

View file

@ -189,6 +189,9 @@
];
};
"/data/media" = { };
"/data/torrents" = { };
"/data/torrents/download" = { };
"/data/torrents/incomplete" = { };
"/data/media/jellyfin" = { };
};
};

View file

@ -0,0 +1,43 @@
{ lib, pkgs, config, ... }:
{
environment.systemPackages = with pkgs; [
tremc
];
services = {
transmission = {
enable = true;
openRPCPort = true;
settings = {
download-dir = "/data/torrents/download";
incomplete-dir = "/data/torrents/incomplete";
incomplete-dir-enabled = true;
rpc-whitelist = "127.0.0.1,192.168.*.*,10.100.0.*";
};
};
jellyfin = {
enable = true;
openFirewall = true;
};
# sonarr = {
# enable = true;
# openFirewall = true;
# };
# radarr = {
# enable = true;
# openFirewall = true;
# };
# bazarr = {
# enable = true;
# openFirewall = true;
# };
# readarr = {
# enable = true;
# openFirewall = true;
# };
# prowlarr = {
# enable = true;
# openFirewall = true;
# };
};
}

View file

@ -15,6 +15,7 @@
};
};
networking.useNetworkd = true;
systemd.network = {
enable = true;
wait-online = {

View file

@ -42,6 +42,25 @@
];
};
}
{
# limonka
wireguardPeerConfig = {
PublicKey = "+x4cKc16KxhW/M3wv64FU1J0AkiLyXT5Oar6I1n1xk4=";
AllowedIPs = [
"0.0.0.0/0"
# "192.168.1.0/24"
];
};
}
{
# s42
wireguardPeerConfig = {
PublicKey = "pZF6M8TZ1FSBtTwFz4xzlMqwqRScEqgBfqHBk7ddixc=";
AllowedIPs = [
"0.0.0.0/0"
];
};
}
];
};
};