fireproof/nixos
1
0
Fork 0
mirror of https://github.com/nickolaj-jepsen/nixos.git synced 2026-01-22 16:16:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add navidrome
Some checks failed
CI / fmt (push) Failing after 2s
Details
CI / check (push) Failing after 2s
Details

Browse source
This commit is contained in:
Nickolaj Jepsen 2026-01-22 01:46:47 +01:00
parent eb97443b3d
commit c16d6d1b4d
6 changed files with 96 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
modules/homelab/arr.nix
View file

@ -35,6 +35,7 @@ in {
oauth2-proxy.nginx.virtualHosts = { oauth2-proxy.nginx.virtualHosts = {
"radarr.nickolaj.com".allowed_groups = ["arr"]; "radarr.nickolaj.com".allowed_groups = ["arr"];
"sonarr.nickolaj.com".allowed_groups = ["arr"]; "sonarr.nickolaj.com".allowed_groups = ["arr"];
"lidarr.nickolaj.com".allowed_groups = ["arr"];
"prowlarr.nickolaj.com".allowed_groups = ["arr"]; "prowlarr.nickolaj.com".allowed_groups = ["arr"];
"sabnzbd.nickolaj.com".allowed_groups = ["arr"]; "sabnzbd.nickolaj.com".allowed_groups = ["arr"];
"bazarr.nickolaj.com".allowed_groups = ["arr"]; "bazarr.nickolaj.com".allowed_groups = ["arr"];
@ -42,6 +43,7 @@ in {
nginx.virtualHosts = { nginx.virtualHosts = {
"radarr.nickolaj.com" = mkVirtualHost 7878; "radarr.nickolaj.com" = mkVirtualHost 7878;
"sonarr.nickolaj.com" = mkVirtualHost 8989; "sonarr.nickolaj.com" = mkVirtualHost 8989;
"lidarr.nickolaj.com" = mkVirtualHost 8686;
"prowlarr.nickolaj.com" = mkVirtualHost 9696; "prowlarr.nickolaj.com" = mkVirtualHost 9696;
"sabnzbd.nickolaj.com" = mkVirtualHost 8080; "sabnzbd.nickolaj.com" = mkVirtualHost 8080;
"bazarr.nickolaj.com" = mkVirtualHost config.services.bazarr.listenPort; "bazarr.nickolaj.com" = mkVirtualHost config.services.bazarr.listenPort;
@ -51,6 +53,7 @@ in {
paths = [ paths = [
"/var/lib/radarr" "/var/lib/radarr"
"/var/lib/sonarr" "/var/lib/sonarr"
"/var/lib/lidarr"
"/var/lib/prowlarr" "/var/lib/prowlarr"
"/var/lib/sabnzbd" "/var/lib/sabnzbd"
"/var/lib/bazarr" "/var/lib/bazarr"
@ -76,6 +79,10 @@ in {
inherit user group; inherit user group;
enable = true; enable = true;
}; };
lidarr = {
inherit user group;
enable = true;
};
bazarr = { bazarr = {
inherit user group; inherit user group;
enable = true; enable = true;

1
modules/homelab/default.nix
View file

@ -12,6 +12,7 @@
./home-assistant ./home-assistant
./jellyfin.nix ./jellyfin.nix
./nextcloud.nix ./nextcloud.nix
./navidrome.nix
./nginx.nix ./nginx.nix
./plex.nix ./plex.nix
./postgres.nix ./postgres.nix

12
modules/homelab/glance.nix
View file

@ -204,6 +204,12 @@ in {
icon = "sh:jellyfin"; icon = "sh:jellyfin";
same-tab = true; same-tab = true;
} }
{
title = "Navidrome";
url = "https://navidrome.nickolaj.com";
icon = "sh:navidrome";
same-tab = true;
}
{ {
title = "Audiobookshelf"; title = "Audiobookshelf";
url = "https://audiobookshelf.nickolaj.com"; url = "https://audiobookshelf.nickolaj.com";
@ -234,6 +240,12 @@ in {
icon = "sh:radarr"; icon = "sh:radarr";
same-tab = true; same-tab = true;
} }
{
title = "Lidarr";
url = "https://lidarr.nickolaj.com";
icon = "sh:lidarr";
same-tab = true;
}
{ {
title = "SABnzbd"; title = "SABnzbd";
url = "https://sabnzbd.nickolaj.com"; url = "https://sabnzbd.nickolaj.com";

