initial setup

root/services/authentik/default.nix

@@ -0,0 +1,118 @@
+{ ... }:
+{
+  virtualisation.oci-containers.containers."container-authentik-cache" = {
+    image = "docker.io/library/redis:alpine";
+    networks = [
+      "network-internal"
+    ];
+    volumes = [
+      "volume-authentik-cache:/data:rw"
+    ];
+    cmd = [ "--save" "60" "1" "--loglevel" "warning" ];
+    extraOptions = [
+      "--pull=always"
+    ];
+  };
+
+  virtualisation.oci-containers.containers."container-authentik-db" = {
+    image = "docker.io/library/postgres:12-alpine";
+    environment = {
+      "POSTGRES_DB" = "authentik";
+      "POSTGRES_PASSWORD" = "shmJQWMIWJRI23jn19842!";
+      "POSTGRES_USER" = "authentik";
+    };
+    networks = [
+      "network-internal"
+    ];
+    volumes = [
+      "volume-authentik-db:/var/lib/postgresql/data:rw"
+    ];
+    extraOptions = [
+     "--pull=always"
+    ];
+  };
+  virtualisation.oci-containers.containers."container-authentik-ldap" = {
+    image = "ghcr.io/goauthentik/ldap";
+    environment = {
+      "AUTHENTIK_HOST" = "http://container-authentik-server:9000";
+      "AUTHENTIK_INSECURE" = "true";
+      "AUTHENTIK_TOKEN" = "yZPlmWkdLsteKXXAJJPFO0Txd7o9zZlIfFdyBlGh0LjPjatYjpcqSYHwzMQ9";
+    };
+    networks = [
+      "network-internal"
+    ];
+    ports = [
+      "389:3389"
+      "636:6636"
+    ];
+    dependsOn = [
+      "container-authentik-server"
+      "container-authentik-worker"
+      "container-authentik-cache"
+      "container-authentik-db"
+    ];
+    extraOptions = [
+      "--pull=always"
+    ];
+  };
+  virtualisation.oci-containers.containers."container-authentik-server" = {
+    image = "ghcr.io/goauthentik/server";
+    environment = {
+      "AUTHENTIK_SECRET_KEY" = "OS7C4vThZKf5tPGKlOu3QXgZIHWAF7HBfpk/Y6LMVh7QMdyOD6NwojmASlKb3lwtYA5OdZzDLB2GNSQg";
+      "AUTHENTIK_POSTGRESQL__HOST" = "container-authentik-db";
+      "AUTHENTIK_POSTGRESQL__NAME" = "authentik";
+      "AUTHENTIK_POSTGRESQL__PASSWORD" = "shmJQWMIWJRI23jn19842!";
+      "AUTHENTIK_POSTGRESQL__USER" = "authentik";
+      "AUTHENTIK_REDIS__HOST" = "container-authentik-cache";
+      "AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS" = "172.16.0.0/12";
+    };
+    networks = [
+      "network-internal"
+    ];
+    ports = [
+    "9000:9000"
+    "9443:9443"
+    ];
+    volumes = [
+      "volume-authentik-media:/media:rw"
+      "volume-authentik-templates:/templates:rw"
+    ];
+    cmd = [ "server" ];
+    dependsOn = [
+      "container-authentik-cache"
+      "container-authentik-db"
+    ];
+    extraOptions = [
+      "--pull=always"
+    ];
+  };
+  virtualisation.oci-containers.containers."container-authentik-worker" = {
+    image = "ghcr.io/goauthentik/server";
+    environment = {
+      "AUTHENTIK_SECRET_KEY" = "OS7C4vThZKf5tPGKlOu3QXgZIHWAF7HBfpk/Y6LMVh7QMdyOD6NwojmASlKb3lwtYA5OdZzDLB2GNSQg";
+      "AUTHENTIK_POSTGRESQL__HOST" = "container-authentik-db";
+      "AUTHENTIK_POSTGRESQL__NAME" = "authentik";
+      "AUTHENTIK_POSTGRESQL__PASSWORD" = "shmJQWMIWJRI23jn19842!";
+      "AUTHENTIK_POSTGRESQL__USER" = "authentik";
+      "AUTHENTIK_REDIS__HOST" = "container-authentik-cache";
+      "AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS" = "172.16.0.0/12";
+    };
+    networks = [
+      "network-internal"
+    ];
+    volumes = [
+      "/run/docker.sock:/var/run/docker.sock:rw"
+      "volume-authentik-certs:/certs:rw"
+      "volume-authentik-media:/media:rw"
+      "volume-authentik-templates:/templates:rw"
+    ];
+    cmd = [ "worker" ];
+    dependsOn = [
+      "container-authentik-cache"
+      "container-authentik-db"
+    ];
+    extraOptions = [
+      "--pull=always"
+    ];
+  };
+}

