From 0532a731e580336b2f5cf03dfa83c65c7e1ae2ce Mon Sep 17 00:00:00 2001 From: blake Date: Tue, 7 Oct 2025 15:46:39 -0500 Subject: [PATCH] 28 current 2025-10-07 15:30:08 25.05.20251001.5b5be50 6.12.49 * --- flake.nix | 2 +- modules/homelab/services/default.nix.template | 17 +++++++++-- modules/homelab/services/jellyfin/default.nix | 28 +++++++++++++------ 3 files changed, 34 insertions(+), 13 deletions(-) diff --git a/flake.nix b/flake.nix index dfa0713..235fc8a 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ # flake for blakes nixos config # define new devices in outputs -# generation: 27 current 2025-10-07 15:29:13 25.05.20251001.5b5be50 6.12.49 * +# generation: 28 current 2025-10-07 15:30:08 25.05.20251001.5b5be50 6.12.49 * { description = "blakes nix config"; inputs = { diff --git a/modules/homelab/services/default.nix.template b/modules/homelab/services/default.nix.template index 7881fd0..7c8b458 100644 --- a/modules/homelab/services/default.nix.template +++ b/modules/homelab/services/default.nix.template @@ -55,19 +55,30 @@ in systemd.services..serviceConfig = { UMask = lib.mkForce "0007"; }; # # open firewall -# networking.firewall.allowedTCPPorts = [ port ]; +# networking.firewall.allowedTCPPorts = [ cfg.port ]; - # reverse proxy entryo + # internal reverse proxy entry services.nginx.virtualHosts.".snowbelle.lan" = { enableACME = false; forceSSL = true; sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path; sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path; locations."/" = { - proxyPass = "http://127.0.0.1:${toString port}"; + proxyPass = "http://127.0.0.1:${toString cfg.port}"; + }; + # external reverse proxy entry + services.nginx.virtualHosts.".blakedheld.xyz" = { + enableACME = false; + forceSSL = true; + sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path; + sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString cfg.port}"; }; }; + }; + # add to backups modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ]; }; diff --git a/modules/homelab/services/jellyfin/default.nix b/modules/homelab/services/jellyfin/default.nix index be6583d..eea8303 100644 --- a/modules/homelab/services/jellyfin/default.nix +++ b/modules/homelab/services/jellyfin/default.nix @@ -3,17 +3,24 @@ let cfg = config.modules.services.jellyfin; ids = 701; + default_port = 8096; + data_dir = "/var/lib/jellyfin"; in { options.modules.services.jellyfin = { enable = lib.mkEnableOption "enables jellyfin"; -# extra options -# mode = lib.mkOption { -# type = lib.types.enum [ "server" "client" ]; -# default = "client"; -# description = "whether syncthing should run as a client (user) or server (system-wide)."; -# }; + # set port options + port = lib.mkOption { + type = lib.types.int; + default = cfg.default_port; + description = "set port for jellyfin (default: ${toString default_port}"; + }; + + backup = lib.mkOption { + type = lib.types.bool; + default = true; + }; }; config = lib.mkIf cfg.enable { @@ -26,7 +33,7 @@ in description = "jellyfin media server user"; uid = ids; isSystemUser = true; - home = "/var/lib/jellyfin"; + home = data_dir; createHome = true; group = "jellyfin"; extraGroups = [ "media" "video" "render" ]; @@ -45,7 +52,7 @@ in systemd.services.jellyfin.serviceConfig = { UMask = lib.mkForce "0007"; }; # open firewall - #networking.firewall.allowedTCPPorts = [ 8096 ]; +# networking.firewall.allowedTCPPorts = [ cfg.port ]; # reverse proxy entryo services.nginx.virtualHosts."media.blakedheld.xyz" = { @@ -54,8 +61,11 @@ in sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path; sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path; locations."/" = { - proxyPass = "http://127.0.0.1:8096"; + proxyPass = "http://127.0.0.1:${toString cfg.port}"; }; }; + + # add to backups + modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ]; }; }