From 9f886e22d47c0d200eaaaf7c9a2d34c0d73a2634 Mon Sep 17 00:00:00 2001 From: jasmine Date: Sun, 16 Jun 2024 23:08:01 +0800 Subject: [PATCH 1/3] Setup mealie container --- nixos/viridian/containers/default.nix | 1 + nixos/viridian/containers/mealie.nix | 48 +++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 nixos/viridian/containers/mealie.nix diff --git a/nixos/viridian/containers/default.nix b/nixos/viridian/containers/default.nix index 835b260..8eb55e8 100644 --- a/nixos/viridian/containers/default.nix +++ b/nixos/viridian/containers/default.nix @@ -11,6 +11,7 @@ ./radarr.nix ./recyclarr.nix ./sonarr.nix + ./mealie.nix ./microbin ]; virtualisation.oci-containers.backend = "docker"; diff --git a/nixos/viridian/containers/mealie.nix b/nixos/viridian/containers/mealie.nix new file mode 100644 index 0000000..3eba75a --- /dev/null +++ b/nixos/viridian/containers/mealie.nix @@ -0,0 +1,48 @@ +{ ... }: +let + port = "9925"; +in +{ + virtualisation.oci-containers.containers = { + mealie = { + autoStart = true; + image = "ghcr.io/mealie-recipes/mealie:v1.8.0"; + ports = [ + "${port}:9000" + ]; + volumes = [ + "/srv/containers/mealie:/app/data/" + ]; + environment = { + ALLOW_SIGNUP = "false"; + PUID = "1000"; + PGID = "100"; + TZ = "Australia/Perth"; + MAX_WORKERS = "1"; + WEB_CONCURRENCY = "1"; + BASE_URL = "https://mealie.kanto.dev"; + }; + }; + }; + + services.traefik.dynamicConfigOptions.http.routers = { + mealie = { + rule = "Host(`mealie.kanto.dev`)"; + entryPoints = [ + "websecure" + ]; + middlewares = [ + "internal" + ]; + service = "mealie"; + }; + }; + + services.traefik.dynamicConfigOptions.http.services = { + mealie.loadBalancer.servers = [ + { url = "http://127.0.0.1:${port}"; } + ]; + }; + +} + From 5a16fd7360fb8d8c54a8b6521763642c8256df01 Mon Sep 17 00:00:00 2001 From: jasmine Date: Sun, 16 Jun 2024 23:08:52 +0800 Subject: [PATCH 2/3] Update containers to latest release --- nixos/viridian/containers/adguardhome.nix | 10 ++++++---- nixos/viridian/containers/jellyfin.nix | 11 +++++++---- nixos/viridian/containers/jellyseerr.nix | 14 ++++++++++---- nixos/viridian/containers/lidarr.nix | 14 ++++++++++---- nixos/viridian/containers/microbin/default.nix | 12 +++++++----- nixos/viridian/containers/prowlarr.nix | 14 ++++++++++---- nixos/viridian/containers/qbittorrent.nix | 14 ++++++++++---- nixos/viridian/containers/radarr.nix | 14 ++++++++++---- nixos/viridian/containers/recyclarr.nix | 3 ++- nixos/viridian/containers/sonarr.nix | 14 ++++++++++---- 10 files changed, 82 insertions(+), 38 deletions(-) diff --git a/nixos/viridian/containers/adguardhome.nix b/nixos/viridian/containers/adguardhome.nix index 810a3f9..60f44a1 100644 --- a/nixos/viridian/containers/adguardhome.nix +++ b/nixos/viridian/containers/adguardhome.nix @@ -1,13 +1,15 @@ { ... }: - +let + port = "3000"; +in { virtualisation.oci-containers.containers = { adguardhome = { autoStart = true; - image = "adguard/adguardhome"; + image = "adguard/adguardhome:v0.107.51"; ports = [ "53:53" # Plain DNS - "3000:3000" # WEBGUI + "${port}:3000" # WEBGUI ]; volumes = [ "/srv/containers/adguardhome/work:/opt/adguardhome/work" @@ -33,7 +35,7 @@ services.traefik.dynamicConfigOptions.http.services = { adguard-home.loadBalancer.servers = [ - { url = "http://127.0.0.1:3000"; } + { url = "http://127.0.0.1:${port}"; } ]; }; } diff --git a/nixos/viridian/containers/jellyfin.nix b/nixos/viridian/containers/jellyfin.nix index 9804e71..a583a9b 100644 --- a/nixos/viridian/containers/jellyfin.nix +++ b/nixos/viridian/containers/jellyfin.nix @@ -1,13 +1,15 @@ { ... }: - +let + port = "8096"; +in { virtualisation.oci-containers.containers = { # Volunteer-built media solution that puts you in control of your media jellyfin = { autoStart = true; - image = "jellyfin/jellyfin:10.8.12"; + image = "jellyfin/jellyfin:10.9.6"; ports = [ - "8096:8096/tcp" # HTTP traffic + "${port}:8096/tcp" # HTTP traffic "8920:8920/tcp" # HTTPS traffic # "1900:1900/udp" # Service auto-discovery "7359:7359/udp" # Client auto-discovery @@ -24,6 +26,7 @@ "--device=/dev/dri/renderD128:/dev/dri/renderD128" "--network=media-stack" ]; + user = "1000:100"; }; }; @@ -42,7 +45,7 @@ services.traefik.dynamicConfigOptions.http.services = { jellyfin.loadBalancer.servers = [ - { url = "http://127.0.0.1:8096"; } + { url = "http://127.0.0.1:${port}"; } ]; }; } diff --git a/nixos/viridian/containers/jellyseerr.nix b/nixos/viridian/containers/jellyseerr.nix index 4c8f3b6..e06c7f4 100644 --- a/nixos/viridian/containers/jellyseerr.nix +++ b/nixos/viridian/containers/jellyseerr.nix @@ -1,17 +1,23 @@ { ... }: - +let + port = "5055"; +in { virtualisation.oci-containers.containers = { # Request management jellyseerr = { autoStart = true; - image = "ghcr.io/hotio/jellyseerr"; + image = "ghcr.io/hotio/jellyseerr:release-1.9.2"; ports = [ - "5055:5055/tcp" # WebUI + "${port}:5055/tcp" # WebUI ]; volumes = [ "/srv/containers/jellyseerr:/config" ]; + environment = { + PUID = "1000"; + PGID = "100"; + }; extraOptions = [ "--network=media-stack" ]; @@ -33,7 +39,7 @@ services.traefik.dynamicConfigOptions.http.services = { jellyseerr.loadBalancer.servers = [ - { url = "http://127.0.0.1:5055"; } + { url = "http://127.0.0.1:${port}"; } ]; }; } diff --git a/nixos/viridian/containers/lidarr.nix b/nixos/viridian/containers/lidarr.nix index 1115f18..2528d5b 100644 --- a/nixos/viridian/containers/lidarr.nix +++ b/nixos/viridian/containers/lidarr.nix @@ -1,13 +1,15 @@ { ... }: - +let + port = "8686"; +in { virtualisation.oci-containers.containers = { # # Music collection manager for Usenet and BitTorrent users lidarr = { autoStart = true; - image = "ghcr.io/hotio/lidarr:nightly-2.0.2.3782"; + image = "ghcr.io/hotio/lidarr:release-2.3.3.4204"; ports = [ - "8686:8686/tcp" # WebUI + "${port}:8686/tcp" # WebUI ]; volumes = [ # Media library @@ -15,6 +17,10 @@ # Container data "/srv/containers/lidarr:/config:rw" ]; + environment = { + PUID = "1000"; + PGID = "100"; + }; extraOptions = [ "--network=media-stack" ]; @@ -36,7 +42,7 @@ services.traefik.dynamicConfigOptions.http.services = { lidarr.loadBalancer.servers = [ - { url = "http://127.0.0.1:8686"; } + { url = "http://127.0.0.1:${port}"; } ]; }; } diff --git a/nixos/viridian/containers/microbin/default.nix b/nixos/viridian/containers/microbin/default.nix index 113bf14..baf1728 100644 --- a/nixos/viridian/containers/microbin/default.nix +++ b/nixos/viridian/containers/microbin/default.nix @@ -1,11 +1,13 @@ { config, ... }: - +let + port = "8181"; +in { age.secrets.microbin = { # Environment variables for microbin rekeyFile = ./environment.age; - owner = "root"; - group = "root"; + owner = "sajenim"; + group = "users"; }; virtualisation.oci-containers.containers = { @@ -14,7 +16,7 @@ autoStart = true; image = "danielszabo99/microbin:2.0"; ports = [ - "8181:8080/tcp" # WebUI + "${port}:8080/tcp" # WebUI ]; volumes = [ # Container data @@ -41,7 +43,7 @@ services.traefik.dynamicConfigOptions.http.services = { microbin.loadBalancer.servers = [ - { url = "http://127.0.0.1:8181"; } + { url = "http://127.0.0.1:${port}"; } ]; }; } diff --git a/nixos/viridian/containers/prowlarr.nix b/nixos/viridian/containers/prowlarr.nix index 9c3634f..3f70ab3 100644 --- a/nixos/viridian/containers/prowlarr.nix +++ b/nixos/viridian/containers/prowlarr.nix @@ -1,18 +1,24 @@ { ... }: - +let + port = "9696"; +in { virtualisation.oci-containers.containers = { # Indexer manager/proxy built on the popular arr .net/reactjs base stack to integrate with your various PVR apps. prowlarr = { autoStart = true; - image = "ghcr.io/hotio/prowlarr:nightly-1.10.3.4070"; + image = "ghcr.io/hotio/prowlarr:release-1.18.0.4543"; ports = [ - "9696:9696/tcp" # WebUI + "${port}:9696/tcp" # WebUI ]; volumes = [ # Container data "/srv/containers/prowlarr:/config:rw" ]; + environment = { + PUID = "1000"; + PGID = "100"; + }; extraOptions = [ "--network=media-stack" ]; @@ -33,7 +39,7 @@ services.traefik.dynamicConfigOptions.http.services = { prowlarr.loadBalancer.servers = [ - { url = "http://127.0.0.1:9696"; } + { url = "http://127.0.0.1:${port}"; } ]; }; } diff --git a/nixos/viridian/containers/qbittorrent.nix b/nixos/viridian/containers/qbittorrent.nix index bf107cb..432a565 100644 --- a/nixos/viridian/containers/qbittorrent.nix +++ b/nixos/viridian/containers/qbittorrent.nix @@ -1,13 +1,15 @@ { ... }: - +let + port = "8487"; +in { virtualisation.oci-containers.containers = { # # Open-source software alternative to µTorrent qbittorrent = { autoStart = true; - image = "ghcr.io/hotio/qbittorrent:release-4.6.0"; + image = "ghcr.io/hotio/qbittorrent:release-4.6.5"; ports = [ - "8080:8080/tcp" # WebUI + "${port}:8080/tcp" # WebUI "32372:32372/tcp" # Transport protocol ]; volumes = [ @@ -15,6 +17,10 @@ "/srv/multimedia/torrents:/data/torrents:rw" "/srv/containers/qbittorrent:/config:rw" ]; + environment = { + PUID = "1000"; + PGID = "100"; + }; extraOptions = [ "--network=media-stack" ]; @@ -36,7 +42,7 @@ services.traefik.dynamicConfigOptions.http.services = { qbittorrent.loadBalancer.servers = [ - { url = "http://127.0.0.1:8080"; } + { url = "http://127.0.0.1:${port}"; } ]; }; } diff --git a/nixos/viridian/containers/radarr.nix b/nixos/viridian/containers/radarr.nix index 14984e4..c4a6a49 100644 --- a/nixos/viridian/containers/radarr.nix +++ b/nixos/viridian/containers/radarr.nix @@ -1,13 +1,15 @@ { ... }: - +let + port = "7878"; +in { virtualisation.oci-containers.containers = { # Movie collection manager for Usenet and BitTorrent users radarr = { autoStart = true; - image = "ghcr.io/hotio/radarr:nightly-5.1.3.8237"; + image = "ghcr.io/hotio/radarr:release-5.6.0.8846"; ports = [ - "7878:7878/tcp" # WebUI + "${port}:7878/tcp" # WebUI ]; volumes = [ # Media library @@ -15,6 +17,10 @@ # Container data "/srv/containers/radarr:/config:rw" ]; + environment = { + PUID = "1000"; + PGID = "100"; + }; extraOptions = [ "--network=media-stack" ]; @@ -35,7 +41,7 @@ services.traefik.dynamicConfigOptions.http.services = { radarr.loadBalancer.servers = [ - { url = "http://127.0.0.1:7878"; } + { url = "http://127.0.0.1:${port}"; } ]; }; } diff --git a/nixos/viridian/containers/recyclarr.nix b/nixos/viridian/containers/recyclarr.nix index 138589e..ed6d5b8 100644 --- a/nixos/viridian/containers/recyclarr.nix +++ b/nixos/viridian/containers/recyclarr.nix @@ -5,13 +5,14 @@ # Automatically synchronize recommended settings from the TRaSH guides to your Sonarr/Radarr instances recyclarr = { autoStart = true; - image = "ghcr.io/hotio/recyclarr:6.0"; + image = "ghcr.io/recyclarr/recyclarr:6.0.2"; volumes = [ "/srv/containers/recyclarr:/config" ]; extraOptions = [ "--network=media-stack" ]; + user = "1000:100"; }; }; } diff --git a/nixos/viridian/containers/sonarr.nix b/nixos/viridian/containers/sonarr.nix index 318bd18..d6109b8 100644 --- a/nixos/viridian/containers/sonarr.nix +++ b/nixos/viridian/containers/sonarr.nix @@ -1,13 +1,15 @@ { ... }: - +let + port = "8989"; +in { virtualisation.oci-containers.containers = { # PVR for Usenet and BitTorrent users sonarr = { autoStart = true; - image = "ghcr.io/hotio/sonarr:nightly-4.0.0.710"; + image = "ghcr.io/hotio/sonarr:release-4.0.5.1710"; ports = [ - "8989:8989/tcp" # WebUI + "${port}:8989/tcp" # WebUI ]; volumes = [ # Media library @@ -15,6 +17,10 @@ # Container data "/srv/containers/sonarr:/config:rw" ]; + environment = { + PUID = "1000"; + PGID = "100"; + }; extraOptions = [ "--network=media-stack" ]; @@ -36,7 +42,7 @@ services.traefik.dynamicConfigOptions.http.services = { sonarr.loadBalancer.servers = [ - { url = "http://127.0.0.1:8989"; } + { url = "http://127.0.0.1:${port}"; } ]; }; } From a98e863719e490d9491e3f20ec0b46832f816ff5 Mon Sep 17 00:00:00 2001 From: jasmine Date: Sun, 16 Jun 2024 23:10:03 +0800 Subject: [PATCH 3/3] Refactor --- nixos/common/global/age.nix | 4 ++++ nixos/common/global/default.nix | 4 +--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/nixos/common/global/age.nix b/nixos/common/global/age.nix index c73d109..30a6563 100644 --- a/nixos/common/global/age.nix +++ b/nixos/common/global/age.nix @@ -8,6 +8,10 @@ in inputs.agenix-rekey.nixosModules.default ]; + nixpkgs.overlays = [ + inputs.agenix-rekey.overlays.default + ]; + environment.systemPackages = with pkgs; [ agenix-rekey ]; diff --git a/nixos/common/global/default.nix b/nixos/common/global/default.nix index a4bd0fd..ec6ae97 100644 --- a/nixos/common/global/default.nix +++ b/nixos/common/global/default.nix @@ -1,4 +1,4 @@ -{ inputs, outputs, ... }: +{ outputs, ... }: { imports = [ @@ -10,8 +10,6 @@ nixpkgs = { overlays = [ - # Overlays exported from other flakes - inputs.agenix-rekey.overlays.default # Overlays our own flake exports outputs.overlays.additions outputs.overlays.modifications