diff --git a/container/tubearchivist/default.nix b/container/tubearchivist/default.nix index 5e570fd..c409c58 100644 --- a/container/tubearchivist/default.nix +++ b/container/tubearchivist/default.nix @@ -35,9 +35,18 @@ }; }; - systemd.services.podman-tubearchivist.serviceConfig = { - TimeoutStopSec = lib.mkForce 30; - }; + systemd.services.podman-tubearchivist = + let + mounts = [ "mnt-media-YTDL.mount" ]; + in + { + requires = mounts; + after = lib.mkMerge mounts; + + serviceConfig = { + TimeoutStopSec = lib.mkForce 30; + }; + }; systemd.services.podman-archivist-redis.serviceConfig = { TimeoutStopSec = lib.mkForce 30; diff --git a/secret/container/additional-media/default.nix b/secret/container/additional-media/default.nix index 9416298..49a043b 100644 Binary files a/secret/container/additional-media/default.nix and b/secret/container/additional-media/default.nix differ diff --git a/system/nixos/aria2.nix b/system/nixos/aria2.nix index dfb917b..72e5cd4 100644 --- a/system/nixos/aria2.nix +++ b/system/nixos/aria2.nix @@ -7,33 +7,38 @@ let in { # The nix-provided options force a aria2-user to a certain degree - systemd.services.aria2 = { - description = "aria2 Service"; - bindsTo = [ "wg.service" ]; - after = [ "wg.service" ]; - wantedBy = [ "multi-user.target" ]; + systemd.services.aria2 = + let + mounts = [ "mnt-downloads.mount" ]; + in + { + description = "aria2 Service"; + requires = mounts; + bindsTo = [ "wg.service" ]; + after = [ "wg.service" ] ++ mounts; + wantedBy = [ "multi-user.target" ]; - preStart = '' - if [[ ! -e "${sessionFile}" ]] - then - touch "${sessionFile}" - fi - cp -f "${config.age.secrets.aria2-config.path}" "${settingsDir}/aria2.conf" - ''; + preStart = '' + if [[ ! -e "${sessionFile}" ]] + then + touch "${sessionFile}" + fi + cp -f "${config.age.secrets.aria2-config.path}" "${settingsDir}/aria2.conf" + ''; - serviceConfig = { - Restart = "on-abort"; - ExecStart = "${pkgs.aria2}/bin/aria2c --enable-rpc --conf-path=${settingsDir}/aria2.conf --save-session=${sessionFile}"; - ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; - User = "media_user"; - Group = "media_group"; - NetworkNamespacePath = "/var/run/netns/wg"; - BindReadOnlyPaths = [ - "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind" - "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind" - ]; + serviceConfig = { + Restart = "on-abort"; + ExecStart = "${pkgs.aria2}/bin/aria2c --enable-rpc --conf-path=${settingsDir}/aria2.conf --save-session=${sessionFile}"; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + User = "media_user"; + Group = "media_group"; + NetworkNamespacePath = "/var/run/netns/wg"; + BindReadOnlyPaths = [ + "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind" + "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind" + ]; + }; }; - }; services.nginx.virtualHosts."aria.internal.kempkens.network" = { quic = true; diff --git a/system/nixos/jellyfin.nix b/system/nixos/jellyfin.nix index a1fdc07..01a6fb5 100644 --- a/system/nixos/jellyfin.nix +++ b/system/nixos/jellyfin.nix @@ -8,6 +8,22 @@ openFirewall = false; }; + systemd.services.jellyfin = + let + mounts = [ + "mnt-media-TV\\x20Shows.mount" + "mnt-media-Documentaries.mount" + "mnt-media-Anime.mount" + "mnt-media-Movies.mount" + "mnt-media-Deutsche\\x20Serien.mount" + "mnt-media-Deutsche\\x20Filme.mount" + ]; + in + { + requires = mounts; + after = lib.mkMerge mounts; + }; + services.nginx.virtualHosts."jellyfin.internal.kempkens.network" = { listen = [ { diff --git a/system/nixos/radarr.nix b/system/nixos/radarr.nix index