2024-08-08 20:45:42 +02:00
{ lib , config , materusArg , . . . }:
{
options . waffentragerService . jellyfin . enable = materusArg . pkgs . lib . mkBoolOpt false " E n a b l e j e l l y f i n " ;
config =
let
cfg = config . waffentragerService . jellyfin ;
in
lib . mkIf cfg . enable {
2024-09-15 21:44:06 +02:00
services . jellyfin = rec {
2024-08-08 20:45:42 +02:00
enable = true ;
openFirewall = true ;
user = " m a t e r u s " ;
group = " n e x t c l o u d " ;
dataDir = config . waffentragerService . elements . jellyfinDir ;
2024-09-15 21:44:06 +02:00
cacheDir = " ${ dataDir } / c a c h e " ;
2024-08-08 20:45:42 +02:00
} ;
2024-08-30 16:57:34 +02:00
/*
services . jellyseerr = {
enable = true ;
openFirewall = true ;
} ; * /
2024-08-08 20:45:42 +02:00
2024-09-15 21:44:06 +02:00
services . nginx = {
appendHttpConfig = ''
map $ request_uri $ h264Level { ~ ( h264-level = ) ( . + ? ) & $ 2 ; }
map $ request_uri $ h264Profile { ~ ( h264-profile = ) ( . + ? ) & $ 2 ; }
'' ;
proxyCachePath . " j e l l y f i n " = {
enable = true ;
maxSize = " 1 g " ;
levels = " 1 : 2 " ;
keysZoneName = " j e l l y f i n " ;
keysZoneSize = " 1 0 0 m " ;
inactive = " 1 d " ;
useTempPath = false ;
2024-08-08 20:45:42 +02:00
2024-09-15 21:44:06 +02:00
} ;
virtualHosts = {
" n o o t . m a t e r u s . p l " = {
extraConfig = ''
client_max_body_size 2 0 M ;
add_header X-Frame-Options " S A M E O R I G I N " ;
add_header X-XSS-Protection " 0 " ; # Do NOT enable. This is obsolete/dangerous
add_header X-Content-Type-Options " n o s n i f f " ;
add_header Permissions-Policy " a c c e l e r o m e t e r = ( ) , a m b i e n t - l i g h t - s e n s o r = ( ) , b a t t e r y = ( ) , b l u e t o o t h = ( ) , c a m e r a = ( ) , c l i p b o a r d - r e a d = ( ) , d i s p l a y - c a p t u r e = ( ) , d o c u m e n t - d o m a i n = ( ) , e n c r y p t e d - m e d i a = ( ) , g a m e p a d = ( ) , g e o l o c a t i o n = ( ) , g y r o s c o p e = ( ) , h i d = ( ) , i d l e - d e t e c t i o n = ( ) , i n t e r e s t - c o h o r t = ( ) , k e y b o a r d - m a p = ( ) , l o c a l - f o n t s = ( ) , m a g n e t o m e t e r = ( ) , m i c r o p h o n e = ( ) , p a y m e n t = ( ) , p u b l i c k e y - c r e d e n t i a l s - g e t = ( ) , s e r i a l = ( ) , s y n c - x h r = ( ) , u s b = ( ) , x r - s p a t i a l - t r a c k i n g = ( ) " always ;
2024-08-30 16:57:34 +02:00
'' ;
2024-09-15 21:44:06 +02:00
sslTrustedCertificate = " / v a r / l i b / m n t _ a c m e / m a t e r u s . p l / c h a i n . p e m " ;
sslCertificateKey = " / v a r / l i b / m n t _ a c m e / m a t e r u s . p l / k e y . p e m " ;
sslCertificate = " / v a r / l i b / m n t _ a c m e / m a t e r u s . p l / f u l l c h a i n . p e m " ;
addSSL = true ;
http2 = false ;
http3 = true ;
locations . " ~ / I t e m s / ( . * ) / I m a g e s " = {
proxyPass = " h t t p : / / 1 2 7 . 0 . 0 . 1 : 8 0 9 6 " ;
extraConfig = ''
proxy_set_header Host $ host ;
proxy_set_header X-Real-IP $ remote_addr ;
proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for ;
proxy_set_header X-Forwarded-Proto $ scheme ;
proxy_set_header X-Forwarded-Protocol $ scheme ;
proxy_set_header X-Forwarded-Host $ http_host ;
proxy_cache jellyfin ;
proxy_cache_revalidate on ;
proxy_cache_lock on ;
'' ;
} ;
locations . " ~ ^ / w e b / h t m l V i d e o P l a y e r - p l u g i n . [ 0 - 9 a - z ] + . c h u n k . j s $ " = {
proxyPass = " h t t p : / / 1 2 7 . 0 . 0 . 1 : 8 0 9 6 " ;
extraConfig = ''
proxy_set_header Accept-Encoding " " ;
