{ config, lib, pkgs, ... }: with lib.my; { imports = [ ./hardware-configuration.nix ../server.nix ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "library"; networking.domain = "mesh.vimium.net"; networking.hostId = "d24ae953"; networking.firewall = { enable = true; allowedTCPPorts = [ 22 # SSH ]; interfaces."podman+" = { allowedUDPPorts = [ 53 ]; allowedTCPPorts = [ 53 ]; }; }; networking.networkmanager.enable = true; nix.package = pkgs.nixFlakes; nix.extraOptions = '' experimental-features = nix-command flakes ''; users.defaultUserShell = pkgs.zsh; system.stateVersion = "22.11"; services.zfs = { autoScrub = { enable = true; pools = [ "library" ]; }; autoSnapshot = { enable = true; flags = "-k -p --utc"; frequent = 0; hourly = 0; daily = 7; monthly = 1; }; }; systemd.services.vps1-tunnel = { enable = true; description = "vps1.mesh.vimium.net SSH tunnel"; after = [ "network-online.target" "podman-jellyfin.service" ]; wants = [ "network-online.target" ]; serviceConfig = { Type="simple"; ExecStart=pkgs.lib.mkForce '' ${pkgs.openssh}/bin/ssh \ -NT \ -o ExitOnForwardFailure=yes \ -o ServerAliveInterval=60 \ -o TCPKeepAlive=no \ -i %h/.ssh/id_jellyfin \ -R localhost:8096:localhost:8096 \ -R localhost:3579:localhost:3579 \ -R localhost:7878:localhost:7878 \ -R localhost:8989:localhost:8989 \ jellyfin@vps1.mesh.vimium.net ''; Restart="on-failure"; }; wantedBy = [ "default.target" ]; }; virtualisation.podman = { enable = true; defaultNetwork.settings.dns_enabled = true; extraPackages = [ pkgs.zfs ]; }; virtualisation.containers.storage.settings = { storage = { driver = "zfs"; graphroot = "/var/lib/containers/storage"; runroot = "/run/containers/storage"; }; }; virtualisation.oci-containers.containers = { jellyfin = { image = "docker.io/jellyfin/jellyfin:10.8.10"; autoStart = true; ports = [ "8096:8096/tcp" ]; volumes = [ "jellyfin-cache:/cache:Z" "jellyfin-config:/config:Z" ]; extraOptions = [ "--detach" "--privileged" "--label=io.containers.autoupdate=registry" "--group-add=989" "--mount=type=bind,source=/mnt/library,target=/library,ro" "--device=/dev/dri:/dev/dri" ]; }; lidarr = { image = "lscr.io/linuxserver/lidarr:latest"; autoStart = true; ports = [ "8686:8686/tcp" ]; environment = { PUID = "0"; GUID = "0"; }; volumes = [ "lidarr-config:/config:Z" "downloads:/downloads" ]; extraOptions = [ "--label=io.containers.autoupdate=registry" ]; }; ombi = { image = "lscr.io/linuxserver/ombi:latest"; autoStart = true; ports = [ "3579:3579/tcp" ]; environment = { BASE_URL = "/requests"; }; volumes = [ "ombi-config:/config:Z" ]; extraOptions = [ "--label=io.containers.autoupdate=registry" ]; dependsOn = [ "jellyfin" ]; }; prowlarr = { image = "lscr.io/linuxserver/prowlarr:latest"; autoStart = true; ports = [ "9696:9696/tcp" ]; volumes = [ "prowlarr-config:/config:Z" ]; extraOptions = [ "--label=io.containers.autoupdate=registry" ]; }; qbittorrent = { image = "lscr.io/linuxserver/qbittorrent:latest"; autoStart = true; ports = [ "8080:8080/tcp" "6881:6881/tcp" "6881:6881/udp" ]; volumes = [ "qbittorrent-config:/config:Z" "downloads:/downloads" ]; extraOptions = [ "--label=io.containers.autoupdate=registry" ]; }; radarr = { image = "lscr.io/linuxserver/radarr:latest"; autoStart = true; ports = [ "7878:7878/tcp" ]; environment = { PUID = "0"; GUID = "0"; }; volumes = [ "radarr-config:/config:Z" "downloads:/downloads" ]; extraOptions = [ "--label=io.containers.autoupdate=registry" "--mount=type=bind,source=/mnt/library/movies,target=/movies" ]; dependsOn = [ "prowlarr" "qbittorrent" ]; }; sonarr = { image = "lscr.io/linuxserver/sonarr:latest"; autoStart = true; ports = [ "8989:8989/tcp" ]; environment = { PUID = "0"; GUID = "0"; }; volumes = [ "sonarr-config:/config:Z" "downloads:/downloads" ]; extraOptions = [ "--label=io.containers.autoupdate=registry" "--mount=type=bind,source=/mnt/library/tv,target=/tv" ]; dependsOn = [ "prowlarr" "qbittorrent" ]; }; }; modules = { security = { gpg.enable = true; }; shell = { zsh.enable = true; }; }; }