{ config, pkgs, lib, ... }: { # Jellyfin - Media Streaming platform services.jellyfin.enable = true; users.users.${config.services.jellyfin.user}.extraGroups = [ "video" "render" ]; systemd.services.jellyfin.serviceConfig = { DeviceAllow = lib.mkForce [ "/dev/dri/card0" ]; }; services.nginx.virtualHosts."jellyfin.home.feal.no" = { serverAliases = [ "jf.feal.no" ]; locations = { "= /" = { return = "302 http://$host/web/"; }; "/" = { proxyPass = "http://127.0.0.1:8096"; extraConfig = '' proxy_buffering off; ''; }; "/socket" = { proxyPass = "http://127.0.0.1:8096"; proxyWebsockets = true; }; }; extraConfig = '' add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff"; add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always; ''; }; }