root/services/bazarr/default.nix

@@ -0,0 +1,23 @@
+{ ... }:
+{
+  virtualisation.oci-containers.containers."container-bazarr-app" = {
+    autoStart = true;
+    image = "lscr.io/linuxserver/bazarr:latest";
+    environment = {
+      "TZ" = "Europe/Berlin";
+      "PUID" = "0";
+      "PGID" = "0";
+    };
+    networks = [
+      "network-internal"
+    ];
+    volumes = [
+      "volume-bazarr-config:/config:rw"
+      "/data:/data:rw"
+    ];
+    ports = ["6767:6767"];
+    extraOptions = [
+      "--pull=always"
+    ];
+  };
+}

root/services/borg/default.nix

@@ -0,0 +1,12 @@
+{pkgs, ...}:
+{
+    services.borgbackup.jobs."server" = {
+        paths = "/var/lib/docker";
+        encryption.mode = "repokey-blake2";
+        encryption.passCommand = "cat /root/passphrase";
+        environment.BORG_RSH = "ssh -i /home/administrator/.ssh/extern";
+        repo = "e6cr76lv@e6cr76lv.repo.borgbase.com:repo";
+        compression = "auto,zstd";
+        startAt = "daily";
+    };
+}

root/services/docker-network/default.nix

@@ -0,0 +1,6 @@
+{ pkgs, ... }:
+{
+  system.activationScripts.network-internal = ''
+    ${pkgs.docker}/bin/docker network create network-internal
+  '';
+}

root/services/docker-runtime/default.nix

@@ -0,0 +1,8 @@
+{ ... }:
+{
+  virtualisation.docker = {
+    enable = true;
+    autoPrune.enable = false;
+  };
+  virtualisation.oci-containers.backend = "docker";
+}

root/services/emby/default.nix

@@ -0,0 +1,37 @@
+{ pkgs, ... }:
+{
+  hardware.graphics = {
+    enable = true;
+    extraPackages = with pkgs; [
+      intel-media-driver
+      intel-compute-runtime
+      vpl-gpu-rt
+      vaapiVdpau
+      libvdpau-va-gl
+      intel-vaapi-driver
+    ];
+  };
+  virtualisation.oci-containers.containers."container-emby-app" = {
+    autoStart = true;
+    image = "lscr.io/linuxserver/emby:beta";
+    devices = [
+        "/dev/dri:/dev/dri"
+    ];
+    environment = {
+      "TZ" = "Europe/Berlin";
+      "PUID" = "0";
+      "PGID" = "0";
+    };
+    networks = [
+      "network-internal"
+    ];
+    volumes = [
+      "volume-emby-config:/config:rw"
+      "/data:/data:rw"
+    ];
+    ports = ["8096:8096"];
+    extraOptions = [
+      "--pull=always"
+    ];
+  };
+}

