diff --git a/home/crow/common/core/default.nix b/home/crow/common/core/default.nix index cdb2396..1de989f 100644 --- a/home/crow/common/core/default.nix +++ b/home/crow/common/core/default.nix @@ -41,7 +41,6 @@ in protonvpn-gui imagemagick httpie - mkvtoolnix ; }; }; diff --git a/hosts/nixos/Parzival/default.nix b/hosts/nixos/Parzival/default.nix index 29bd19a..97433c3 100644 --- a/hosts/nixos/Parzival/default.nix +++ b/hosts/nixos/Parzival/default.nix @@ -40,7 +40,6 @@ "hosts/common/optional/printing.nix" "hosts/common/optional/docker.nix" "modules/services/ollama" - "modules/services/jellyfin" "modules/services/mesh/client.nix" ]) ]; diff --git a/modules/services/jellyfin/default.nix b/modules/services/jellyfin/default.nix index 762fa8a..70f3afb 100644 --- a/modules/services/jellyfin/default.nix +++ b/modules/services/jellyfin/default.nix @@ -3,8 +3,10 @@ lib, pkgs, ... -}: -{ +}: { + imports = [ + ./tubearchivist.nix + ]; services.jellyfin = { enable = true; openFirewall = true; diff --git a/modules/services/jellyfin/tubearchivist.nix b/modules/services/jellyfin/tubearchivist.nix new file mode 100644 index 0000000..ae00f67 --- /dev/null +++ b/modules/services/jellyfin/tubearchivist.nix @@ -0,0 +1,92 @@ +{ + inputs, + config, + ... +}: +let + volumePath = "/overseer/services"; + sopsFolder = builtins.toString inputs.nix-secrets + "/sops"; +in +{ + sops.secrets = { + "tubearchivist/secret" = { + sopsFile = "${sopsFolder}/services.yaml"; + }; + }; + + sops.templates = { + tubearchivist.content = '' + TA_PASSWORD=${config.sops.placeholder."tubearchivist/secret"} + ELASTIC_PASSWORD=${config.sops.placeholder."tubearchivist/secret"} + ''; + archivist-es.content = '' + ELASTIC_PASSWORD=${config.sops.placeholder."tubearchivist/secret"} + ''; + }; + + services.caddy = { + enable = true; + virtualHosts."ta.wanderingcrow.net".extraConfig = '' + reverse_proxy http://10.88.0.14:8000 + ''; + }; + + systemd.tmpfiles.rules = [ + "d ${volumePath}/tubearchivist" + "d ${volumePath}/tubearchivist/redis" + "d ${volumePath}/tubearchivist/es - 1000 0" + "d ${volumePath}/tubearchivist/ta/youtube" + "d ${volumePath}/tubearchivist/ta/cache" + ]; + virtualisation.oci-containers.containers = { + tubearchivist = { + image = "bbilly1/tubearchivist"; + extraOptions = [ "--ip=10.88.0.14" ]; + volumes = [ + "${volumePath}/tubearchivist/ta/youtube:/youtube" + "${volumePath}/tubearchivist/ta/cache:/cache" + ]; + environment = { + ES_URL = "http://10.88.0.16:9200"; + REDIS_CON = "redis://10.88.0.15:6379"; + HOST_UID = "1000"; + HOST_GID = "1000"; + TA_HOST = "https://ta.wanderingcrow.net"; + TA_USERNAME = "admin"; + TZ = "America/New_York"; + }; + environmentFiles = [ config.sops.templates.tubearchivist.path ]; + dependsOn = [ + "archivist-redis" + "archivist-es" + ]; + }; + archivist-redis = { + image = "redis"; + extraOptions = [ + "--ip=10.88.0.15" + "--ulimit=memlock=-1:-1" + ]; + volumes = [ + "${volumePath}/tubearchivist/redis:/data" + ]; + dependsOn = [ + "archivist-es" + ]; + }; + archivist-es = { + image = "elasticsearch:8.18.0"; + extraOptions = [ "--ip=10.88.0.16" ]; + environment = { + ES_JAVA_OPTS = "-Xms1g -Xmx1g"; + "xpack.security.enabled" = "true"; + "discovery.type" = "single-node"; + "path.repo" = "/usr/share/elasticsearch/data/snapshot"; + }; + environmentFiles = [ config.sops.templates.archivist-es.path ]; + volumes = [ + "${volumePath}/tubearchivist/es:/usr/share/elasticsearch/data" + ]; + }; + }; +}