yemou.pink / nix-configs
Nix configurations for my homelab
fork atom

Add Jellyfin and Servarr utilities

yemou.pink 8a255ea7 ad284916

verified
options
unified split
Changed files
+108 -2
lily
config.nix
modules
services
arr.nix
caddy
jellyfin.nix
jellyfin.nix
secrets
lily.yaml
+3
lily/config.nix 
···

       
23

       
23

       
 

       
    ../modules/services/caddy


     

       
24

       
24

       
 

       
    ../modules/services/caddy/atproto-did.nix


     

       
25

       
25

       
 

       
    ../modules/services/caddy/cp-certs.nix


     

       

       
26

       
+

       
    ../modules/services/caddy/jellyfin.nix


     

       
26

       
27

       
 

       
    ../modules/services/caddy/mumble.nix


     

       
27

       
28

       
 

       
    ../modules/services/caddy/nextcloud.nix


     

       
28

       
29

       
 

       
    ../modules/services/caddy/pds.nix


     
···

       
36

       
37

       
 

       
    ../modules/services/caddy/websites/pink-meyou.nix


     

       
37

       
38

       
 

       
    ../modules/services/caddy/websites/pink-yemou.nix


     

       
38

       
39

       
 

       



     

       

       
40

       
+

       
    ../modules/services/arr.nix


     

       

       
41

       
+

       
    ../modules/services/jellyfin.nix


     

       
39

       
42

       
 

       
    ../modules/services/murmur.nix


     

       
40

       
43

       
 

       
    ../modules/services/nextcloud.nix


     

       
41

       
44

       
 

       
    ../modules/services/openssh.nix
+59
modules/services/arr.nix 
···

       

       
1

       
+

       
{ config, ... }:


     

       

       
2

       
+

       
{


     

       

       
3

       
+

       
  environment.persistence."/data/persistent".directories = [


     

       

       
4

       
+

       
    # NOTE: Prowlarr isn't here since it uses /var/lib/private/prowlarr as its directory regardless and this directory


     

       

       
5

       
+

       
    #       is already in nixos-impermanence


     

       

       
6

       
+

       
    {


     

       

       
7

       
+

       
      directory = "/var/lib/radarr";


     

       

       
8

       
+

       
      mode = "0700";


     

       

       
9

       
+

       
      user = config.services.radarr.user;


     

       

       
10

       
+

       
      group = config.services.radarr.group;


     

       

       
11

       
+

       
    }


     

       

       
12

       
+

       
    {


     

       

       
13

       
+

       
      directory = "/var/lib/sonarr";


     

       

       
14

       
+

       
      mode = "0700";


     

       

       
15

       
+

       
      user = config.services.sonarr.user;


     

       

       
16

       
+

       
      group = config.services.sonarr.group;


     

       

       
17

       
+

       
    }


     

       

       
18

       
+

       
  ];


     

       

       
19

       
+

       



     

       

       
20

       
+

       
  sops = {


     

       

       
21

       
+

       
    secrets = {


     

       

       
22

       
+

       
      "prowlarr-apikey" = { };


     

       

       
23

       
+

       
      "radarr-apikey" = { };


     

       

       
24

       
+

       
      "sonarr-apikey" = { };


     

       

       
25

       
+

       
    };


     

       

       
26

       
+

       
    templates = {


     

       

       
27

       
+

       
      prowlarr-env.content = "PROWLARR__AUTH__APIKEY=${config.sops.placeholder."prowlarr-apikey"}";


     

       

       
28

       
+

       
      radarr-env.content = "RADARR__AUTH__APIKEY=${config.sops.placeholder."radarr-apikey"}";


     

       

       
29

       
+

       
      sonarr-env.content = "SONARR__AUTH__APIKEY=${config.sops.placeholder."sonarr-apikey"}";


     

       

       
30

       
+

       
    };


     

       

       
31

       
+

       
  };


     

       

       
32

       
+

       



     

       

       
33

       
+

       
  networking.firewall.interfaces.${config.services.netbird.clients.homelab.interface}.allowedTCPPorts = [


     

       

       
34

       
+

       
    config.services.prowlarr.settings.server.port


     

       

       
35

       
+

       
    config.services.radarr.settings.server.port


     

       

       
36

       
+

       
    config.services.sonarr.settings.server.port


     

