main
1{
2 pkgs,
3 ...
4}:
5{
6 imports = [
7
8 ../common/services/containers.nix
9 ../common/services/docker.nix
10 ../common/services/libvirt.nix
11 ];
12
13 age.secrets."aria2RPCSecret" = {
14 file = ../../secrets/shikoku/aria2rpcsecret.age;
15 mode = "444";
16 owner = "aria2";
17 group = "aria2";
18 };
19 nixpkgs.config.permittedInsecurePackages = [
20 "dotnet-sdk-6.0.428"
21 "aspnetcore-runtime-6.0.36"
22 ];
23
24 services = {
25
26 aria2 = {
27 enable = true;
28 openPorts = true;
29 # extraArguments = "--max-concurrent-downloads=20";
30 settings = {
31 max-concurrent-downloads = 20;
32 };
33 downloadDir = "/data/downloads";
34 rpcSecretFile = "${pkgs.writeText "aria" "aria2rpc\n"}";
35 };
36 bazarr = {
37 enable = true;
38 # Use reverse proxy instead
39 openFirewall = true;
40 };
41 radarr = {
42 enable = true;
43 # Use reverse proxy instead
44 openFirewall = true;
45 };
46 sonarr = {
47 enable = true;
48 # Use reverse proxy instead
49 openFirewall = true;
50 };
51 prowlarr = {
52 enable = true;
53 # Use reverse proxy instead
54 openFirewall = true;
55 };
56 readarr = {
57 enable = true;
58 # Use reverse proxy instead
59 openFirewall = true;
60 };
61 lidarr = {
62 enable = true;
63 # Use reverse proxy instead
64 openFirewall = true;
65 };
66 smartd = {
67 enable = true;
68 devices = [ { device = "/dev/nvme0n1"; } ];
69 };
70 ollama = {
71 enable = true;
72 package = pkgs.ollama.override {
73 config.cudaSupport = true;
74 config.rocmSupport = false;
75 };
76 acceleration = "cuda"; # no nivida :D
77 };
78 };
79
80 # Move this to a "builder" role, or maybe I don't need this anymore ?
81 users.extraUsers.builder = {
82 isNormalUser = true;
83 uid = 1018;
84 extraGroups = [ ];
85 openssh.authorizedKeys.keys = [ (builtins.readFile ../../secrets/builder.pub) ];
86 };
87 nix.settings.trusted-users = [
88 "root"
89 "vincent"
90 "builder"
91 ];
92}