From 017e8d418dc78e3dbf9b57fe6be09de06f522de1 Mon Sep 17 00:00:00 2001 From: Felix Albrigtsen Date: Mon, 17 Apr 2023 02:23:56 +0200 Subject: [PATCH] Add jellyfin, move mountpoints --- hosts/voyager/configuration.nix | 19 +++--- hosts/voyager/filesystems.nix | 47 +++++++++++++++ .../{containers.nix => services/flame.nix} | 0 hosts/voyager/services/jellyfin.nix | 59 +++++++++++++++++++ 4 files changed, 114 insertions(+), 11 deletions(-) create mode 100644 hosts/voyager/filesystems.nix rename hosts/voyager/{containers.nix => services/flame.nix} (100%) create mode 100644 hosts/voyager/services/jellyfin.nix diff --git a/hosts/voyager/configuration.nix b/hosts/voyager/configuration.nix index d4712ec..bb5b978 100644 --- a/hosts/voyager/configuration.nix +++ b/hosts/voyager/configuration.nix @@ -6,11 +6,13 @@ ../../base.nix ../../common/metrics-exporters.nix ./hardware-configuration.nix - ./containers.nix - ./vms.nix + ./filesystems.nix + #./vms.nix ./services/nginx ./services/metrics + ./services/flame.nix + ./services/jellyfin.nix # TODO: # x Boot # x Mount ZFS @@ -18,20 +20,14 @@ # x Podman # x Flame # - Transmission - # - Jellyfin + # x Jellyfin + # x NFS imports # - NFS exports # - FreeBSD VM # - Kali VM # - Kerberos / IPA ]; - boot = { - zfs.extraPools = [ "tank" ]; - supportedFilesystems = [ "zfs" ]; - kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; - }; - services.zfs.autoScrub.enable = true; - networking = { hostName = "voyager"; defaultGateway = "192.168.10.1"; @@ -83,7 +79,8 @@ } ) zfs - ]; + screen + ]; networking.firewall.allowedTCPPorts = [ 22 ]; diff --git a/hosts/voyager/filesystems.nix b/hosts/voyager/filesystems.nix new file mode 100644 index 0000000..fa94aa8 --- /dev/null +++ b/hosts/voyager/filesystems.nix @@ -0,0 +1,47 @@ +{ config, pkgs, lib, ... }: +{ + # Boot drives are defined in ./hardware-configuration.nix + + environment.systemPackages = with pkgs; [ cifs-utils ]; + + # Local zfs + boot = { + zfs.extraPools = [ "tank" ]; + supportedFilesystems = [ "zfs" ]; + kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + }; + services.zfs.autoScrub.enable = true; + + # Network mounts (import) + fileSystems = { + "/mnt/feal-syn1/media" = { + device = "feal-syn1.home.feal.no:/volume2/media"; + fsType = "nfs"; + options = [ "vers=3" ]; + #options = [ "x-systemd.automount" "noauto" ]; + }; + #"/mnt/feal-syn1/netbackup" = { + # device = "feal-syn1.home.feal.no:/volume2/NetBackup"; + # fsType = "nfs"; + # options = [ "vers=3" "x-systemd.automount" "noauto" ]; + #}; + #"/mnt/feal-syn1/nfs_proxmox" = { + # device = "feal-syn1.home.feal.no:/volume2/nfs_proxmox"; + # fsType = "nfs"; + # options = [ "vers=3" "x-systemd.automount" "noauto" ]; + #}; + + "/mnt/feal-syn1/nfs_proxmox" = { + device = "//feal-syn1.home.feal.no/nfs_proxmox"; + fsType = "cifs"; + options = let + # this line prevents hanging on network split + automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; + + in ["${automount_opts},credentials=/etc/feal-syn1-credentials"]; + }; + }; + + # Network mounts (export) + +} diff --git a/hosts/voyager/containers.nix b/hosts/voyager/services/flame.nix similarity index 100% rename from hosts/voyager/containers.nix rename to hosts/voyager/services/flame.nix diff --git a/hosts/voyager/services/jellyfin.nix b/hosts/voyager/services/jellyfin.nix new file mode 100644 index 0000000..6016529 --- /dev/null +++ b/hosts/voyager/services/jellyfin.nix @@ -0,0 +1,59 @@ +{ config, pkgs, lib, ... }: +let + domainName = "jellyfin.home.feal.no"; +in { + # Jellyfin - Media Streaming platform + services.jellyfin.enable = true; + + networking.firewall.allowedTCPPorts = [ 8096 ]; + + services.nginx.virtualHosts."${domainName}" = { + extraConfig = '' + #add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options "nosniff"; + location = / { + return 302 http://$host/web/; + #return 302 https://$host/web/; + } + location / { + # Proxy main Jellyfin traffic + proxy_pass http://127.0.0.1:8096; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host $http_host; + # Disable buffering when the nginx proxy gets very resource heavy upon streaming + proxy_buffering off; + } + # location block for /web - This is purely for aesthetics so /web/#!/ works instead of having to go to /web/index.html/#!/ + location = /web/ { + # Proxy main Jellyfin traffic + proxy_pass http://127.0.0.1:8096/web/index.html; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host $http_host; + } + location /socket { + # Proxy Jellyfin Websockets traffic + proxy_pass http://127.0.0.1:8096; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host $http_host; + } + ''; + + }; +} +