diff --git a/hosts/jupiter/users/storm/configs/console/podman/default.nix b/hosts/jupiter/users/storm/configs/console/podman/default.nix index c7d51f8..6ceaecf 100644 --- a/hosts/jupiter/users/storm/configs/console/podman/default.nix +++ b/hosts/jupiter/users/storm/configs/console/podman/default.nix @@ -11,7 +11,7 @@ in (import ./authelia { inherit user home; }) (import ./gitea { inherit user home; }) (import ./grafana { inherit user home; }) - (import ./jellyfin { inherit user home; }) + (import ./media { inherit user home; }) (import ./nextcloud { inherit user home; }) (import ./ntfy { inherit user home; }) (import ./outline { inherit user home; }) diff --git a/hosts/jupiter/users/storm/configs/console/podman/jellyfin/default.nix b/hosts/jupiter/users/storm/configs/console/podman/media/default.nix similarity index 53% rename from hosts/jupiter/users/storm/configs/console/podman/jellyfin/default.nix rename to hosts/jupiter/users/storm/configs/console/podman/media/default.nix index 0e4d6a3..0fe8e9c 100644 --- a/hosts/jupiter/users/storm/configs/console/podman/jellyfin/default.nix +++ b/hosts/jupiter/users/storm/configs/console/podman/media/default.nix @@ -12,16 +12,28 @@ let selfPkgs = inputs.self.packages.${system}; hmConfig = config.home-manager.users.${user}; - inherit (hmConfig.virtualisation.quadlet) volumes networks; - autheliaClientId = "59TRpNutxEeRRCAZbDsK7rsnrA5NC69HAdAO45CEfc740xl4hgIacDy2u03oiFc89Exb67udBQvmfwxgeAQtJPiNAJxA5OzGmdQf"; + inherit (hmConfig.virtualisation.quadlet) containers volumes networks; + + jellyfinAutheliaClientId = "59TRpNutxEeRRCAZbDsK7rsnrA5NC69HAdAO45CEfc740xl4hgIacDy2u03oiFc89Exb67udBQvmfwxgeAQtJPiNAJxA5OzGmdQf"; in { home-manager.users.${user} = { + systemd.user.tmpfiles.rules = [ + "d /mnt/storage/private/storm/containers/storage/volumes/media/_data 700 storm storm" + "d /mnt/storage/private/storm/containers/storage/volumes/media/_data/films 755 storm storm" + "d /mnt/storage/private/storm/containers/storage/volumes/media/_data/shows 755 storm storm" + "d /mnt/storage/private/storm/containers/storage/volumes/media/_data/anime-films 755 storm storm" + "d /mnt/storage/private/storm/containers/storage/volumes/media/_data/anime-shows 755 storm storm" + "d /mnt/storage/private/storm/containers/storage/volumes/media/_data/music 755 storm storm" + ]; + sops = { secrets = { "jellyfin/admin".sopsFile = ../../../../../../secrets/secrets.yaml; "jellyfin/authelia/password".sopsFile = ../../../../../../secrets/secrets.yaml; "jellyfin/authelia/digest".sopsFile = ../../../../../../secrets/secrets.yaml; + + "prowlarr/apiKey".sopsFile = ../../../../../../secrets/secrets.yaml; }; templates = { @@ -45,7 +57,7 @@ in clients = [ { - client_id = autheliaClientId; + client_id = jellyfinAutheliaClientId; client_name = "Jellyfin"; client_secret = hmConfig.sops.placeholder."jellyfin/authelia/digest"; redirect_uris = [ "https://media.karaolidis.com/sso/OID/redirect/authelia" ]; @@ -63,26 +75,27 @@ in }; } ); + + prowlarr-env.content = '' + PROWLARR_API_KEY=${hmConfig.sops.placeholder."prowlarr/apiKey"} + ''; }; }; - systemd.user.tmpfiles.rules = [ - "d /mnt/storage/private/storm/containers/storage/volumes/media/_data 700 storm storm" - "d /mnt/storage/private/storm/containers/storage/volumes/media/_data/films 755 storm storm" - "d /mnt/storage/private/storm/containers/storage/volumes/media/_data/shows 755 storm storm" - "d /mnt/storage/private/storm/containers/storage/volumes/media/_data/anime-films 755 storm storm" - "d /mnt/storage/private/storm/containers/storage/volumes/media/_data/anime-shows 755 storm storm" - "d /mnt/storage/private/storm/containers/storage/volumes/media/_data/music 755 storm storm" - ]; - virtualisation.quadlet = { - networks.jellyfin = { }; + networks = { + media = { }; + jellyfin = { }; + flaresolverr = { }; + }; volumes = { jellyfin-config = { }; jellyfin-data = { }; jellyfin-log = { }; jellyfin-cache = { }; + + prowlarr = { }; }; containers = { @@ -98,19 +111,19 @@ in setup = pkgs.writeTextFile { name = "setup.sh"; executable = true; - text = builtins.readFile ./setup.sh; + text = builtins.readFile ./jellyfin/setup.sh; }; in [ "/mnt/storage/private/storm/containers/storage/volumes/media/_data:/var/lib/media" "${setup}:/etc/jellyfin/setup.sh:ro" - "${./libraries}:/etc/jellyfin/libraries:ro" + "${./jellyfin/libraries}:/etc/jellyfin/libraries:ro" "${volumes.jellyfin-config.ref}:/etc/jellyfin" "${volumes.jellyfin-data.ref}:/var/lib/jellyfin" "${volumes.jellyfin-log.ref}:/var/log/jellyfin" "${volumes.jellyfin-cache.ref}:/tmp/jellyfin" ]; - environments.JELLYFIN_OIDC_CLIENT_ID = autheliaClientId; + environments.JELLYFIN_OIDC_CLIENT_ID = jellyfinAutheliaClientId; environmentFiles = [ hmConfig.sops.templates.jellyfin-env.path ]; labels = [ "traefik.enable=true" @@ -123,9 +136,78 @@ in unitConfig.After = [ "sops-nix.service" ]; }; - authelia.containerConfig.volumes = [ - "${hmConfig.sops.templates.authelia-jellyfin.path}:/etc/authelia/conf.d/jellyfin.yaml:ro" - ]; + flaresolverr.containerConfig = { + image = "docker-archive:${selfPkgs.docker-flaresolverr}"; + networks = [ networks.flaresolverr.ref ]; + }; + + prowlarr = { + containerConfig = { + image = "docker-archive:${selfPkgs.docker-prowlarr}"; + networks = [ + networks.media.ref + networks.transmission.ref + networks.flaresolverr.ref + networks.traefik.ref + ]; + volumes = + let + setup = pkgs.writeTextFile { + name = "setup.sh"; + executable = true; + text = builtins.readFile ./prowlarr/setup.sh; + }; + + postStart = pkgs.writeTextFile { + name = "post-start.sh"; + executable = true; + text = builtins.readFile ./prowlarr/post-start.sh; + }; + in + [ + "${setup}:/etc/prowlarr/setup.sh:ro" + "${postStart}:/etc/prowlarr/post-start.sh:ro" + "${./prowlarr/indexers}:/etc/prowlarr/indexers:ro" + "${volumes.prowlarr.ref}:/var/lib/prowlarr" + ]; + environments.PROWLARR_URL_BASE = "/indexers"; + environmentFiles = [ hmConfig.sops.templates.prowlarr-env.path ]; + labels = [ + "traefik.enable=true" + "traefik.http.routers.prowlarr.rule=Host(`media.karaolidis.com`) && PathPrefix(`/indexers`)" + "traefik.http.routers.prowlarr.middlewares=authelia@docker" + ]; + }; + + unitConfig.After = [ "sops-nix.service" ]; + }; + + authelia.containerConfig.volumes = + let + mediaConfig = (pkgs.formats.yaml { }).generate "media.yaml" { + access_control.rules = [ + { + domain = "media.karaolidis.com"; + policy = "one_factor"; + resources = [ "^/(indexers|films|shows|anime-films|anime-shows)([/?].*)?$" ]; + subject = [ "group:media" ]; + } + { + domain = "media.karaolidis.com"; + policy = "deny"; + resources = [ "^/(indexers|films|shows|anime-films|anime-shows)([/?].*)?$" ]; + } + { + domain = "media.karaolidis.com"; + policy = "bypass"; + } + ]; + }; + in + [ + "${mediaConfig}:/etc/authelia/conf.d/media.yaml:ro" + "${hmConfig.sops.templates.authelia-jellyfin.path}:/etc/authelia/conf.d/jellyfin.yaml:ro" + ]; }; }; }; diff --git a/hosts/jupiter/users/storm/configs/console/podman/jellyfin/libraries/movies/Anime Films.json b/hosts/jupiter/users/storm/configs/console/podman/media/jellyfin/libraries/movies/Anime Films.json similarity index 100% rename from hosts/jupiter/users/storm/configs/console/podman/jellyfin/libraries/movies/Anime Films.json rename to hosts/jupiter/users/storm/configs/console/podman/media/jellyfin/libraries/movies/Anime Films.json diff --git a/hosts/jupiter/users/storm/configs/console/podman/jellyfin/libraries/movies/Films.json b/hosts/jupiter/users/storm/configs/console/podman/media/jellyfin/libraries/movies/Films.json similarity index 100% rename from hosts/jupiter/users/storm/configs/console/podman/jellyfin/libraries/movies/Films.json rename to hosts/jupiter/users/storm/configs/console/podman/media/jellyfin/libraries/movies/Films.json diff --git