nixpkgs/nixos/modules/services/misc/plex.nix

{
  config,
  pkgs,
  lib,
  ...
}:
let
  cfg = config.services.plex;
in
{
  imports = [
    (lib.mkRemovedOptionModule [
      "services"
      "plex"
      "managePlugins"
    ] "Please omit or define the option: `services.plex.extraPlugins' instead.")
  ];

  options = {
    services.plex = {
      enable = lib.mkEnableOption "Plex Media Server";

      dataDir = lib.mkOption {
        type = lib.types.str;
        default = "/var/lib/plex";
        description = ''
          The directory where Plex stores its data files.
        '';
      };

      openFirewall = lib.mkOption {
        type = lib.types.bool;
        default = false;
        description = ''
          Open ports in the firewall for the media server.
        '';
      };

      user = lib.mkOption {
        type = lib.types.str;
        default = "plex";
        description = ''
          User account under which Plex runs.
        '';
      };

      group = lib.mkOption {
        type = lib.types.str;
        default = "plex";
        description = ''
          Group under which Plex runs.
        '';
      };

      extraPlugins = lib.mkOption {
        type = lib.types.listOf lib.types.path;
        default = [ ];
        description = ''
          A list of paths to extra plugin bundles to install in Plex's plugin
          directory. Every time the systemd unit for Plex starts up, all of the
          symlinks in Plex's plugin directory will be cleared and this module
          will symlink all of the paths specified here to that directory.
        '';
        example = lib.literalExpression ''
          [
            (builtins.path {
              name = "Audnexus.bundle";
              path = pkgs.fetchFromGitHub {
                owner = "djdembeck";
                repo = "Audnexus.bundle";
                rev = "v0.2.8";
                sha256 = "sha256-IWOSz3vYL7zhdHan468xNc6C/eQ2C2BukQlaJNLXh7E=";
              };
            })
          ]
        '';
      };

      extraScanners = lib.mkOption {
        type = lib.types.listOf lib.types.path;
        default = [ ];
        description = ''
          A list of paths to extra scanners to install in Plex's scanners
          directory.

          Every time the systemd unit for Plex starts up, all of the symlinks
          in Plex's scanners directory will be cleared and this module will
          symlink all of the paths specified here to that directory.
        '';
        example = lib.literalExpression ''
          [
            (fetchFromGitHub {
              owner = "ZeroQI";
              repo = "Absolute-Series-Scanner";
              rev = "773a39f502a1204b0b0255903cee4ed02c46fde0";
              sha256 = "4l+vpiDdC8L/EeJowUgYyB3JPNTZ1sauN8liFAcK+PY=";
            })
          ]
        '';
      };

      accelerationDevices = lib.mkOption {
        type = lib.types.listOf lib.types.str;
        default = [ "*" ];
        example = [ "/dev/dri/renderD128" ];
        description = ''
          A list of device paths to hardware acceleration devices that Plex should
          have access to. This is useful when transcoding media files.
          The special value `"*"` will allow all devices.
        '';
      };

      package = lib.mkPackageOption pkgs "plex" {
        extraDescription = ''
          Plex subscribers may wish to use their own package here,
          pointing to subscriber-only server versions.
        '';
      };
    };
  };

  config = lib.mkIf cfg.enable {
    # Most of this is just copied from the RPM package's systemd service file.
    systemd.services.plex = {
      description = "Plex Media Server";
      after = [ "network.target" ];
      wantedBy = [ "multi-user.target" ];

      serviceConfig = {
        Type = "simple";
        User = cfg.user;
        Group = cfg.group;

        # Run the pre-start script with full permissions (the "!" prefix) so it
        # can create the data directory if necessary.
        ExecStartPre =
          let
            preStartScript = pkgs.writeScript "plex-run-prestart" ''
              #!${pkgs.bash}/bin/bash

