From 4998a3c0d8cf02fcd0a592908993e2bac1c68e93 Mon Sep 17 00:00:00 2001 From: Daniel Kempkens Date: Fri, 28 Apr 2023 00:05:07 +0200 Subject: [PATCH] mediaserver: Add mounts to systemd units --- container/tubearchivist/default.nix | 15 ++++- secret/container/additional-media/default.nix | Bin 1873 -> 2050 bytes system/nixos/aria2.nix | 53 ++++++++++-------- system/nixos/jellyfin.nix | 16 ++++++ system/nixos/radarr.nix | 28 +++++---- system/nixos/sabnzbd.nix | 39 +++++++------ system/nixos/sonarr.nix | 30 ++++++---- 7 files changed, 117 insertions(+), 64 deletions(-) diff --git a/container/tubearchivist/default.nix b/container/tubearchivist/default.nix index 5e570fd..c409c58 100644 --- a/container/tubearchivist/default.nix +++ b/container/tubearchivist/default.nix @@ -35,9 +35,18 @@ }; }; - systemd.services.podman-tubearchivist.serviceConfig = { - TimeoutStopSec = lib.mkForce 30; - }; + systemd.services.podman-tubearchivist = + let + mounts = [ "mnt-media-YTDL.mount" ]; + in + { + requires = mounts; + after = lib.mkMerge mounts; + + serviceConfig = { + TimeoutStopSec = lib.mkForce 30; + }; + }; systemd.services.podman-archivist-redis.serviceConfig = { TimeoutStopSec = lib.mkForce 30; diff --git a/secret/container/additional-media/default.nix b/secret/container/additional-media/default.nix index 9416298e2c2a241976205ae5cd71db3d7c88c01f..49a043bfc3f52c29f03912ff27fd08503b7a05a5 100644 GIT binary patch literal 2050 zcmV+d2>tf}M@dveQdv+`0I>cvmA=049ldqQb+FMM;lx}q&L4{0dNtv7P${TA z76eC23W~!7Bmd^GI|gnv)^NS=?Uq76NEuS`y`Bo)?}-i=u*Vr1 zecW*rz@|Esh|onQW-E(J2Z@>NQOV@&bRoNi>{{tF@8wPsqaPd6ehtzr!+Fh#QQzf$!;z=~hkvTSj;*W}udjxHL z^58PiA!;aU*1lA+;vtk|A2F5+_9z+;;zs-CXp@vAD@*3;fmj9b`^P1@oC#QlTEG#? zA>Jat_o2HUnXsU2FNcJ0mt4N9q(uSo1`U~G9s$=i_hcYjc^!k?LcDWhhNHfY&X|}o zp9ZQ6`<(Z_B2&QtgH+VVKhH3g!h6W8iu$kKQWAro1^u>a%7@j@`ah8jxUR(-_y*N@ zRJf{A15xzP9L}f(vPteKesW04h>@NdoXiopK0xp0_?8jY!nG(1{@~>ylc)^qaWWQ{ zN`OWa86#?77e8{~vv!zqX`k z{V>Z$nHy@M~=&ii-5q_s-0J5Rm@kH$Yu#N$?B~aMxc3=I(F^AyG`^4=|Mm+SP z8{fFRNq)jbr}?g8)f;<*(A6pTxuzXa)LX`~hbAx>jm2kT+1>1_prZXwN2dXd+H!#^ z2|kr%Xh0sCdt`=!T9;72@VVd|gD{C8;+bYj^kt?? zpcB!0?Q!K&T5Y(fO26v*->X)&Q~DSJ?zc#IyWiuJJW6~9Xrg0buvjtDZNMq(1J#k^ z-P%*R4EnW1l^Ubm(-22c9_$7ms8AaK;Omv_5%8EFN$PrnqLAeM%v2K^`v8NPgdNJj z7U^Dc3qj-$VR5>A8GZ=CX8`XL0m-6aGuyx05Sy z$`!Z7>}S>GPOQHI`ezmU`%&*^J&%glAl=b35uhffkX{bYZmp0cysbPASk-jJ<;YhG5I9wf_e5aUvSFjq&y-}*H*2~@;Y~< zyd)fuVl3#_#-#@bUtk61@|a7o{>CmvE(#;agF>2aOcp>}{T)rE8hVm?*j!57N;h&P zfzu|~;6@zxz8%H)uCNCcT~Wljs6c`_rYjHJ)u=Y2&4U0#8lB&RY?kIKy9TR(Y^;RH zcv!N4>}fmdXo}p!5;e9Pxjab&h-7FG0uM;F|U*l?)HzseKHIh zL=CPh)Voff>VR1S7@(lEHIkCs&m$-}X~_)&H&l7C zeSb4dl^0j?+J^~$txL$a&`lr6g4jm{D+WNYHu3dDEJ0=i!?