Jellyfin deployment + eidola restore

2025-04-26 04:37:22 -04:00 · 2025-04-26 04:37:22 -04:00 · de6f0e39cb
parent 7a39a2610f
commit de6f0e39cb
8 changed files with 41 additions and 13 deletions
--- a/nixos/hosts/default.nix
+++ b/nixos/hosts/default.nix
@ -1,5 +1,5 @@
 {inputs, ...}: let
-  systems = makeSystems ["silver"];
+  systems = makeSystems ["silver" "eidola"];

  inherit (inputs.nixpkgs) lib;

--- a/nixos/hosts/eidola/configuration.nix
+++ b/nixos/hosts/eidola/configuration.nix
@ -24,7 +24,7 @@

  # Basic networking
  networking.firewall.enable = true;
-  networking.firewall.allowedTCPPorts = [5201 8081];
+  networking.firewall.allowedTCPPorts = [5201];
  networking.firewall.allowedUDPPorts = [5201];

  # Locales
--- a/nixos/hosts/eidola/mounts.nix
+++ b/nixos/hosts/eidola/mounts.nix
@ -14,6 +14,9 @@ _: {
      "/etc/zfs"
      "/var/lib/samba"

+      "/var/lib/jellyfin"
+      "/var/cache/jellyfin"
+
      "/var/lib/bitwarden_rs"
    ];
    files = [
--- a/nixos/hosts/eidola/services/default.nix
+++ b/nixos/hosts/eidola/services/default.nix
@ -1,5 +1,6 @@
 {...}: {
  imports = [
+    ./jellyfin.nix
    ./samba.nix
  ];
 }
--- a/nixos/hosts/eidola/services/jellyfin.nix
+++ b/nixos/hosts/eidola/services/jellyfin.nix
@ -0,0 +1,10 @@
+_: {
+  hardware.graphics.enable = true;
+
+  services.jellyfin = {
+    enable = true;
+
+    # allow it to access network shares
+    group = "share";
+  };
+}
--- a/nixos/hosts/eidola/services/samba.nix
+++ b/nixos/hosts/eidola/services/samba.nix
@ -19,21 +19,20 @@ _: {
    enable = true;
    openFirewall = true;

-    securityType = "user";
+    settings = {
+      global = {
+        "security" = "user";
+        "browseable" = true;
+        "smb encrypt" = "required";

-    extraConfig = ''
-      browseable = yes
-      smb encrypt = required
+        "valid users" = "@share";
+      };

-      valid users = @share
-    '';
-
-    shares = {
      terrarium = {
        "path" = "/terra/terrarium";
-        "browseable" = "yes";
-        "read only" = "no";
-        "guest ok" = "no";
+        "browseable" = true;
+        "read only" = false;
+        "guest ok" = false;
        "create mask" = "0664";
        "directory mask" = "0775";
      };
--- a/nixos/hosts/silver/services/default.nix
+++ b/nixos/hosts/silver/services/default.nix
@ -10,6 +10,7 @@
    ./prometheus.nix
    ./grafana.nix
    ./vaultwarden.nix
+    ./shim-jellyfin.nix
  ];

  security.acme = {
--- a/nixos/hosts/silver/services/shim-jellyfin.nix
+++ b/nixos/hosts/silver/services/shim-jellyfin.nix
@ -0,0 +1,14 @@
+_: let
+  httpIntAddr = "10.13.1.1";
+  httpIntPort = 8096;
+  dom = "mov.min.rip";
+in {
+  services.nginx.virtualHosts.${dom} = {
+    forceSSL = true;
+    enableACME = true;
+
+    locations."/" = {
+      proxyPass = "http://${toString httpIntAddr}:${toString httpIntPort}";
+    };
+  };
+}