              # Create data directory if it doesn't exist
              if ! test -d "$PLEX_DATADIR"; then
                echo "Creating initial Plex data directory in: $PLEX_DATADIR"
                install -d -m 0755 -o "${cfg.user}" -g "${cfg.group}" "$PLEX_DATADIR"
              fi
            '';
          in
          "!${preStartScript}";

        ExecStart = "${cfg.package}/bin/plexmediaserver";
        KillSignal = "SIGQUIT";
        PIDFile = "${cfg.dataDir}/Plex Media Server/plexmediaserver.pid";
        Restart = "on-failure";

        # Hardening
        NoNewPrivileges = true;
        PrivateTmp = true;
        PrivateDevices = cfg.accelerationDevices == [ ];
        DeviceAllow = lib.mkIf (
          cfg.accelerationDevices != [ ] && !lib.elem "*" cfg.accelerationDevices
        ) cfg.accelerationDevices;
        ProtectSystem = true;
        ProtectHome = true;
        ProtectControlGroups = true;
        ProtectKernelModules = true;
        ProtectKernelTunables = true;
        RestrictAddressFamilies = [
          "AF_UNIX"
          "AF_INET"
          "AF_INET6"
          "AF_NETLINK"
        ];
        # This could be made to work if the namespaces needed were known
        # RestrictNamespaces = true;
        RestrictRealtime = true;
        RestrictSUIDSGID = true;
        MemoryDenyWriteExecute = true;
        LockPersonality = true;
      };

      environment = {
        # Configuration for our FHS userenv script
        PLEX_DATADIR = cfg.dataDir;
        PLEX_PLUGINS = lib.concatMapStringsSep ":" builtins.toString cfg.extraPlugins;
        PLEX_SCANNERS = lib.concatMapStringsSep ":" builtins.toString cfg.extraScanners;

        # The following variables should be set by the FHS userenv script:
        #   PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR
        #   PLEX_MEDIA_SERVER_HOME

        # Allow access to GPU acceleration; the Plex LD_LIBRARY_PATH is added
        # by the FHS userenv script.
        LD_LIBRARY_PATH = "/run/opengl-driver/lib";

        PLEX_MEDIA_SERVER_MAX_PLUGIN_PROCS = "6";
        PLEX_MEDIA_SERVER_TMPDIR = "/tmp";
        PLEX_MEDIA_SERVER_USE_SYSLOG = "true";
        LC_ALL = "en_US.UTF-8";
        LANG = "en_US.UTF-8";
      };
    };

    networking.firewall = lib.mkIf cfg.openFirewall {
      allowedTCPPorts = [
        32400
        3005
        8324
        32469
      ];
      allowedUDPPorts = [
        1900
        5353
        32410
        32412
        32413
        32414
      ];
    };

    users.users = lib.mkIf (cfg.user == "plex") {
      plex = {
        group = cfg.group;
        uid = config.ids.uids.plex;
      };
    };

    users.groups = lib.mkIf (cfg.group == "plex") {
      plex = {
        gid = config.ids.gids.plex;
      };
    };
  };
}
plex: init at 0.9.11.16.958 Added a package and module for Plex Media Server, an application for managing media collections across multiple devices. 2015-04-16 13:15:59 -05:00			`{`
			`config,`
			`pkgs,`
			`lib,`
			`...`
			`}:`
			`let`
			`cfg = config.services.plex;`
			`in`
			`{`
plex: remove unused option `managePlugins` 2022-02-07 10:57:40 +01:00			`imports = [`
nixos/services.plex: remove `with lib;` 2024-08-30 00:46:41 +02:00			`(lib.mkRemovedOptionModule [`
			`"services"`
			`"plex"`
			`"managePlugins"`
			] "Please omit or define the option: `services.plex.extraPlugins' instead.")
plex: remove unused option `managePlugins` 2022-02-07 10:57:40 +01:00			`];`