a/hosts/jupiter/users/storm/configs/console/podman/jellyfin/libraries/music/Music.json b/hosts/jupiter/users/storm/configs/console/podman/media/jellyfin/libraries/music/Music.json similarity index 100% rename from hosts/jupiter/users/storm/configs/console/podman/jellyfin/libraries/music/Music.json rename to hosts/jupiter/users/storm/configs/console/podman/media/jellyfin/libraries/music/Music.json diff --git a/hosts/jupiter/users/storm/configs/console/podman/jellyfin/libraries/tvshows/Anime Shows.json b/hosts/jupiter/users/storm/configs/console/podman/media/jellyfin/libraries/tvshows/Anime Shows.json similarity index 100% rename from hosts/jupiter/users/storm/configs/console/podman/jellyfin/libraries/tvshows/Anime Shows.json rename to hosts/jupiter/users/storm/configs/console/podman/media/jellyfin/libraries/tvshows/Anime Shows.json diff --git a/hosts/jupiter/users/storm/configs/console/podman/jellyfin/libraries/tvshows/Shows.json b/hosts/jupiter/users/storm/configs/console/podman/media/jellyfin/libraries/tvshows/Shows.json similarity index 100% rename from hosts/jupiter/users/storm/configs/console/podman/jellyfin/libraries/tvshows/Shows.json rename to hosts/jupiter/users/storm/configs/console/podman/media/jellyfin/libraries/tvshows/Shows.json diff --git a/hosts/jupiter/users/storm/configs/console/podman/jellyfin/setup.sh b/hosts/jupiter/users/storm/configs/console/podman/media/jellyfin/setup.sh similarity index 96% rename from hosts/jupiter/users/storm/configs/console/podman/jellyfin/setup.sh rename to hosts/jupiter/users/storm/configs/console/podman/media/jellyfin/setup.sh index feb51fc..e521ab4 100644 --- a/hosts/jupiter/users/storm/configs/console/podman/jellyfin/setup.sh +++ b/hosts/jupiter/users/storm/configs/console/podman/media/jellyfin/setup.sh @@ -78,14 +78,14 @@ for filepath in /etc/jellyfin/libraries/*/*.json; do collectionType=$(jq -rn --arg s "$(basename "$(dirname "$filepath")")" '$s|@uri') name=$(jq -rn --arg s "$(basename "$filepath" .json)" '$s|@uri') - curl -sf "${JELLYFIN_HOST}/Library/VirtualFolders?collectionType=${collectionType}&name=${name}" \ + curl -sf "$JELLYFIN_HOST/Library/VirtualFolders?collectionType=$collectionType&name=$name" \ -X POST \ -H "Content-Type: application/json" \ -H 'Authorization: MediaBrowser Token="'"$token"'"' \ - --data-binary @"${filepath}" + --data-binary @"$filepath" done -curl -sf "${JELLYFIN_HOST}/Plugins/505ce9d1-d916-42fa-86ca-673ef241d7df/Configuration" \ +curl -sf "$JELLYFIN_HOST/Plugins/505ce9d1-d916-42fa-86ca-673ef241d7df/Configuration" \ -X POST \ -H 'Content-Type: application/json' \ -H 'Authorization: MediaBrowser Token="'"$token"'"' \ diff --git a/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/1337x.json b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/1337x.json new file mode 100644 index 0000000..0df3062 --- /dev/null +++ b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/1337x.json @@ -0,0 +1,19 @@ +{ + "enable": true, + "appProfileId": 1, + "priority": 25, + "name": "1337x", + "fields": [ + { + "name": "definitionFile", + "value": "1337x" + }, + { + "name": "baseUrl", + "value": "https://1337x.to/" + } + ], + "implementation": "Cardigann", + "configContract": "CardigannSettings", + "tags": [1] +} diff --git a/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/Internet Archive.json b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/Internet Archive.json new file mode 100644 index 0000000..1a50ddf --- /dev/null +++ b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/Internet Archive.json @@ -0,0 +1,18 @@ +{ + "enable": true, + "appProfileId": 1, + "priority": 25, + "name": "Internet Archive", + "fields": [ + { + "name": "definitionFile", + "value": "internetarchive" + }, + { + "name": "baseUrl", + "value": "https://archive.org/" + } + ], + "implementation": "Cardigann", + "configContract": "CardigannSettings" +} diff --git a/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/LimeTorrents.json