From feee85b79db2a2071db64506579ecf2c27f737e1 Mon Sep 17 00:00:00 2001 From: ChUrl Date: Wed, 24 May 2023 20:25:25 +0200 Subject: [PATCH] Add container system module --- TODO.md | 6 - system/modules/containers/default.nix | 99 +++++++++++ system/modules/containers/options.nix | 45 +++++ system/nixinator/default.nix | 241 ++------------------------ system/nixtop/default.nix | 1 + 5 files changed, 158 insertions(+), 234 deletions(-) delete mode 100644 TODO.md create mode 100644 system/modules/containers/default.nix create mode 100644 system/modules/containers/options.nix diff --git a/TODO.md b/TODO.md deleted file mode 100644 index c24ae448..00000000 --- a/TODO.md +++ /dev/null @@ -1,6 +0,0 @@ -# TODO - -## Environments - -- Use one default flake.nix (from `nix flake new -t "github:numtide/devshell"`) -- Provide a `devshell.toml` for the different environments diff --git a/system/modules/containers/default.nix b/system/modules/containers/default.nix new file mode 100644 index 00000000..9e131168 --- /dev/null +++ b/system/modules/containers/default.nix @@ -0,0 +1,99 @@ +{ + config, + nixosConfig, + lib, + mylib, + pkgs, + ... +}: +with lib; +with mylib.virtualisation; +with mylib.modules; let + cfg = config.modules.containers; +in { + options.modules.containers = import ./options.nix {inherit lib mylib;}; + + config = mkIf cfg.enable { + virtualisation.oci-containers.containers = { + # Home Automation + homeassistant = mkIf cfg.homeassistant.enable mkOciContainer { + image = "homeassistant/home-assistant:2023:5"; + id-ports = [8123]; + vols = [ + "homeassistant-config:/config:Z" + ]; + }; + + # Multimedia + jellyfin = mkIf cfg.jellyfin.enable mkOciContainer { + image = "linuxserver/jellyfin:10.8.10"; + id-ports = [8096]; + vols = [ + "jellyfin-cache:/cache:Z" + "jellyfin-config:/config:Z" + "/home/christoph/Videos/Video:/media/Video" + "/home/christoph/Videos/Picture:/media/Picture" + "/home/christoph/GameHDD/Video:/media/Video2" + ]; + }; + + fileflows = mkIf cfg.fileflows.enable mkOciContainer { + image = "revenz/fileflows"; + id-ports = [5000]; + vols = [ + "fileflows-cache:/temp:Z" + "fileflows-data:/app/Data:Z" + "/home/christoph/Videos/Video:/media" + ]; + }; + + # Errr... + sonarr = mkIf cfg.sonarr.enable mkOciContainer { + image = "linuxserver/sonarr:3.0.10"; + id-ports = [8989]; + vols = [ + "sonarr-config:/config:Z" + "/home/christoph/Videos/Shows:/tv" + "/home/christoph/Videos/SabNzbd:/downloads" + ]; + netns = "wg0-de-115"; + netdns = "10.2.0.1"; + }; + + radarr = mkIf cfg.radarr.enable mkOciContainer { + image = "linuxserver/radarr:4.4.4"; + id-ports = [7878]; + vols = [ + "radarr-config:/config:Z" + "/home/christoph/Videos/Movies:/movies" + "/home/christoph/Videos/SabNzbd:/downloads" + ]; + netns = "wg0-de-115"; + netdns = "10.2.0.1"; + }; + + hydra = mkIf cfg.hydra.enable mkOciContainer { + image = "linuxserver/nzbhydra2:5.1.8"; + id-ports = [5076]; + vols = [ + "hydra-config:/config:Z" + "/home/christoph/Videos/SabNzbd:/downloads" + ]; + netns = "wg0-de-115"; + netdns = "10.2.0.1"; + }; + + sabnzbd = mkIf cfg.sabnzbd.enable mkOciContainer { + image = "linuxserver/sabnzbd:4.0.1"; + id-ports = [8080]; + vols = [ + "sabnzbd-config:/config:Z" + "/home/christoph/Videos/SabNzbd:/downloads" + "/home/christoph/Videos/.sabnzbd:/incomplete-downloads" + ]; + netns = "wg0-de-115"; + netdns = "10.2.0.1"; + }; + }; + }; +} diff --git a/system/modules/containers/options.nix b/system/modules/containers/options.nix new file mode 100644 index 00000000..b8fab260 --- /dev/null +++ b/system/modules/containers/options.nix @@ -0,0 +1,45 @@ +{ + lib, + mylib, + ... +}: +with lib; +with mylib.modules; { + enable = mkEnableOpt "Enable OCI Containers"; + + homeassistant = { + enable = mkEnableOpt "Enable HomeAssistant Container"; + }; + jellyfin = { + enable = mkEnableOpt "Enable Jellyfin Container"; + }; + fileflows = { + enable = mkEnableOpt "Enable FileFlows Container"; + }; + sonarr = { + enable = mkEnableOpt "Enable Sonarr Container"; + }; + radarr = { + enable = mkEnableOpt "Enable Radarr Container"; + }; + hydra = { + enable = mkEnableOpt "Enable Hydra Container"; + }; + sabnzbd = { + enable = mkEnableOpt "Enable SabNzbd Container"; + }; + + # TODO: I need to set the keys through the hyprland module + # and generate the menu through the rofi module + rofiIntegration = { + enable = mkEnableOpt "Enable Rofi Menu for Container Servicing"; + hotkey = mkOption { + type = types.str; + example = '' + "$mainMod, D" + ''; + default = "$mainMod, D"; + description = "What Key should trigger the Menu"; + }; + }; +} diff --git a/system/nixinator/default.nix b/system/nixinator/default.nix index 87538d3e..2a0f09a9 100644 --- a/system/nixinator/default.nix +++ b/system/nixinator/default.nix @@ -9,10 +9,23 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix + ../modules inputs.musnix.nixosModules.musnix ]; + modules = { + containers = { + homeassistant.enable = false; + jellyfin.enable = true; + fileflows.enable = false; + sonarr.enable = true; + radarr.enable = true; + hydra.enable = true; + sabnzbd.enable = true; + }; + }; + # Low latency audio musnix = { enable = true; @@ -27,232 +40,4 @@ # videoDrivers = [ "nvidia" ]; # NVIDIA videoDrivers = ["amdgpu"]; }; - - # TODO: System module for these - # TODO: I also want a function to generate these configs, I just want to pass volumes, ports, env and image - virtualisation.oci-containers.containers = { - jellyfin = { - image = "linuxserver/jellyfin:10.8.10"; - autoStart = false; - - ports = [ - "8096:8096/tcp" - ]; - - volumes = [ - "jellyfin-cache:/cache:Z" - "jellyfin-config:/config:Z" - # "/home/christoph/Videos/Movies:/media/Movies" - # "/home/christoph/Videos/Shows:/media/Shows" - "/home/christoph/Videos/Video:/media/Video" - "/home/christoph/Videos/Picture:/media/Picture" - # "/home/christoph/Videos/Concerts:/media/Concerts" - # "/home/christoph/Music/Spotify:/media/Music:ro" - "/home/christoph/GameHDD/Video:/media/Video2" - ]; - - environment = { - PUID = "1000"; - PGID = "1000"; - TZ = "Europe/Berlin"; - }; - }; - - # TODO: When setting PUID/PGID fileflows can't access /temp dir - # fileflows = { - # image = "revenz/fileflows"; - # autoStart = false; - - # ports = [ - # "5000:5000" - # ]; - - # volumes = [ - # "fileflows-cache:/temp:Z" - # "fileflows-data:/app/Data:Z" - # "/home/christoph/Videos/Video:/media" - # ]; - - # environment = { - # PUID = "1000"; - # PGID = "1000"; - # TZ = "Europe/Berlin"; - # }; - # }; - - sonarr = { - image = "linuxserver/sonarr:3.0.10"; - autoStart = false; - - extraOptions = [ - "--network=ns:/var/run/netns/vpn" - "--dns=10.2.0.1" - ]; - - ports = [ - "8989:8989" - ]; - - volumes = [ - "sonarr-config:/config:Z" - "/home/christoph/Videos/Shows:/tv" - "/home/christoph/Videos/SabNzbd:/downloads" - ]; - - environment = { - PUID = "1000"; - PGID = "1000"; - TZ = "Europe/Berlin"; - }; - }; - - radarr = { - image = "linuxserver/radarr:4.4.4"; - autoStart = false; - - extraOptions = [ - "--network=ns:/var/run/netns/vpn" - "--dns=10.2.0.1" - ]; - - ports = [ - "7878:7878" - ]; - - volumes = [ - "radarr-config:/config:Z" - "/home/christoph/Videos/Movies:/movies" - "/home/christoph/Videos/SabNzbd:/downloads" - ]; - - environment = { - PUID = "1000"; - PGID = "1000"; - TZ = "Europe/Berlin"; - }; - }; - - hydra = { - image = "linuxserver/nzbhydra2:5.1.8"; - autoStart = false; - - extraOptions = [ - "--network=ns:/var/run/netns/vpn" - "--dns=10.2.0.1" - ]; - - ports = [ - "5076:5076" - ]; - - volumes = [ - "hydra-config:/config:Z" - "/home/christoph/Videos/SabNzbd:/downloads" - ]; - - environment = { - PUID = "1000"; - PGID = "1000"; - TZ = "Europe/Berlin"; - }; - }; - - sabnzbd = { - image = "linuxserver/sabnzbd:4.0.1"; - autoStart = false; - - extraOptions = [ - "--network=ns:/var/run/netns/vpn" - "--dns=10.2.0.1" - ]; - - ports = [ - "8080:8080" - ]; - - volumes = [ - "sabnzbd-config:/config:Z" - "/home/christoph/Videos/SabNzbd:/downloads" - "/home/christoph/Videos/.sabnzbd:/incomplete-downloads" - ]; - - environment = { - PUID = "1000"; - PGID = "1000"; - TZ = "Europe/Berlin"; - }; - }; - - homeassistant = { - image = "homeassistant/home-assistant:2023.5"; - autoStart = false; - - ports = [ - "8123:8123" - ]; - - volumes = [ - "homeassistant-config:/config:Z" - ]; - - environment = { - PUID = "1000"; - PGID = "1000"; - TZ = "Europe/Berlin"; - }; - }; - - # NOTE: PyTorch ROCM image is 36 GB large... - # NOTE: This requires to setup the PodmanROCM direcory beforehand, as described here: - # https://github.com/AUTOMATIC1111/stable-diffusion-webui/wiki/Install-and-Run-on-AMD-GPUs#running-inside-docker - # stablediffusion = { - # image = "rocm/pytorch"; - # autoStart = false; - - # extraOptions = [ - # "--network=host" - # "--device=/dev/kfd" - # "--device=/dev/dri" - # "--group-add=video" - # "--ipc=host" - # "--cap-add=SYS_PTRACE" - # "--security-opt=seccomp=unconfined" - # ]; - - # volumes = [ - # "/home/christoph/NoSync/StableDiffusionWebUI:/webui-data" - # ]; - - # # TODO: User christoph not found in passwd file - # # user = "christoph:users"; - - # environment = { - # UID = "1000"; - # GID = "100"; - # TZ = "Europe/Berlin"; - # }; - - # entrypoint = "/webui-data/launch.sh"; - # }; - }; - - # Make the system services available to the user - # NOTE: This doesn't work, since the cidfile is located in /run, which is not writable for regular users... - systemd.user.services = let - # Filter all system service attributes that the user units don't have and add some required attributes - system2user = attrs: - lib.mergeAttrs (lib.attrsets.filterAttrs (n: v: - !( - n - == "confinement" - || n == "runner" - || n == "environment" - )) - attrs) { - startLimitIntervalSec = 1; - startLimitBurst = 5; - }; - in { - # podman-stablediffusion = system2user config.systemd.services.podman-stablediffusion; - }; } diff --git a/system/nixtop/default.nix b/system/nixtop/default.nix index 59543d90..a7c89e3d 100644 --- a/system/nixtop/default.nix +++ b/system/nixtop/default.nix @@ -9,6 +9,7 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix + ../modules ]; services.xserver = {