plex: init at 0.9.11.16.958 Added a package and module for Plex Media Server, an application for managing media collections across multiple devices. 2015-04-16 13:15:59 -05:00			`options = {`
			`services.plex = {`
nixos/services.plex: remove `with lib;` 2024-08-30 00:46:41 +02:00			`enable = lib.mkEnableOption "Plex Media Server";`
plex: init at 0.9.11.16.958 Added a package and module for Plex Media Server, an application for managing media collections across multiple devices. 2015-04-16 13:15:59 -05:00
nixos/services.plex: remove `with lib;` 2024-08-30 00:46:41 +02:00			`dataDir = lib.mkOption {`
			`type = lib.types.str;`
plex: init at 0.9.11.16.958 Added a package and module for Plex Media Server, an application for managing media collections across multiple devices. 2015-04-16 13:15:59 -05:00			`default = "/var/lib/plex";`
plex: rewrite to use FHS userenv 2019-02-28 05:15:28 -05:00			`description = ''`
			`The directory where Plex stores its data files.`
			`'';`
plex: init at 0.9.11.16.958 Added a package and module for Plex Media Server, an application for managing media collections across multiple devices. 2015-04-16 13:15:59 -05:00			`};`

nixos/services.plex: remove `with lib;` 2024-08-30 00:46:41 +02:00			`openFirewall = lib.mkOption {`
			`type = lib.types.bool;`
plex: add config option to open recommended network ports as prescribed at https://support.plex.tv/hc/en-us/articles/201543147-What-network-ports-do-I-need-to-allow-through-my-firewall- 2016-12-18 21:59:06 -05:00			`default = false;`
			`description = ''`
plex: rewrite to use FHS userenv 2019-02-28 05:15:28 -05:00			`Open ports in the firewall for the media server.`
plex: add config option to open recommended network ports as prescribed at https://support.plex.tv/hc/en-us/articles/201543147-What-network-ports-do-I-need-to-allow-through-my-firewall- 2016-12-18 21:59:06 -05:00			`'';`
			`};`

nixos/services.plex: remove `with lib;` 2024-08-30 00:46:41 +02:00			`user = lib.mkOption {`
			`type = lib.types.str;`
plex: init at 0.9.11.16.958 Added a package and module for Plex Media Server, an application for managing media collections across multiple devices. 2015-04-16 13:15:59 -05:00			`default = "plex";`
plex: rewrite to use FHS userenv 2019-02-28 05:15:28 -05:00			`description = ''`
			`User account under which Plex runs.`
			`'';`
plex: init at 0.9.11.16.958 Added a package and module for Plex Media Server, an application for managing media collections across multiple devices. 2015-04-16 13:15:59 -05:00			`};`