root/services/home-assistant/default.nix

@@ -0,0 +1,48 @@
+{ ... }:
+{
+  virtualisation.oci-containers.containers."container-home-assistant-app" = {
+    autoStart = true;
+    image = "ghcr.io/home-assistant/home-assistant:stable";
+    devices = [
+        "/dev/ttyUSB0:/dev/ttyUSB0"
+    ];
+    environment = {
+      "TZ" = "Europe/Berlin";
+      "PUID" = "0";
+      "PGID" = "0";
+    };
+    networks = [
+      "network-internal"
+    ];
+    ports = [
+      "8123:8123"
+    ];
+    volumes = [
+      "volume-home-assistant-config:/config:rw"
+      "/var/run/docker.sock:/var/run/docker.sock:ro"
+    ];
+    extraOptions = [
+       "--pull=always"
+     ];
+  };
+  virtualisation.oci-containers.containers."container-home-assistant-mqtt" = {
+    autoStart = true;
+    image = "eclipse-mosquitto:latest";
+    environment = {
+      "TZ" = "Europe/Berlin";
+      "PUID" = "0";
+      "PGID" = "0";
+    };
+    networks = [
+      "network-internal"
+    ];
+    ports = [
+      "1883:1883"
+      "9001:9001"
+    ];
+    volumes = [
+      "volume-home-assistant-mqtt:/etc/mosquitto:rw"
+      "volume-home-assistant-mqtt-config:/mosquitto/config:rw"
+    ];
+  };
+}

root/services/jellyseerr/default.nix

@@ -0,0 +1,21 @@
+{ ... }:
+{
+  virtualisation.oci-containers.containers."container-jellyseerr-app" = {
+    autoStart = true;
+    image = "fallenbagel/jellyseerr";
+    environment = {
+      "TZ" = "Europe/Berlin";
+      "JELLYFIN_TYPE" = "emby";
+    };
+    networks = [
+      "network-internal"
+    ];
+    volumes = [
+      "volume-jellyseerr-config:/app/config:rw"
+    ];
+    ports = ["5055:5055"];
+    extraOptions = [
+      "--pull=always"
+    ];
+  };
+}

root/services/radarr/default.nix

@@ -0,0 +1,24 @@
+{ ... }:
+{
+  virtualisation.oci-containers.containers."container-radarr-app" = {
+    autoStart = true;
+    image = "lscr.io/linuxserver/radarr:latest";
+    environment = {
+      "TZ" = "Europe/Berlin";
+      "PUID" = "0";
+      "PGID" = "0";
+    };
+    networks = [
+      "network-internal"
+      "network-external"
+    ];
+    volumes = [
+      "volume-radarr-config:/config:rw"
+      "/data:/data:rw"
+    ];
+    ports = ["7878:7878"];
+    extraOptions = [
+      "--pull=always"
+    ];
+  };
+}

root/services/recyclarr/default.nix

@@ -0,0 +1,21 @@
+{ ... }:
+{
+  virtualisation.oci-containers.containers."container-recyclarr-app" = {
+    autoStart = true;
+    image = "ghcr.io/recyclarr/recyclarr:latest";
+    environment = {
+      "TZ" = "Europe/Berlin";
+      "PUID" = "0";
+      "PGID" = "0";
+    };
+    networks = [
+      "network-internal"
+    ];
+    volumes = [
+      "volume-recyclarr-config:/config:rw"
+    ];
+    extraOptions = [
+      "--pull=always"
+    ];
+  };
+}

