Add jellyfin, move mountpoints

hosts/voyager/configuration.nix

@@ -6,11 +6,13 @@
     ../../base.nix
       ../../common/metrics-exporters.nix
       ./hardware-configuration.nix
-      ./containers.nix
+      ./filesystems.nix
-      ./vms.nix
+      #./vms.nix
 
       ./services/nginx
       ./services/metrics
+      ./services/flame.nix
+      ./services/jellyfin.nix
   # TODO:
   # x Boot
   # x Mount ZFS
@@ -18,20 +20,14 @@
   # x Podman
   #    x Flame
   # - Transmission
-  # - Jellyfin
+  # x Jellyfin
+  # x NFS imports
   # - NFS exports
   # - FreeBSD VM
   # - Kali VM
   # - Kerberos / IPA
   ];
 
-  boot = {
-    zfs.extraPools = [ "tank" ];
-    supportedFilesystems = [ "zfs" ];
-    kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
-  };
-  services.zfs.autoScrub.enable = true;
-
   networking = {
     hostName = "voyager";
     defaultGateway = "192.168.10.1";
@@ -83,6 +79,7 @@
     }
   )
     zfs
+    screen
   ];
 
   networking.firewall.allowedTCPPorts = [ 22 ];

hosts/voyager/filesystems.nix

@@ -0,0 +1,47 @@
+{ config, pkgs, lib, ... }:
+{
+  # Boot drives are defined in ./hardware-configuration.nix
+
+  environment.systemPackages = with pkgs; [ cifs-utils ];
+
+  # Local zfs
+  boot = {
+    zfs.extraPools = [ "tank" ];
+    supportedFilesystems = [ "zfs" ];
+    kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+  };
+  services.zfs.autoScrub.enable = true;
+
+  # Network mounts (import)
+  fileSystems = {
+    "/mnt/feal-syn1/media" = {
+      device = "feal-syn1.home.feal.no:/volume2/media";
+      fsType = "nfs";
+      options = [ "vers=3" ];
+      #options = [ "x-systemd.automount" "noauto" ];
+    };
+    #"/mnt/feal-syn1/netbackup" = {
+    #  device = "feal-syn1.home.feal.no:/volume2/NetBackup";
+    #  fsType = "nfs";
+    #  options = [ "vers=3" "x-systemd.automount" "noauto" ];
+    #};
+    #"/mnt/feal-syn1/nfs_proxmox" = {
+    #  device = "feal-syn1.home.feal.no:/volume2/nfs_proxmox";
+    #  fsType = "nfs";
+    #  options = [ "vers=3" "x-systemd.automount" "noauto" ];
+    #};
+
+    "/mnt/feal-syn1/nfs_proxmox" = {
+      device = "//feal-syn1.home.feal.no/nfs_proxmox";
+      fsType = "cifs";
+      options = let
+        # this line prevents hanging on network split
+        automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
+
+      in ["${automount_opts},credentials=/etc/feal-syn1-credentials"];
+    };
+  };
+
+  # Network mounts (export)
+
+}

hosts/voyager/services/jellyfin.nix

@@ -0,0 +1,59 @@
+{ config, pkgs, lib, ... }:
+let
+  domainName = "jellyfin.home.feal.no";
+in {
+  # Jellyfin - Media Streaming platform
+  services.jellyfin.enable = true;
+
+  networking.firewall.allowedTCPPorts = [ 8096 ];
+
+  services.nginx.virtualHosts."${domainName}" = {
+    extraConfig = ''
+    #add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Content-Type-Options "nosniff";
+    location = / {
+        return 302 http://$host/web/;
+        #return 302 https://$host/web/;
+    }
+    location / {
+        # Proxy main Jellyfin traffic
+        proxy_pass http://127.0.0.1:8096;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Protocol $scheme;
+        proxy_set_header X-Forwarded-Host $http_host;
+        # Disable buffering when the nginx proxy gets very resource heavy upon streaming
+        proxy_buffering off;
+    }
+    # location block for /web - This is purely for aesthetics so /web/#!/ works instead of having to go to /web/index.html/#!/
+    location = /web/ {
+        # Proxy main Jellyfin traffic
+        proxy_pass http://127.0.0.1:8096/web/index.html;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Protocol $scheme;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+    location /socket {
+        # Proxy Jellyfin Websockets traffic
+        proxy_pass http://127.0.0.1:8096;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Protocol $scheme;
+        proxy_set_header X-Forwarded-Host $http_host;
+    }
+        '';
+
+  };
+}
+