diff --git a/configurations/nixos/pureintent/default.nix b/configurations/nixos/pureintent/default.nix index e2099fd..762091c 100644 --- a/configurations/nixos/pureintent/default.nix +++ b/configurations/nixos/pureintent/default.nix @@ -12,6 +12,7 @@ in self.nixosModules.default ./configuration.nix (self + /webapps/host.nix) + ./home-media.nix ]; services.openssh.enable = true; @@ -21,39 +22,6 @@ in package = pkgs.netdataCloud; }; - services.jellyfin = { - enable = true; - openFirewall = true; - }; - users.users.vinoth = { - isNormalUser = true; - extraGroups = [ "jellyfin" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGQAoH/iaojJSIHZmPdxZH+CrI8lKqgWA3tMRFlGI41M vinoth.ratna.kumar@gmail.com" - ]; - }; - environment.systemPackages = with pkgs; [ - yt-dlp - ffmpeg - aria2 - tmux - zellij - ]; - /* - services.transmission = { - enable = true; - group = "jellyfin"; - openRPCPort = true; - settings = { - rpc-bind-address = "localhost"; - rpc-whitelist-enabled = false; # ACL managed through Tailscale - rpc-host-whitelist = "pureintent pureintent.rooster-blues.ts.net"; - download-dir = "/Self/Downloads"; - trash-original-torrent-files = true; - }; - }; - */ - programs.nix-ld.enable = true; # for vscode server # Workaround the annoying `Failed to start Network Manager Wait Online` error on switch. diff --git a/configurations/nixos/pureintent/home-media.nix b/configurations/nixos/pureintent/home-media.nix new file mode 100644 index 0000000..45b855e --- /dev/null +++ b/configurations/nixos/pureintent/home-media.nix @@ -0,0 +1,75 @@ +{ flake, config, pkgs, ... }: + +let + inherit (flake) inputs; + inherit (inputs) self; +in +{ + services.jellyfin = { + enable = true; + openFirewall = true; + }; + environment.systemPackages = with pkgs; [ + yt-dlp + ffmpeg + aria2 + tmux + zellij + ]; + + /* Not using this + services.transmission = { + enable = true; + group = "jellyfin"; + openRPCPort = true; + settings = { + rpc-bind-address = "localhost"; + rpc-whitelist-enabled = false; # ACL managed through Tailscale + rpc-host-whitelist = "pureintent pureintent.rooster-blues.ts.net"; + download-dir = "/Self/Downloads"; + trash-original-torrent-files = true; + }; + }; + */ + + /* Disabled, because jellyfin has issues + age.secrets = { + "pureintent-basic-auth.age" = { + file = self + /secrets/pureintent-basic-auth.age; + owner = "nginx"; + }; + }; + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + # virtualHosts."pureintent.rooster-blues.ts.net" = { + virtualHosts = rec { + "pureintent.rooster-blues.ts.net" = pureintent; + "pureintent" = { + locations = { + # Return index.html with likns to other two sites + "/" = { + extraConfig = '' + default_type text/html; + ''; + return = "200 ''"; + }; + # Transmission + "/transmission" = { + proxyPass = "http://localhost:9091/transmission"; + proxyWebsockets = true; + # transmission has no login page, so use basic auth + basicAuthFile = config.age.secrets."pureintent-basic-auth.age".path; + }; + # Jellyfin + "/web" = { + proxyPass = "http://localhost:8096"; + proxyWebsockets = true; + }; + }; + }; + }; + }; + */ +} diff --git a/secrets/pureintent-basic-auth.age b/secrets/pureintent-basic-auth.age new file mode 100644 index 0000000..1422b23 Binary files /dev/null and b/secrets/pureintent-basic-auth.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 118870c..c2e2e7a 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -9,4 +9,5 @@ in { "hedgedoc.env.age".publicKeys = users ++ systems; "github-nix-ci/srid.token.age".publicKeys = users ++ systems; + "pureintent-basic-auth.age".publicKeys = users ++ systems; }