genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-03-27 01:17:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #572 from genebean/pinchflat

Browse source 
Setup Pinchflat
This commit is contained in:
Gene Liverman 2025-11-10 19:38:12 -05:00 committed by GitHub
commit 22d8e93c8a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 45 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

39
modules/hosts/nixos/nixnuc/containers/pinchflat.nix Normal file
View file

@ -0,0 +1,39 @@
{ config, ... }: let
volume_base = "/orico/pinchflat";
jellyfin_youtube = "/orico/jellyfin/data/YouTube";
container_user = "jellyfin";
uid = "990";
gid = "989";
in {
virtualisation.oci-containers.containers = {
"pinchflat" = {
autoStart = true;
environmentFiles = [
"${volume_base}/.env"
];
extraOptions = [
"--security-opt"
"label=disable"
"--userns=keep-id"
];
image = "ghcr.io/kieraneglin/pinchflat:latest";
ports = [
"8945:8945"
];
user = "${uid}:${gid}"; # observed UID:GID of jellyfin user
volumes = [
"${volume_base}/config:/config"
"${jellyfin_youtube}:/downloads"
];
};
};
services.restic.backups.daily.paths = [ volume_base ];
sops.secrets.pinchflat_dot_env = {
owner = "${container_user}";
path = "${volume_base}/.env";
restartUnits = [ "${config.virtualisation.oci-containers.containers.pinchflat.serviceName}" ];
};
}

2
modules/hosts/nixos/nixnuc/default.nix
View file

@ -10,6 +10,7 @@ in {
./hardware-configuration.nix
./containers/audiobookshelf.nix
./containers/mountain-mesh-bot-discord.nix
./containers/pinchflat.nix
./containers/psitransfer.nix
../../common/linux/lets-encrypt.nix
../../common/linux/restic.nix
@ -91,6 +92,7 @@ in {
8384 # Syncthing gui
8888 # Atuin
8090 # Wallabag in docker compose
8945 # Pinchflat in oci-container
9090 # Prometheus Server
9273 # Telegraf's Prometheus endpoint
13378 # Audiobookshelf in oci-container

7
modules/hosts/nixos/nixnuc/secrets.yaml
View file

@ -11,6 +11,7 @@ mealie: ENC[AES256_GCM,data:fZFBWlh/nbxK0GA6+fb1FK6aFfbiV/GsBYKYRPgavcsB9h4HwRSZ
mtnmesh_bot_dot_env: ENC[AES256_GCM,data:jKz0voG/a7Eq+zHI2fsejTpu5H+ic5ZE8VmtOQDQEOTvYT8GWr2oCGwh68ql7g+nU5hlNN7uLl9LreW59nTgmvWNCVjVNKchxJeydktMUoq2FlgyoC2I354bi9gFEL0X5JYRR7jG9iwy4WGyEFfhhUJn1MSwOurRZPw/tdWTUKQVwN5oqjMxkXrZhFLDzq6BrTs0hBpzRYTe,iv:ZBxHkW8VyU+8v4GiDJMEaeqm3Fdtuwm7M/7YXkfkMnw=,tag:S8hTOSicQNIAj/Gdxzw5+A==,type:str]
nextcloud_admin_pass: ENC[AES256_GCM,data:KztB3Tkqlt73PEO41lthGYElrbwVdfqQgT6f,iv:kRwXqGJO4AUOMq+uYzndGhscaJiyvG4ANKabHHd78YM=,tag:dP3PgKafDTv8x7huKJGDqA==,type:str]
psitransfer_dot_env: ENC[AES256_GCM,data:bhvU0AOCjecZ62BtLw4H1DdkLeatI+uUl6L7UkdDRkBF3sayO45Z1eR4q60tflXucyTGhT8WgKFz53I+C2dn265wzojIRc3Xr4TBLyWpfJ7/dct40SckgUiRvOnrefiriWQ=,iv:DGMhDkzgeupzzTJnCdVWDPUSo2wxI3MAypKQwVfHExE=,tag:KbteGqrkqgj2XB1lvlk/yQ==,type:str]
pinchflat_dot_env: ENC[AES256_GCM,data:8DLiFXThG5PGJ0ymW5bMVy5A8dM=,iv:BGkVvxaNwFIMSaA3F6h4ZsgkC9tm1lohA0lg2pgZhpw=,tag:qQNrluP5exdKG3NXgQHM8g==,type:str]
tandoor_db_pass: ENC[AES256_GCM,data:X0unx5jquLsUXadbF6xLjjeGY+f8Ec4kdc15JQ==,iv:XptlJHfAkF+3jbgJTqxhVReYjuVVdk3NzfPepP78DRI=,tag:3RG5P9QGCJ/fjdxWpY1xWA==,type:str]
tandoor_secret_key: ENC[AES256_GCM,data:aSQRdtWUZQzy5rvQBPAvYFvwTqyu16UGrvUayxqi2WdsTOfqOyxQ7ywNEy/g/qPqSbwM,iv:kbct/gvfYhU6GOhkomY80o/Sx5mr9FY9SAFJGNrj3Ow=,tag:v+LKQ9UM5nzzd77By7TnGg==,type:str]
sops:
@ -24,7 +25,7 @@ sops:
bHZlNTZDV2NYU1hQQy9mem80SFF6TFkKfmjkJBfTdh0vTtGaVx1t3tHJvSsAwdYD
PF025X9U+yG2oIopwXEVBkxcD70eyuJn3OqH0xoVLBkbhNM9i8LHrA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-06T12:07:03Z"
mac: ENC[AES256_GCM,data:9CiwZouVAkxj8kFANfD5rXltouVZ5C1Pd8a10TeC61uCtqAJkDxDTD4odZZcODUtKigCmtgo2q1ru9njBhbW463IOEDFhdQ1mPVbWVXmyLNuSpQAfH2pFyy1kWuOj2Ol00qO/bca5ng/Yi+nAEHLUgOJSkU31DMWRBR5b3080IM=,iv:HkwXc7Oibp90D/no66PcwwNR+UfbwqdDvXHBz3+D2Oo=,tag:2mM7zEA+mHG9Oi3lOgqWLA==,type:str]
lastmodified: "2025-11-10T23:26:34Z"
mac: ENC[AES256_GCM,data:pwgPKBBp2oNu2RRZDprbpVmWxCbsReS3l5/alUfJ7KrMWU6tWiKXNbE2HY/40HYAGyJQ4Jal+u4tKEnPReVubEIe8NwuMlXaDh4ynEN1DId9FaRuCjKatkySWPOGO6DFd4Ajr1Xt1XtWVRqhlCAf5nE+nG1ZBQbloWgOEQZ9m6s=,iv:D0l5yu4lFwrboHbTN26ECPBM6MluPHGR2x6JAwbAUoE=,tag:ctlUVc2CFglsYuTYyCuuYQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.11.0