61 lines
2.2 KiB
Nix
61 lines
2.2 KiB
Nix
{ config, pkgs, lib, unstable, mkDomain, ... }:
|
|
{
|
|
# Jellyfin
|
|
|
|
/**/
|
|
imports = [
|
|
({ disabledModules = [ "services/misc/jellyfin.nix" ]; })
|
|
#<nixos-unstable/nixos/modules/services/misc/jellyfin.nix>
|
|
(unstable + "/nixos/modules/services/misc/jellyfin.nix")
|
|
({ services.jellyfin.package = unstable.jellyfin; })
|
|
];
|
|
/**/
|
|
|
|
services.jellyfin = {
|
|
enable = true; # don't enable unless you intend to first-time-setup the admin user
|
|
# from https://jellyfin.org/docs/general/networking/index.html:
|
|
# - 8096/tcp is used by default for HTTP traffic. You can change this in the dashboard.
|
|
# - 8920/tcp is used by default for HTTPS traffic. You can change this in the dashboard.
|
|
# - 1900/udp is used for service auto-discovery. This is not configurable.
|
|
# - 7359/udp is also used for auto-discovery. This is not configurable.
|
|
openFirewall = false; # I do it manually below:
|
|
# TODO: configure initial collections and extensions
|
|
};
|
|
# firewall - not needed?
|
|
/*
|
|
networking.firewall = lib.mkIf config.services.jellyfin.enable {
|
|
# TODO: does this overwrite rules set by other stuff? should i use ++ ?
|
|
#allowedTCPPorts = [ 8096 8920 ];
|
|
allowedUDPPorts = [ 1900 7359 ]; # TODO: Only if behind a NAT?
|
|
};
|
|
*/
|
|
services.nginx.virtualHosts.${mkDomain "jellyfin"} = lib.mkIf config.services.jellyfin.enable {
|
|
forceSSL = true; # addSSL = true;
|
|
enableACME = true; #useACMEHost = acmeDomain;
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:8096";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
# Hardware acceleration
|
|
# https://nixos.wiki/wiki/Jellyfin
|
|
nixpkgs.config.packageOverrides = pkgs: {
|
|
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
|
|
};
|
|
hardware.opengl = {
|
|
enable = true;
|
|
extraPackages = with pkgs; [
|
|
intel-media-driver
|
|
vaapiIntel
|
|
vaapiVdpau
|
|
libvdpau-va-gl
|
|
intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
|
|
];
|
|
};
|
|
# Allow Jellyfin access to VAAPI
|
|
users.users.${config.services.jellyfin.user}.extraGroups = [ "video" "render" ];
|
|
systemd.services.jellyfin.serviceConfig.PrivateDevices = lib.mkForce false;
|
|
systemd.services.jellyfin.serviceConfig.DeviceAllow = lib.mkForce [ "/dev/dri/renderD128" ];
|
|
|
|
}
|