b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/LimeTorrents.json new file mode 100644 index 0000000..dcbbbb1 --- /dev/null +++ b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/LimeTorrents.json @@ -0,0 +1,18 @@ +{ + "enable": true, + "appProfileId": 1, + "priority": 25, + "name": "LimeTorrents", + "fields": [ + { + "name": "definitionFile", + "value": "limetorrents" + }, + { + "name": "baseUrl", + "value": "https://www.limetorrents.lol/" + } + ], + "implementation": "Cardigann", + "configContract": "CardigannSettings" +} diff --git a/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/Nyaa.si.json b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/Nyaa.si.json new file mode 100644 index 0000000..7d7f5d9 --- /dev/null +++ b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/Nyaa.si.json @@ -0,0 +1,30 @@ +{ + "enable": true, + "appProfileId": 1, + "priority": 25, + "name": "Nyaa.si", + "fields": [ + { + "name": "definitionFile", + "value": "nyaasi" + }, + { + "name": "baseUrl", + "value": "https://nyaa.si/" + }, + { + "name": "sonarr_compatibility", + "value": true + }, + { + "name": "strip_s01", + "value": true + }, + { + "name": "radarr_compatibility", + "value": true + } + ], + "implementation": "Cardigann", + "configContract": "CardigannSettings" +} diff --git a/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/The Pirate Bay.json b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/The Pirate Bay.json new file mode 100644 index 0000000..df03561 --- /dev/null +++ b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/The Pirate Bay.json @@ -0,0 +1,18 @@ +{ + "enable": true, + "appProfileId": 1, + "priority": 25, + "name": "The Pirate Bay", + "fields": [ + { + "name": "definitionFile", + "value": "thepiratebay" + }, + { + "name": "baseUrl", + "value": "https://thepiratebay.org/" + } + ], + "implementation": "Cardigann", + "configContract": "CardigannSettings" +} diff --git a/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/TheRARBG.json b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/TheRARBG.json new file mode 100644 index 0000000..107b6d7 --- /dev/null +++ b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/TheRARBG.json @@ -0,0 +1,18 @@ +{ + "enable": true, + "appProfileId": 1, + "priority": 25, + "name": "TheRARBG", + "fields": [ + { + "name": "definitionFile", + "value": "therarbg" + }, + { + "name": "baseUrl", + "value": "https://therarbg.to/" + } + ], + "implementation": "Cardigann", + "configContract": "CardigannSettings" +} diff --git a/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/Torlock.json b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/Torlock.json new file mode 100644 index 0000000..2738778 --- /dev/null +++ b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/Torlock.json @@ -0,0 +1,18 @@ +{ + "enable": true, + "appProfileId": 1, + "priority": 25, + "name": "Torlock", + "fields": [ + { + "name": "definitionFile", + "value": "torlock" + }, + { + "name": "baseUrl", + "value": "https://www.torlock.com/" + } + ], + "implementation": "Cardigann", + "configContract": "CardigannSettings" +} diff --git a/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/Torrent Download.json b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/Torrent Download.json new file mode 100644 index 0000000..3a8a83f --- /dev/null +++ b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/Torrent Download.json @@ -0,0 +1,18 @@ +{ + "enable": true, + "appProfileId": 1, + "priority": 25, + "name": "TorrentDownload", + "fields": [ + { + "name": "definitionFile", + "value": "torrentdownload" + }, + { + "name": "baseUrl", + "value": "https://www.torrentdownload.info/" + } + ], + "implementation": "Cardigann", + "configContract": "CardigannSettings" +} diff --git a/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/Torrent Downloads.json b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/Torrent