From f6704ef33a1ef391d6638c8d4464840dd15cb371 Mon Sep 17 00:00:00 2001 From: mc-fucker Date: Tue, 31 Jan 2023 08:51:19 +0100 Subject: [PATCH] added jellyfin, initialized vars.nix --- modules/jellyfin.nix | 72 ++++++++++++++++++++++++++++++++--- modules/nginx.nix | 10 +++++ modules/vars.nix | 21 ++++++++++ systems/mc7/configuration.nix | 5 ++- 4 files changed, 102 insertions(+), 6 deletions(-) create mode 100644 modules/nginx.nix create mode 100644 modules/vars.nix diff --git a/modules/jellyfin.nix b/modules/jellyfin.nix index 9077abb..4bc5a8b 100644 --- a/modules/jellyfin.nix +++ b/modules/jellyfin.nix @@ -1,12 +1,74 @@ { ... }: +let + cfg = import ./vars.nix; + domain = cfg.jellyfin.domain; + port = cfg.jellyfin.port; + ip = "127.0.0.1"; + common_header = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host $http_host; + ''; +in { - nixpkgs.config.packageOverrides = pkgs: - { - jellyfin = pkgs.callPackage ../packages/jellyfin {}; + + virtualisation.oci-containers.containers.jellyfin = { + image = "docker.io/jellyfin/jellyfin"; + #image = "ghcr.io/confusedpolarbear/jellyfin-intro-skipper"; + extraOptions = cfg.podman.extraOptions; + ports = [ "${port}:${port}" ]; + volumes = [ + "/var/lib/jellyfin:/config" + "/mnt/cache/jellyfin:/cache" + "/mnt/gdrive:/mnt/gdrive:ro" + ]; }; - services.jellyfin = { - enable = true; + systemd.services.podman-jellyfin = { + after = [ "gdrive_mount.service" ]; + }; + + imports = [ ./nginx.nix ]; + + services.nginx.virtualHosts.${domain} = { + forceSSL = true; + enableACME = true; + + locations."/" = { + proxyPass = "http://${ip}:${port}"; + extraConfig = '' + ${common_header} + proxy_buffering off; + ''; + }; + + locations."= /web/" = { + proxyPass = "http://${ip}:${port}/web/index.html"; + extraConfig = common_header; + }; + + locations."/socket" = { + proxyPass = "http://${ip}:${port}"; + extraConfig = '' + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + ${common_header} + ''; + }; + + extraConfig = '' + access_log /var/log/nginx/${domain}_access.log; + error_log /var/log/nginx/${domain}_error.log; + client_max_body_size 20M; + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options "nosniff"; + ''; + }; } diff --git a/modules/nginx.nix b/modules/nginx.nix new file mode 100644 index 0000000..ccffc8b --- /dev/null +++ b/modules/nginx.nix @@ -0,0 +1,10 @@ +{ ... }: +{ + services.nginx.enable = true; + security.acme = { + acceptTerms = true; + defaults.email = "dev@mc-fucker.cool"; + }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; +} +# vim: set et ts=2 sw=2 ai: diff --git a/modules/vars.nix b/modules/vars.nix new file mode 100644 index 0000000..30b4779 --- /dev/null +++ b/modules/vars.nix @@ -0,0 +1,21 @@ +{ + jellyfin = { + domain = "jf.mc-fucker.cool"; + port = "8096"; + }; + + podman = { + extraOptions = [ + "--dns=100.100.100.100" + "-l=io.containers.autoupdate=registry" + ]; + hostIP = "10.88.0.1"; + }; + + zabbix = { + domain = "zbx.mc-fucker.cool"; + db = "zabbix"; + port = "8999"; + }; +} +# vim: set et ts=2 sw=2 ai: diff --git a/systems/mc7/configuration.nix b/systems/mc7/configuration.nix index ee00ab7..9411fb9 100644 --- a/systems/mc7/configuration.nix +++ b/systems/mc7/configuration.nix @@ -8,9 +8,12 @@ ./modules/minecraft.nix ./modules/k3s/agent.nix ./modules/rclone.nix + ./modules/jellyfin.nix ]; - system.autoUpgrade = { + services.rclone.cacheSize = "100G"; + + system.autoUpgrade = { allowReboot = false; };