From ec0e4a77fa1d1ee03d0210cc5be6e2c93e827b39 Mon Sep 17 00:00:00 2001 From: yuri Date: Sat, 16 Dec 2023 00:22:34 +0100 Subject: [PATCH] Setup radarr and sonarr on torrent host --- config/hosts/torrent/configuration.nix | 29 +++++++ config/hosts/torrent/default.nix | 11 +++ config/hosts/torrent/jackett.nix | 6 ++ config/hosts/torrent/nginx.nix | 80 +++++++++++++++++++ .../hosts/torrent/qbittorrent-nox/default.nix | 8 ++ .../hosts/torrent/qbittorrent-nox/nginx.nix | 51 ++++++++++++ .../torrent/qbittorrent-nox/services.nix | 13 +++ .../hosts/torrent/qbittorrent-nox/users.nix | 9 +++ config/hosts/torrent/radarr.nix | 8 ++ config/hosts/torrent/secrets.nix | 13 +++ config/hosts/torrent/sonarr.nix | 8 ++ .../virtualHosts/acme-challenge.nix | 6 +- hosts.nix | 4 + 13 files changed, 245 insertions(+), 1 deletion(-) create mode 100644 config/hosts/torrent/configuration.nix create mode 100644 config/hosts/torrent/default.nix create mode 100644 config/hosts/torrent/jackett.nix create mode 100644 config/hosts/torrent/nginx.nix create mode 100644 config/hosts/torrent/qbittorrent-nox/default.nix create mode 100644 config/hosts/torrent/qbittorrent-nox/nginx.nix create mode 100644 config/hosts/torrent/qbittorrent-nox/services.nix create mode 100644 config/hosts/torrent/qbittorrent-nox/users.nix create mode 100644 config/hosts/torrent/radarr.nix create mode 100644 config/hosts/torrent/secrets.nix create mode 100644 config/hosts/torrent/sonarr.nix diff --git a/config/hosts/torrent/configuration.nix b/config/hosts/torrent/configuration.nix new file mode 100644 index 0000000..610fde4 --- /dev/null +++ b/config/hosts/torrent/configuration.nix @@ -0,0 +1,29 @@ +{ ... }: +{ + boot.loader.grub = { + enable = true; + device = "/dev/vda"; + }; + + networking = { + hostName = "torrent"; + }; + + fileSystems = { + "/mnt/media" = { + device = "//10.202.100.5/media"; + fsType = "cifs"; + options = [ + "username=torrent" + "credentials=/secrets/torrent-samba-credentials.secret" + "iocharset=utf8" + "vers=3.1.1" + "uid=torrent" + "gid=torrent" + "_netdev" + ]; + }; + }; + + system.stateVersion = "23.11"; +} diff --git a/config/hosts/torrent/default.nix b/config/hosts/torrent/default.nix new file mode 100644 index 0000000..dc6a854 --- /dev/null +++ b/config/hosts/torrent/default.nix @@ -0,0 +1,11 @@ +{ ... }: +{ + imports = [ + ./configuration.nix + ./jackett.nix + ./qbittorrent-nox + ./radarr.nix + ./sonarr.nix + ./nginx.nix + ]; +} diff --git a/config/hosts/torrent/jackett.nix b/config/hosts/torrent/jackett.nix new file mode 100644 index 0000000..1b8707e --- /dev/null +++ b/config/hosts/torrent/jackett.nix @@ -0,0 +1,6 @@ +{ ... }: +{ + services.jackett = { + enable = true; + }; +} diff --git a/config/hosts/torrent/nginx.nix b/config/hosts/torrent/nginx.nix new file mode 100644 index 0000000..3366a25 --- /dev/null +++ b/config/hosts/torrent/nginx.nix @@ -0,0 +1,80 @@ +{ ... }: +{ + services.nginx = { + enable = true; + + virtualHosts = { + "jackett.grzb.de" = { + forceSSL = true; + enableACME = true; + + listen = [ + { + addr = "0.0.0.0"; + port = 80; + } + { + addr = "0.0.0.0"; + port = 443; + ssl = true; + } + ]; + + locations = { + "/" = { + proxyPass = "http://127.0.0.1:9117"; + proxyWebsockets = true; + }; + }; + }; + "radarr.grzb.de" = { + forceSSL = true; + enableACME = true; + + listen = [ + { + addr = "0.0.0.0"; + port = 80; + } + { + addr = "0.0.0.0"; + port = 443; + ssl = true; + } + ]; + + locations = { + "/" = { + proxyPass = "http://127.0.0.1:7878"; + proxyWebsockets = true; + }; + }; + }; + "sonarr.grzb.de" = { + forceSSL = true; + enableACME = true; + + listen = [ + { + addr = "0.0.0.0"; + port = 80; + } + { + addr = "0.0.0.0"; + port = 443; + ssl = true; + } + ]; + + locations = { + "/" = { + proxyPass = "http://127.0.0.1:8989"; + proxyWebsockets = true; + }; + }; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; +} diff --git a/config/hosts/torrent/qbittorrent-nox/default.nix b/config/hosts/torrent/qbittorrent-nox/default.nix new file mode 100644 index 0000000..0afc08c --- /dev/null +++ b/config/hosts/torrent/qbittorrent-nox/default.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + imports = [ + ./nginx.nix + ./services.nix + ./users.nix + ]; +} diff --git a/config/hosts/torrent/qbittorrent-nox/nginx.nix b/config/hosts/torrent/qbittorrent-nox/nginx.nix new file mode 100644 index 0000000..712c856 --- /dev/null +++ b/config/hosts/torrent/qbittorrent-nox/nginx.nix @@ -0,0 +1,51 @@ +# Sources for this configuration: +# - https://github.com/qbittorrent/qBittorrent/wiki/NGINX-Reverse-Proxy-for-Web-UI +# - https://github.com/qbittorrent/qBittorrent/wiki/Linux-WebUI-HTTPS-with-Let's-Encrypt-certificates-and-NGINX-SSL-reverse-proxy + +{ ... }: +{ + services.nginx = { + enable = true; + + virtualHosts."torrent.grzb.de" = { + forceSSL = true; + enableACME = true; + + listen = [ + { + addr = "0.0.0.0"; + port = 80; + } + { + addr = "0.0.0.0"; + port = 443; + ssl = true; + } + ]; + + locations."