mediaserver: Add aria2

2023-04-26 13:53:36 +02:00 · 2023-04-26 13:53:36 +02:00 · 0015a3d989
parent d8ab7d7d44
commit 0015a3d989
6 changed files with 82 additions and 9 deletions
--- a/agenix/hosts/mediaserver/aria2/config.age
+++ b/agenix/hosts/mediaserver/aria2/config.age
--- a/agenix/hosts/mediaserver/config.nix
+++ b/agenix/hosts/mediaserver/config.nix
@ -25,5 +25,11 @@
    tubearchivist-environment-es = {
      file = ./tubearchivist/environmentES.age;
    };
+
+    aria2-config = {
+      file = ./aria2/config.age;
+      owner = "media_user";
+      group = "media_group";
+    };
  };
 }
--- a/home/programs/nvim/plugins.nix
+++ b/home/programs/nvim/plugins.nix
@ -107,12 +107,12 @@ in
  };
  nvim-treesitter = buildVimPluginFrom2Nix {
    pname = "nvim-treesitter";
-    version = "2023-04-25";
+    version = "2023-04-26";
    src = fetchFromGitHub {
      owner = "nvim-treesitter";
      repo = "nvim-treesitter";
-      rev = "82bcd8483e0b802bd5f639046c88aecfddbab508";
-      sha256 = "12phddjhxir1b9b8731b2d28zfa9lxvk85pi6i126s84rnr76nv2";
+      rev = "0d7da3bd7d59ffacc2fac6a52a1ba16d820f882c";
+      sha256 = "0dd125zxggjxkdv8lpshm9w0fm0m1w7k2r1i5ar1rhgzbb4v0b3y";
      fetchSubmodules = false;
    };
  };
@ -140,12 +140,12 @@ in
  };
  telescope-nvim = buildVimPluginFrom2Nix {
    pname = "telescope.nvim";
-    version = "2023-04-23";
+    version = "2023-04-26";
    src = fetchFromGitHub {
      owner = "nvim-telescope";
      repo = "telescope.nvim";
-      rev = "f2645c13205abb9ee3dbcee68416645c69b863c8";
-      sha256 = "0kayab5maqjw9dq1dvila2si6j79rrbimfmj7az718msz20fp35z";
+      rev = "713d26b98583b160b50fb827adb751f768238ed3";
+      sha256 = "0g9ac5wp9vnj2qmwc4v6ix0pjsaqg0q5vk42wbyjjnkxa17f2y1b";
      fetchSubmodules = false;
    };
  };
@ -308,12 +308,12 @@ in
  };
  friendly-snippets = buildVimPluginFrom2Nix {
    pname = "friendly-snippets";
-    version = "2023-04-24";
+    version = "2023-04-26";
    src = fetchFromGitHub {
      owner = "rafamadriz";
      repo = "friendly-snippets";
-      rev = "9590ff90759488674cf97fe5d5754a0733ab37bb";
-      sha256 = "1x89ffp5ih2xsjzczfv1nma8jvr0sbwyss7mw4pkxfivhz10ai5c";
+      rev = "631f79e346b0b3203d2ce3eae619ca8d612e5463";
+      sha256 = "0ly8dpp2g6ls5cxwhwb2pwihn9ivhc0amb9h33lfchs5m6ps2a7b";
      fetchSubmodules = false;
    };
  };
--- a/secrets.nix
+++ b/secrets.nix
@ -67,4 +67,6 @@ in
  "agenix/hosts/mediaserver/tubearchivist/environmentTA.age".publicKeys = mediaserver;

  "agenix/hosts/mediaserver/tubearchivist/environmentES.age".publicKeys = mediaserver;
+
+  "agenix/hosts/mediaserver/aria2/config.age".publicKeys = mediaserver;
 }
--- a/system/hosts/mediaserver.nix
+++ b/system/hosts/mediaserver.nix
@ -26,6 +26,7 @@ in
    ../nixos/sonarr.nix
    ../nixos/radarr.nix
    ../nixos/jellyfin.nix
+    ../nixos/aria2.nix

    ../nixos/container.nix
    ../../container/tubearchivist
--- a/system/nixos/aria2.nix
+++ b/system/nixos/aria2.nix
@ -0,0 +1,64 @@
+{ pkgs, lib, config, ... }:
+
+let
+  ariaDir = "/mnt/downloads/Aria2";
+  settingsDir = "${ariaDir}/conf";
+  sessionFile = "${settingsDir}/aria2.session";
+in
+{
+  # The nix-provided options force a aria2-user to a certain degree
+  systemd.tmpfiles.rules = [
+    "d ${ariaDir} 0755 media_user media_group"
+    "d ${settingsDir} 0755 media_user media_group"
+    "d ${ariaDir}/dl 0755 media_user media_group"
+  ];
+
+  systemd.services.aria2 = {
+    description = "aria2 Service";
+    bindsTo = [ "wg.service" ];
+    after = [ "wg.service" ];
+    wantedBy = [ "multi-user.target" ];
+
+    preStart = ''
+      if [[ ! -e "${sessionFile}" ]]
+      then
+        touch "${sessionFile}"
+      fi
+      cp -f "${config.age.secrets.aria2-config.path}" "${settingsDir}/aria2.conf"
+    '';
+
+    serviceConfig = {
+      Restart = "on-abort";
+      ExecStart = "${pkgs.aria2}/bin/aria2c --enable-rpc --conf-path=${settingsDir}/aria2.conf --save-session=${sessionFile}";
+      ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+      User = "media_user";
+      Group = "media_group";
+      NetworkNamespacePath = "/var/run/netns/wg";
+      BindReadOnlyPaths = [
+        "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind"
+        "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind"
+      ];
+    };
+  };
+
+  services.nginx.virtualHosts."aria.internal.kempkens.network" = {
+    quic = true;
+    http3 = true;
+    kTLS = true;
+
+    root = "${pkgs.ariang}/share/ariang";
+    onlySSL = true;
+    useACMEHost = "internal.kempkens.network";
+
+    locations."/jsonrpc" = {
+      recommendedProxySettings = true;
+      proxyPass = "http://192.168.42.2:6800";
+      proxyWebsockets = true;
+    };
+
+    locations."/rpc" = {
+      recommendedProxySettings = true;
+      proxyPass = "http://192.168.42.2:6800";
+    };
+  };
+}