diff --git a/configurations/host/waffentrager/services/auth/lldap.nix b/configurations/host/waffentrager/services/auth/lldap.nix index 2da6095..652ca37 100644 --- a/configurations/host/waffentrager/services/auth/lldap.nix +++ b/configurations/host/waffentrager/services/auth/lldap.nix @@ -65,6 +65,7 @@ http_url = "https://mamba.podkos.pl"; ldap_user_dn = "master"; ldap_user_email = "materus@podkos.pl"; + ldap_port = 3890; key_seed = materusArg.waffentrager.lldap.seed; }; }; diff --git a/configurations/host/waffentrager/services/default.nix b/configurations/host/waffentrager/services/default.nix index b4b5f1b..cce0b76 100644 --- a/configurations/host/waffentrager/services/default.nix +++ b/configurations/host/waffentrager/services/default.nix @@ -10,6 +10,7 @@ ./nextcloud.nix ./samba.nix ./syncthing.nix + ./jellyfin.nix ./auth ]; waffentragerService.elements.enable = true; @@ -19,5 +20,6 @@ waffentragerService.nginx.enable = true; waffentragerService.nextcloud.enable = true; waffentragerService.samba.enable = true; + waffentragerService.jellyfin.enable = true; waffentragerService.syncthing.enable = true; } \ No newline at end of file diff --git a/configurations/host/waffentrager/services/elements.nix b/configurations/host/waffentrager/services/elements.nix index bc09e1c..676e205 100644 --- a/configurations/host/waffentrager/services/elements.nix +++ b/configurations/host/waffentrager/services/elements.nix @@ -6,6 +6,7 @@ options.waffentragerService.elements.postgresqlDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/postgresql"; }; options.waffentragerService.elements.nextcloudDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/nextcloud"; }; options.waffentragerService.elements.lldapDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/lldap"; }; + options.waffentragerService.elements.jellyfinDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/jellyfin"; }; config = let cfg = config.waffentragerService.elements; @@ -31,6 +32,9 @@ '' + lib.optionalString config.waffentragerService.auth.lldap.enable '' mkdir -p ${cfg.lldapDir} chown -R lldap:lldap ${cfg.lldapDir} + '' + lib.optionalString config.waffentragerService.jellyfin.enable '' + mkdir -p ${cfg.jellyfinDir} + chown -R materus:nextcloud ${cfg.jellyfinDir} '' ; diff --git a/configurations/host/waffentrager/services/jellyfin.nix b/configurations/host/waffentrager/services/jellyfin.nix new file mode 100644 index 0000000..23574a7 --- /dev/null +++ b/configurations/host/waffentrager/services/jellyfin.nix @@ -0,0 +1,45 @@ +{ lib, config, materusArg, ... }: +{ + options.waffentragerService.jellyfin.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable jellyfin"; + + config = + let + cfg = config.waffentragerService.jellyfin; + in + lib.mkIf cfg.enable { + services.jellyfin = { + enable = true; + openFirewall = true; + user = "materus"; + group = "nextcloud"; + dataDir = config.waffentragerService.elements.jellyfinDir; + }; + + services.nginx.virtualHosts = { + "noot.materus.pl" = { + sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem"; + sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem"; + sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem"; + addSSL = true; + http2 = false; + http3 = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8096"; + extraConfig = '' + client_max_body_size 2G; + include ${config.services.nginx.package}/conf/fastcgi.conf; + include ${config.services.nginx.package}/conf/fastcgi_params; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Ssl on; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + ''; + }; + + }; + }; + }; +}