nixos/services.plex: remove `with lib;` 2024-08-30 00:46:41 +02:00			`group = lib.mkOption {`
			`type = lib.types.str;`
plex: init at 0.9.11.16.958 Added a package and module for Plex Media Server, an application for managing media collections across multiple devices. 2015-04-16 13:15:59 -05:00			`default = "plex";`
plex: rewrite to use FHS userenv 2019-02-28 05:15:28 -05:00			`description = ''`
			`Group under which Plex runs.`
			`'';`
plex: init at 0.9.11.16.958 Added a package and module for Plex Media Server, an application for managing media collections across multiple devices. 2015-04-16 13:15:59 -05:00			`};`
plex: add support for managing plugins via Nix Added support for managing Plex plugins via Nix. This is done via an "extraPlugins" configuration option which takes a list of paths to plugin bundles, which are then symlinked into Plex's plugin directory when the service is started. 2015-04-17 14:45:10 -05:00
nixos/services.plex: remove `with lib;` 2024-08-30 00:46:41 +02:00			`extraPlugins = lib.mkOption {`
			`type = lib.types.listOf lib.types.path;`
plex: add support for managing plugins via Nix Added support for managing Plex plugins via Nix. This is done via an "extraPlugins" configuration option which takes a list of paths to plugin bundles, which are then symlinked into Plex's plugin directory when the service is started. 2015-04-17 14:45:10 -05:00			`default = [ ];`
			`description = ''`
			`A list of paths to extra plugin bundles to install in Plex's plugin`
			`directory. Every time the systemd unit for Plex starts up, all of the`
			`symlinks in Plex's plugin directory will be cleared and this module`
plex: remove unused option `managePlugins` 2022-02-07 10:57:40 +01:00			`will symlink all of the paths specified here to that directory.`
plex: add support for managing plugins via Nix Added support for managing Plex plugins via Nix. This is done via an "extraPlugins" configuration option which takes a list of paths to plugin bundles, which are then symlinked into Plex's plugin directory when the service is started. 2015-04-17 14:45:10 -05:00			`'';`
nixos/services.plex: remove `with lib;` 2024-08-30 00:46:41 +02:00			`example = lib.literalExpression ''`
plex: extraPlugins example 2022-02-06 18:35:58 +01:00			`[`
			`(builtins.path {`
			`name = "Audnexus.bundle";`
			`path = pkgs.fetchFromGitHub {`
			`owner = "djdembeck";`
			`repo = "Audnexus.bundle";`
			`rev = "v0.2.8";`
			`sha256 = "sha256-IWOSz3vYL7zhdHan468xNc6C/eQ2C2BukQlaJNLXh7E=";`
			`};`
			`})`
			`]`
			`'';`
plex: add support for managing plugins via Nix Added support for managing Plex plugins via Nix. This is done via an "extraPlugins" configuration option which takes a list of paths to plugin bundles, which are then symlinked into Plex's plugin directory when the service is started. 2015-04-17 14:45:10 -05:00			`};`
nixos/plex: Add 'package' option to module Signed-off-by: Austin Seipp <aseipp@pobox.com> 2015-12-30 20:19:04 -06:00
nixos/services.plex: remove `with lib;` 2024-08-30 00:46:41 +02:00			`extraScanners = lib.mkOption {`
			`type = lib.types.listOf lib.types.path;`
plex: add support for custom scanners 2021-09-17 21:12:20 -04:00			`default = [ ];`
			`description = ''`
			`A list of paths to extra scanners to install in Plex's scanners`
			`directory.`

			`Every time the systemd unit for Plex starts up, all of the symlinks`
			`in Plex's scanners directory will be cleared and this module will`
			`symlink all of the paths specified here to that directory.`
			`'';`
nixos/services.plex: remove `with lib;` 2024-08-30 00:46:41 +02:00			`example = lib.literalExpression ''`
plex: add support for custom scanners 2021-09-17 21:12:20 -04:00			`[`
			`(fetchFromGitHub {`
			`owner = "ZeroQI";`
			`repo = "Absolute-Series-Scanner";`
			`rev = "773a39f502a1204b0b0255903cee4ed02c46fde0";`
			`sha256 = "4l+vpiDdC8L/EeJowUgYyB3JPNTZ1sauN8liFAcK+PY=";`
			`})`
			`]`
			`'';`
			`};`

nixos/services.plex: remove `with lib;` 2024-08-30 00:46:41 +02:00			`accelerationDevices = lib.mkOption {`
			`type = lib.types.listOf lib.types.str;`
nixos/plex: add systemd hardening configuration 2024-03-03 19:21:08 -05:00			`default = [ "*" ];`
			`example = [ "/dev/dri/renderD128" ];`
			`description = ''`
			`A list of device paths to hardware acceleration devices that Plex should`
			`have access to. This is useful when transcoding media files.`
			The special value `"*"` will allow all devices.
			`'';`
			`};`

nixos/services.plex: remove `with lib;` 2024-08-30 00:46:41 +02:00			`package = lib.mkPackageOption pkgs "plex" {`
treewide: use `mkPackageOption` This commit replaces a lot of usages of `mkOption` with the package type, to be `mkPackageOption`, in order to reduce the amount of code. 2023-11-27 01:19:27 +01:00			`extraDescription = ''`
			`Plex subscribers may wish to use their own package here,`
			`pointing to subscriber-only server versions.`
nixos/plex: Add 'package' option to module Signed-off-by: Austin Seipp <aseipp@pobox.com> 2015-12-30 20:19:04 -06:00			`'';`
			`};`
plex: init at 0.9.11.16.958 Added a package and module for Plex Media Server, an application for managing media collections across multiple devices. 2015-04-16 13:15:59 -05:00			`};`
			`};`