58
modules/homelab/navidrome.nix Normal file
View file

@ -0,0 +1,58 @@
{
config,
lib,
pkgsUnstable,
...
}:
lib.mkIf config.fireproof.homelab.enable (let
domain = "navidrome.nickolaj.com";
in {
age.secrets.navidrome-env.rekeyFile = ../../secrets/hosts/homelab/navidrome-env.age;
services.restic.backups.homelab.paths = ["/var/lib/navidrome"];
services.oauth2-proxy.nginx.virtualHosts."${domain}".allowed_groups = ["default"];
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:4533/";
proxyWebsockets = true;
extraConfig = ''
auth_request_set $email $upstream_http_x_auth_request_email;
proxy_set_header Remote-User $email;
'';
};
locations."^~ /rest" = {
proxyPass = "http://localhost:4533";
proxyWebsockets = true;
extraConfig = ''
auth_request off;
'';
};
};
services.navidrome = {
enable = true;
package = pkgsUnstable.navidrome;
user = "media";
group = "media";
environmentFile = config.age.secrets.navidrome-env.path;
settings = {
Address = "127.0.0.1";
Port = 4533;
MusicFolder = "/mnt/data/music";
ScanSchedule = "@every 1m";
LogLevel = "info";
"ExtAuth.Enabled" = true;
"ExtAuth.TrustedSources" = "127.0.0.1/32";
"ExtAuth.UserHeader" = "Remote-User";
};
};
systemd.tmpfiles.rules = [
"d /mnt/data/music 0775 media media -"
"Z /var/lib/navidrome 0750 media media -"
];
})

9
secrets/hosts/homelab/.rekey/c8d21a8ed0525e4c28ef8e35ecbeb72d-navidrome-env.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 uxq+Zw G43zU8Bc1xcX4Pm/+pLT1CfhPikNtI/hMJqNh/u183o
Y+ce9JA+bxJ22P2j+3ouAu3UGw+fEy++uuH2HStXZJM
-> Us;4;Zi.-grease
nMe8j9RaWaK/MB09igNgyiZ6O1E9l5DMb6/Wny1Q29f83h0zSYhpcGsUKiDNDUnT
c21SGAjizVHu6Z8/puWRaTtwwEd89zpOUtruGNYHKgq3bXSssJFuVZlzSFno
--- Kfq5bT2zU65mLR/e1dzjg6wbVUeAD4j4MgW41gzolKM
*
àœ!ßoiàõT{Èrëãu£$"EbEØE‰MʼÅA®Å¯KGê7tZðèùnf¹¦°Ë%yÓN»²ûHoL]á##­b<\ï­…~óN”- Pû·Àv_<C592>DÙ,;&/ñؼÍëϱ9èÛŒ Â-yZ½Ó)¬ «›

9
secrets/hosts/homelab/navidrome-env.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> X25519 bPfMaICL+3Yo+CuDJPjQN7TJ5qZeeLwnl1TUATu4oxQ
VN1N3/VVa7IFr63gch6cnWhFYKYiyxyXW0G6bPJvdGY
-> piv-p256 q3LNVw AyGL7IbZcedMl+eLiFbI3/5PHPwNm7OHFP1xfVYDnbG2
uncsFtZHyg5fJi2CEZQkMqE8uiXi732Hesznxaip1f4
-> ]~7j|W-grease
t5BfDdAbHkgAWJ56ip2t4plT6BdWd3h81jOU
--- 8K3WaiKk00MQ46kuRagBUq5WXprPc0L8yxCzSXZX8VI
8×yh8-6I\õPâo!ÌæÔíÒla²œpqe¾6¾ø+<2B> [Ábj±ü³ô{1ÉÅ¡$ûïß­œ'Zéoá=Ž0šœ ;©Ê»—¢ø,ù»7³®§Ú;•JN[íҮʣÞÌpbâï-"p,3vuÒí<C392><C3AD>ˆNƒ;8H ‰±Qž