streaming
Full streaming and automation stack containing:
- Gluetun: VPN client for containers
- qBittorrent: BitTorrent client
- Sonarr: TV series PVR (automated episode downloads)
- Radarr: Movie manager/automator
- Bazarr: Subtitle downloader for Sonarr/Radarr
- Prowlarr: Indexer manager / proxy for the *arr apps
- Seerr: Media request/management UI
- qui: Alternative qBittorrent interfacew
- Profilarr: Configuration Management Platform for Radarr/Sonarr
By default, the following services are enabled:
- Gluetun
- qBittorrent
- Sonarr
- Radarr
- Bazarr
- Prowlarr
Additionally, the following services can be enabled (disabled by default):
- Seerr
- qui
- Profilarr
Examples
Base
{config, ...}: {
nps.stacks.streaming = {
enable = true;
gluetun = {
vpnProvider = "airvpn";
wireguardPrivateKeyFile = config.sops.secrets."gluetun/wg_pk".path;
wireguardPresharedKeyFile = config.sops.secrets."gluetun/wg_psk".path;
wireguardAddressesFile = config.sops.secrets."gluetun/wg_address".path;
};
};
}Full
{config, ...}: {
nps.stacks.streaming = {
enable = true;
gluetun = {
vpnProvider = "airvpn";
wireguardPrivateKeyFile = config.sops.secrets."gluetun/wg_pk".path;
wireguardPresharedKeyFile = config.sops.secrets."gluetun/wg_psk".path;
wireguardAddressesFile = config.sops.secrets."gluetun/wg_address".path;
extraEnv = {
FIREWALL_VPN_INPUT_PORTS.fromFile = config.sops.secrets."qbittorrent/torrenting_port".path;
};
};
qbittorrent.extraEnv = {
TORRENTING_PORT.fromFile = config.sops.secrets."qbittorrent/torrenting_port".path;
};
jellyfin = {
oidc = {
enable = true;
clientSecretFile = config.sops.secrets."jellyfin/authelia/client_secret".path;
};
};
qui = {
enable = true;
oidc = {
enable = true;
clientSecretFile = config.sops.secrets."qui/authelia/client_secret".path;
};
};
profilarr.enable = true;
seerr.enable = true;
};
}Notes
By default, Jellyfin writes to /config/cache/transcodes for transcoding. This can cause a high amount of write operations on the underlying disk. To avoid this, you can optionally mount a tmpfs into the container:
{
nps.stacks.streaming = {
containers.jellyfin.extraPodmanArgs = [ "--tmpfs=/config/cache/transcodes:size=4G" ];
};
}Ram size to be determined on what you have available but 4G seems to be sufficient for most transcodes. Thanks to @Zer0PointModule for the hint.
Stack Options
nps.stacks.streaming.bazarr.db.passwordFile
The file containing the PostgreSQL password for the database. Only used if db.type is set to "postgres".
nps.stacks.streaming.bazarr.db.type
Type of the database to use.
Can be set to "sqlite" or "postgres".
If set to "postgres", the passwordFile option must be set.
nps.stacks.streaming.bazarr.db.username
The PostgreSQL user to use for the database. Only used if db.type is set to "postgres".
nps.stacks.streaming.bazarr.enable
Whether to enable bazarr.
nps.stacks.streaming.bazarr.extraEnv
Extra environment variables to set for the container. Variables can be either set directly or sourced from a file (e.g. for secrets).
attribute set of (null or boolean or signed integer or string or absolute path or (submodule)){ }nps.stacks.streaming.containers.bazarr
Alias of {option}services.podman.containers.bazarr.
nps.stacks.streaming.containers.gluetun
Alias of {option}services.podman.containers.gluetun.
nps.stacks.streaming.containers.jellyfin
Alias of {option}services.podman.containers.jellyfin.
nps.stacks.streaming.containers.prowlarr
Alias of {option}services.podman.containers.prowlarr.
nps.stacks.streaming.containers.qbittorrent
Alias of {option}services.podman.containers.qbittorrent.
nps.stacks.streaming.containers.qui
Alias of {option}services.podman.containers.qui.
nps.stacks.streaming.containers.radarr
Alias of {option}services.podman.containers.radarr.
nps.stacks.streaming.containers.seerr
Alias of {option}services.podman.containers.seerr.
nps.stacks.streaming.containers.sonarr
Alias of {option}services.podman.containers.sonarr.
nps.stacks.streaming.enable
Whether to enable streaming.
nps.stacks.streaming.flaresolverr.enable
Whether to enable Flaresolverr.
nps.stacks.streaming.gluetun.enable
Whether to enable Gluetun.
nps.stacks.streaming.gluetun.extraEnv
Extra environment variables to set for the container. Variables can be either set directly or sourced from a file (e.g. for secrets).