nixos/services.plex: remove `with lib;` 2024-08-30 00:46:41 +02:00			`config = lib.mkIf cfg.enable {`
plex: init at 0.9.11.16.958 Added a package and module for Plex Media Server, an application for managing media collections across multiple devices. 2015-04-16 13:15:59 -05:00			`# Most of this is just copied from the RPM package's systemd service file.`
			`systemd.services.plex = {`
			`description = "Plex Media Server";`
			`after = [ "network.target" ];`
			`wantedBy = [ "multi-user.target" ];`
plex: rewrite to use FHS userenv 2019-02-28 05:15:28 -05:00
plex: init at 0.9.11.16.958 Added a package and module for Plex Media Server, an application for managing media collections across multiple devices. 2015-04-16 13:15:59 -05:00			`serviceConfig = {`
			`Type = "simple";`
			`User = cfg.user;`
			`Group = cfg.group;`
plex: rewrite to use FHS userenv 2019-02-28 05:15:28 -05:00
			`# Run the pre-start script with full permissions (the "!" prefix) so it`
			`# can create the data directory if necessary.`
			`ExecStartPre =`
			`let`
			`preStartScript = pkgs.writeScript "plex-run-prestart" ''`
			`#!${pkgs.bash}/bin/bash`
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev b32a0943687d2a5094a6d92f25a4b6e16a76b5b7 result/bin/apply-formatting $NIXPKGS_PATH 2024-12-10 20:26:33 +01:00
plex: rewrite to use FHS userenv 2019-02-28 05:15:28 -05:00			`# Create data directory if it doesn't exist`
			`if ! test -d "$PLEX_DATADIR"; then`
			`echo "Creating initial Plex data directory in: $PLEX_DATADIR"`
			`install -d -m 0755 -o "${cfg.user}" -g "${cfg.group}" "$PLEX_DATADIR"`
			`fi`
			`'';`
			`in`
			`"!${preStartScript}";`

			`ExecStart = "${cfg.package}/bin/plexmediaserver";`
plex: Don't overwrite primary database on restart This change fixes two major issues: 1. If you don't use SIGQUIT to stop Plex it will corrupt its own database :( 2. Newer versions of Plex keep metadata in the `com.plexapp.plugins.library.db` database. This is the file that we copy into `/var/lib/plex/.skeleton`. If we copy the empty database on top of this one the user will lose their entire library metadata. This change skips the copy if the file already exists. 2017-04-14 11:19:29 -07:00			`KillSignal = "SIGQUIT";`
nixos/plex: specify PIDFile in systemd service 2022-08-27 17:21:19 +01:00			`PIDFile = "${cfg.dataDir}/Plex Media Server/plexmediaserver.pid";`
plex module: restart on failure 2016-04-08 10:55:00 -07:00			`Restart = "on-failure";`
nixos/plex: add systemd hardening configuration 2024-03-03 19:21:08 -05:00
			`# Hardening`
			`NoNewPrivileges = true;`
			`PrivateTmp = true;`
			`PrivateDevices = cfg.accelerationDevices == [ ];`
nixos/services.plex: remove `with lib;` 2024-08-30 00:46:41 +02:00			`DeviceAllow = lib.mkIf (`
			`cfg.accelerationDevices != [ ] && !lib.elem "*" cfg.accelerationDevices`
			`) cfg.accelerationDevices;`
nixos/plex: add systemd hardening configuration 2024-03-03 19:21:08 -05:00			`ProtectSystem = true;`
			`ProtectHome = true;`
			`ProtectControlGroups = true;`
			`ProtectKernelModules = true;`
			`ProtectKernelTunables = true;`
			`RestrictAddressFamilies = [`
			`"AF_UNIX"`
			`"AF_INET"`
			`"AF_INET6"`
			`"AF_NETLINK"`
			`];`
			`# This could be made to work if the namespaces needed were known`
			`# RestrictNamespaces = true;`
			`RestrictRealtime = true;`
			`RestrictSUIDSGID = true;`
			`MemoryDenyWriteExecute = true;`
			`LockPersonality = true;`
plex: init at 0.9.11.16.958 Added a package and module for Plex Media Server, an application for managing media collections across multiple devices. 2015-04-16 13:15:59 -05:00			`};`
plex: rewrite to use FHS userenv 2019-02-28 05:15:28 -05:00
plex: init at 0.9.11.16.958 Added a package and module for Plex Media Server, an application for managing media collections across multiple devices. 2015-04-16 13:15:59 -05:00			`environment = {`
plex: rewrite to use FHS userenv 2019-02-28 05:15:28 -05:00			`# Configuration for our FHS userenv script`
			`PLEX_DATADIR = cfg.dataDir;`
nixos/services.plex: remove `with lib;` 2024-08-30 00:46:41 +02:00			`PLEX_PLUGINS = lib.concatMapStringsSep ":" builtins.toString cfg.extraPlugins;`
			`PLEX_SCANNERS = lib.concatMapStringsSep ":" builtins.toString cfg.extraScanners;`
plex: rewrite to use FHS userenv 2019-02-28 05:15:28 -05:00
			`# The following variables should be set by the FHS userenv script:`
			`# PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR`
			`# PLEX_MEDIA_SERVER_HOME`

