enabled jellyfin for defiant

2024-12-13 18:20:23 -06:00 · 2024-12-13 18:20:23 -06:00 · 2a3501fea4
parent 194287e22a
commit 2a3501fea4
3 changed files with 32 additions and 19 deletions
--- a/configurations/nixos/defiant/configuration.nix
+++ b/configurations/nixos/defiant/configuration.nix
@ -67,6 +67,14 @@
        directories = ["leyla" "eve"];
      };
    };
+    reverse_proxy = {
+      enable = true;
+      hostname = "jan-leila.com";
+    };
+    jellyfin = {
+      enable = true;
+      subdomain = "media";
+    };
  };
  networking = {
    hostId = "c51763d6";
--- a/modules/nixos-modules/server/jellyfin.nix
+++ b/modules/nixos-modules/server/jellyfin.nix
@ -51,8 +51,9 @@ in {
          ];
        };

-        host.storage.pool.extraDatasets = [
-          {
+        fileSystems."/persist/system/jellyfin".neededForBoot = true;
+
+        host.storage.pool.extraDatasets = {
          # sops age key needs to be available to pre persist for user generation
          "persist/system/jellyfin" = {
            type = "zfs_fs";
@ -63,8 +64,7 @@ in {
              canmount = "on";
            };
          };
-          }
-        ];
+        };
      })
    ]
  );
--- a/modules/nixos-modules/server/reverse_proxy.nix
+++ b/modules/nixos-modules/server/reverse_proxy.nix
@ -6,16 +6,16 @@
  options.host.reverse_proxy = {
    enable = lib.mkEnableOption "turn on the reverse proxy";
    hostname = lib.mkOption {
-      type = lib.type.string;
+      type = lib.types.string;
      description = "what host name are we going to be proxying from";
    };
    forceSSL = lib.mkOption {
-      type = lib.type.boolean;
+      type = lib.types.bool;
      description = "force connections to use https";
      default = true;
    };
    enableACME = lib.mkOption {
-      type = lib.type.boolean;
+      type = lib.types.bool;
      description = "auto renew certificates";
      default = true;
    };
@ -34,12 +34,17 @@

  # TODO: impermanence for ACME keys
  config = {
+    security.acme = lib.mkIf config.host.reverse_proxy.enableACME {
+      acceptTerms = true;
+      defaults.email = "jan-leila@protonmail.com";
+    };
+
    services.nginx = {
      enable = config.host.reverse_proxy.enable;
      virtualHosts = lib.attrsets.mapAttrs' (name: value:
-        lib.attrsets.nameValuePair "${name}.${config.home.reverse_proxy.hostname}" {
-          forceSSL = config.home.reverse_proxy.forceSSL;
-          enableACME = config.home.reverse_proxy.enableACME;
+        lib.attrsets.nameValuePair "${name}.${config.host.reverse_proxy.hostname}" {
+          forceSSL = config.host.reverse_proxy.forceSSL;
+          enableACME = config.host.reverse_proxy.enableACME;
          locations."/" = {
            proxyPass = value.target;
            proxyWebsockets = value.websockets;