Add jellyfin, move mountpoints

2023-04-17 02:23:56 +02:00 · 2023-04-17 02:23:56 +02:00 · 017e8d418d
parent 7e4fcaf148
commit 017e8d418d
4 changed files with 114 additions and 11 deletions
--- a/hosts/voyager/configuration.nix
+++ b/hosts/voyager/configuration.nix
@ -6,11 +6,13 @@
    ../../base.nix
      ../../common/metrics-exporters.nix
      ./hardware-configuration.nix
-      ./containers.nix
-      ./vms.nix
+      ./filesystems.nix
+      #./vms.nix

      ./services/nginx
      ./services/metrics
+      ./services/flame.nix
+      ./services/jellyfin.nix
  # TODO:
  # x Boot
  # x Mount ZFS
@ -18,20 +20,14 @@
  # x Podman
  #    x Flame
  # - Transmission
-  # - Jellyfin
+  # x Jellyfin
+  # x NFS imports
  # - NFS exports
  # - FreeBSD VM
  # - Kali VM
  # - Kerberos / IPA
  ];

-  boot = {
-    zfs.extraPools = [ "tank" ];
-    supportedFilesystems = [ "zfs" ];
-    kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
-  };
-  services.zfs.autoScrub.enable = true;
-
  networking = {
    hostName = "voyager";
    defaultGateway = "192.168.10.1";
@ -83,7 +79,8 @@
    }
  )
    zfs
-    ];
+    screen
+  ];

  networking.firewall.allowedTCPPorts = [ 22 ];

--- a/hosts/voyager/filesystems.nix
+++ b/hosts/voyager/filesystems.nix
@ -0,0 +1,47 @@
+{ config, pkgs, lib, ... }:
+{
+  # Boot drives are defined in ./hardware-configuration.nix
+
+  environment.systemPackages = with pkgs; [ cifs-utils ];
+
+  # Local zfs
+  boot = {
+    zfs.extraPools = [ "tank" ];
+    supportedFilesystems = [ "zfs" ];
+    kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+  };
+  services.zfs.autoScrub.enable = true;
+
+  # Network mounts (import)
+  fileSystems = {
+    "/mnt/feal-syn1/media" = {
+      device = "feal-syn1.home.feal.no:/volume2/media";
+      fsType = "nfs";
+      options = [ "vers=3" ];
+      #options = [ "x-systemd.automount" "noauto" ];
+    };
+    #"/mnt/feal-syn1/netbackup" = {
+    #  device = "feal-syn1.home.feal.no:/volume2/NetBackup";
+    #  fsType = "nfs";
+    #  options = [ "vers=3" "x-systemd.automount" "noauto" ];
+    #};
+    #"/mnt/feal-syn1/nfs_proxmox" = {
+    #  device = "feal-syn1.home.feal.no:/volume2/nfs_proxmox";
+    #  fsType = "nfs";
+    #  options = [ "vers=3" "x-systemd.automount" "noauto" ];
+    #};
+
+    "/mnt/feal-syn1/nfs_proxmox" = {
+      device = "//feal-syn1.home.feal.no/nfs_proxmox";
+      fsType = "cifs";
+      options = let
+        # this line prevents hanging on network split
+        automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
+
+      in ["${automount_opts},credentials=/etc/feal-syn1-credentials"];
+    };
+  };
+
+  # Network mounts (export)
+
+}
--- a/hosts/voyager/services/flame.nix
+++ b/hosts/voyager/services/flame.nix
--- a/hosts/voyager/services/jellyfin.nix
+++ b/hosts/voyager/services/jellyfin.nix
@ -0,0 +1,59 @@
+{ config, pkgs, lib, ... }:
+let
+  domainName = "jellyfin.home.feal.no";
+in {
+  # Jellyfin - Media Streaming platform
+  services.jellyfin.enable = true;
+
+  networking.firewall.allowedTCPPorts = [ 8096 ];
+
+  services.nginx.virtualHosts."${domainName}" = {
+    extraConfig = ''
+    #add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Content-Type-Options "nosniff";
+    location = / {
+        return 302 http://$host/web/;
+        #return 302 https://$host/web/;
+    }
+    location / {
+        # Proxy main Jellyfin traffic
+        proxy_pass http://127.0.0.1:8096;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Protocol $scheme;
+        proxy_set_header X-Forwarded-Host $http_host;
+        # Disable buffering when the nginx proxy gets very resource heavy upon streaming
+        proxy_buffering off;
+    }
+    # location block for /web - This is purely for aesthetics so /web/#!/ works instead of having to go to /web/index.html/#!/
+    location = /web/ {
+        # Proxy main Jellyfin traffic
+        proxy_pass http://127.0.0.1:8096/web/index.html;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Protocol $scheme;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+    location /socket {
+        # Proxy Jellyfin Websockets traffic
+        proxy_pass http://127.0.0.1:8096;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Protocol $scheme;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+        '';
+
+  };
+}
+