=Gl|H9i7R)h^4i027N zT3TW-Kwpw;2h1imsi)zlBAsriS$Q3EbIrJ`$D7!?R#s zC7TjfH3wfStIjF^Y3rNLh%JC-`wq$Fs6dO;%Zb<(o(&bBfF@lLt>`wLmn4Ko#n9z* zGlxI#`Q?x33axG04?iq;DDz&7lbqd~K1eGjP521@S-)QGF6r%sxtCYnbj{1?@c04c zghSYfzW_rm8V%am)?pc)Ak;50v&z)!hdbb0-`QT21j^B**|OFQgqwwuq#fx2(*h|; zZ2H4mt+|O^Q4MqLlkva>kGwwljsrx~TsGpv&ByjWqGvY8$s{fE2 zT0*FRtwe2+1FJ9C`{t|k*68-SuG0?lbRD~OMZ?Tcp{#p%n>At5x3Laf$X8;t*wh)hjG~&0#SI+#THsY zh?+64W%h3O-GeoFP$MVf-1Up!1AiFf0CGn)Ok1ku@6_3o>jQ1sA@9(%P-SBU-8>82# zi$cVE3nm?~vzn|p{j0lN@vh|bQ)QjT8I;@(vP_T?3=f|c4JNY#I*!EpK72QS|2!aR zX#t;%pl?tEcL5+mM}u8#Uy=WkO!W<`x8K&7g2*7cL7!_iZNS*pbX7OIvy84%8;ney z-v4*S;25aVxf0Xiwd>UL3rt}l>$HAwfySUe0xVF$4%ucW*P6$=>{;#gSuU`>`-S4DACM=c=zH;fXY;9wUQP8(uh^ z(?{OA!3+VYgkbJ*^-ag`X9M z&b>H8U~+UjB9RpSG{1=*sdxUi`G+WWnFSYI1g!VA@}CX#$1oxN96C=gU~t2?))nR> zBFER{PmDJ|5S>0x`v}nEG}?4P;jgyH+SZpP zB%{PuQzq>ZUq@QLSPn{~LgrDjBi5&Bc4kov#^mt5fExJJhvV-K#QQvOgi}toRFF-H zS5{^C48xxeGM?yX%L7x=Ar7MK&PDD^H}W6m820Xs;?&LfTsM5kR0QC&yQ{2q*$;ON4p&ran3L}MPX&w{a|^S>GTP?V09jNtjC z^UU>PeYZ;2DaOipAl^k0F+X@L6jC8YMEn>$@R|jeMZ5fMT?I+>~EB))g5vudd+A!pJeNv{J|j&j7P6~m%jEP zhf%A}zJ61k+UH6|&P|DkmCjlqsqRQI>GJx2-qTfBZt`iaSb@j=eND39KW%PH;J``R zmSwhB$(d~5z(Bco8ZhZw3-Ze;k9RksXn&v~6O#!&=92M<(HP<)X&XN4{jx0Q*?Xz8 zO+F(a4ut`m?Fu1-wBWAx)Em);tLs0ok)65&{Bm(3gmMIwl-Q4+y z`>V5*rvP%A38Zk3Xjeo!Owf1>OM%cJ-}l7Y;ie?0Es6@aOQJFFa~> zqDQe0;{Qh=SrE{x%f^VjkVHx?p`gHe$o3~k)aboTt{4&aCW;pG4!v_(7Cx3>ba`=h z(5mA(Ng|EotLT_Q3-NW2{`3MRGjRpyBeNFQlp(7~ri7O7USfGgDK0TjB&Y>2l`Q zKZ`b4aDbRNlF$=PiTw)jre_OQiY%pT#L2c>4JyXO+F_hDqHD<#V;Dgh{)LON{mHn% z40fU~@RLn3L741<%WeU;!2P-Q@;1;|kOL>bpy_0%!4tB#`ACNR&GHV%n9pa-QoN5K zk{A#;-|8aM`r_{?10m9C{FAOXVRepU%dhDsP)9xoEAY&{>Gz1_pyWCs^F5{4EmV4f Ls)H(yMj$R^c^ROG diff --git a/system/nixos/aria2.nix b/system/nixos/aria2.nix index dfb917b..72e5cd4 100644 --- a/system/nixos/aria2.nix +++ b/system/nixos/aria2.nix @@ -7,33 +7,38 @@ let in { # The nix-provided options force a aria2-user to a certain degree - systemd.services.aria2 = { - description = "aria2 Service"; - bindsTo = [ "wg.service" ]; - after = [ "wg.service" ]; - wantedBy = [ "multi-user.target" ]; + systemd.services.aria2 = + let + mounts = [ "mnt-downloads.mount" ]; + in + { + description = "aria2 Service"; + requires = mounts; + bindsTo = [ "wg.service" ]; + after = [ "wg.service" ] ++ mounts; + wantedBy = [ "multi-user.target" ]; - preStart = '' - if [[ ! -e "${sessionFile}" ]] - then - touch "${sessionFile}" - fi - cp -f "${config.age.secrets.aria2-config.path}" "${settingsDir}/aria2.conf" - ''; + preStart = '' + if [[ ! -e "${sessionFile}" ]] + then + touch "${sessionFile}" + fi + cp -f "${config.age.secrets.aria2-config.path}" "${settingsDir}/aria2.conf" + ''; - serviceConfig = { - Restart = "on-abort"; - ExecStart = "${pkgs.aria2}/bin/aria2c --enable-rpc --conf-path=${settingsDir}/aria2.conf --save-session=${sessionFile}"; - ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; - User = "media_user"; - Group = "media_group"; - NetworkNamespacePath = "/var/run/netns/wg"; - BindReadOnlyPaths = [ - "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind" - "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind" - ]; + serviceConfig = { + Restart = "on-abort"; + ExecStart = "${pkgs.aria2}/bin/aria2c --enable-rpc --conf-path=${settingsDir}/aria2.conf --save-session=${sessionFile}"; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + User = "media_user"; + Group = "media_group"; + NetworkNamespacePath = "/var/run/netns/wg"; + BindReadOnlyPaths = [ + "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind" + "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind" + ]; + }; }; - }; services.nginx.virtualHosts."aria.internal.kempkens.network" = { quic = true; diff --git a/system/nixos/jellyfin.nix b/system/nixos/jellyfin.nix index a1fdc07..01a6fb5 100644 --- a/system/nixos/jellyfin.nix +++ b/system/nixos/jellyfin.nix @@ -8,6 +8,22 @@ openFirewall = false; }; + systemd.services.jellyfin = + let + mounts = [ + "mnt-media-TV\\x20Shows.mount" + "mnt-media-Documentaries.mount" + "mnt-media-Anime.mount" + "mnt-media-Movies.mount" + "mnt-media-Deutsche\\x20Serien.mount" + "mnt-media-Deutsche\\x20Filme.mount" + ]; + in + { + requires = mounts; + after = lib.mkMerge mounts; + }; + services.nginx.virtualHosts."jellyfin.internal.kempkens.network" = { listen = [ { diff --git a/system/nixos/radarr.nix b/system/nixos/radarr.nix index e7cc99a..69f3dad 100644 --- a/system/nixos/radarr.nix +++ b/system/nixos/radarr.nix @@ -8,18 +8,26 @@ openFirewall = false; }; - systemd.services.radarr = { - bindsTo = [ "wg.service" ]; - after = lib.mkForce [ "wg.service" ]; - - serviceConfig = { - NetworkNamespacePath = "/var/run/netns/wg"; - BindReadOnlyPaths = [ - "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind" - "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind" + systemd.services.radarr = + let + mounts = [ + "mnt-media-Movies.mount" + "mnt-downloads.mount" ]; + in + { + requires = mounts; + bindsTo = [ "wg.service" ]; + after = lib.mkForce ([ "wg.service" ] ++ mounts); + + serviceConfig = { + NetworkNamespacePath = "/var/run/netns/wg"; + BindReadOnlyPaths = [ + "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind" + "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind" + ]; + }; }; - }; services.nginx.virtualHosts."radarr.internal.kempkens.network" = { quic = true; diff --git a/system/nixos/sabnzbd.nix b/system/nixos/sabnzbd.nix index 85b5be3..223e00f 100644 --- a/system/nixos/sabnzbd.nix +++ b/system/nixos/sabnzbd.nix @@ -2,25 +2,30 @@ { # The nix-provided options force a sabnzbd-user to a certain degree - systemd.services.sabnzbd = { - description = "sabnzbd server"; - bindsTo = [ "wg.service" ]; - after = [ "wg.service" ]; - wantedBy = [ "multi-user.target" ]; + systemd.services.sabnzbd = + let + mounts = [ "mnt-downloads.mount" ]; + in + { + description = "sabnzbd server"; + requires = mounts; + bindsTo = [ "wg.service" ]; + after = [ "wg.service" ] ++ mounts; + wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "forking"; - GuessMainPID = "no"; - User = "media_user"; - Group = "media_group"; - NetworkNamespacePath = "/var/run/netns/wg"; - BindReadOnlyPaths = [ - "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind" - "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind" - ]; - ExecStart = "${pkgs.sabnzbd}/bin/sabnzbd -d -f /var/lib/sabnzbd/sabnzbd.ini"; + serviceConfig = { + Type = "forking"; + GuessMainPID = "no"; + User = "media_user"; + Group = "media_group"; + NetworkNamespacePath = "/var/run/netns/wg"; + BindReadOnlyPaths = [ + "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind" + "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind" + ]; + ExecStart = "${pkgs.sabnzbd}/bin/sabnzbd -d -f /var/lib/sabnzbd/sabnzbd.ini"; + }; }; - }; services.nginx.virtualHosts."sabnzbd.internal.kempkens.network" = { quic = true; diff --git a/system/nixos/sonarr.nix b/system/nixos/sonarr.nix index 4c45fbe..7c3ce44 100644 --- a/system/nixos/sonarr.nix +++ b/system/nixos/sonarr.nix @@ -8,18 +8,28 @@ openFirewall = false; }; - systemd.services.sonarr = { - bindsTo = [ "wg.service" ]; - after = lib.mkForce [ "wg.service" ]; - - serviceConfig = { - NetworkNamespacePath = "/var/run/netns/wg"; - BindReadOnlyPaths = [ - "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind" - "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind" + systemd.services.sonarr = + let + mounts = [ + "mnt-media-TV\\x20Shows.mount" + "mnt-media-Documentaries.mount" + "mnt-media-Anime.mount" + "mnt-downloads.mount" ]; + in + { + requires = mounts; + bindsTo = [ "wg.service" ]; + after = lib.mkForce ([ "wg.service" ] ++ mounts); + + serviceConfig = { + NetworkNamespacePath = "/var/run/netns/wg"; + BindReadOnlyPaths = [ + "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind" + "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind" + ]; + }; }; - }; services.nginx.virtualHosts."sonarr.internal.kempkens.network" = { quic = true;