sub_filter_types * ;
sub_filter ' return u = 3 0 ' ' return u = 6 0 0 ' ;
sub_filter ' return u = 6 ' ' return u = 6 0 ' ;
sub_filter ' maxBufferLength:u' ' maxBufferLength:u,maxBufferSize:180000000' ;
sub_filter_once on ;
'' ;
} ;
locations . " ~ * ^ / V i d e o s / ( . * ) / ( ? ! l i v e ) " = {
proxyPass = " h t t p : / / 1 2 7 . 0 . 0 . 1 : 8 0 9 6 " ;
extraConfig = ''
# Set size of a slice (this amount will be always requested from the backend by nginx)
# Higher value means more latency, lower more overhead
# This size is independent of the size clients/browsers can request
slice 2 m ;
proxy_cache jellyfin ;
proxy_cache_valid 200 206 301 302 3 0 d ;
proxy_ignore_headers Expires Cache-Control Set-Cookie X-Accel-Expires ;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504 ;
proxy_connect_timeout 1 5 s ;
proxy_http_version 1 .1 ;
proxy_set_header Connection " " ;
# Transmit slice range to the backend
proxy_set_header Range $ slice_range ;
# This saves bandwidth between the proxy and jellyfin, as a file is only downloaded one time instead of multiple times when multiple clients want to at the same time
# The first client will trigger the download, the other clients will have to wait until the slice is cached
# Esp. practical during SyncPlay
proxy_cache_lock on ;
proxy_cache_lock_age 6 0 s ;
proxy_cache_key " j e l l y v i d e o $ u r i ? M e d i a S o u r c e I d = $ a r g _ M e d i a S o u r c e I d & V i d e o C o d e c = $ a r g _ V i d e o C o d e c & A u d i o C o d e c = $ a r g _ A u d i o C o d e c & A u d i o S t r e a m I n d e x = $ a r g _ A u d i o S t r e a m I n d e x & V i d e o B i t r a t e = $ a r g _ V i d e o B i t r a t e & A u d i o B i t r a t e = $ a r g _ A u d i o B i t r a t e & S u b t i t l e M e t h o d = $ a r g _ S u b t i t l e M e t h o d & T r a n s c o d i n g M a x A u d i o C h a n n e l s = $ a r g _ T r a n s c o d i n g M a x A u d i o C h a n n e l s & R e q u i r e A v c = $ a r g _ R e q u i r e A v c & S e g m e n t C o n t a i n e r = $ a r g _ S e g m e n t C o n t a i n e r & M i n S e g m e n t s = $ a r g _ M i n S e g m e n t s & B r e a k O n N o n K e y F r a m e s = $ a r g _ B r e a k O n N o n K e y F r a m e s & h 2 6 4 - p r o f i l e = $ h 2 6 4 P r o f i l e & h 2 6 4 - l e v e l = $ h 2 6 4 L e v e l & s l i c e r a n g e = $ s l i c e _ r a n g e " ;
2024-08-30 16:57:34 +02:00
2024-09-15 21:44:06 +02:00
'' ;
} ;
locations . " / " = {
proxyPass = " h t t p : / / 1 2 7 . 0 . 0 . 1 : 8 0 9 6 " ;
extraConfig = ''
proxy_pass_request_headers on ;
proxy_set_header Host $ host ;
proxy_set_header X-Real-IP $ remote_addr ;
proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for ;
proxy_set_header X-Forwarded-Proto $ scheme ;
proxy_set_header X-Forwarded-Host $ http_host ;
proxy_set_header Upgrade $ http_upgrade ;
proxy_set_header Connection $ http_connection ;
'' ;
} ;
locations . " / s o c k e t " = {
proxyPass = " h t t p : / / 1 2 7 . 0 . 0 . 1 : 8 0 9 6 " ;
extraConfig = ''
proxy_pass_request_headers on ;
proxy_http_version 1 .1 ;
proxy_set_header Upgrade $ http_upgrade ;
proxy_set_header Connection " u p g r a d e " ;
proxy_set_header Host $ host ;
proxy_set_header X-Real-IP $ remote_addr ;
proxy_set_header X-Forwarded-For $ proxy_add_x_forwarded_for ;
proxy_set_header X-Forwarded-Proto $ scheme ;
proxy_set_header X-Forwarded-Protocol $ scheme ;
proxy_set_header X-Forwarded-Host $ http_host ;
'' ;
} ;
} ;
2024-08-30 16:57:34 +02:00
} ;
} ;
2024-08-08 20:45:42 +02:00
} ;
}
