diff --git a/hosts/library/jellysearch.nix b/hosts/library/jellysearch.nix index 83c2a1e..6a16a82 100644 --- a/hosts/library/jellysearch.nix +++ b/hosts/library/jellysearch.nix @@ -16,21 +16,43 @@ masterKeyEnvironmentFile = config.age.secrets."files/services/meilisearch/envfile".path; }; - virtualisation.oci-containers.containers = { - jellysearch = { - image = "domistyle/jellysearch"; - environment = { - INDEX_CRON = "0 0 0/2 ? * * *"; - JELLYFIN_URL = "http://localhost:8096"; - MEILI_URL = "http://localhost:${toString config.services.meilisearch.listenPort}"; - }; - environmentFiles = [ - config.age.secrets."files/services/meilisearch/envfile".path - ]; - volumes = [ - "${toString config.services.jellyfin.configDir}:/config:ro" - ]; - extraOptions = [ "--network=host" ]; + users.users.jellysearch = { + group = "jellysearch"; + isSystemUser = true; + }; + + users.groups.jellysearch = { }; + + systemd.services.jellysearch = { + enable = true; + description = "JellySearch"; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + serviceConfig = { + Restart = "on-failure"; + ExecStart = "${pkgs.jellysearch}/bin/jellysearch"; + StateDirectory = "jellysearch"; + StateDirectoryMode = "0750"; + WorkingDirectory = "/var/lib/jellysearch"; + EnivronmentFile = config.age.secrets."files/services/meilisearch/envfile".path; + + NoNewPrivileges = true; + SystemCallArchitectures = "native"; + RestrictRealtime = true; + RestrictSUIDSGID = true; + ProtectHostname = true; + LockPersonality = true; + PrivateDevices = true; + PrivateUsers = true; + RemoveIPC = true; + }; + environment = { + DOTNET_ENVIRONMENT = "Production"; + INDEX_CRON = "0 0 0/2 ? * * *"; + JELLYFIN_URL = "http://localhost:8096"; + JELLYFIN_CONFIG_DIR = "${toString config.services.jellyfin.configDir}"; + MEILI_URL = "http://localhost:${toString config.services.meilisearch.listenPort}"; }; }; } diff --git a/pkgs/jellysearch/nuget-deps.json b/pkgs/jellysearch/nuget-deps.json new file mode 100644 index 0000000..fd1326a --- /dev/null +++ b/pkgs/jellysearch/nuget-deps.json @@ -0,0 +1,172 @@ +[ + { + "pname": "MeiliSearch", + "version": "0.15.0", + "hash": "sha256-MM8Z8xc+AG0m+jNXAHSLhUB2egJC4lI+u6BDTVaOwzg=" + }, + { + "pname": "Microsoft.AspNetCore.OpenApi", + "version": "8.0.4", + "hash": "sha256-Y/UnyBlwraJjxDmEO3vsgB63GO1M7OXyIS10vL1Fs5A=" + }, + { + "pname": "Microsoft.Data.Sqlite", + "version": "8.0.6", + "hash": "sha256-t1g1cF4T26Np10H7opo/vCMTMNb9SS9pmLA9pSCUBp4=" + }, + { + "pname": "Microsoft.Data.Sqlite.Core", + "version": "8.0.6", + "hash": "sha256-MgUBbb0LDM1ixm8pBfBrSTVjNoGFn6