{ pkgs, lib, config, ... }: let host = "127.0.0.1"; port = 8989; vm-index = 1; vm-mac = "00:00:00:00:00:01"; vm-name = "necoarc"; in { config.microvm.autostart = [vm-name]; config.users.extraUsers.microvm.extraGroups = [ "jellyfin" # access to media folder ]; config.system.activationScripts."make${vm-name}DataDir" = lib.stringAfter ["var"] '' mkdir -p /var/lib/${vm-name} chmod -R 777 /var/lib/${vm-name} chown -R microvm /var/lib/${vm-name} chmod -R 777 /media ''; # config.networking.wireguard.enable = true; # # config.boot.extraModulePackages = [config.boot.kernelPackages.wireguard]; # config.networking.wireguard.interfaces.wg0 = { # ips = ["10.75.60.108/32"]; # listenPort = 51820; # privateKeyFile = "${./wireguard-secret}"; # peers = [ # { # publicKey = "TPAIPTgu9jIitgX1Bz5xMCZJ9pRRZTdtZEOIxArO0Hc="; # endpoint = "185.254.75.4:51820"; # allowedIPs = ["0.0.0.0/0"]; # persistentKeepalive = 25; # } # ]; # }; # config.systemd.network.networks.wg0 = { # matchConfig.Name = "wg0"; # address = ["10.0.1.${toString vm-index}/24"]; # networkConfig = { # IPMasquerade = "ipv4"; # IPv4Forwarding = true; # }; # }; config.microvm.vms.${vm-name} = { config = {config, ...}: { system.stateVersion = "24.11"; # Storage share configuration microvm.shares = [ { tag = "ro-store"; source = "/nix/store"; mountPoint = "/nix/.ro-store"; } { tag = "data-dir"; source = "/var/lib/${vm-name}"; mountPoint = "/mnt"; proto = "virtiofs"; } { tag = "media-dir"; source = "/media/shows"; mountPoint = "/media/shows"; proto = "virtiofs"; } ]; # Allow the service to use the share system.activationScripts."chownDataDir" = lib.stringAfter ["var"] '' mkdir -p /mnt chmod -R 770 /mnt chown -R sonarr:sonarr /mnt ''; systemd.services.sonarr.serviceConfig.ExecStartPre = "/run/current-system/sw/bin/sleep 5"; systemd.services.rutorrent.serviceConfig.ExecStartPre = "/run/current-system/sw/bin/sleep 5"; microvm.hypervisor = "qemu"; # VM Networking microvm.interfaces = [ { id = "vm${toString vm-index}"; type = "tap"; mac = vm-mac; } ]; networking.useNetworkd = true; systemd.network.networks."10-eth" = { matchConfig.MACAddress = vm-mac; address = [ "10.0.0.${toString vm-index}/32" ]; routes = [ # Host Route { Destination = "10.0.0.0/32"; GatewayOnLink = true; } # Default route { Destination = "0.0.0.0/0"; Gateway = "10.0.0.0"; GatewayOnLink = true; } ]; networkConfig = { DNS = [ "9.9.9.9" "8.8.8.8" "8.8.4.4" ]; }; }; networking.useDHCP = false; networking.nameservers = [ "10.0.101.1" "8.8.8.8" "8.8.4.4" ]; programs.nano.enable = lib.mkForce false; programs.vim.enable = true; # Services services.sonarr = { enable = true; openFirewall = true; dataDir = "/mnt/sonarr"; }; services.rtorrent = { enable = true; dataDir = "/mnt/rtorrent"; user = "rtorrent"; group = "rtorrent"; port = 9999; }; # Debug user users.users."root" = { password = "1234"; }; environment.systemPackages = [pkgs.dig]; services.openssh = { enable = true; settings = { PermitRootLogin = "yes"; AllowUsers = null; PasswordAuthentication = true; KbdInteractiveAuthentication = true; }; }; }; }; config.networking.firewall.allowedTCPPorts = [port 80 433]; config.networking.firewall.allowedUDPPorts = [port 80 433]; config.services.nginx.virtualHosts."sonarr.spoodythe.one" = { addSSL = true; enableACME = true; listen = [ { port = 8989; addr = "0.0.0.0"; ssl = false; } { port = 443; addr = "0.0.0.0"; ssl = true; } ]; locations."/" = { proxyPass = "http://10.0.0.${toString vm-index}:${toString port}"; }; }; }