See https://github.com/qdm12/gluetun-wiki/tree/main/setup/options
attribute set of (null or boolean or signed integer or string or absolute path or (submodule)){ }{
HTTPPROXY_PASSWORD = {
fromFile = "/run/secrets/http_proxy_password";
};
HTTP_CONTROL_SERVER_LOG = "off";
SERVER_NAMES = "Alderamin,Alderamin";
}nps.stacks.streaming.gluetun.settings
Additional Gluetun configuration settings
See https://github.com/qdm12/gluetun-wiki/blob/main/setup/advanced/control-server.md#configuration
nps.stacks.streaming.gluetun.vpnProvider
The VPN provider to use with Gluetun.
nps.stacks.streaming.gluetun.wireguardAddressesFile
Path to the file containing the Wireguard addresses. Will be used to set the WIREGUARD_ADDRESSES environment variable.
nps.stacks.streaming.gluetun.wireguardPresharedKeyFile
Path to the file containing the Wireguard pre-shared key. Will be used to set the WIREGUARD_PRESHARED_KEY environment variable.
nps.stacks.streaming.gluetun.wireguardPrivateKeyFile
Path to the file containing the Wireguard private key. Will be used to set the WIREGUARD_PRIVATE_KEY environment variable.
nps.stacks.streaming.jellyfin.enable
Whether to enable Jellyfin.
nps.stacks.streaming.jellyfin.oidc.adminGroup
Users of this group will be assigned admin rights in Jellyfin
nps.stacks.streaming.jellyfin.oidc.clientSecretFile
The file containing the client secret for the OIDC client that will be registered in Authelia.
For examples on how to generate a client secret, see
https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#client-secret
stringconfig.sops.secrets."immich/authelia/client_secret".path"nps.stacks.streaming.jellyfin.oidc.clientSecretHash
The client secret hash. For examples on how to generate a client secret, see https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#client-secret
The value can be passed in multiple ways:
- As a literal string
- As an absolute path to a file containing the hash (
toFile) - As an absolute oath to a file containing the client_secret, in which case the hash will be automatically computed (
toHash) - As
null
If left unset (null), the client secret will be read from the file specified in the clientSecretFile option and hashed automatically before being passed to the Authelia container.
null or string or (submodule)null# Literal String:
"$pbkdf2-sha512$310000$cbOAIWbfz3vCVXIPIp6d2A$J0klwULa6TvPRCU1HAfuKua/dMKTl8gbTYJz2N73ejGUu0LUGz/y3kwmJLuKuAYGg3WQOT0q9ZzVHHUvpKpgvQ"
# Client secret hash stored in a file
{ fromFile = config.sops.secrets."immich/client_secret_hash".path; }
# Client secret stored in a file: Hash will be computed dynamically
{ toHash = config.sops.secrets."immich/client_secret".path; }
# Null (default): Hash will be computed automatically based on the clientSecretFile option
# Equivalent to { toHash = cfg.oidc.clientSecretFile; }
nullnps.stacks.streaming.jellyfin.oidc.enable
Whether to enable OIDC login with Authelia. This will register an OIDC client in Authelia and setup the necessary configuration file.
The plugin configuration will be automatically provided, the plugin itself has to be installed in the Jellyfin Web-UI tho.
For details, see:
nps.stacks.streaming.jellyfin.oidc.userGroup
Users of this group will be able to log in
nps.stacks.streaming.profilarr.enable
Whether to enable Profilarr.
nps.stacks.streaming.prowlarr.db.passwordFile
The file containing the PostgreSQL password for the database. Only used if db.type is set to "postgres".
nps.stacks.streaming.prowlarr.db.type
Type of the database to use.
Can be set to "sqlite" or "postgres".