			`# Allow access to GPU acceleration; the Plex LD_LIBRARY_PATH is added`
			`# by the FHS userenv script.`
			`LD_LIBRARY_PATH = "/run/opengl-driver/lib";`

plex: init at 0.9.11.16.958 Added a package and module for Plex Media Server, an application for managing media collections across multiple devices. 2015-04-16 13:15:59 -05:00			`PLEX_MEDIA_SERVER_MAX_PLUGIN_PROCS = "6";`
			`PLEX_MEDIA_SERVER_TMPDIR = "/tmp";`
Push plex logs to syslog/journald 2019-02-11 10:47:21 +08:00			`PLEX_MEDIA_SERVER_USE_SYSLOG = "true";`
plex: init at 0.9.11.16.958 Added a package and module for Plex Media Server, an application for managing media collections across multiple devices. 2015-04-16 13:15:59 -05:00			`LC_ALL = "en_US.UTF-8";`
			`LANG = "en_US.UTF-8";`
			`};`
			`};`

nixos/services.plex: remove `with lib;` 2024-08-30 00:46:41 +02:00			`networking.firewall = lib.mkIf cfg.openFirewall {`
plex: add config option to open recommended network ports as prescribed at https://support.plex.tv/hc/en-us/articles/201543147-What-network-ports-do-I-need-to-allow-through-my-firewall- 2016-12-18 21:59:06 -05:00			`allowedTCPPorts = [`
			`32400`
			`3005`
			`8324`
			`32469`
			`];`
			`allowedUDPPorts = [`
			`1900`
			`5353`
			`32410`
			`32412`
			`32413`
			`32414`
			`];`
			`};`

nixos/services.plex: remove `with lib;` 2024-08-30 00:46:41 +02:00			`users.users = lib.mkIf (cfg.user == "plex") {`
plex: init at 0.9.11.16.958 Added a package and module for Plex Media Server, an application for managing media collections across multiple devices. 2015-04-16 13:15:59 -05:00			`plex = {`
			`group = cfg.group;`
			`uid = config.ids.uids.plex;`
			`};`
			`};`

nixos/services.plex: remove `with lib;` 2024-08-30 00:46:41 +02:00			`users.groups = lib.mkIf (cfg.group == "plex") {`
plex: init at 0.9.11.16.958 Added a package and module for Plex Media Server, an application for managing media collections across multiple devices. 2015-04-16 13:15:59 -05:00			`plex = {`
			`gid = config.ids.gids.plex;`
			`};`
			`};`
			`};`
			`}`