added jellyfin, initialized vars.nix

modules/jellyfin.nix

@@ -1,12 +1,74 @@
 { ... }:
+let
+  cfg = import ./vars.nix;
+  domain = cfg.jellyfin.domain;
+  port = cfg.jellyfin.port;
+  ip = "127.0.0.1";
+  common_header = ''
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Protocol $scheme;
+        proxy_set_header X-Forwarded-Host $http_host;
+  '';
+in
 {
-  nixpkgs.config.packageOverrides = pkgs:
-  {
-    jellyfin = pkgs.callPackage ../packages/jellyfin {};
+
+  virtualisation.oci-containers.containers.jellyfin = {
+    image = "docker.io/jellyfin/jellyfin";
+    #image = "ghcr.io/confusedpolarbear/jellyfin-intro-skipper";
+    extraOptions = cfg.podman.extraOptions;
+    ports = [ "${port}:${port}" ];
+    volumes = [
+      "/var/lib/jellyfin:/config"
+      "/mnt/cache/jellyfin:/cache"
+      "/mnt/gdrive:/mnt/gdrive:ro"
+    ];
   };
 
-  services.jellyfin = {
-    enable = true;
+  systemd.services.podman-jellyfin = {
+    after = [ "gdrive_mount.service" ];
+  };
+
+  imports = [ ./nginx.nix ];
+
+  services.nginx.virtualHosts.${domain} = {
+    forceSSL = true;
+    enableACME = true;
+
+    locations."/" = {
+      proxyPass = "http://${ip}:${port}";
+      extraConfig = ''
+        ${common_header}
+        proxy_buffering off;
+      '';
+    };
+
+    locations."= /web/" = {
+      proxyPass = "http://${ip}:${port}/web/index.html";
+      extraConfig = common_header;
+    };
+
+    locations."/socket" = {
+      proxyPass = "http://${ip}:${port}";
+      extraConfig = ''
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        ${common_header}
+      '';
+    };
+
+    extraConfig = ''
+      access_log  /var/log/nginx/${domain}_access.log;
+      error_log   /var/log/nginx/${domain}_error.log;
+      client_max_body_size 20M;
+      add_header X-Frame-Options "SAMEORIGIN";
+      add_header X-XSS-Protection "1; mode=block";
+      add_header X-Content-Type-Options "nosniff";
+    '';
+
   };
 }
 

modules/nginx.nix

@@ -0,0 +1,10 @@
+{ ... }:
+{
+  services.nginx.enable = true;
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "dev@mc-fucker.cool";
+  };
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+}
+# vim: set et ts=2 sw=2 ai:

modules/vars.nix

@@ -0,0 +1,21 @@
+{
+  jellyfin = {
+    domain = "jf.mc-fucker.cool";
+    port = "8096";
+  };
+
+  podman = {
+    extraOptions = [
+      "--dns=100.100.100.100"
+      "-l=io.containers.autoupdate=registry"
+    ];
+    hostIP = "10.88.0.1";
+  };
+
+  zabbix = {
+    domain = "zbx.mc-fucker.cool";
+    db = "zabbix";
+    port = "8999";
+  };
+}
+# vim: set et ts=2 sw=2 ai:

systems/mc7/configuration.nix

@@ -8,9 +8,12 @@
       ./modules/minecraft.nix
       ./modules/k3s/agent.nix
       ./modules/rclone.nix
+      ./modules/jellyfin.nix
     ];
 
- system.autoUpgrade = {
+  services.rclone.cacheSize = "100G";
+
+  system.autoUpgrade = {
     allowReboot = false;
   };