{ config, lib, pkgs, ... }: with lib.my; { imports = [ ./hardware-configuration.nix ../server.nix ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "library"; networking.domain = "mesh.vimium.net"; networking.hostId = "d24ae953"; networking.firewall = { enable = true; allowedTCPPorts = [ 22 # SSH ]; }; networking.networkmanager.enable = true; nix.package = pkgs.nixFlakes; nix.extraOptions = '' experimental-features = nix-command flakes ''; users.defaultUserShell = pkgs.zsh; system.stateVersion = "22.11"; services.zfs = { autoScrub = { enable = true; pools = [ "library" ]; }; autoSnapshot = { enable = true; flags = "-k -p --utc"; frequent = 0; hourly = 0; daily = 7; monthly = 1; }; }; systemd.services.vps1-tunnel = { enable = true; description = "vps1.mesh.vimium.net SSH tunnel"; after = [ "network-online.target" "podman-jellyfin.service" ]; wants = [ "network-online.target" ]; serviceConfig = { Type="simple"; ExecStart=pkgs.lib.mkForce '' ${pkgs.openssh}/bin/ssh \ -NT \ -o ExitOnForwardFailure=yes \ -o ServerAliveInterval=60 \ -o TCPKeepAlive=no \ -i %h/.ssh/id_jellyfin \ -R localhost:8096:localhost:8096 \ -R localhost:3579:localhost:3579 \ -R localhost:7878:localhost:7878 \ -R localhost:8989:localhost:8989 \ jellyfin@vps1.mesh.vimium.net ''; Restart="on-failure"; }; wantedBy = [ "default.target" ]; }; systemd.services.podman-create-downloads-pod = { description = "Create a pod for download-related containers on this host"; after = [ "network.target" ]; wantedBy = [ "podman-qbittorrent.service" ]; path = [ pkgs.zfs ]; serviceConfig.Type = "oneshot"; script = let podmanBin = "${pkgs.podman}/bin/podman"; in '' ${podmanBin} pod exists downloads-pod || ${podmanBin} pod create --name downloads-pod ''; }; virtualisation.podman = { enable = true; extraPackages = [ pkgs.zfs ]; }; virtualisation.containers.storage.settings = { storage = { driver = "zfs"; graphroot = "/var/lib/containers/storage"; runroot = "/run/containers/storage"; }; }; virtualisation.oci-containers.containers = { jellyfin = { image = "docker.io/jellyfin/jellyfin:10.8.10"; autoStart = true; ports = [ "127.0.0.1:8096:8096/tcp" ]; volumes = [ "jellyfin-cache:/cache:Z" "jellyfin-config:/config:Z" ]; extraOptions = [ "--detach" "--privileged" "--label=io.containers.autoupdate=registry" "--group-add=989" "--mount=type=bind,source=/mnt/library,target=/library,ro" "--device=/dev/dri:/dev/dri" ]; }; ombi = { image = "lscr.io/linuxserver/ombi:latest"; autoStart = true; ports = [ "127.0.0.1:3579:3579/tcp" ]; environment = { BASE_URL = "/requests"; }; volumes = [ "ombi-config:/config:Z" ]; extraOptions = [ "--label=io.containers.autoupdate=registry" "--pod=downloads-pod" ]; dependsOn = [ "jellyfin" ]; }; qbittorrent = { image = "lscr.io/linuxserver/qbittorrent:latest"; autoStart = true; ports = [ "127.0.0.1:8080:8080/tcp" "127.0.0.1:6881:6881/tcp" "127.0.0.1:6881:6881/udp" ]; volumes = [ "qbittorrent-config:/config:Z" "downloads:/downloads" ]; extraOptions = [ "--label=io.containers.autoupdate=registry" "--pod=downloads-pod" ]; }; radarr = { image = "lscr.io/linuxserver/radarr:latest"; autoStart = true; ports = [ "127.0.0.1:7878:7878/tcp" ]; volumes = [ "radarr-config:/config:Z" "downloads:/downloads" ]; extraOptions = [ "--label=io.containers.autoupdate=registry" "--mount=type=bind,source=/mnt/library/movies,target=/movies" "--pod=downloads-pod" ]; dependsOn = [ "qbittorrent" ]; }; sonarr = { image = "lscr.io/linuxserver/sonarr:latest"; autoStart = true; ports = [ "127.0.0.1:8989:8989/tcp" ]; volumes = [ "sonarr-config:/config:Z" "downloads:/downloads" ]; extraOptions = [ "--label=io.containers.autoupdate=registry" "--mount=type=bind,source=/mnt/library/tv,target=/tv" "--pod=downloads-pod" ]; dependsOn = [ "qbittorrent" ]; }; }; modules = { security = { gpg.enable = true; }; shell = { zsh.enable = true; }; }; }