podman permissions + tranga

2024-11-03 01:43:27 -06:00 · 2024-11-03 01:43:27 -06:00 · c2c66e5d0b
commit c2c66e5d0b
parent f0dde95f74
10 changed files with 53 additions and 11 deletions
--- a/base.nix
+++ b/base.nix
@ -67,7 +67,10 @@
  };
  users = {
    mutableUsers = false;
-    groups.piracy.gid = 985;
+    groups = {
      users.gid = 100;
      piracy.gid = 985;
    };
  };
  nixpkgs.config.allowUnfree = true;
  nix =
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@ -40,6 +40,7 @@
      qbittorrent.enable = true;
      sabnzbd.enable = true;
      unpackerr.enable = true;
      tranga.enable = true;
      jellyfin = {
        enable = true;
        enableCron = true;
--- a/jawz.nix
+++ b/jawz.nix
@ -50,6 +50,7 @@ in
    };
  };
  users.users.jawz = {
    uid = 1000;
    linger = true;
    isNormalUser = true;
    hashedPasswordFile = config.sops.secrets.jawz-password.path;
--- a/modules/servers.nix
+++ b/modules/servers.nix
@ -11,6 +11,7 @@ let
    config.my.servers.flameSecret.enable
    config.my.servers.metube.enable
    config.my.servers.go-vod.enable
    config.my.servers.tranga.enable
  ];
 in
 {
@ -176,6 +177,7 @@ in
          enableProxy = lib.mkDefault false;
        };
        firefly-iii.enable = lib.mkDefault false;
        tranga.enable = lib.mkDefault false;
      };
    };
    virtualisation = {
--- a/modules/servers/flame.nix
+++ b/modules/servers/flame.nix
@ -28,8 +28,8 @@ in
        environmentFiles = [ config.sops.secrets.flame.path ];
        environment = {
          TZ = config.my.timeZone;
-          PUID = "1000";
+          PUID = toString config.users.users.jawz.uid;
-          PGID = "100";
+          PGID = toString config.users.groups.users.gid;
        };
      };
      flame-nsfw = lib.mkIf cfgS.enable {
@ -40,8 +40,8 @@ in
        environmentFiles = [ config.sops.secrets.flame.path ];
        environment = {
          TZ = config.my.timeZone;
-          PUID = "1000";
+          PUID = toString config.users.users.jawz.uid;
-          PGID = "100";
+          PGID = toString config.users.groups.users.gid;
        };
      };
    };
--- a/modules/servers/lidarr.nix
+++ b/modules/servers/lidarr.nix
@ -13,8 +13,8 @@ in
      ports = [ "${toString cfg.port}:${toString cfg.port}" ];
      environment = {
        TZ = config.my.timeZone;
-        PUID = "1000";
+        PUID = toString config.users.users.jawz.uid;
-        PGID = "100";
+        PGID = toString config.users.groups.piracy.gid;
      };
      volumes = [
        "/srv/pool/multimedia:/data"
--- a/modules/servers/maloja.nix
+++ b/modules/servers/maloja.nix
@ -15,8 +15,8 @@ in
      environment = {
        TZ = config.my.timeZone;
        MALOJA_TIMEZONE = "-6";
-        PUID = "1000";
+        PUID = toString config.users.users.jawz.uid;
-        PGID = "100";
+        PGID = toString config.users.groups.users.gid;
        MALOJA_DATA_DIRECTORY = "/mljdata";
        MALOJA_SKIP_SETUP = "true";
      };
--- a/modules/servers/metube.nix
+++ b/modules/servers/metube.nix
@ -17,6 +17,8 @@ in
      environment = {
        TZ = config.my.timeZone;
        YTDL_OPTIONS = ''{"cookiefile":"/cookies.txt"}'';
        PUID = toString config.users.users.jawz.uid;
        PGID = toString config.users.groups.piracy.gid;
      };
    };
    services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
--- a/modules/servers/multi-scrobbler.nix
+++ b/modules/servers/multi-scrobbler.nix
@ -14,8 +14,8 @@ in
      environmentFiles = [ config.sops.secrets.multi-scrobbler.path ];
      environment = {
        TZ = config.my.timeZone;
-        PUID = "1000";
+        PUID = toString config.users.users.jawz.uid;
-        PGID = "100";
+        PGID = toString config.users.groups.users.gid;
        BASE_URL = cfg.url;
        DEEZER_REDIRECT_URI = "http://${config.my.ips.${cfg.hostName}}:${toString cfg.port}/deezer/callback";
        MALOJA_URL = config.my.servers.maloja.url;
--- a/modules/servers/tranga.nix
+++ b/modules/servers/tranga.nix
@ -0,0 +1,33 @@
 {
  config,
  lib,
  ...
 }:
 let
  setup = import ./setup.nix { inherit lib config; };
  cfg = config.my.servers.tranga;
 in
 {
  options.my.servers.tranga = setup.mkOptions "tranga" "tranga" 9555;
  config = {
    networking.firewall.allowedTCPPorts = [ cfg.port ];
    virtualisation.oci-containers.containers = lib.mkIf cfg.enable {
      tranga-api = {
        image = "glax/tranga-api:latest";
        user = "${toString config.users.users.jawz.uid}:${toString config.users.groups.kavita.gid}";
        environment.TZ = config.my.timeZone;
        ports = [ "6531:6531" ];
        volumes = [
          "/srv/pool/multimedia/media/Library/Manga:/Manga"
          "${config.my.containerData}/tranga-api:/usr/share/tranga-api"
        ];
      };
      tranga-website = {
        image = "glax/tranga-website:latest";
        ports = [ "${toString cfg.port}:80" ];
        dependsOn = [ "tranga-api" ];
        environment.TZ = config.my.timeZone;
      };
    };
  };
 }