diff --git a/modules/navidrome.nix b/modules/navidrome.nix index 90a701c..c6043d8 100644 --- a/modules/navidrome.nix +++ b/modules/navidrome.nix @@ -1,39 +1,55 @@ -{ ... }: +{ config, ... }: let + cfg = import ./vars.nix; domain = "music.mc-fucker.cool"; + port = cfg.navidrome.port; in { - #nixpkgs.config.packageOverrides = pkgs: - #{ - # navidrome = pkgs.callPackage ../packages/navidrome {}; - #}; + imports = [ + ./nginx.nix + ]; - services.navidrome = { - enable = true; - settings = { - MusicFolder = "/mnt/genc/Musik"; + sops.secrets."navidrome" = {}; + + virtualisation.oci-containers.containers.navidrome = { + image = "docker.io/deluan/navidrome"; + environment = { + TZ = "Europe/Berlin"; + ND_SESSIONTIMEOUT = "336h"; }; + environmentFiles = [ config.sops.secrets.navidrome.path ]; + ports = [ + "${port}:${port}" + ]; + volumes = [ + "/var/lib/navidrome:/data" + "/mnt/mergerfs/media/music:/music:ro" + ]; + extraOptions = cfg.podman.extraOptions; + autoStart = false; }; + services.nginx.virtualHosts."${domain}" = { forceSSL = true; enableACME = true; locations."/" = { - proxyPass = "http://localhost:4533"; + proxyPass = "http://127.0.0.1:${port}"; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host $http_host; + proxy_buffering off; + ''; }; extraConfig = '' access_log /var/log/nginx/${domain}_access.log; error_log /var/log/nginx/${domain}_error.log; ''; }; - systemd.services.navidrome = { - # fixes failing DNS lookup - serviceConfig.BindReadOnlyPaths = [ "/etc" ]; - after = [ "genc_mount.service" ]; - serviceConfig = { - Restart = "on-failure"; - RestartSec = "5s"; - }; - }; + } # vim: set et ts=2 sw=2 ai: