{ pkgs, ... }: { system.fsPackages = with pkgs; [ gocryptfs cifs-utils ]; systemd.mounts = [ { after = [ "network.target" ]; what = "//library.technogothic.net/backup"; where = "/mnt/library-raw"; type = "cifs"; options = "gid=users,file_mode=0664,dir_mode=0775"; mountConfig.EnvironmentFile = "/var/lib/secrets/hetzner-env"; } { what = "/mnt/library-raw"; where = "/mnt/library"; type = "fuse.gocryptfs"; options = "allow_other,passfile=/var/lib/secrets/gocryptfs-pass"; wantedBy = [ "multi-user.target" ]; } ]; virtualisation.oci-containers.containers = { "qbittorrent" = { image = "dyonr/qbittorrentvpn"; autoStart = true; volumes = [ "/var/lib/qbittorrent:/config" "/mnt/library:/downloads" ]; environment = { VPN_TYPE = "wireguard"; LAN_NETWORK = "10.21.0.0/16,10.42.0.0/24,100.64.0.0/24"; }; ports = [ "8080:8080" ]; extraOptions = [ "--cap-add=NET_ADMIN" "--device=/dev/net/tun" "--privileged" ]; }; }; services.flood = { enable = true; extraArgs = [ "--baseuri=/flood" ]; }; # Jellyfin services.jellyfin = { enable = true; openFirewall = true; }; environment.systemPackages = with pkgs; [ jellyfin jellyfin-web jellyfin-ffmpeg ]; # SMB Share services.samba = { enable = true; openFirewall = true; extraConfig = '' server string = Watchtower guest account = nobody map to guest = bad user ''; shares.Library = { path = "/mnt/library"; browseable = "yes"; "read only" = "no"; "guest ok" = "yes"; }; }; services.nginx.enable = true; services.nginx.virtualHosts."watchtower.thorns.home.arpa" = { locations."/flood/api" = { proxyPass = "http://127.0.0.1:3000"; proxyWebsockets = true; extraConfig = '' proxy_buffering off; proxy_cache off; ''; }; locations."/flood/" = { alias = "${pkgs.flood}/lib/node_modules/flood/dist/assets/"; tryFiles = "$uri /flood/index.html"; }; extraConfig = '' rewrite ^/(flood)$ $1/ permanent; ''; }; }