daniel/dotfiles
1
0
Fork 0
Code Activity Actions

mediaserver: wip

Browse source
This commit is contained in:
Daniel Kempkens 2023-04-19 22:38:42 +02:00
parent 95e37334a8
commit 8d4740abbc
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
3 changed files with 37 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
secret/hosts/attic.nix
View file

Binary file not shown.

6
system/nixos/home-proxy.nix
View file

@ -5,15 +5,15 @@
resolver 1.1.1.1 ipv6=off;
upstream home {
server ${secret.nginx.upstream.home.hostname}:${builtins.toString secret.nginx.upstream.home.port};
server ${secret.nginx.upstream.home.hostname}:${builtins.toString secret.nginx.upstream.home.upstreamPort};
}
server {
listen ${builtins.toString secret.nginx.upstream.home.port};
listen ${builtins.toString secret.nginx.upstream.home.externalPort};
proxy_protocol on;
proxy_pass home;
}
'';
networking.firewall.interfaces."enp1s0".allowedTCPPorts = [ secret.nginx.upstream.home.port ];
networking.firewall.interfaces."enp1s0".allowedTCPPorts = [ secret.nginx.upstream.home.externalPort ];
}

35
system/nixos/jellyfin.nix
View file

@ -43,9 +43,42 @@
};
};
services.nginx.virtualHosts."jellyfin.home.kempkens.io" = {
listen = [
{
addr = "0.0.0.0";
port = 9921;
ssl = true;
extraParameters = [ "proxy_protocol" ];
}
];
quic = true;
http3 = true;
onlySSL = true;
useACMEHost = "internal.kempkens.network";
extraConfig = ''
set_real_ip_from 100.76.233.31/32;
real_ip_header proxy_protocol;
'';
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8096";
};
locations."/socket" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8096";
proxyWebsockets = true;
};
};
networking.firewall.interfaces =
let
ports = [ 9920 ];
ports = [ 9920 9921 ];
in
{
"ens3".allowedTCPPorts = ports;