Downloads.json new file mode 100644 index 0000000..05f8db3 --- /dev/null +++ b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/Torrent Downloads.json @@ -0,0 +1,18 @@ +{ + "enable": true, + "appProfileId": 1, + "priority": 25, + "name": "Torrent Downloads", + "fields": [ + { + "name": "definitionFile", + "value": "torrentdownloads" + }, + { + "name": "baseUrl", + "value": "https://www.torrentdownloads.pro/" + } + ], + "implementation": "Cardigann", + "configContract": "CardigannSettings" +} diff --git a/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/YourBittorent.json b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/YourBittorent.json new file mode 100644 index 0000000..266c40b --- /dev/null +++ b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/YourBittorent.json @@ -0,0 +1,18 @@ +{ + "enable": true, + "appProfileId": 1, + "priority": 25, + "name": "YourBittorrent", + "fields": [ + { + "name": "definitionFile", + "value": "yourbittorrent" + }, + { + "name": "baseUrl", + "value": "https://yourbittorrent.com/" + } + ], + "implementation": "Cardigann", + "configContract": "CardigannSettings" +} diff --git a/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/kickasstorrents.to.json b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/kickasstorrents.to.json new file mode 100644 index 0000000..3aebb6b --- /dev/null +++ b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/kickasstorrents.to.json @@ -0,0 +1,19 @@ +{ + "enable": true, + "appProfileId": 1, + "priority": 25, + "name": "kickasstorrents.to", + "fields": [ + { + "name": "definitionFile", + "value": "kickasstorrents-to" + }, + { + "name": "baseUrl", + "value": "https://kickass.torrentbay.st/" + } + ], + "implementation": "Cardigann", + "configContract": "CardigannSettings", + "tags": [1] +} diff --git a/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/kickasstorrents.ws.json b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/kickasstorrents.ws.json new file mode 100644 index 0000000..ebcb56f --- /dev/null +++ b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/indexers/kickasstorrents.ws.json @@ -0,0 +1,18 @@ +{ + "enable": true, + "appProfileId": 1, + "priority": 25, + "name": "kickasstorrents.ws", + "fields": [ + { + "name": "definitionFile", + "value": "kickasstorrents-ws" + }, + { + "name": "baseUrl", + "value": "https://kickass.ws/" + } + ], + "implementation": "Cardigann", + "configContract": "CardigannSettings" +} diff --git a/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/post-start.sh b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/post-start.sh new file mode 100644 index 0000000..4c6b75c --- /dev/null +++ b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/post-start.sh @@ -0,0 +1,9 @@ +# shellcheck shell=sh + +for filepath in /etc/prowlarr/indexers/*.json; do + curl -sf --retry 10 "$PROWLARR_HOST/api/v1/indexer?forceSave=true" \ + -X POST \ + -H "Content-Type: application/json" \ + -H "X-Api-Key: $PROWLARR_API_KEY" \ + --data-binary @"$filepath" || true +done diff --git a/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/setup.sh b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/setup.sh new file mode 100644 index 0000000..3066b15 --- /dev/null +++ b/hosts/jupiter/users/storm/configs/console/podman/media/prowlarr/setup.sh @@ -0,0 +1,61 @@ +# shellcheck shell=sh + +# Tag ID: 1 +curl -sf "$PROWLARR_HOST/api/v1/tag" \ + -X POST \ + -H 'Content-Type: application/json' \ + -H "X-Api-Key: $PROWLARR_API_KEY" \ + --data-raw '{"label": "flaresolverr"}' + +curl -sf "$PROWLARR_HOST/api/v1/indexerProxy?forceSave=true" \ + -X POST \ + -H 'Content-Type: application/json' \ + -H "X-Api-Key: $PROWLARR_API_KEY" \ + --data-binary @- </dev/null)"; do diff --git a/packages/docker/postgresql/entrypoint.sh b/packages/docker/postgresql/entrypoint.sh index 4a278a5..88ea4df 100644 --- a/packages/docker/postgresql/entrypoint.sh +++ b/packages/docker/postgresql/entrypoint.sh @@ -8,7 +8,6 @@ POSTGRES_PASSWORD="${POSTGRES_PASSWORD:-postgres}" POSTGRES_DB="${POSTGRES_DB:-$POSTGRES_USER}" export PGDATA="${PGDATA:-/var/lib/postgresql/data}" -mkdir -p /tmp LOG_PIPE="$(mktemp -u)" mkfifo "$LOG_PIPE" diff --git a/packages/docker/prometheus-fail2ban-exporter/entrypoint.sh b/packages/docker/prometheus-fail2ban-exporter/entrypoint.sh index 39ef1cb..143701f 100644 --- a/packages/docker/prometheus-fail2ban-exporter/entrypoint.sh +++ b/packages/docker/prometheus-fail2ban-exporter/entrypoint.sh @@ -3,7 +3,6 @@ set -o errexit set -o nounset -mkdir -p /tmp LOG_PIPE="$(mktemp -u)" mkfifo "$LOG_PIPE" diff --git a/packages/docker/prometheus-podman-exporter/entrypoint.sh b/packages/docker/prometheus-podman-exporter/entrypoint.sh index ac3130c..d54b2a3 100644 --- a/packages/docker/prometheus-podman-exporter/entrypoint.sh +++ b/packages/docker/prometheus-podman-exporter/entrypoint.sh @@ -3,7 +3,6 @@ set -o errexit set -o nounset -mkdir -p /tmp LOG_PIPE="$(mktemp -u)" mkfifo "$LOG_PIPE" diff --git a/packages/docker/prowlarr/default.nix b/packages/docker/prowlarr/default.nix new file mode 100644 index 0000000..24f5298 --- /dev/null +++ b/packages/docker/prowlarr/default.nix @@ -0,0 +1,43 @@ +{ pkgs, ... }: +let + entrypoint = pkgs.writeTextFile { + name = "entrypoint"; + executable = true; + destination = "/bin/entrypoint"; + text = builtins.readFile ./entrypoint.sh; + }; +in +pkgs.dockerTools.buildImage { + name = "prowlarr"; + fromImage = import ../base { inherit pkgs; }; + + copyToRoot = pkgs.buildEnv { + name = "root"; + paths = with pkgs; [ + entrypoint + prowlarr + xmlstarlet + curl + jq + ]; + pathsToLink = [ + "/bin" + "/lib" + ]; + }; + + runAsRoot = '' + ${pkgs.dockerTools.shadowSetup} + ''; + + config = { + Entrypoint = [ "entrypoint" ]; + ExposedPorts = { + "9696/tcp" = { }; + }; + WorkingDir = "/var/lib/prowlarr"; + Volumes = { + "/var/lib/prowlarr" = { }; + }; + }; +} diff --git a/packages/docker/prowlarr/entrypoint.sh b/packages/docker/prowlarr/entrypoint.sh new file mode 100644 index 0000000..deb258f --- /dev/null +++ b/packages/docker/prowlarr/entrypoint.sh @@ -0,0 +1,46 @@ +#!/usr/bin/env sh + +set -o errexit +set -o nounset + +if [ ! -f /var/lib/prowlarr/init ]; then + echo '' > /var/lib/prowlarr/config.xml + + xmlstarlet ed -L \ + -s /Config -t elem -n LaunchBrowser -v "False" \ + -s /Config -t elem -n ApiKey -v "$PROWLARR_API_KEY" \ + -s /Config -t elem -n AuthenticationMethod -v "External" \ + -s /Config -t elem -n AuthenticationRequired -v "DisabledForLocalAddresses" \ + -s /Config -t elem -n LogLevel -v "info" \ + -s /Config -t elem -n UrlBase -v "${PROWLARR_URL_BASE:-}" \ + -s /Config -t elem -n InstanceName -v "${PROWLARR_INSTANCE_NAME:-prowlarr}" \ + -s /Config -t elem -n AnalyticsEnabled -v "False" \ + /var/lib/prowlarr/config.xml +fi + +Prowlarr -data=/var/lib/prowlarr -nobrowser "$@" & +PID=$! + +PROWLARR_HOST="http://localhost:9696${PROWLARR_URL_BASE}" + +if [ ! -f /var/lib/prowlarr/init ]; then + curl -sf --retry 10 --retry-connrefused \ + -H "X-Api-Key: $PROWLARR_API_KEY" \ + "$PROWLARR_HOST/api/v1/health" + + if [ -f /etc/prowlarr/setup.sh ]; then + # shellcheck disable=SC1091 + . /etc/prowlarr/setup.sh + fi + + touch /var/lib/prowlarr/init +fi + +if [ -f /etc/prowlarr/post-start.sh ]; then + # shellcheck disable=SC1091 + . /etc/prowlarr/post-start.sh +fi + +trap 'kill -INT "$PID"' INT TERM +wait "$PID" +exit $? diff --git a/packages/docker/transmission-protonvpn/default.nix b/packages/docker/transmission-protonvpn/default.nix index c2fe42a..c5aab47 100644 --- a/packages/docker/transmission-protonvpn/default.nix +++ b/packages/docker/transmission-protonvpn/default.nix @@ -35,10 +35,6 @@ pkgs.dockerTools.buildImage { ]; }; - runAsRoot = '' - mkdir -p /tmp - ''; - config = { Entrypoint = [ "entrypoint" ]; ExposedPorts = {