added jellyfin, initialized vars.nix

2023-01-31 08:51:19 +01:00 · 2023-01-31 08:51:19 +01:00 · f6704ef33a
commit f6704ef33a
parent 5720d69d75
4 changed files with 102 additions and 6 deletions
--- a/modules/jellyfin.nix
+++ b/modules/jellyfin.nix
@ -1,12 +1,74 @@
 { ... }:
 let
  cfg = import ./vars.nix;
  domain = cfg.jellyfin.domain;
  port = cfg.jellyfin.port;
  ip = "127.0.0.1";
  common_header = ''
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Protocol $scheme;
        proxy_set_header X-Forwarded-Host $http_host;
  '';
 in
 {
-  nixpkgs.config.packageOverrides = pkgs:
+
-  {
+  virtualisation.oci-containers.containers.jellyfin = {
-    jellyfin = pkgs.callPackage ../packages/jellyfin {};
+    image = "docker.io/jellyfin/jellyfin";
    #image = "ghcr.io/confusedpolarbear/jellyfin-intro-skipper";
    extraOptions = cfg.podman.extraOptions;
    ports = [ "${port}:${port}" ];
    volumes = [
      "/var/lib/jellyfin:/config"
      "/mnt/cache/jellyfin:/cache"
      "/mnt/gdrive:/mnt/gdrive:ro"
    ];
  };
-  services.jellyfin = {
+  systemd.services.podman-jellyfin = {
-    enable = true;
+    after = [ "gdrive_mount.service" ];
  };
  imports = [ ./nginx.nix ];
  services.nginx.virtualHosts.${domain} = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://${ip}:${port}";
      extraConfig = ''
        ${common_header}
        proxy_buffering off;
      '';
    };
    locations."= /web/" = {
      proxyPass = "http://${ip}:${port}/web/index.html";
      extraConfig = common_header;
    };
    locations."/socket" = {
      proxyPass = "http://${ip}:${port}";
      extraConfig = ''
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        ${common_header}
      '';
    };
    extraConfig = ''
      access_log  /var/log/nginx/${domain}_access.log;
      error_log   /var/log/nginx/${domain}_error.log;
      client_max_body_size 20M;
      add_header X-Frame-Options "SAMEORIGIN";
      add_header X-XSS-Protection "1; mode=block";
      add_header X-Content-Type-Options "nosniff";
    '';
  };
 }
--- a/modules/nginx.nix
+++ b/modules/nginx.nix
@ -0,0 +1,10 @@
 { ... }:
 {
  services.nginx.enable = true;
  security.acme = {
    acceptTerms = true;
    defaults.email = "dev@mc-fucker.cool";
  };
  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }
 # vim: set et ts=2 sw=2 ai:
--- a/modules/vars.nix
+++ b/modules/vars.nix
@ -0,0 +1,21 @@
 {
  jellyfin = {
    domain = "jf.mc-fucker.cool";
    port = "8096";
  };
  podman = {
    extraOptions = [
      "--dns=100.100.100.100"
      "-l=io.containers.autoupdate=registry"
    ];
    hostIP = "10.88.0.1";
  };
  zabbix = {
    domain = "zbx.mc-fucker.cool";
    db = "zabbix";
    port = "8999";
  };
 }
 # vim: set et ts=2 sw=2 ai:
--- a/systems/mc7/configuration.nix
+++ b/systems/mc7/configuration.nix
@ -8,8 +8,11 @@
      ./modules/minecraft.nix
      ./modules/k3s/agent.nix
      ./modules/rclone.nix
      ./modules/jellyfin.nix
    ];
  services.rclone.cacheSize = "100G";
  system.autoUpgrade = {
    allowReboot = false;
  };