readding vaultwarden and jellyfin
This commit is contained in:
@@ -1,7 +1,7 @@
|
||||
{ pkgs, config, lib, ... }:
|
||||
|
||||
let
|
||||
service = "";
|
||||
service = "jellyfin";
|
||||
cfg = config.modules.services.${service};
|
||||
sec = config.sops.secrets;
|
||||
homelab = config.modules.homelab;
|
||||
@@ -13,12 +13,12 @@ in
|
||||
# set port options
|
||||
port = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
default = <port>;
|
||||
default = 7100;
|
||||
description = "set port for ${service} (default: ${toString cfg.port}";
|
||||
};
|
||||
url = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "${service}.${homelab.base_domain}";
|
||||
default = "media.${homelab.base_domain}";
|
||||
description = "set domain for ${service}";
|
||||
};
|
||||
data_dir = lib.mkOption {
|
||||
@@ -51,7 +51,7 @@ in
|
||||
home = cfg.data_dir;
|
||||
createHome = true;
|
||||
group = "${service}";
|
||||
extraGroups = [ "media" ];
|
||||
extraGroups = [ "media" "video" "render" ];
|
||||
};
|
||||
|
||||
# enable the ${service} service
|
||||
@@ -61,16 +61,11 @@ in
|
||||
user = "${service}";
|
||||
group = "${service}";
|
||||
dataDir = cfg.data_dir;
|
||||
settings = {
|
||||
server.port = cfg.port;
|
||||
};
|
||||
};
|
||||
|
||||
# override umask to make permissions work out
|
||||
systemd.services.${service}.serviceConfig = {
|
||||
UMask = lib.mkForce "0007";
|
||||
# User = "${service}";
|
||||
# Group = "${service}";
|
||||
};
|
||||
|
||||
# # open firewall
|
||||
@@ -78,6 +73,16 @@ in
|
||||
|
||||
# internal reverse proxy entry
|
||||
services.nginx.virtualHosts."${cfg.url}" = {
|
||||
forceSSL = true;
|
||||
sslCertificate = sec."ssl_blakedheld_crt".path;
|
||||
sslCertificateKey = sec."ssl_blakedheld_key".path;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8096";
|
||||
#proxyPass = "http://127.0.0.1:${toString cfg.port}";
|
||||
};
|
||||
};
|
||||
# external reverse proxy entry
|
||||
services.nginx.virtualHosts."media.blakedheld.xyz" = {
|
||||
forceSSL = true;
|
||||
sslCertificate = sec."ssl_blakedheld_crt".path;
|
||||
sslCertificateKey = sec."ssl_blakedheld_key".path;
|
||||
@@ -85,16 +90,7 @@ in
|
||||
proxyPass = "http://127.0.0.1:${toString cfg.port}";
|
||||
};
|
||||
};
|
||||
# # external reverse proxy entry
|
||||
# services.nginx.virtualHosts."${service}.blakedheld.xyz" = {
|
||||
# forceSSL = true;
|
||||
# sslCertificate = sec."ssl_blakedheld_crt".path;
|
||||
# sslCertificateKey = sec."ssl_blakedheld_key".path;
|
||||
# locations."/" = {
|
||||
# proxyPass = "http://127.0.0.1:${toString cfg.port}";
|
||||
# };
|
||||
# };
|
||||
#
|
||||
|
||||
# sops.secrets = {
|
||||
# "${service}_" = {
|
||||
# owner = "${service}";
|
||||
|
||||
Reference in New Issue
Block a user