From 53554b019b28c816b0bfec7e870e99f9586a9769 Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Sat, 5 Feb 2022 18:24:26 +0100 Subject: [PATCH] Added flaresolverr service and some other --- flake.nix | 2 + lib/default.nix | 1 + machines/lisa/default.nix | 7 ++ modules/bruit/default.nix | 32 +++++++++ modules/flaresolverr/default.nix | 26 ++++++++ modules/influxdb/default.nix | 26 ++++++++ modules/jackett/default.nix | 4 +- modules/lidarr/default.nix | 46 +++++++++++++ modules/mediaserver/default.nix | 18 ++++++ modules/navidrome/default.nix | 104 ++++++++++++++++++++++++++++++ packages/flaresolverr/default.nix | 68 +++++++++++++++++++ 11 files changed, 333 insertions(+), 1 deletion(-) create mode 100644 modules/bruit/default.nix create mode 100644 modules/flaresolverr/default.nix create mode 100644 modules/influxdb/default.nix create mode 100644 modules/lidarr/default.nix create mode 100644 modules/navidrome/default.nix create mode 100644 packages/flaresolverr/default.nix diff --git a/flake.nix b/flake.nix index 482836e..a6048ed 100644 --- a/flake.nix +++ b/flake.nix @@ -53,11 +53,13 @@ packages."x86_64-linux" = { tinystatus = import ./packages/tinystatus { inherit pkgs; }; mosh = pkgs.callPackage ./packages/mosh {}; + flaresolverr = pkgs.callPackage ./package/flaresolverr {}; htpdate = pkgs.callPackage ./packages/htpdate {}; }; packages."aarch64-linux" = { tinystatus = import ./packages/tinystatus { pkgs = pkgsrpi; }; mosh = pkgsrpi.callPackage ./packages/mosh {}; + flaresolverr = pkgsrpi.callPacakge ./packages/flaresolverr {}; htpdate = pkgsrpi.callPackage ./packages/htpdate {}; }; }; diff --git a/lib/default.nix b/lib/default.nix index 8c0f6f6..2f6627e 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -30,6 +30,7 @@ in { tinystatus = prev.pkgs.callPackage ../packages/tinystatus { }; mosh = prev.pkgs.callPackage ../packages/mosh { }; + flaresolverr = prev.pkgs.callPackage ../packages/flaresolverr { }; htpdate = prev.pkgs.callPackage ../packages/htpdate { }; }) inputs.neovim-nightly-overlay.overlay diff --git a/machines/lisa/default.nix b/machines/lisa/default.nix index 2862e76..2774007 100644 --- a/machines/lisa/default.nix +++ b/machines/lisa/default.nix @@ -37,6 +37,13 @@ subdomain = "docs"; }; }; + bruit = { + enable = true; + nginx = { + enable = true; + subdomain = "bruit"; + }; + }; mailserver.enable = true; }; diff --git a/modules/bruit/default.nix b/modules/bruit/default.nix new file mode 100644 index 0000000..7802d64 --- /dev/null +++ b/modules/bruit/default.nix @@ -0,0 +1,32 @@ +{ lib, pkgs, config, ... }: +with lib; +let + cfg = config.luj.bruit; + port = 3500; +in +{ + + options.luj.bruit = { + + enable = mkEnableOption "activate bruit monitoring"; + + nginx.enable = mkEnableOption "activate nginx"; + nginx.subdomain = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable ( + mkMerge [{ + services.grafana.enable = true; + services.grafana.port = port; + luj.influxdb.enable = true; + luj.influxdb.nginx = { + enable = true; + subdomain = "influxdb"; + }; + } + + (mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port))]); + +} diff --git a/modules/flaresolverr/default.nix b/modules/flaresolverr/default.nix new file mode 100644 index 0000000..d0f64f0 --- /dev/null +++ b/modules/flaresolverr/default.nix @@ -0,0 +1,26 @@ +{ lib, pkgs, config, ... }: +with lib; +let + cfg = config.luj.flaresolverr; +in +{ + + options.luj.flaresolverr = { + enable = mkEnableOption "activate flaresolverr service"; + }; + + config = mkIf cfg.enable { + systemd.services.flaresolverr = { + description = "Flaresolverr"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.flaresolverr}/bin/flaresolverr"; + Restart = "on-failure"; + }; + }; + }; + +} diff --git a/modules/influxdb/default.nix b/modules/influxdb/default.nix new file mode 100644 index 0000000..0c7b63c --- /dev/null +++ b/modules/influxdb/default.nix @@ -0,0 +1,26 @@ +{ lib, pkgs, config, ... }: +with lib; +let + cfg = config.luj.influxdb; + port = 8086; +in +{ + + options.luj.influxdb = { + + enable = mkEnableOption "activate influxdb service"; + + nginx.enable = mkEnableOption "activate nginx"; + nginx.subdomain = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable ( + mkMerge [{ + services.influxdb2.enable = true; + } + + (mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port))]); + +} diff --git a/modules/jackett/default.nix b/modules/jackett/default.nix index e1d2dab..9e27d19 100644 --- a/modules/jackett/default.nix +++ b/modules/jackett/default.nix @@ -33,11 +33,13 @@ in services.jackett = { enable = true; user = cfg.user; + package = pkgs.unstable.jackett; group = cfg.group; }; + } - (mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port) )]); + (mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port))]); diff --git a/modules/lidarr/default.nix b/modules/lidarr/default.nix new file mode 100644 index 0000000..ea9f95c --- /dev/null +++ b/modules/lidarr/default.nix @@ -0,0 +1,46 @@ +{ lib, pkgs, config, ... }: +with lib; +let + cfg = config.luj.lidarr; + port = 8686; +in +{ + + options.luj.lidarr = { + + enable = mkEnableOption "activate lidarr service"; + + user = mkOption { + type = types.str; + default = "lidarr"; + description = "User account under which Lidarr runs."; + }; + + group = mkOption { + type = types.str; + default = "lidarr"; + description = "Group under which Lidarr runs."; + }; + + nginx.enable = mkEnableOption "activate nginx"; + nginx.subdomain = mkOption { + type = types.str; + }; + + }; + + config = mkIf cfg.enable ( + mkMerge [{ + services.lidarr = { + enable = true; + user = cfg.user; + group = cfg.group; + }; + } + + (mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port) )]); + + + + +} diff --git a/modules/mediaserver/default.nix b/modules/mediaserver/default.nix index 1a35c2a..5d138f2 100644 --- a/modules/mediaserver/default.nix +++ b/modules/mediaserver/default.nix @@ -37,6 +37,14 @@ in { nginx.subdomain = "films"; }; + luj.lidarr = { + enable = true; + user = "mediaserver"; + group = "mediaserver"; + nginx.enable = true; + nginx.subdomain = "songs"; + }; + luj.jellyfin = { enable = true; user = "mediaserver"; @@ -53,6 +61,16 @@ in { nginx.subdomain = "jackett"; }; + luj.flaresolverr.enable = true; + + luj.navidrome = { + enable = true; + user = "mediaserver"; + group = "mediaserver"; + nginx.enable = true; + nginx.subdomain = "music"; + }; + luj.transmission = { enable = true; user = "mediaserver"; diff --git a/modules/navidrome/default.nix b/modules/navidrome/default.nix new file mode 100644 index 0000000..e924802 --- /dev/null +++ b/modules/navidrome/default.nix @@ -0,0 +1,104 @@ +{ lib, pkgs, config, ... }: +with lib; +let + cfg = config.luj.navidrome; + port = 4533; + settingsFormat = pkgs.formats.json {}; +in +{ + + options.luj.navidrome = { + + enable = mkEnableOption "activate navidrome service"; + + user = mkOption { + type = types.str; + default = "navidrome"; + description = "User account under which Navidrome runs."; + }; + + group = mkOption { + type = types.str; + default = "navidrome"; + description = "Group under which Navidrome runs."; + }; + + + settings = mkOption rec { + type = settingsFormat.type; + apply = recursiveUpdate default; + default = { + Address = "127.0.0.1"; + Port = 4533; + MusicFolder = "/home/mediaserver/music"; + EnableGravatar = true; + LastFM.Enabled = false; + ListenBrainz.Enabled = false; + }; + example = { + MusicFolder = "/mnt/music"; + }; + description = '' + Configuration for Navidrome, see for supported values. + ''; + }; + + nginx.enable = mkEnableOption "activate nginx"; + nginx.subdomain = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable ( + mkMerge [{ + + systemd.services.navidrome = { + description = "Navidrome Media Server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = cfg.user; + Group = cfg.group; + ExecStart = '' + ${pkgs.navidrome}/bin/navidrome --configfile ${settingsFormat.generate "navidrome.json" cfg.settings} + ''; + DynamicUser = true; + StateDirectory = "navidrome"; + WorkingDirectory = "/var/lib/navidrome"; + RuntimeDirectory = "navidrome"; + RootDirectory = "/run/navidrome"; + ReadWritePaths = ""; + BindReadOnlyPaths = [ + builtins.storeDir + ] ++ lib.optional (cfg.settings ? MusicFolder) cfg.settings.MusicFolder; + CapabilityBoundingSet = ""; + RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; + RestrictNamespaces = true; + PrivateDevices = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + #ProtectHome = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ]; + RestrictRealtime = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + #UMask = "0066"; + ProtectHostname = true; + }; + }; + + + + } + + (mkIf cfg.nginx.enable (mkSubdomain cfg.nginx.subdomain port))]); + + + + +} diff --git a/packages/flaresolverr/default.nix b/packages/flaresolverr/default.nix new file mode 100644 index 0000000..91edf70 --- /dev/null +++ b/packages/flaresolverr/default.nix @@ -0,0 +1,68 @@ +{ pkgs, stdenv }: +with pkgs; + +stdenv.mkDerivation rec { + +pname = "flaresolverr"; +version = "2.2.0"; + +src = fetchurl { + url = "https://github.com/FlareSolverr/FlareSolverr/releases/download/v2.2.0/flaresolverr-v2.2.0-linux-x64.zip"; + sha256 = "sha256-n3/pbcbz06rPArKizk8j0vNVoEJan7jSOU4fQq29wxg="; + }; + + + nativeBuildInputs = [ + unzip + ]; + + buildInputs = [ gcc stdenv.cc.cc.lib firefox ]; + + preFixup = let + libPath = lib.makeLibraryPath [stdenv.cc.cc]; + in '' + orig_size=$(stat --printf=%s $out/bin/flaresolverr) + patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" $out/bin/flaresolverr + patchelf --set-rpath ${libPath} $out/bin/flaresolverr + chmod +x $out/bin/flaresolverr + new_size=$(stat --printf=%s $out/bin/flaresolverr) + ###### zeit-pkg fixing starts here. + # we're replacing plaintext js code that looks like + # PAYLOAD_POSITION = '1234 ' | 0 + # [...] + # PRELUDE_POSITION = '1234 ' | 0 + # ^-----20-chars-----^^------22-chars------^ + # ^-- grep points here + # + # var_* are as described above + # shift_by seems to be safe so long as all patchelf adjustments occur + # before any locations pointed to by hardcoded offsets + var_skip=20 + var_select=22 + shift_by=$(expr $new_size - $orig_size) + function fix_offset { + # $1 = name of variable to adjust + location=$(grep -obUam1 "$1" $out/bin/flaresolverr | cut -d: -f1) + location=$(expr $location + $var_skip) + value=$(dd if=$out/bin/flaresolverr iflag=count_bytes,skip_bytes skip=$location \ + bs=1 count=$var_select status=none) + value=$(expr $shift_by + $value) + echo -n $value | dd of=$out/bin/flaresolverr bs=1 seek=$location conv=notrunc + } + fix_offset PAYLOAD_POSITION + fix_offset PRELUDE_POSITION + ''; + + + installPhase = '' + mkdir -p $out/bin + cp flaresolverr $out/bin/ + mkdir -p $out/bin/firefox + ln -s ${pkgs.firefox}/bin/firefox $out/bin/firefox/firefox + ''; + + dontStrip = true; + + + +}