e7cc99a..69f3dad 100644 --- a/system/nixos/radarr.nix +++ b/system/nixos/radarr.nix @@ -8,18 +8,26 @@ openFirewall = false; }; - systemd.services.radarr = { - bindsTo = [ "wg.service" ]; - after = lib.mkForce [ "wg.service" ]; - - serviceConfig = { - NetworkNamespacePath = "/var/run/netns/wg"; - BindReadOnlyPaths = [ - "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind" - "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind" + systemd.services.radarr = + let + mounts = [ + "mnt-media-Movies.mount" + "mnt-downloads.mount" ]; + in + { + requires = mounts; + bindsTo = [ "wg.service" ]; + after = lib.mkForce ([ "wg.service" ] ++ mounts); + + serviceConfig = { + NetworkNamespacePath = "/var/run/netns/wg"; + BindReadOnlyPaths = [ + "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind" + "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind" + ]; + }; }; - }; services.nginx.virtualHosts."radarr.internal.kempkens.network" = { quic = true; diff --git a/system/nixos/sabnzbd.nix b/system/nixos/sabnzbd.nix index 85b5be3..223e00f 100644 --- a/system/nixos/sabnzbd.nix +++ b/system/nixos/sabnzbd.nix @@ -2,25 +2,30 @@ { # The nix-provided options force a sabnzbd-user to a certain degree - systemd.services.sabnzbd = { - description = "sabnzbd server"; - bindsTo = [ "wg.service" ]; - after = [ "wg.service" ]; - wantedBy = [ "multi-user.target" ]; + systemd.services.sabnzbd = + let + mounts = [ "mnt-downloads.mount" ]; + in + { + description = "sabnzbd server"; + requires = mounts; + bindsTo = [ "wg.service" ]; + after = [ "wg.service" ] ++ mounts; + wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "forking"; - GuessMainPID = "no"; - User = "media_user"; - Group = "media_group"; - NetworkNamespacePath = "/var/run/netns/wg"; - BindReadOnlyPaths = [ - "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind" - "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind" - ]; - ExecStart = "${pkgs.sabnzbd}/bin/sabnzbd -d -f /var/lib/sabnzbd/sabnzbd.ini"; + serviceConfig = { + Type = "forking"; + GuessMainPID = "no"; + User = "media_user"; + Group = "media_group"; + NetworkNamespacePath = "/var/run/netns/wg"; + BindReadOnlyPaths = [ + "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind" + "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind" + ]; + ExecStart = "${pkgs.sabnzbd}/bin/sabnzbd -d -f /var/lib/sabnzbd/sabnzbd.ini"; + }; }; - }; services.nginx.virtualHosts."sabnzbd.internal.kempkens.network" = { quic = true; diff --git a/system/nixos/sonarr.nix b/system/nixos/sonarr.nix index 4c45fbe..7c3ce44 100644 --- a/system/nixos/sonarr.nix +++ b/system/nixos/sonarr.nix @@ -8,18 +8,28 @@ openFirewall = false; }; - systemd.services.sonarr = { - bindsTo = [ "wg.service" ]; - after = lib.mkForce [ "wg.service" ]; - - serviceConfig = { - NetworkNamespacePath = "/var/run/netns/wg"; - BindReadOnlyPaths = [ - "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind" - "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind" + systemd.services.sonarr = + let + mounts = [ + "mnt-media-TV\\x20Shows.mount" + "mnt-media-Documentaries.mount" + "mnt-media-Anime.mount" + "mnt-downloads.mount" ]; + in + { + requires = mounts; + bindsTo = [ "wg.service" ]; + after = lib.mkForce ([ "wg.service" ] ++ mounts); + + serviceConfig = { + NetworkNamespacePath = "/var/run/netns/wg"; + BindReadOnlyPaths = [ + "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind" + "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind" + ]; + }; }; - }; services.nginx.virtualHosts."sonarr.internal.kempkens.network" = { quic = true;