mediaserver: Add mounts to systemd units

2023-04-28 00:05:07 +02:00 · 2023-04-28 00:05:07 +02:00 · 4998a3c0d8
commit 4998a3c0d8
parent 250bc99e3b
7 changed files with 117 additions and 64 deletions
--- a/container/tubearchivist/default.nix
+++ b/container/tubearchivist/default.nix
@ -35,9 +35,18 @@
    };
  };
-  systemd.services.podman-tubearchivist.serviceConfig = {
+  systemd.services.podman-tubearchivist =
-    TimeoutStopSec = lib.mkForce 30;
+    let
-  };
+      mounts = [ "mnt-media-YTDL.mount" ];
    in
    {
      requires = mounts;
      after = lib.mkMerge mounts;
      serviceConfig = {
        TimeoutStopSec = lib.mkForce 30;
      };
    };
  systemd.services.podman-archivist-redis.serviceConfig = {
    TimeoutStopSec = lib.mkForce 30;
--- a/secret/container/additional-media/default.nix
+++ b/secret/container/additional-media/default.nix
--- a/system/nixos/aria2.nix
+++ b/system/nixos/aria2.nix
@ -7,33 +7,38 @@ let
 in
 {
  # The nix-provided options force a aria2-user to a certain degree
-  systemd.services.aria2 = {
+  systemd.services.aria2 =
-    description = "aria2 Service";
+    let
-    bindsTo = [ "wg.service" ];
+      mounts = [ "mnt-downloads.mount" ];
-    after = [ "wg.service" ];
+    in
-    wantedBy = [ "multi-user.target" ];
+    {
      description = "aria2 Service";
      requires = mounts;
      bindsTo = [ "wg.service" ];
      after = [ "wg.service" ] ++ mounts;
      wantedBy = [ "multi-user.target" ];
-    preStart = ''
+      preStart = ''
-      if [[ ! -e "${sessionFile}" ]]
+        if [[ ! -e "${sessionFile}" ]]
-      then
+        then
-        touch "${sessionFile}"
+          touch "${sessionFile}"
-      fi
+        fi
-      cp -f "${config.age.secrets.aria2-config.path}" "${settingsDir}/aria2.conf"
+        cp -f "${config.age.secrets.aria2-config.path}" "${settingsDir}/aria2.conf"
-    '';
+      '';
-    serviceConfig = {
+      serviceConfig = {
-      Restart = "on-abort";
+        Restart = "on-abort";
-      ExecStart = "${pkgs.aria2}/bin/aria2c --enable-rpc --conf-path=${settingsDir}/aria2.conf --save-session=${sessionFile}";
+        ExecStart = "${pkgs.aria2}/bin/aria2c --enable-rpc --conf-path=${settingsDir}/aria2.conf --save-session=${sessionFile}";
-      ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
-      User = "media_user";
+        User = "media_user";
-      Group = "media_group";
+        Group = "media_group";
-      NetworkNamespacePath = "/var/run/netns/wg";
+        NetworkNamespacePath = "/var/run/netns/wg";
-      BindReadOnlyPaths = [
+        BindReadOnlyPaths = [
-        "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind"
+          "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind"
-        "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind"
+          "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind"
-      ];
+        ];
      };
    };
  };
  services.nginx.virtualHosts."aria.internal.kempkens.network" = {
    quic = true;
--- a/system/nixos/jellyfin.nix
+++ b/system/nixos/jellyfin.nix
@ -8,6 +8,22 @@
    openFirewall = false;
  };
  systemd.services.jellyfin =
    let
      mounts = [
        "mnt-media-TV\\x20Shows.mount"
        "mnt-media-Documentaries.mount"
        "mnt-media-Anime.mount"
        "mnt-media-Movies.mount"
        "mnt-media-Deutsche\\x20Serien.mount"
        "mnt-media-Deutsche\\x20Filme.mount"
      ];
    in
    {
      requires = mounts;
      after = lib.mkMerge mounts;
    };
  services.nginx.virtualHosts."jellyfin.internal.kempkens.network" = {
    listen = [
      {
--- a/system/nixos/radarr.nix
+++ b/system/nixos/radarr.nix
@ -8,18 +8,26 @@
    openFirewall = false;
  };
-  systemd.services.radarr = {
