45 lines
1.8 KiB
Nix
45 lines
1.8 KiB
Nix
{ config, pkgs, lib, inputs, mkDomain, ... }:
|
|
{
|
|
# Jellyfin
|
|
|
|
/**/
|
|
disabledModules = [ "services/misc/jellyfin.nix" ];
|
|
#imports = [<nixos-unstable/nixos/modules/services/misc/jellyfin.nix> ];
|
|
imports = [ "${inputs.unstable}/nixos/modules/services/misc/jellyfin.nix" ];
|
|
services.jellyfin.package = pkgs.unstable.jellyfin;
|
|
/**/
|
|
|
|
services.jellyfin = {
|
|
enable = true; # don't enable unless you intend to first-time-setup the admin user
|
|
# from https://jellyfin.org/docs/general/networking/index.html:
|
|
# - 8096/tcp is used by default for HTTP traffic. You can change this in the dashboard.
|
|
# - 8920/tcp is used by default for HTTPS traffic. You can change this in the dashboard.
|
|
# - 1900/udp is used for service auto-discovery. This is not configurable.
|
|
# - 7359/udp is also used for auto-discovery. This is not configurable.
|
|
openFirewall = false; # I do it manually below:
|
|
# TODO: configure initial collections and extensions
|
|
};
|
|
# firewall - not needed?
|
|
/*
|
|
networking.firewall = lib.mkIf config.services.jellyfin.enable {
|
|
# TODO: does this overwrite rules set by other stuff? should i use ++ ?
|
|
#allowedTCPPorts = [ 8096 8920 ];
|
|
allowedUDPPorts = [ 1900 7359 ]; # TODO: Only if behind a NAT?
|
|
};
|
|
*/
|
|
services.nginx.virtualHosts.${mkDomain "jellyfin"} = lib.mkIf config.services.jellyfin.enable {
|
|
forceSSL = true; # addSSL = true;
|
|
enableACME = true; #useACMEHost = acmeDomain;
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:8096";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
|
|
# Allow Jellyfin access to VAAPI
|
|
users.users.${config.services.jellyfin.user}.extraGroups = [ "video" "render" ];
|
|
systemd.services.jellyfin.serviceConfig.PrivateDevices = lib.mkForce false;
|
|
systemd.services.jellyfin.serviceConfig.DeviceAllow = lib.mkForce [ "/dev/dri/renderD128" ];
|
|
|
|
}
|