feat: use media proxmox vm

.github/workflows/media-lxc.yml → .github/workflows/media-vm.yml

@@ -1,4 +1,4 @@
-name: Generate Media LXC Container
+name: Generate Media Qemu VM
 # Based on https://freddydumont.com/blog/nixos-github-actions
 
 on:
@@ -40,9 +40,9 @@ jobs:
         with:
           github_access_token: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Generate NixOS LXC configuration
+      - name: Generate NixOS Qemu VM configuration
         run: |
-          nix run github:nix-community/nixos-generators -- -f proxmox-lxc --flake .#media | {
+          nix run github:nix-community/nixos-generators -- -f proxmox --flake .#media | {
             read path
             echo "BUILD_PATH=$path" >> $GITHUB_ENV
           }

hosts/media/configuration.nix

@@ -1,22 +1,35 @@
-# Media runs on a Proxmox LXC container, so we need to add the Proxmox LXC
-# module to the imports list.
-{ modulesPath, user, ... }:
+# Media runs on a Proxmox VM, this configures the VM and Qemu options.
+{ config, pkgs, user, hostname, ... }:
 
 {
   imports = [
     ../nixos.nix
-    (modulesPath + "/virtualisation/proxmox-lxc.nix")
   ];
 
+  # Proxmox Qemu VM
+  proxmox = {
+    cores = 4;
+    memory = 8192;
+  };
+
   # Make user login passwordless.
   # https://nixos.org/manual/nixos/stable/options#opt-users.users._name_.initialHashedPassword
   users.users.root.initialHashedPassword = "";
   users.users.${user}.initialHashedPassword = "";
 
-  proxmoxLXC = {
-    privileged = false;
-    manageHostName = false;
-  };
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "24.05"; # Did you read the comment?
+
+  # Enable cloud-init
+  services.cloud-init.network.enable = true;
+
+  networking.hostName = hostname;
+  services.qemuGuest.enable = true;
 
   services.nginx = {
     enable = true;
@@ -38,6 +51,18 @@
     };
   };
 
+  services.plex = {
+    enable = true;
+    openFirewall = true;
+    group = "wheel";
+    user = "${user}";
+  };
+  services.tautulli = {
+    enable = true;
+    openFirewall = true;
+    group = "wheel";
+    user = "${user}";
+  };
   services.sonarr = {
     enable = true;
     openFirewall = true;
@@ -67,11 +92,18 @@
     openFirewall = true;
   };
 
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "24.05"; # Did you read the comment?
+  environment.systemPackages = [ pkgs.cifs-utils ];
+  fileSystems."/mnt/share/backups" = {
+    device = "//nas.local/backups/services";
+    fsType = "cifs";
+    options = let
+      # this line prevents hanging on network split
+      automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,uid=${config.users.${user}.uid},gid=${config.users.${user}.uid}";
+
+    in ["${automount_opts},credentials=/etc/nixos/smb-secrets"];
+  };
+
+  # Allow Samba discovery
+  # https://nixos.wiki/wiki/Samba#Firewall_configuration
+  networking.firewall.extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns'';
 }