From 2ca375abdc77780b785cb297f4a52f1115801eaa Mon Sep 17 00:00:00 2001 From: genesis Date: Mon, 13 Feb 2023 02:27:34 +0100 Subject: nixos/jellyseerr: init --- nixos/doc/manual/release-notes/rl-2305.section.md | 2 + nixos/modules/module-list.nix | 1 + nixos/modules/services/misc/jellyseerr.nix | 62 +++++++++++++++++++++++ 3 files changed, 65 insertions(+) create mode 100644 nixos/modules/services/misc/jellyseerr.nix (limited to 'nixos') diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index 460d03b6c6dee..c4854f68e7dc6 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -50,6 +50,8 @@ In addition to numerous new and upgraded packages, this release has the followin - [ulogd](https://www.netfilter.org/projects/ulogd/index.html), a userspace logging daemon for netfilter/iptables related logging. Available as [services.ulogd](options.html#opt-services.ulogd.enable). +- [jellyseerr](https://github.com/Fallenbagel/jellyseerr), a web-based requests manager for Jellyfin, forked from Overseerr. Available as [services.jellyseerr](#opt-services.jellyseerr.enable). + - [photoprism](https://photoprism.app/), a AI-Powered Photos App for the Decentralized Web. Available as [services.photoprism](options.html#opt-services.photoprism.enable). - [autosuspend](https://github.com/languitar/autosuspend), a python daemon that suspends a system if certain conditions are met, or not met. diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 9ce78c9eb124b..62c81722189de 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -620,6 +620,7 @@ ./services/misc/irkerd.nix ./services/misc/jackett.nix ./services/misc/jellyfin.nix + ./services/misc/jellyseerr.nix ./services/misc/klipper.nix ./services/misc/languagetool.nix ./services/misc/leaps.nix diff --git a/nixos/modules/services/misc/jellyseerr.nix b/nixos/modules/services/misc/jellyseerr.nix new file mode 100644 index 0000000000000..31e0c5beb6733 --- /dev/null +++ b/nixos/modules/services/misc/jellyseerr.nix @@ -0,0 +1,62 @@ +{ config, pkgs, lib, ... }: + +with lib; +let + cfg = config.services.jellyseerr; +in +{ + meta.maintainers = [ maintainers.camillemndn ]; + + options.services.jellyseerr = { + enable = mkEnableOption (mdDoc ''Jellyseerr, a requests manager for Jellyfin''); + + openFirewall = mkOption { + type = types.bool; + default = false; + description = mdDoc ''Open port in the firewall for the Jellyseerr web interface.''; + }; + + port = mkOption { + type = types.port; + default = 5055; + description = mdDoc ''The port which the Jellyseerr web UI should listen to.''; + }; + }; + + config = mkIf cfg.enable { + systemd.services.jellyseerr = { + description = "Jellyseerr, a requests manager for Jellyfin"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + environment.PORT = toString cfg.port; + serviceConfig = { + Type = "exec"; + StateDirectory = "jellyseerr"; + WorkingDirectory = "${pkgs.jellyseerr}/libexec/jellyseerr/deps/jellyseerr"; + DynamicUser = true; + ExecStart = "${pkgs.jellyseerr}/bin/jellyseerr"; + BindPaths = [ "/var/lib/jellyseerr/:${pkgs.jellyseerr}/libexec/jellyseerr/deps/jellyseerr/config/" ]; + Restart = "on-failure"; + ProtectHome = true; + ProtectSystem = "strict"; + PrivateTmp = true; + PrivateDevices = true; + ProtectHostname = true; + ProtectClock = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + NoNewPrivileges = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + RemoveIPC = true; + PrivateMounts = true; + }; + }; + + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ cfg.port ]; + }; + }; +} -- cgit 1.4.1