From de6f0e39cbb3a713de8c2e9ca932fd9fb111305f Mon Sep 17 00:00:00 2001 From: min Date: Sat, 26 Apr 2025 04:37:22 -0400 Subject: [PATCH] Jellyfin deployment + eidola restore --- nixos/hosts/default.nix | 2 +- nixos/hosts/eidola/configuration.nix | 2 +- nixos/hosts/eidola/mounts.nix | 3 +++ nixos/hosts/eidola/services/default.nix | 1 + nixos/hosts/eidola/services/jellyfin.nix | 10 +++++++++ nixos/hosts/eidola/services/samba.nix | 21 +++++++++---------- nixos/hosts/silver/services/default.nix | 1 + nixos/hosts/silver/services/shim-jellyfin.nix | 14 +++++++++++++ 8 files changed, 41 insertions(+), 13 deletions(-) create mode 100644 nixos/hosts/eidola/services/jellyfin.nix create mode 100644 nixos/hosts/silver/services/shim-jellyfin.nix diff --git a/nixos/hosts/default.nix b/nixos/hosts/default.nix index f7074ac..99e523d 100644 --- a/nixos/hosts/default.nix +++ b/nixos/hosts/default.nix @@ -1,5 +1,5 @@ {inputs, ...}: let - systems = makeSystems ["silver"]; + systems = makeSystems ["silver" "eidola"]; inherit (inputs.nixpkgs) lib; diff --git a/nixos/hosts/eidola/configuration.nix b/nixos/hosts/eidola/configuration.nix index 37a483a..cf2b5c3 100644 --- a/nixos/hosts/eidola/configuration.nix +++ b/nixos/hosts/eidola/configuration.nix @@ -24,7 +24,7 @@ # Basic networking networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [5201 8081]; + networking.firewall.allowedTCPPorts = [5201]; networking.firewall.allowedUDPPorts = [5201]; # Locales diff --git a/nixos/hosts/eidola/mounts.nix b/nixos/hosts/eidola/mounts.nix index 7664881..9485d86 100644 --- a/nixos/hosts/eidola/mounts.nix +++ b/nixos/hosts/eidola/mounts.nix @@ -14,6 +14,9 @@ _: { "/etc/zfs" "/var/lib/samba" + "/var/lib/jellyfin" + "/var/cache/jellyfin" + "/var/lib/bitwarden_rs" ]; files = [ diff --git a/nixos/hosts/eidola/services/default.nix b/nixos/hosts/eidola/services/default.nix index 70956a6..7722bf4 100644 --- a/nixos/hosts/eidola/services/default.nix +++ b/nixos/hosts/eidola/services/default.nix @@ -1,5 +1,6 @@ {...}: { imports = [ + ./jellyfin.nix ./samba.nix ]; } diff --git a/nixos/hosts/eidola/services/jellyfin.nix b/nixos/hosts/eidola/services/jellyfin.nix new file mode 100644 index 0000000..7f1fe92 --- /dev/null +++ b/nixos/hosts/eidola/services/jellyfin.nix @@ -0,0 +1,10 @@ +_: { + hardware.graphics.enable = true; + + services.jellyfin = { + enable = true; + + # allow it to access network shares + group = "share"; + }; +} diff --git a/nixos/hosts/eidola/services/samba.nix b/nixos/hosts/eidola/services/samba.nix index 7fde87a..1dff8af 100644 --- a/nixos/hosts/eidola/services/samba.nix +++ b/nixos/hosts/eidola/services/samba.nix @@ -19,21 +19,20 @@ _: { enable = true; openFirewall = true; - securityType = "user"; + settings = { + global = { + "security" = "user"; + "browseable" = true; + "smb encrypt" = "required"; - extraConfig = '' - browseable = yes - smb encrypt = required + "valid users" = "@share"; + }; - valid users = @share - ''; - - shares = { terrarium = { "path" = "/terra/terrarium"; - "browseable" = "yes"; - "read only" = "no"; - "guest ok" = "no"; + "browseable" = true; + "read only" = false; + "guest ok" = false; "create mask" = "0664"; "directory mask" = "0775"; }; diff --git a/nixos/hosts/silver/services/default.nix b/nixos/hosts/silver/services/default.nix index 3111574..b5f78a4 100644 --- a/nixos/hosts/silver/services/default.nix +++ b/nixos/hosts/silver/services/default.nix @@ -10,6 +10,7 @@ ./prometheus.nix ./grafana.nix ./vaultwarden.nix + ./shim-jellyfin.nix ]; security.acme = { diff --git a/nixos/hosts/silver/services/shim-jellyfin.nix b/nixos/hosts/silver/services/shim-jellyfin.nix new file mode 100644 index 0000000..3888bd9 --- /dev/null +++ b/nixos/hosts/silver/services/shim-jellyfin.nix @@ -0,0 +1,14 @@ +_: let + httpIntAddr = "10.13.1.1"; + httpIntPort = 8096; + dom = "mov.min.rip"; +in { + services.nginx.virtualHosts.${dom} = { + forceSSL = true; + enableACME = true; + + locations."/" = { + proxyPass = "http://${toString httpIntAddr}:${toString httpIntPort}"; + }; + }; +}