Add plex server module

Added the plex server docker container as a module to the container
modules.

Author: inverted-tree

hosts/itxserver/configuration.nix

@@ -17,6 +17,7 @@ in
     # All custom modules
     ../../modules/containers/stump.nix
     ../../modules/containers/homeassistant.nix
+    ../../modules/containers/plex.nix
     # Any other modules
     inputs.sops-nix.nixosModules.sops
   ];
@@ -71,8 +72,9 @@ in
     ];
     firewall = {
       allowedTCPPorts = [
-        8888
         8123
+        8888
+        32400
       ];
       allowedUDPPorts = [ ];
     };

modules/containers/plex.nix

@@ -0,0 +1,76 @@
+# Auto-generated using compose2nix v0.3.1. Edited.
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}@args:
+let
+  inherit (args) inputs;
+in
+{
+  imports = [ inputs.sops-nix.nixosModules.sops ];
+
+  # Secrets are managed via sops
+  sops = {
+    defaultSopsFile = ../../secrets/plex.env.enc;
+    defaultSopsFormat = "dotenv";
+    age.keyFile = "/home/lukas/.config/sops/age/keys.txt";
+    secrets.plex-env = { };
+  };
+
+  # Create persistent directory for postgres data
+  systemd.tmpfiles.rules = [
+    "d /srv/plex/config 0750 docker docker -"
+    "d /srv/plex/transcode 0750 docker docker -"
+  ];
+
+  # Runtime
+  virtualisation.docker = {
+    enable = true;
+    autoPrune.enable = true;
+  };
+  virtualisation.oci-containers.backend = "docker";
+
+  # Containers
+  virtualisation.oci-containers.containers."plex-server" = {
+    image = "plexinc/pms-docker";
+    environment = {
+      "PLEX_CLAIM" = "<claimToken>";
+      "TZ" = "Europe/Berlin";
+    };
+    environmentFiles = [ config.sops.secrets.plex-env.path ];
+    volumes = [
+      "/data/movies:/data/movies:rw"
+      "/data/music:/data/music:rw"
+      "/srv/plex/config:/config:rw"
+      "/srv/plex/transcode:/transcode:rw"
+    ];
+    log-driver = "journald";
+    extraOptions = [
+      "--device=/dev/dri:/dev/dri:rwm"
+      "--network=host"
+    ];
+  };
+  systemd.services."docker-plex-server" = {
+    serviceConfig = {
+      Restart = lib.mkOverride 90 "no";
+    };
+    partOf = [
+      "docker-compose-plex-server-root.target"
+    ];
+    wantedBy = [
+      "docker-compose-plex-server-root.target"
+    ];
+  };
+
+  # Root service
+  # When started, this will automatically create all resources and start
+  # the containers. When stopped, this will teardown all resources.
+  systemd.targets."docker-compose-plex-server-root" = {
+    unitConfig = {
+      Description = "Root target generated by compose2nix.";
+    };
+    wantedBy = [ "multi-user.target" ];
+  };
+}

secrets/plex.env.enc

@@ -0,0 +1,7 @@
+PLEX_CLAIM=ENC[AES256_GCM,data:S8tE/5MdiRQqNf+VJOFEv14F6590rtsTcQU=,iv:268aqyD5p76v7ozyN0sTGfqU/L2Hi8nt4i/s7tYQCqU=,tag:XmhMNhUIGaNngyUXoYkpEg==,type:str]
+sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpMEduaUNyRml5VDFmTkpl\nOSt4U1Jqdkd3ZURhVlRIdlp4OUZlYjQ5Q2hBCkgvbFNPVjAzeXEvQWFiMksxYi9F\nbUZLMVN6UEF5Mlc1U1U0M2ZNZTRySkEKLS0tIHpRWS9LN214Y0dFVG5lZzdwTGNl\nektuV2FCVmNISU0vcVlHNG9ZSGNUMjgK6u+aR9XBhbNm/dKnjtfUx0Y1fvTMoTzA\nDomSeRsBWfMdi2ePbrwvThqmxmLxn90G+DUuoJhKzRPBCRH9U86U5A==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_0__map_recipient=age1njkfdv4ayqlqak76az6ezhse8hn3gmgt9ntur2edyz3watx2xdqq3jklqm
+sops_lastmodified=2025-06-26T13:51:36Z
+sops_mac=ENC[AES256_GCM,data:LN4JVvnDc0vVfGtdlMCsbjwKHhpIhdjg1ff8DWIqbrUBhFyQdaDBOSdE2dpa2EWGTt33OUMFDXlX0vxDoxtJWVfTb80tttMwiYQtFHhmYrtA8Cr3dnVdKvpxEg0dMS4csXL7QyVyW2RqKuoQRdHRY/BEQTcnYOCu9G1HdVn7tE0=,iv:blb7hxRfssqpwa2NuPRXx0jOMVw86Sf9ftbV8zafof8=,tag:TKZbY0qXlAYuu0RvaF5www==,type:str]
+sops_unencrypted_suffix=_unencrypted
+sops_version=3.10.2