/" = { + proxyPass = "http://127.0.0.1:8080"; + extraConfig = '' + proxy_http_version 1.1; + + client_max_body_size 100M; + + # From: + # https://github.com/qbittorrent/qBittorrent/wiki/NGINX-Reverse-Proxy-for-Web-UI + # + # Since v4.2.2, is possible to configure qBittorrent + # to set the "Secure" flag for the session cookie automatically. + # However, that option does nothing unless using qBittorrent's built-in HTTPS functionality. + # For this use case, where qBittorrent itself is using plain HTTP + # (and regardless of whether or not the external website uses HTTPS), + # the flag must be set here, in the proxy configuration itself. + # Note: If this flag is set while the external website uses only HTTP, this will cause + # the login mechanism to not work without any apparent errors in console/network resulting in "auth loops". + proxy_cookie_path / "/; Secure"; + ''; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; +} diff --git a/config/hosts/torrent/qbittorrent-nox/services.nix b/config/hosts/torrent/qbittorrent-nox/services.nix new file mode 100644 index 0000000..4050e15 --- /dev/null +++ b/config/hosts/torrent/qbittorrent-nox/services.nix @@ -0,0 +1,13 @@ +# Sources for this configuration: +# - https://github.com/NixOS/nixpkgs/issues/236736#issuecomment-1704670598 +# - https://nixos.org/manual/nixos/stable/#sect-nixos-systemd-nixos + +{ pkgs, ... }: +{ + systemd.packages = [ pkgs.qbittorrent-nox ]; + + systemd.services."qbittorrent-nox@torrent" = { + overrideStrategy = "asDropin"; + wantedBy = [ "multi-user.target" ]; + }; +} diff --git a/config/hosts/torrent/qbittorrent-nox/users.nix b/config/hosts/torrent/qbittorrent-nox/users.nix new file mode 100644 index 0000000..6e184c9 --- /dev/null +++ b/config/hosts/torrent/qbittorrent-nox/users.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + users.users.torrent = { + isNormalUser = true; + group = "torrent"; + }; + + users.groups.torrent = {}; +} diff --git a/config/hosts/torrent/radarr.nix b/config/hosts/torrent/radarr.nix new file mode 100644 index 0000000..2a28c46 --- /dev/null +++ b/config/hosts/torrent/radarr.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + services.radarr = { + enable = true; + user = "torrent"; + group = "torrent"; + }; +} diff --git a/config/hosts/torrent/secrets.nix b/config/hosts/torrent/secrets.nix new file mode 100644 index 0000000..289778a --- /dev/null +++ b/config/hosts/torrent/secrets.nix @@ -0,0 +1,13 @@ +{ keyCommandEnv, ... }: +{ + deployment.keys = { + "torrent-samba-credentials.secret" = { + keyCommand = keyCommandEnv ++ [ "pass" "torrent/samba-credentials" ]; + destDir = "/secrets"; + user = "root"; + group = "root"; + permissions = "0640"; + uploadAt = "pre-activation"; + }; + }; +} diff --git a/config/hosts/torrent/sonarr.nix b/config/hosts/torrent/sonarr.nix new file mode 100644 index 0000000..fb0186a --- /dev/null +++ b/config/hosts/torrent/sonarr.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + services.sonarr = { + enable = true; + user = "torrent"; + group = "torrent"; + }; +} diff --git a/config/hosts/web-public-2/virtualHosts/acme-challenge.nix b/config/hosts/web-public-2/virtualHosts/acme-challenge.nix index eaf7188..4cc28af 100644 --- a/config/hosts/web-public-2/virtualHosts/acme-challenge.nix +++ b/config/hosts/web-public-2/virtualHosts/acme-challenge.nix @@ -3,11 +3,15 @@ let acmeDomainMap = { "jellyfin.grzb.de" = "jellyfin.vs.grzb.de"; "mail-1.grzb.de" = "mail-1.vs.grzb.de"; - "social.nekover.se" = "mastodon.vs.grzb.de"; "matrix.nekover.se" = "matrix.vs.grzb.de"; "netbox.grzb.de" = "netbox.vs.grzb.de"; "grafana.grzb.de" = "metrics.vs.grzb.de"; + "jackett.grzb.de" = "torrent.vs.grzb.de"; + "radarr.grzb.de" = "torrent.vs.grzb.de"; "searx.nekover.se" = "searx.vs.grzb.de"; + "social.nekover.se" = "mastodon.vs.grzb.de"; + "sonarr.grzb.de" = "torrent.vs.grzb.de"; + "torrent.grzb.de" = "torrent.vs.grzb.de"; "turn.nekover.se" = "coturn.vs.grzb.de"; }; in diff --git a/hosts.nix b/hosts.nix index f5ee33c..98e423a 100644 --- a/hosts.nix +++ b/hosts.nix @@ -101,6 +101,10 @@ in site = "vs"; environment = "proxmox"; }; + torrent = { + site = "vs"; + environment = "proxmox"; + }; tor-relay = { site = "vs"; environment = "proxmox";