NQMD36mirELmo=" + }, + { + "pname": "Microsoft.Extensions.ApiDescription.Server", + "version": "6.0.5", + "hash": "sha256-RJjBWz+UHxkQE2s7CeGYdTZ218mCufrxl0eBykZdIt4=" + }, + { + "pname": "Microsoft.Extensions.Logging.Abstractions", + "version": "2.1.1", + "hash": "sha256-TzbYgz4EemrYKHMvB9HWDkFmq0BkTetKPUwBpYHk9+k=" + }, + { + "pname": "Microsoft.IdentityModel.Abstractions", + "version": "7.4.0", + "hash": "sha256-rzTsvh5hDX7zk6wYzUKNg7lIQf38G/EeR6qUq/j3Eo0=" + }, + { + "pname": "Microsoft.IdentityModel.JsonWebTokens", + "version": "7.4.0", + "hash": "sha256-IeezkUkScumgLQZqq2Zu4YsyldIUA/XpTeONB2AtYDc=" + }, + { + "pname": "Microsoft.IdentityModel.Logging", + "version": "7.4.0", + "hash": "sha256-rudTpYcSlIlE1OX2LO3Qd6DAisqd5vsuX/Edu7rHIJs=" + }, + { + "pname": "Microsoft.IdentityModel.Tokens", + "version": "7.4.0", + "hash": "sha256-qVqVYxBy5p6Jerd1rfMUgApV7vcH54N4neS2x+N5zRQ=" + }, + { + "pname": "Microsoft.OpenApi", + "version": "1.2.3", + "hash": "sha256-OafkxXKnDmLZo5tjifjycax0n0F/OnWQTEZCntBMYR0=" + }, + { + "pname": "Microsoft.OpenApi", + "version": "1.4.3", + "hash": "sha256-vk47e78OwopXJx2LhDRbKFObqF3GShHfNHR2SzvbQeA=" + }, + { + "pname": "Microsoft.Win32.SystemEvents", + "version": "6.0.0", + "hash": "sha256-N9EVZbl5w1VnMywGXyaVWzT9lh84iaJ3aD48hIBk1zA=" + }, + { + "pname": "Quartz", + "version": "3.10.0", + "hash": "sha256-1sb+JKJdS01lScgVjcbDHxbXSpHeMn1Mqg/CQ8r+BKI=" + }, + { + "pname": "SQLitePCLRaw.bundle_e_sqlite3", + "version": "2.1.6", + "hash": "sha256-dZD/bZsYXjOu46ZH5Y/wgh0uhHOqIxC+S+0ecKhr718=" + }, + { + "pname": "SQLitePCLRaw.core", + "version": "2.1.6", + "hash": "sha256-RxWjm52PdmMV98dgDy0BCpF988+BssRZUgALLv7TH/E=" + }, + { + "pname": "SQLitePCLRaw.lib.e_sqlite3", + "version": "2.1.6", + "hash": "sha256-uHt5d+SFUkSd6WD7Tg0J3e8eVoxy/FM/t4PAkc9PJT0=" + }, + { + "pname": "SQLitePCLRaw.provider.e_sqlite3", + "version": "2.1.6", + "hash": "sha256-zHc/YZsd72eXlI8ba1tv58HZWUIiyjJaxq2CCP1hQe8=" + }, + { + "pname": "Swashbuckle.AspNetCore", + "version": "6.4.0", + "hash": "sha256-czuCv3Os7Oo06m3W+auJjrTGuYT82E+Bi80sJqeVb8o=" + }, + { + "pname": "Swashbuckle.AspNetCore.Swagger", + "version": "6.4.0", + "hash": "sha256-1u4A9vzDUJ+wLoxH5yQEVhpOxi+VnAMd64Z18SLqjPE=" + }, + { + "pname": "Swashbuckle.AspNetCore.SwaggerGen", + "version": "6.4.0", + "hash": "sha256-Alra5J+i0L/4JoS5pATJexVu8LId8HZcofkx7KiRqMw=" + }, + { + "pname": "Swashbuckle.AspNetCore.SwaggerUI", + "version": "6.4.0", + "hash": "sha256-P84wlE4EVruLVGGTUHK29wWYs/BTq/MR5P7PuSBwr+c=" + }, + { + "pname": "System.Configuration.ConfigurationManager", + "version": "6.0.1", + "hash": "sha256-U/0HyekAZK5ya2VNfGA1HeuQyJChoaqcoIv57xLpzLQ=" + }, + { + "pname": "System.Drawing.Common", + "version": "6.0.0", + "hash": "sha256-/9EaAbEeOjELRSMZaImS1O8FmUe8j4WuFUw1VOrPyAo=" + }, + { + "pname": "System.IdentityModel.Tokens.Jwt", + "version": "7.4.0", + "hash": "sha256-LYvdJPbPuxr8V3FJacStflSf9GVStprl1Wr+dfgqMdw=" + }, + { + "pname": "System.Memory", + "version": "4.5.3", + "hash": "sha256-Cvl7RbRbRu9qKzeRBWjavUkseT2jhZBUWV1SPipUWFk=" + }, + { + "pname": "System.Net.Http.Json", + "version": "6.0.0", + "hash": "sha256-R4s4Fb3OTKpg9gXSv+8CQ9gPJPJMmj3/nagzaRndm+g=" + }, + { + "pname": "System.Runtime.CompilerServices.Unsafe", + "version": "6.0.0", + "hash": "sha256-bEG1PnDp7uKYz/OgLOWs3RWwQSVYm+AnPwVmAmcgp2I=" + }, + { + "pname": "System.Security.AccessControl", + "version": "6.0.0", + "hash": "sha256-qOyWEBbNr3EjyS+etFG8/zMbuPjA+O+di717JP9Cxyg=" + }, + { + "pname": "System.Security.Cryptography.ProtectedData", + "version": "6.0.0", + "hash": "sha256-Wi9I9NbZlpQDXgS7Kl06RIFxY/9674S7hKiYw5EabRY=" + }, + { + "pname": "System.Security.Permissions", + "version": "6.0.0", + "hash": "sha256-/MMvtFWGN/vOQfjXdOhet1gsnMgh6lh5DCHimVsnVEs=" + }, + { + "pname": "System.Text.Encodings.Web", + "version": "6.0.0", + "hash": "sha256-UemDHGFoQIG7ObQwRluhVf6AgtQikfHEoPLC6gbFyRo=" + }, + { + "pname": "System.Text.Json", + "version": "6.0.0", + "hash": "sha256-9AE/5ds4DqEfb0l+27fCBTSeYCdRWhxh2Bhg8IKvIuo=" + }, + { + "pname": "System.Windows.Extensions", + "version": "6.0.0", + "hash": "sha256-N+qg1E6FDJ9A9L50wmVt3xPQV8ZxlG1xeXgFuxO+yfM=" + } +] diff --git a/pkgs/jellysearch/package.nix b/pkgs/jellysearch/package.nix new file mode 100644 index 0000000..395da6c --- /dev/null +++ b/pkgs/jellysearch/package.nix @@ -0,0 +1,32 @@ +{ + lib, + fetchFromGitLab, + buildDotnetModule, + dotnetCorePackages, +}: + +buildDotnetModule rec { + pname = "jellysearch"; + version = "0.0.1"; + + src = fetchFromGitLab { + owner = "DomiStyle"; + repo = "JellySearch"; + rev = "7397e3f8c7daa6f0d30b22dda7c5159a913ca6b8"; + hash = "sha256-7t0j4S5A9yvRN8zjToMNsxJ72OjU3j++EAqq9CKcPaI="; + }; + + projectFile = "src/JellySearch/JellySearch.csproj"; + executables = [ "jellysearch" ]; + nugetDeps = ./nuget-deps.json; + dotnet-sdk = dotnetCorePackages.sdk_8_0; + dotnet-runtime = dotnetCorePackages.aspnetcore_8_0; + + meta = with lib; { + description = "A fast full-text search proxy for Jellyfin"; + homepage = "https://gitlab.com/DomiStyle/jellysearch"; + license = licenses.mit; + mainProgram = "JellySearch"; + platforms = dotnet-runtime.meta.platforms; + }; +}