diff --git a/configuration.nix b/configuration.nix index 9ea7519..d7344a2 100644 --- a/configuration.nix +++ b/configuration.nix @@ -239,6 +239,10 @@ "wheel" "video" "render" + + "minecraft" + "gitea" + "jellyfin" ]; hashedPasswordFile = "/etc/nixos/secrets/hashedPass"; diff --git a/secrets/mullvad.nix b/secrets/mullvad.nix index 54a3897..45d962b 100644 Binary files a/secrets/mullvad.nix and b/secrets/mullvad.nix differ diff --git a/services/immich.nix b/services/immich.nix index 114b2d4..d7ed8e2 100644 --- a/services/immich.nix +++ b/services/immich.nix @@ -11,7 +11,7 @@ port = service_configs.ports.immich; host = "0.0.0.0"; database = { - createDB = true; + createDB = false; }; }; diff --git a/services/jellyfin.nix b/services/jellyfin.nix index b1b6072..70d6054 100644 --- a/services/jellyfin.nix +++ b/services/jellyfin.nix @@ -17,8 +17,6 @@ # used for local streaming openFirewall = true; - user = "primary"; - group = "users"; dataDir = service_configs.jellyfin.data_dir; cacheDir = service_configs.jellyfin.cache_dir; }; diff --git a/services/minecraft.nix b/services/minecraft.nix index 815d47b..1ca53ed 100644 --- a/services/minecraft.nix +++ b/services/minecraft.nix @@ -14,14 +14,11 @@ in "minecraft-server" ]; - users.groups.minecraft = { }; - services.minecraft-servers = { enable = true; eula = true; dataDir = service_configs.minecraft.parent_dir; openFirewall = true; - group = "users"; servers.${service_configs.minecraft.server_name} = { enable = true; diff --git a/services/quadlet.nix b/services/quadlet.nix index 97767a5..5011543 100644 --- a/services/quadlet.nix +++ b/services/quadlet.nix @@ -1,66 +1,57 @@ { service_configs, ... }: { virtualisation.quadlet = { - containers = - let - baseContainerConfig = { - autoUpdate = "registry"; + containers = { + gluetun.containerConfig = { + image = "docker.io/qmcgaw/gluetun"; + name = "gluetun"; + autoUpdate = "registry"; + + addCapabilities = [ + "NET_ADMIN" + "MKNOD" + ]; + + environments = import ../secrets/mullvad.nix; + + publishPorts = [ + "6081:6081" + "6081:6081/udp" + "${builtins.toString service_configs.ports.torrent}:6011" + ]; + + volumes = [ "${service_configs.gluetun.dir}:/gluetun:z" ]; + podmanArgs = [ + "--device=/dev/net/tun" + "--security-opt label=disable" + ]; + }; + + qbittorrent = { + containerConfig = { + image = "lscr.io/linuxserver/qbittorrent:latest"; + name = "qbittorrent"; environments = { + WEBUI_PORT = service_configs.ports.torrent; + DOCKER_MODS = "ghcr.io/gabe565/linuxserver-mod-vuetorrent"; PUID = 1000; PGID = 1000; }; - }; - in - { - gluetun.containerConfig = baseContainerConfig // { - image = "docker.io/qmcgaw/gluetun"; - name = "gluetun"; - addCapabilities = [ - "NET_ADMIN" - "MKNOD" + volumes = [ + "${service_configs.torrent.config_dir}:/config:z" + "${service_configs.torrent.download_dir}:/downloads:z" ]; - environments = import ../secrets/mullvad.nix; - - publishPorts = [ - "6081:6081" - "6081:6081/udp" - "${builtins.toString service_configs.ports.torrent}:6011" - ]; - - volumes = [ "${service_configs.gluetun.dir}:/gluetun:z" ]; - podmanArgs = [ - "--device=/dev/net/tun" - "--security-opt label=disable" - ]; + networks = [ "container:gluetun" ]; }; - qbittorrent = { - containerConfig = baseContainerConfig // { - image = "lscr.io/linuxserver/qbittorrent:latest"; - name = "qbittorrent"; - environments = { - WEBUI_PORT = service_configs.ports.torrent; - DOCKER_MODS = "ghcr.io/gabe565/linuxserver-mod-vuetorrent"; - PUID = 1000; - PGID = 1000; - }; - - volumes = [ - "${service_configs.torrent.config_dir}:/config:z" - "${service_configs.torrent.download_dir}:/downloads:z" - ]; - - networks = [ "container:gluetun" ]; - }; - - serviceConfig = { - requires = [ "gluetun.service" ]; - after = [ "gluetun.service" ]; - }; + serviceConfig = { + requires = [ "gluetun.service" ]; + after = [ "gluetun.service" ]; }; }; + }; networks = { internal.networkConfig.subnets = [ "10.0.123.1/24" ]; };