root/services/recyclarr/dotfiles/recyclarr.yml

@@ -0,0 +1,108 @@
+sonarr:
+  series:
+    media_naming:
+      series: emby
+      season: default
+      episodes:
+        rename: true
+        standard: default
+        daily: default
+        anime: default
+    base_url: 'http://container-sonarr-app:8989'
+    api_key: 21811d916522404eae24cb2e1c32a655
+    include:
+      - template: sonarr-v4-quality-profile-web-2160p
+      - template: sonarr-v4-custom-formats-web-2160p
+    quality_profiles:
+      - name: WEB-2160p
+        reset_unmatched_scores:
+          enabled: true
+        min_format_score: -10000
+        upgrade:
+          allowed: true
+          until_quality: Bluray-2160p
+        score_set: default
+        quality_sort: top
+        qualities:
+          - name: Bluray-2160p
+          - name: Bluray-2160p Remux
+          - name: 2160p MQ
+              - WEBDL-2160p
+              - WEBRip-2160p
+          - name: Bluray-1080p Remux
+          - name: Bluray-1080p
+          - name: 1080p MQ
+            qualities:
+              - WEBDL-1080p
+              - WEBRip-1080p
+          - name: LQ
+            qualities:
+              - HDTV-2160p
+              - HDTV-1080p
+          - name: Trash
+            qualities:
+              - Bluray-720p
+              - WEBDL-720p
+              - WEBRip-720p
+              - HDTV-720p
+              - Bluray-576p
+              - Bluray-480p
+              - WEBDL-480p
+              - WEBRip-480p
+              - DVD
+              - SDTV
+radarr:
+  movies:
+    media_naming:
+      folder: emby
+      movie:
+        rename: true
+        standard: emby
+    base_url: 'http://container-radarr-app:7878'
+    api_key: 81dc7e319c2745138bf86f19a0e4cf2d
+    include:
+      - template: radarr-quality-profile-sqp-1-2160p-default
+      - template: radarr-custom-formats-sqp-1-2160p
+    custom_formats:
+      - trash_ids:
+            - b17886cb4158d9fea189859409975758
+            - 55a5b50cb416dea5a50c4955896217ab
+    quality_profiles:
+      - name: SQP-1 (2160p)
+        reset_unmatched_scores:
+          enabled: true
+        min_format_score: -10000
+        upgrade:
+          allowed: true
+          until_quality: Bluray-2160p
+        score_set: SQP-1
+        quality_sort: top
+        qualities:
+          - name: Bluray-2160p
+          - name: Remux-2160p
+          - name: 2160-MQ
+            qualities:
+              - WEBDL-2160p
+              - WEBRip-2160p
+          - name: Remux-1080p
+          - name: Bluray-1080p
+          - name: 1080p
+            qualities:
+              - WEBDL-1080p
+              - WEBRip-1080p
+          - name: LQ
+            qualities:
+              - HDTV-2160p
+              - HDTV-1080p
+          - name: Trash
+            qualities:
+              - Bluray-720p
+              - WEBDL-720p
+              - WEBRip-720p
+              - HDTV-720p
+              - Bluray-576p
+              - WEBRip-480p
+              - WEBDL-480p
+              - Bluray-480p
+              - DVD
+              - SDTV

root/services/sabnzbd/default.nix

@@ -0,0 +1,23 @@
+{ ... }:
+{
+  virtualisation.oci-containers.containers."container-sabnzbd-app" = {
+    autoStart = true;
+    image = "lscr.io/linuxserver/sabnzbd:latest";
+    environment = {
+      "TZ" = "Europe/Berlin";
+      "PUID" = "0";
+      "PGID" = "0";
+    };
+    networks = [
+      "network-internal"
+    ];
+    volumes = [
+      "volume-sabnzbd-config:/config:rw"
+      "/data:/data:rw"
+    ];
+    ports = ["8080:8080"];
+    extraOptions = [
+      "--pull=always"
+    ];
+  };
+}

root/services/sonarr/default.nix

@@ -0,0 +1,23 @@
+{ ... }:
+{
+  virtualisation.oci-containers.containers."container-sonarr-app" = {
+    autoStart = true;
+    image = "lscr.io/linuxserver/sonarr:latest";
+    environment = {
+      "TZ" = "Europe/Berlin";
+      "PUID" = "0";
+      "PGID" = "0";
+    };
+    networks = [
+      "network-internal"
+    ];
+    volumes = [
+      "volume-sonarr-config:/config:rw"
+      "/data:/data:rw"
+    ];
+    ports = ["8989:8989"];
+    extraOptions = [
+      "--pull=always"
+    ];
+  };
+}