+  systemd.services.radarr =
-    bindsTo = [ "wg.service" ];
+    let
-    after = lib.mkForce [ "wg.service" ];
+      mounts = [
-
+        "mnt-media-Movies.mount"
-    serviceConfig = {
+        "mnt-downloads.mount"
      NetworkNamespacePath = "/var/run/netns/wg";
      BindReadOnlyPaths = [
        "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind"
        "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind"
      ];
    in
    {
      requires = mounts;
      bindsTo = [ "wg.service" ];
      after = lib.mkForce ([ "wg.service" ] ++ mounts);
      serviceConfig = {
        NetworkNamespacePath = "/var/run/netns/wg";
        BindReadOnlyPaths = [
          "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind"
          "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind"
        ];
      };
    };
  };
  services.nginx.virtualHosts."radarr.internal.kempkens.network" = {
    quic = true;
--- a/system/nixos/sabnzbd.nix
+++ b/system/nixos/sabnzbd.nix
@ -2,25 +2,30 @@
 {
  # The nix-provided options force a sabnzbd-user to a certain degree
-  systemd.services.sabnzbd = {
+  systemd.services.sabnzbd =
-    description = "sabnzbd server";
+    let
-    bindsTo = [ "wg.service" ];
+      mounts = [ "mnt-downloads.mount" ];
-    after = [ "wg.service" ];
+    in
-    wantedBy = [ "multi-user.target" ];
+    {
      description = "sabnzbd server";
      requires = mounts;
      bindsTo = [ "wg.service" ];
      after = [ "wg.service" ] ++ mounts;
      wantedBy = [ "multi-user.target" ];
-    serviceConfig = {
+      serviceConfig = {
-      Type = "forking";
+        Type = "forking";
-      GuessMainPID = "no";
+        GuessMainPID = "no";
-      User = "media_user";
+        User = "media_user";
-      Group = "media_group";
+        Group = "media_group";
-      NetworkNamespacePath = "/var/run/netns/wg";
+        NetworkNamespacePath = "/var/run/netns/wg";
-      BindReadOnlyPaths = [
+        BindReadOnlyPaths = [
-        "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind"
+          "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind"
-        "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind"
+          "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind"
-      ];
+        ];
-      ExecStart = "${pkgs.sabnzbd}/bin/sabnzbd -d -f /var/lib/sabnzbd/sabnzbd.ini";
+        ExecStart = "${pkgs.sabnzbd}/bin/sabnzbd -d -f /var/lib/sabnzbd/sabnzbd.ini";
      };
    };
  };
  services.nginx.virtualHosts."sabnzbd.internal.kempkens.network" = {
    quic = true;
--- a/system/nixos/sonarr.nix
+++ b/system/nixos/sonarr.nix
@ -8,18 +8,28 @@
    openFirewall = false;
  };
-  systemd.services.sonarr = {
+  systemd.services.sonarr =
-    bindsTo = [ "wg.service" ];
+    let
-    after = lib.mkForce [ "wg.service" ];
+      mounts = [
-
+        "mnt-media-TV\\x20Shows.mount"
-    serviceConfig = {
+        "mnt-media-Documentaries.mount"
-      NetworkNamespacePath = "/var/run/netns/wg";
+        "mnt-media-Anime.mount"
-      BindReadOnlyPaths = [
+        "mnt-downloads.mount"
        "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind"
        "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind"
      ];
    in
    {
      requires = mounts;
      bindsTo = [ "wg.service" ];
      after = lib.mkForce ([ "wg.service" ] ++ mounts);
      serviceConfig = {
        NetworkNamespacePath = "/var/run/netns/wg";
        BindReadOnlyPaths = [
          "/etc/netns/wg/resolv.conf:/etc/resolv.conf:norbind"
          "/etc/netns/wg/nsswitch.conf:/etc/nsswitch.conf:norbind"
        ];
      };
    };
  };
  services.nginx.virtualHosts."sonarr.internal.kempkens.network" = {
    quic = true;