fi/nix-infra
1
1
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Setup radarr and sonarr on torrent host

Browse source
This commit is contained in:
yuri 2023-12-16 00:22:34 +01:00
parent df16bed681
commit ec0e4a77fa
13 changed files with 245 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
config/hosts/torrent/configuration.nix Normal file
View file

@ -0,0 +1,29 @@
{ ... }:
{
boot.loader.grub = {
enable = true;
device = "/dev/vda";
};
networking = {
hostName = "torrent";
};
fileSystems = {
"/mnt/media" = {
device = "//10.202.100.5/media";
fsType = "cifs";
options = [
"username=torrent"
"credentials=/secrets/torrent-samba-credentials.secret"
"iocharset=utf8"
"vers=3.1.1"
"uid=torrent"
"gid=torrent"
"_netdev"
];
};
};
system.stateVersion = "23.11";
}

11
config/hosts/torrent/default.nix Normal file
View file

@ -0,0 +1,11 @@
{ ... }:
{
imports = [
./configuration.nix
./jackett.nix
./qbittorrent-nox
./radarr.nix
./sonarr.nix
./nginx.nix
];
}

6
config/hosts/torrent/jackett.nix Normal file
View file

@ -0,0 +1,6 @@
{ ... }:
{
services.jackett = {
enable = true;
};
}

80
config/hosts/torrent/nginx.nix Normal file
View file

@ -0,0 +1,80 @@
{ ... }:
{
services.nginx = {
enable = true;
virtualHosts = {
"jackett.grzb.de" = {
forceSSL = true;
enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 80;
}
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
];
locations = {
"/" = {
proxyPass = "http://127.0.0.1:9117";
proxyWebsockets = true;
};
};
};
"radarr.grzb.de" = {
forceSSL = true;
enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 80;
}
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
];
locations = {
"/" = {
proxyPass = "http://127.0.0.1:7878";
proxyWebsockets = true;
};
};
};
"sonarr.grzb.de" = {
forceSSL = true;
enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 80;
}
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
];
locations = {
"/" = {
proxyPass = "http://127.0.0.1:8989";
proxyWebsockets = true;
};
};
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
}

8
config/hosts/torrent/qbittorrent-nox/default.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
imports = [
./nginx.nix
./services.nix
./users.nix
];
}

51
config/hosts/torrent/qbittorrent-nox/nginx.nix Normal file
View file

@ -0,0 +1,51 @@
# Sources for this configuration:
# - https://github.com/qbittorrent/qBittorrent/wiki/NGINX-Reverse-Proxy-for-Web-UI
# - https://github.com/qbittorrent/qBittorrent/wiki/Linux-WebUI-HTTPS-with-Let's-Encrypt-certificates-and-NGINX-SSL-reverse-proxy
{ ... }:
{
services.nginx = {
enable = true;
virtualHosts."torrent.grzb.de" = {
forceSSL = true;
enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 80;
}
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
];
locations."/" = {
proxyPass = "http://127.0.0.1:8080";
extraConfig = ''
proxy_http_version 1.1;
client_max_body_size 100M;
# From:
# https://github.com/qbittorrent/qBittorrent/wiki/NGINX-Reverse-Proxy-for-Web-UI
#
# Since v4.2.2, is possible to configure qBittorrent
# to set the "Secure" flag for the session cookie automatically.
# However, that option does nothing unless using qBittorrent's built-in HTTPS functionality.
# For this use case, where qBittorrent itself is using plain HTTP
# (and regardless of whether or not the external website uses HTTPS),
# the flag must be set here, in the proxy configuration itself.
# Note: If this flag is set while the external website uses only HTTP, this will cause
# the login mechanism to not work without any apparent errors in console/network resulting in "auth loops".
proxy_cookie_path / "/; Secure";
'';
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
}

13
config/hosts/torrent/qbittorrent-nox/services.nix Normal file
View file

@ -0,0 +1,13 @@
# Sources for this configuration:
# - https://github.com/NixOS/nixpkgs/issues/236736#issuecomment-1704670598
# - https://nixos.org/manual/nixos/stable/#sect-nixos-systemd-nixos
{ pkgs, ... }:
{
systemd.packages = [ pkgs.qbittorrent-nox ];
systemd.services."qbittorrent-nox@torrent" = {
overrideStrategy = "asDropin";
wantedBy = [ "multi-user.target" ];
};
}

9
config/hosts/torrent/qbittorrent-nox/users.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
users.users.torrent = {
isNormalUser = true;
group = "torrent";
};
users.groups.torrent = {};
}

8
config/hosts/torrent/radarr.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
services.radarr = {
enable = true;
user = "torrent";
group = "torrent";
};
}

13
config/hosts/torrent/secrets.nix Normal file
View file

@ -0,0 +1,13 @@
{ keyCommandEnv, ... }:
{
deployment.keys = {
"torrent-samba-credentials.secret" = {
keyCommand = keyCommandEnv ++ [ "pass" "torrent/samba-credentials" ];
destDir = "/secrets";
user = "root";
group = "root";
permissions = "0640";
uploadAt = "pre-activation";
};
};
}

8
config/hosts/torrent/sonarr.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
services.sonarr = {
enable = true;
user = "torrent";
group = "torrent";
};
}

6
config/hosts/web-public-2/virtualHosts/acme-challenge.nix
View file

@ -3,11 +3,15 @@ let
acmeDomainMap = {
"jellyfin.grzb.de" = "jellyfin.vs.grzb.de";
"mail-1.grzb.de" = "mail-1.vs.grzb.de";
"social.nekover.se" = "mastodon.vs.grzb.de";
"matrix.nekover.se" = "matrix.vs.grzb.de";
"netbox.grzb.de" = "netbox.vs.grzb.de";
"grafana.grzb.de" = "metrics.vs.grzb.de";
"jackett.grzb.de" = "torrent.vs.grzb.de";
"radarr.grzb.de" = "torrent.vs.grzb.de";
"searx.nekover.se" = "searx.vs.grzb.de";
"social.nekover.se" = "mastodon.vs.grzb.de";
"sonarr.grzb.de" = "torrent.vs.grzb.de";
"torrent.grzb.de" = "torrent.vs.grzb.de";
"turn.nekover.se" = "coturn.vs.grzb.de";
};
in

4
hosts.nix
View file

@ -101,6 +101,10 @@ in
site = "vs";
environment = "proxmox";
};
torrent = {
site = "vs";
environment = "proxmox";
};
tor-relay = {
site = "vs";
environment = "proxmox";