       

       
37

       
+

       
  ];


     

       

       
38

       
+

       



     

       

       
39

       
+

       
  services = {


     

       

       
40

       
+

       
    flaresolverr.enable = true;


     

       

       
41

       
+

       
    prowlarr = {


     

       

       
42

       
+

       
      enable = true;


     

       

       
43

       
+

       
      environmentFiles = [ config.sops.templates.prowlarr-env.path ];


     

       

       
44

       
+

       
      settings.log.level = "info";


     

       

       
45

       
+

       
    };


     

       

       
46

       
+

       
    radarr = {


     

       

       
47

       
+

       
      enable = true;


     

       

       
48

       
+

       
      environmentFiles = [ config.sops.templates.radarr-env.path ];


     

       

       
49

       
+

       
      settings.log.level = "info";


     

       

       
50

       
+

       
    };


     

       

       
51

       
+

       
    sonarr = {


     

       

       
52

       
+

       
      enable = true;


     

       

       
53

       
+

       
      environmentFiles = [ config.sops.templates.sonarr-env.path ];


     

       

       
54

       
+

       
      settings.log.level = "info";


     

       

       
55

       
+

       
    };


     

       

       
56

       
+

       
  };


     

       

       
57

       
+

       



     

       

       
58

       
+

       
  systemd.services.flaresolverr.serviceConfig.RestrictAddressFamilies = [ "~AF_INET6" ];


     

       

       
59

       
+

       
}
+7
modules/services/caddy/jellyfin.nix 
···

       

       
1

       
+

       
{ ... }:


     

       

       
2

       
+

       
{


     

       

       
3

       
+

       
  services.caddy.virtualHosts."jellyfin.lilac.pink".extraConfig = ''


     

       

       
4

       
+

       
    encode


     

       

       
5

       
+

       
    reverse_proxy [::1]:8096


     

       

       
6

       
+

       
  '';


     

       

       
7

       
+

       
}
+35
modules/services/jellyfin.nix 
···

       

       
1

       
+

       
{ pkgs, ... }:


     

       

       
2

       
+

       
{


     

       

       
3

       
+

       
  imports = [ ../unfree.nix ];


     

       

       
4

       
+

       



     

       

       
5

       
+

       
  environment.persistence."/data/persistent".directories = [


     

       

       
6

       
+

       
    {


     

       

       
7

       
+

       
      directory = "/var/cache/jellyfin";


     

       

       
8

       
+

       
      mode = "0700";


     

       

       
9

       
+

       
      user = "jellyfin";


     

       

       
10

       
+

       
      group = "jellyfin";


     

       

       
11

       
+

       
    }


     

       

       
12

       
+

       
    {


     

       

       
13

       
+

       
      directory = "/var/lib/jellyfin";


     

       

       
14

       
+

       
      mode = "0700";


     

       

       
15

       
+

       
      user = "jellyfin";


     

       

       
16

       
+

       
      group = "jellyfin";


     

       

       
17

       
+

       
    }


     

       

       
18

       
+

       
  ];


     

       

       
19

       
+

       



     

       

       
20

       
+

       
  hardware.graphics = {


     

       

       
21

       
+

       
    enable = true;


     

       

       
22

       
+

       
    extraPackages = with pkgs; [


     

       

       
23

       
+

       
      intel-compute-runtime


     

       

       
24

       
+

       
      intel-media-driver


     

       

       
25

       
+

       
      vpl-gpu-rt


     

       

       
26

       
+

       
    ];


     

       

       
27

       
+

       
  };


     

       

       
28

       
+

       



     

       

       
29

       
+

       
  users.users.jellyfin.extraGroups = [


     

       

       
30

       
+

       
    "render"


     

       

       
31

       
+

       
    "video"


     

       

       
32

       
+

       
  ];


     

       

       
33

       
+

       



     

       

       
34

       
+

       
  services.jellyfin.enable = true;


     

       

       
35

       
+

       
}
+4 -2
secrets/lily.yaml 
···

       
15

       
15

       
 

       
    private-key: ENC[AES256_GCM,data:TH+OewaIzba5Ysyu0tHiS8LnftPB1dJt+BDvkgA7l0PnbBjPt4HCwib+Vjo=,iv:AGQ2S7Sjl6SD/SzsX8bv9yavlPOlgwxuR56VBovt5vE=,tag:pT/C5u81Ws0+DbO+ffW4SQ==,type:str]