If set to "postgres", the passwordFile option must be set.
nps.stacks.streaming.prowlarr.db.username
The PostgreSQL user to use for the database. Only used if db.type is set to "postgres".
nps.stacks.streaming.prowlarr.enable
Whether to enable prowlarr.
nps.stacks.streaming.prowlarr.extraEnv
Extra environment variables to set for the container. Variables can be either set directly or sourced from a file (e.g. for secrets).
attribute set of (null or boolean or signed integer or string or absolute path or (submodule)){ }nps.stacks.streaming.qbittorrent.enable
Whether to enable qBittorrent.
nps.stacks.streaming.qbittorrent.extraEnv
Extra environment variables to set for the container. Variables can be either set directly or sourced from a file (e.g. for secrets).
See https://docs.linuxserver.io/images/docker-qbittorrent/#environment-variables-e
attribute set of (null or boolean or signed integer or string or absolute path or (submodule)){ }{
TORRENTING_PORT = "6881";
}nps.stacks.streaming.qui.adminPasswordFile
Path to the file containing the admin password. If set, an admin user will be created automatically.
nps.stacks.streaming.qui.adminUsername
Admin username to access the dashboard.
nps.stacks.streaming.qui.enable
Whether to enable qui.
nps.stacks.streaming.qui.oidc.clientSecretFile
The file containing the client secret for the OIDC client that will be registered in Authelia.
For examples on how to generate a client secret, see
https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#client-secret
stringconfig.sops.secrets."immich/authelia/client_secret".path"nps.stacks.streaming.qui.oidc.clientSecretHash
The client secret hash. For examples on how to generate a client secret, see https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#client-secret
The value can be passed in multiple ways:
- As a literal string
- As an absolute path to a file containing the hash (
toFile) - As an absolute oath to a file containing the client_secret, in which case the hash will be automatically computed (
toHash) - As
null
If left unset (null), the client secret will be read from the file specified in the clientSecretFile option and hashed automatically before being passed to the Authelia container.
null or string or (submodule)null# Literal String:
"$pbkdf2-sha512$310000$cbOAIWbfz3vCVXIPIp6d2A$J0klwULa6TvPRCU1HAfuKua/dMKTl8gbTYJz2N73ejGUu0LUGz/y3kwmJLuKuAYGg3WQOT0q9ZzVHHUvpKpgvQ"
# Client secret hash stored in a file
{ fromFile = config.sops.secrets."immich/client_secret_hash".path; }
# Client secret stored in a file: Hash will be computed dynamically
{ toHash = config.sops.secrets."immich/client_secret".path; }
# Null (default): Hash will be computed automatically based on the clientSecretFile option
# Equivalent to { toHash = cfg.oidc.clientSecretFile; }
nullnps.stacks.streaming.qui.oidc.enable
Whether to enable OIDC login with Authelia. This will register an OIDC client in Authelia and setup the necessary configuration.
For details, see:
nps.stacks.streaming.qui.oidc.userGroup
Users of this group will be able to log in
nps.stacks.streaming.radarr.db.passwordFile
The file containing the PostgreSQL password for the database. Only used if db.type is set to "postgres".
nps.stacks.streaming.radarr.db.type
Type of the database to use.
Can be set to "sqlite" or "postgres".
If set to "postgres", the passwordFile option must be set.
nps.stacks.streaming.radarr.db.username
The PostgreSQL user to use for the database. Only used if db.type is set to "postgres".
nps.stacks.streaming.radarr.enable
Whether to enable radarr.
nps.stacks.streaming.radarr.extraEnv
Extra environment variables to set for the container. Variables can be either set directly or sourced from a file (e.g. for secrets).
attribute set of (null or boolean or signed integer or string or absolute path or (submodule)){ }nps.stacks.streaming.seerr.enable
Whether to enable Seerr.
nps.stacks.streaming.sonarr.db.passwordFile
The file containing the PostgreSQL password for the database. Only used if db.type is set to "postgres".
nps.stacks.streaming.sonarr.db.type
Type of the database to use.
Can be set to "sqlite" or "postgres".
If set to "postgres", the passwordFile option must be set.
nps.stacks.streaming.sonarr.db.username
The PostgreSQL user to use for the database. Only used if db.type is set to "postgres".
nps.stacks.streaming.sonarr.enable
Whether to enable sonarr.
nps.stacks.streaming.sonarr.extraEnv
Extra environment variables to set for the container. Variables can be either set directly or sourced from a file (e.g. for secrets).
attribute set of (null or boolean or signed integer or string or absolute path or (submodule)){ }