sigma: torrents

hosts/sigma/caddy.nix

@@ -1,6 +1,9 @@
 {secrets, ...}: {
   services.caddy.virtualHosts = secrets.sigma.caddy.virtualHosts;
 
+  # Add caddy to the 'torrent' group to allow viewing downloads
+  users.groups.torrent.members = ["caddy"];
+
   age.secrets.caddy-auth-sigma = {
     file = "${secrets}/secrets/caddy-auth-sigma.age";
     mode = "600";

hosts/sigma/default.nix

@@ -9,7 +9,9 @@
     ./deluge.nix
     ./gitea.nix
     ./hardware.nix
+    ./jellyfin.nix
     ./network.nix
+    ./sonarr.nix
   ];
 
   networking.hostName = "sigma";

hosts/sigma/deluge.nix

@@ -9,19 +9,19 @@
   # https://www.deluge-torrent.org/
   services.deluge = {
     enable = true;
+    # Use the 'torrent' group to share files amongst downloaders, indexers etc.
+    group = "torrent";
     web.enable = true;
+    # Config defaults:
     # https://git.deluge-torrent.org/deluge/tree/deluge/core/preferencesmanager.py#n41
     declarative = true;
     config = {
-      # use dedicated interface
+      download_location = "/srv/torrents/downloads/";
+      # use the dedicated network interface and port
       listen_interface = secrets.sigma.sigma-p2p-ip-address;
       outgoing_interface = "wg-sigma-p2p";
       random_port = false;
       listen_ports = [60881];
-      # encrypt everything
-      enc_in_policy = 0;
-      enc_out_policy = 0;
-      enc_level = 1;
       # no limits
       max_connections_global = -1;
       max_upload_slots_global = -1;
@@ -32,7 +32,7 @@
       max_active_limit = -1;
       # caching
       cache_size = 65536; # 65536 x 16KiB = 1GiB
-      # enable label plugin for sonarr
+      # enable label plugin, primarily for sonarr
       enabled_plugins = ["Label"];
     };
     # authfile is required with declarative=true; allow access from webui
@@ -44,9 +44,6 @@
     };
   };
 
-  # Add 'caddy' to the 'deluge' group to allow browsing files
-  users.groups.deluge.members = ["caddy"];
-
   # Only allow deluged internet access through wg-sigma-p2p
   systemd.services.deluged = {
     serviceConfig = {
@@ -56,10 +53,22 @@
 
   environment.persistence."/nix/persist" = {
     directories = [
+      # Deluge data directory. This is *NOT* where the downloads are saved
       {
         directory = "/var/lib/deluge";
         user = "deluge";
-        group = "deluge";
+        group = "torrent";
+        mode = "0770";
+      }
+      # Since Sonarr insists on using hardlinks to manage media files, its
+      # media library must be on the same volume as Deluge stores its
+      # downloads. Therefore, Deluge will save to /srv/torrents/downloads/ and
+      # Sonarr will hardlink in /srv/torrents/tv/. Jellyfin reads from
+      # /srv/torrents/downloads/movies/ and /srv/torrents/tv/.
+      {
+        directory = "/srv/torrents";
+        user = "caspervk";
+        group = "torrent";
         mode = "0770";
       }
     ];

hosts/sigma/jellyfin.nix

@@ -0,0 +1,30 @@
+{...}: {
+  # Jellyfin is a free and open-source media server and suite of multimedia
+  # applications designed to organize, manage, and share digital media files to
+  # networked devices.
+  # https://jellyfin.org/
+  # NOTE: Jellyfin config is not managed by NixOS. Here's how to set it up:
+  # * Media Libraries:
+  #   * Shows: /srv/torrents/tv/.
+  #     * Disable all metadata download; will be gathered from Sonarr's .nfo's instead.
+  #   * Movies: /srv/torrents/downloads/movies/.
+  # * 'Allow remote connections to this server' should remain **enabled** even
+  #   though we are using a reverse proxy.
+  # * Install 'Kodi Sync Queue' under 'Admin/Plugins/Catalog'.
+  services.jellyfin = {
+    enable = true;
+    # Use the 'torrent' group to share files amongst downloaders, indexers etc.
+    group = "torrent";
+  };
+
+  environment.persistence."/nix/persist" = {
+    directories = [
+      {
+        directory = "/var/lib/jellyfin";
+        user = "jellyfin";
+        group = "torrent";
+        mode = "0700";
+      }
+    ];
+  };
+}

hosts/sigma/sonarr.nix

@@ -0,0 +1,33 @@
+{nixpkgs-unstable, ...}: {
+  # Sonarr is an internet PVR for Usenet and Torrents.
+  # https://sonarr.tv/
+  #
+  # NOTE: sonarr's config isn't managed by NixOS and its web interface REQUIRES
+  # authentication even though we already have Caddy http basic auth. Just set
+  # Sonarr to use http basic auth with the same username/password as Caddy and
+  # everything will work. Other configuration:
+  # * Media Management/Root Folder: /srv/torrents/tv/.
+  # * Indexers: Add as needed.
+  # * Download Clients: 'qBittorrent'. Host: 'localhost'. Category: 'tv'. Disable 'Remove Completed'.
+  # * Metadata/Kodi: Enable.
+  # * General/Analytics: Disable.
+  # * UI: Fix retarded date formats.
+  services.sonarr = {
+    enable = true;
+    # Unstable for sonarr v4. TODO: remove in NixOS 24.04
+    package = nixpkgs-unstable.legacyPackages.x86_64-linux.sonarr;
+    # Use the 'torrent' group to share files amongst downloaders, indexers etc.
+    group = "torrent";
+  };
+
+  environment.persistence."/nix/persist" = {
+    directories = [
+      {
+        directory = "/var/lib/sonarr";
+        user = "sonarr";
+        group = "torrent";
+        mode = "0750";
+      }
+    ];
+  };
+}

modules/borg.nix

@@ -92,6 +92,7 @@
       "! /**/.cache"
       "! /**/Cache"
       "! /**/cache"
+      "! /srv/torrents"
       "! /var/lib/docker/overlay2"
       "- *.tmp"