     

       
16

       
16

       
 

       
    public-key: ENC[AES256_GCM,data:RIh3I7STHUx+N8sBSW9z1b1CTPIflDBNY4TqWRpNPAn9SJIB76UrVXVYzC4=,iv:QT4a+JHK6TN6BWQlv/d26Yx/fH+S3T9G8RnYgWCHlkY=,tag:YRqXSXCuDyfy71bczyfMjg==,type:str]


     

       
17

       
17

       
 

       
radarr-apikey: ENC[AES256_GCM,data:7FLygsV20gXqnT/T7fxW8kajcDN6OiA/LIIrYUYx8y8=,iv:YreEg2rnm+ghAH3FiabqdRx7lYfZLO6uEhKqDAA4gA4=,tag:n/xCQAHF1b5a0lIfkfI3CQ==,type:str]


     

       

       
18

       
+

       
sonarr-apikey: ENC[AES256_GCM,data:CTmGQN0k2iQknPOSxfyckBemY1Bp1SPLeHTuUBwxH6E=,iv:gtQ0hZQ+YKEYDEDOyQUG58xAxyjSHZU9CVanyh/1bL8=,tag:cRPIb9nUZYxvtFnoqAxwRQ==,type:str]


     

       

       
19

       
+

       
prowlarr-apikey: ENC[AES256_GCM,data:w5pQjQed4qbqLWI4STNvqCi6p0VMy8LvzenPsKZRMmk=,iv:BbZGwTUjFh3XI47mUi3ctZhvQsqhD65HNiXJlrcTL0o=,tag:UWCn3Zy49AC0/O0nsAOLnw==,type:str]


     

       
18

       
20

       
 

       
sops:


     

       
19

       
21

       
 

       
    age:


     

       
20

       
22

       
 

       
        - recipient: age1amaa55e7nusv904a9ucfvtnjlw4srtet42suehey6u3yc4t2xc5sdldepj


     
···

       
26

       
28

       
 

       
            cHlWQjF3ZkU5NUs0Y1hodUlabkxpdzAK91EV34EhJMrxxdVrRCwZlGKuRs7AU7v3


     

       
27

       
29

       
 

       
            dU8XRhjAzJs2Vu5UnCVOGB5Zl6w7FkXICYY0IP2dA0b477dI5rXNBg==


     

       
28

       
30

       
 

       
            -----END AGE ENCRYPTED FILE-----


     

       
29

       

       
-

       
    lastmodified: "2025-11-06T18:29:46Z"


     

       
30

       

       
-

       
    mac: ENC[AES256_GCM,data:p5JjCTx4iqsXO/5bAKixr1sgxFoXodt7uoFDXMAKB3Yxq49xENZVL5S9ZbpwMmUB6Cl8LbMHMoAtrB6ab5LMYEKnGOSPVNilzJmSs18itHloel25wck++sO2589JkO55Ic781H5wDD7L7EifuRbDx3i4U3DgxOP1soTcQTpflzo=,iv:ukTDYeOuogWzbuXo9z+ClcwSfLRoVoJ2lvOmO2gjPyw=,tag:piR0FhjJqAzMkaZgiBFbDQ==,type:str]


     

       

       
31

       
+

       
    lastmodified: "2025-12-07T06:49:15Z"


     

       

       
32

       
+

       
    mac: ENC[AES256_GCM,data:ptj1uTNOu6g1VykpoeoltS0L6di8dVvVzXeIY7LEvCvqo+u74DlGQXJPvpVZPif3t9tHg65aqJShQeu461AMZBbCDOzImTMY23KABpBCaXvN8C+krTynPMan3C1fHrJmHFOXXFBT4V5ecdowopIdybUsoJ3H18jPZ629VngPgjE=,iv:q9+6Aa6LYg3TeRZZf0kRr3ssNB2igMhLg6MweDbQv3A=,tag:Lb7E/RT/tPJE1TyQf6dnyA==,type:str]


     

       
31

       
33

       
 

       
    unencrypted_suffix: _unencrypted


     

       
32

       
34

       
 

       
    version: 3.11.0