nixos-config/configurations/camelot/jellyfin.nix

92 lines
2.1 KiB
Nix

{ extraInfo, pkgs, ... }:
{
users.groups.media = { };
services.jellyfin.enable = true;
services.nginx.virtualHosts.${extraInfo.jellyfinURI} = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://localhost:8096";
};
"/socket" = {
proxyPass = "http://localhost:8096";
proxyWebsockets = true;
};
};
};
services.sonarr = {
enable = true;
openFirewall = true;
group = "media";
};
# Sonarr didn't update their runtime for a while...
nixpkgs.config.permittedInsecurePackages = [
"aspnetcore-runtime-6.0.36"
"aspnetcore-runtime-wrapped-6.0.36"
"dotnet-sdk-wrapped-6.0.428"
"dotnet-sdk-6.0.428"
];
services.radarr = {
enable = true;
openFirewall = true;
group = "media";
};
services.bazarr = {
enable = true;
openFirewall = true;
group = "media";
};
# Torrent client
services.deluge = {
enable = true;
web = {
enable = true;
openFirewall = true;
};
group = "media";
};
services.jackett = {
enable = true;
openFirewall = true;
};
systemd.services.delugedweb.requires = [ "deluged-proxy.service" ];
systemd.services.deluged.bindsTo = [ "wireguard-wg1.service" ];
systemd.services.deluged.requires = [ "network-online.target" ];
systemd.services.deluged.serviceConfig.NetworkNamespacePath = "/var/run/netns/wg1ns";
systemd.services.deluged.serviceConfig.PrivateNetwork = true;
systemd.sockets.deluged-proxy = {
description = "Socket for deluge-web to deluged in network namespace";
listenStreams = [ "58846" ];
wantedBy = [ "sockets.target" ];
};
systemd.services.deluged-proxy = {
description = "Proxy for deluge-web to deluged in network namespace";
requires = [
"deluged.service"
"deluged-proxy.socket"
];
after = [
"deluged.service"
"deluged-proxy.socket"
];
unitConfig.JoinsNamespaceOf = "deluged.service";
serviceConfig = {
User = "deluge";
Group = "media";
ExecStart = "${pkgs.systemd}/lib/systemd/systemd-socket-proxyd 127.0.0.1:58846";
PrivateNetwork = true;
};
};
}