config/profiles/http/services/jellyfin.nix

49 lines
1.9 KiB
Nix

{ config, pkgs, lib, inputs, mkDomain, ... }:
# don't mount if local VM
lib.mkIf (!config.virtualisation.isVmVariant)
{
# Jellyfin
/**/
disabledModules = [ "services/misc/jellyfin.nix" ];
#imports = [<nixos-unstable/nixos/modules/services/misc/jellyfin.nix> ];
imports = [ "${inputs.unstable}/nixos/modules/services/misc/jellyfin.nix" ];
services.jellyfin.package = pkgs.unstable.jellyfin;
/**/
services.jellyfin = {
enable = true; # don't enable unless you intend to first-time-setup the admin user
# from https://jellyfin.org/docs/general/networking/index.html:
# - 8096/tcp is used by default for HTTP traffic. You can change this in the dashboard.
# - 8920/tcp is used by default for HTTPS traffic. You can change this in the dashboard.
# - 1900/udp is used for service auto-discovery. This is not configurable.
# - 7359/udp is also used for auto-discovery. This is not configurable.
openFirewall = false; # I do it manually below:
# TODO: configure initial collections and extensions
};
# firewall - not needed?
/*
networking.firewall = lib.mkIf config.services.jellyfin.enable {
# TODO: does this overwrite rules set by other stuff? should i use ++ ?
#allowedTCPPorts = [ 8096 8920 ];
allowedUDPPorts = [ 1900 7359 ]; # TODO: Only if behind a NAT?
};
*/
services.nginx.virtualHosts.${mkDomain "jellyfin"} = lib.mkIf config.services.jellyfin.enable {
forceSSL = true; # addSSL = true;
enableACME = true; #useACMEHost = acmeDomain;
locations."/" = {
proxyPass = "http://127.0.0.1:8096";
proxyWebsockets = true;
};
};
# Allow Jellyfin access to VAAPI
users.users.${config.services.jellyfin.user}.extraGroups = [ "video" "render" ];
systemd.services.jellyfin.serviceConfig.PrivateDevices = lib.mkForce false;
systemd.services.jellyfin.serviceConfig.DeviceAllow = lib.mkForce [ "/dev/dri/renderD128" ];
}