diff --git a/ops/nixos/clouvider-fra01/default.nix b/ops/nixos/clouvider-fra01/default.nix index ff75b6384b..a971e85f5b 100644 --- a/ops/nixos/clouvider-fra01/default.nix +++ b/ops/nixos/clouvider-fra01/default.nix @@ -51,6 +51,7 @@ in { ../lib/bgp.nix ../lib/ts3spotifybot.nix ../lib/coredns/default.nix + ../lib/plex.nix ]; boot.initrd.availableKernelModules = [ @@ -134,19 +135,9 @@ in { # Define a user account. users.mutableUsers = false; users.users = { - lukegb.extraGroups = [ "wheel" "content" "deluge" ]; - content = { - isSystemUser = true; - group = "content"; - }; - plex.extraGroups = [ "content" ]; - deluge.extraGroups = [ "content" ]; sonarr.extraGroups = [ "deluge" "content" ]; radarr.extraGroups = [ "deluge" "content" ]; } // (lib.setAttrByPath [ config.services.nginx.user "extraGroups" ] [ "acme" ]); - users.groups = { - content = {}; - }; services.openssh.hostKeys = [ { @@ -160,32 +151,6 @@ in { } ]; - services.plex = { - enable = true; - dataDir = "/store/plex"; - openFirewall = true; - package = depot.nix.pkgs.plex-pass; - }; - - services.deluge = { - enable = true; - declarative = true; - openFirewall = true; - dataDir = "/store/deluge"; - config = { - upnp = false; - natpmp = false; - max_active_seeding = 900; - max_active_downloading = 100; - max_active_limit = 1000; - move_completed_paths_list = [ "/store/content/Anime" "/store/content/Films" "/store/content/TV" ]; - enabled_plugins = [ "Label" ]; - }; - authFile = machineSecrets.delugeAuthFile; - - web.enable = true; - package = depot.pkgs.deluge; - }; services.sonarr = { enable = true; }; @@ -197,9 +162,6 @@ in { enable = true; virtualHosts = vhosts; }; - systemd.services.nginx.serviceConfig = { - SupplementaryGroups = [ "content" ]; - }; services.ipfs = { enable = true; diff --git a/ops/nixos/lib/content.nix b/ops/nixos/lib/content.nix new file mode 100644 index 0000000000..ee8659a499 --- /dev/null +++ b/ops/nixos/lib/content.nix @@ -0,0 +1,18 @@ +# SPDX-FileCopyrightText: 2020 Luke Granger-Brown +# +# SPDX-License-Identifier: Apache-2.0 + +{ ... }: +{ + users.users.content = { + isSystemUser = true; + group = "content"; + }; + users.groups.content = {}; + + users.users.lukegb.extraGroups = [ "content" ]; + + systemd.services.nginx.serviceConfig = { + SupplementaryGroups = [ "content" ]; + }; +} diff --git a/ops/nixos/lib/deluge.nix b/ops/nixos/lib/deluge.nix new file mode 100644 index 0000000000..c79504d650 --- /dev/null +++ b/ops/nixos/lib/deluge.nix @@ -0,0 +1,35 @@ +# SPDX-FileCopyrightText: 2020 Luke Granger-Brown +# +# SPDX-License-Identifier: Apache-2.0 + +{ depot, lib, pkgs, rebuilder, config, ... }: +let + inherit (depot.ops) secrets; +in { + imports = [ + ./content.nix + ]; + + users.users.deluge.extraGroups = [ "content" ]; + users.users.lukegb.extraGroups = [ "deluge" ]; + + services.deluge = { + enable = true; + declarative = true; + openFirewall = true; + dataDir = "/store/deluge"; + config = { + upnp = false; + natpmp = false; + max_active_seeding = 900; + max_active_downloading = 100; + max_active_limit = 1000; + move_completed_paths_list = [ "/store/content/Anime" "/store/content/Films" "/store/content/TV" ]; + enabled_plugins = [ "Label" ]; + }; + authFile = secrets.deluge.authFile; + + web.enable = true; + package = depot.pkgs.deluge; + }; +} diff --git a/ops/nixos/lib/plex.nix b/ops/nixos/lib/plex.nix new file mode 100644 index 0000000000..8dcb7a6229 --- /dev/null +++ b/ops/nixos/lib/plex.nix @@ -0,0 +1,19 @@ +# SPDX-FileCopyrightText: 2020 Luke Granger-Brown +# +# SPDX-License-Identifier: Apache-2.0 + +{ depot, ... }: +{ + imports = [ + ./content.nix + ]; + + users.users.plex.extraGroups = [ "content" ]; + + services.plex = { + enable = true; + dataDir = "/store/plex"; + openFirewall = true; + package = depot.nix.pkgs.plex-pass; + }; +} diff --git a/ops/nixos/totoro/default.nix b/ops/nixos/totoro/default.nix index 20b9dd08be..e4f5dc3bdc 100644 --- a/ops/nixos/totoro/default.nix +++ b/ops/nixos/totoro/default.nix @@ -13,6 +13,7 @@ in { ../lib/twitternuke.nix ../lib/quotes.bfob.gg.nix ../lib/baserow.nix + ../lib/plex.nix ./home-assistant.nix ];