enabled jellyfin for defiant
This commit is contained in:
parent
194287e22a
commit
2a3501fea4
|
|
@ -67,6 +67,14 @@
|
||||||
directories = ["leyla" "eve"];
|
directories = ["leyla" "eve"];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
reverse_proxy = {
|
||||||
|
enable = true;
|
||||||
|
hostname = "jan-leila.com";
|
||||||
|
};
|
||||||
|
jellyfin = {
|
||||||
|
enable = true;
|
||||||
|
subdomain = "media";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
networking = {
|
networking = {
|
||||||
hostId = "c51763d6";
|
hostId = "c51763d6";
|
||||||
|
|
|
||||||
|
|
@ -51,20 +51,20 @@ in {
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
host.storage.pool.extraDatasets = [
|
fileSystems."/persist/system/jellyfin".neededForBoot = true;
|
||||||
{
|
|
||||||
# sops age key needs to be available to pre persist for user generation
|
host.storage.pool.extraDatasets = {
|
||||||
"persist/system/jellyfin" = {
|
# sops age key needs to be available to pre persist for user generation
|
||||||
type = "zfs_fs";
|
"persist/system/jellyfin" = {
|
||||||
mountpoint = "/persist/system/jellyfin";
|
type = "zfs_fs";
|
||||||
options = {
|
mountpoint = "/persist/system/jellyfin";
|
||||||
atime = "off";
|
options = {
|
||||||
relatime = "off";
|
atime = "off";
|
||||||
canmount = "on";
|
relatime = "off";
|
||||||
};
|
canmount = "on";
|
||||||
};
|
};
|
||||||
}
|
};
|
||||||
];
|
};
|
||||||
})
|
})
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
|
|
|
||||||
|
|
@ -6,16 +6,16 @@
|
||||||
options.host.reverse_proxy = {
|
options.host.reverse_proxy = {
|
||||||
enable = lib.mkEnableOption "turn on the reverse proxy";
|
enable = lib.mkEnableOption "turn on the reverse proxy";
|
||||||
hostname = lib.mkOption {
|
hostname = lib.mkOption {
|
||||||
type = lib.type.string;
|
type = lib.types.string;
|
||||||
description = "what host name are we going to be proxying from";
|
description = "what host name are we going to be proxying from";
|
||||||
};
|
};
|
||||||
forceSSL = lib.mkOption {
|
forceSSL = lib.mkOption {
|
||||||
type = lib.type.boolean;
|
type = lib.types.bool;
|
||||||
description = "force connections to use https";
|
description = "force connections to use https";
|
||||||
default = true;
|
default = true;
|
||||||
};
|
};
|
||||||
enableACME = lib.mkOption {
|
enableACME = lib.mkOption {
|
||||||
type = lib.type.boolean;
|
type = lib.types.bool;
|
||||||
description = "auto renew certificates";
|
description = "auto renew certificates";
|
||||||
default = true;
|
default = true;
|
||||||
};
|
};
|
||||||
|
|
@ -34,12 +34,17 @@
|
||||||
|
|
||||||
# TODO: impermanence for ACME keys
|
# TODO: impermanence for ACME keys
|
||||||
config = {
|
config = {
|
||||||
|
security.acme = lib.mkIf config.host.reverse_proxy.enableACME {
|
||||||
|
acceptTerms = true;
|
||||||
|
defaults.email = "jan-leila@protonmail.com";
|
||||||
|
};
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = config.host.reverse_proxy.enable;
|
enable = config.host.reverse_proxy.enable;
|
||||||
virtualHosts = lib.attrsets.mapAttrs' (name: value:
|
virtualHosts = lib.attrsets.mapAttrs' (name: value:
|
||||||
lib.attrsets.nameValuePair "${name}.${config.home.reverse_proxy.hostname}" {
|
lib.attrsets.nameValuePair "${name}.${config.host.reverse_proxy.hostname}" {
|
||||||
forceSSL = config.home.reverse_proxy.forceSSL;
|
forceSSL = config.host.reverse_proxy.forceSSL;
|
||||||
enableACME = config.home.reverse_proxy.enableACME;
|
enableACME = config.host.reverse_proxy.enableACME;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = value.target;
|
proxyPass = value.target;
|
||||||
proxyWebsockets = value.websockets;
|
proxyWebsockets = value.websockets;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue