dotfiles/system/nixos/jellyfin.nix

119 lines
2.4 KiB
Nix
Raw Normal View History

2023-07-16 22:17:50 +00:00
{ lib, ... }:
2023-04-19 19:30:42 +00:00
{
services.jellyfin = {
enable = true;
user = "media_user";
group = "media_group";
openFirewall = false;
};
systemd.services.jellyfin =
let
mounts = [
"mnt-media-TV\\x20Shows.mount"
"mnt-media-Documentaries.mount"
"mnt-media-Anime.mount"
"mnt-media-Movies.mount"
"mnt-media-Deutsche\\x20Serien.mount"
"mnt-media-Deutsche\\x20Filme.mount"
];
in
{
requires = mounts;
after = lib.mkAfter mounts;
};
2023-04-19 19:30:42 +00:00
services.nginx.virtualHosts."jellyfin.internal.kempkens.network" = {
2023-04-19 20:14:39 +00:00
listen = [
{
addr = "0.0.0.0";
port = 9920;
ssl = true;
2023-09-22 21:59:48 +00:00
extraParameters = [
"fastopen=63"
"backlog=1023"
"deferred"
];
2023-04-19 20:14:39 +00:00
}
{
addr = "[::0]";
port = 9920;
ssl = true;
2023-09-22 21:59:48 +00:00
extraParameters = [
"fastopen=63"
"backlog=1023"
"deferred"
];
2023-04-19 20:14:39 +00:00
}
];
2023-04-19 19:59:00 +00:00
2023-04-19 19:30:42 +00:00
quic = true;
http3 = true;
onlySSL = true;
useACMEHost = "internal.kempkens.network";
locations."/" = {
recommendedProxySettings = true;
2023-04-19 19:59:00 +00:00
proxyPass = "http://127.0.0.1:8096";
2023-04-19 20:14:39 +00:00
};
locations."/socket" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8096";
2023-04-19 19:30:42 +00:00
proxyWebsockets = true;
};
};
2023-04-19 20:05:30 +00:00
2023-04-19 20:38:42 +00:00
services.nginx.virtualHosts."jellyfin.home.kempkens.io" = {
listen = [
{
addr = "0.0.0.0";
port = 9921;
ssl = true;
2023-09-04 10:45:06 +00:00
extraParameters = [
"proxy_protocol"
"fastopen=63"
"backlog=1023"
"deferred"
];
2023-04-19 20:38:42 +00:00
}
];
2023-09-04 10:45:06 +00:00
quic = false;
2023-04-19 20:38:42 +00:00
onlySSL = true;
useACMEHost = "internal.kempkens.network";
extraConfig = ''
set_real_ip_from 100.64.10.2/32;
set_real_ip_from fd7a:115c:a1e0:1010::2/128;
2023-04-19 20:38:42 +00:00
real_ip_header proxy_protocol;
'';
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8096";
};
locations."/socket" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8096";
proxyWebsockets = true;
};
};
2023-04-19 20:05:30 +00:00
networking.firewall.interfaces =
let
2023-04-19 20:38:42 +00:00
ports = [ 9920 9921 ];
2023-04-19 20:05:30 +00:00
in
{
"ens3".allowedTCPPorts = ports;
2023-04-19 20:16:50 +00:00
"ens3".allowedUDPPorts = ports;
2023-04-19 20:05:30 +00:00
"tailscale0".allowedTCPPorts = ports;
2023-04-19 20:16:50 +00:00
"tailscale0".allowedUDPPorts = ports;
2023-04-19 20:05:30 +00:00
};
2023-04-19 19:30:42 +00:00
}