Add jellyfin and expose qbittorrent

1 year ago · 1fc9f28c2e
4 changed files with 62 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -51,6 +51,13 @@ The import structure goes as follows:
        - various `common/home_manager/fragments/<fragment>.nix`, which configures a specific use case,
          like graphical programs or Rust development.

+## Unconfigured
+
+Currently, the primary dependencies are:
+
+- DNS that sets the crimespoon and felonyspork names
+- Mullvad VPN config on crimespoon, allowing LAN connections
+
 ## Deployment

 Simply run `push`:
--- a/common/fragments/vaapi-jellyfin.nix
+++ b/common/fragments/vaapi-jellyfin.nix
@ -0,0 +1,25 @@
+{ pkgs, lib,config, ... }:
+{
+  # 1. enable vaapi on OS-level
+  nixpkgs.config.packageOverrides = pkgs: {
+    vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
+  };
+  hardware.opengl = {
+    enable = true;
+    extraPackages = with pkgs; [
+      intel-media-driver
+      vaapiIntel
+      vaapiVdpau
+      libvdpau-va-gl
+      intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
+    ];
+  };
+
+  # 2. override default hardening measure from NixOS - this is default since
+  # 22.05
+  systemd.services.jellyfin.serviceConfig.PrivateDevices = lib.mkForce false;
+
+  # 3. do not forget to enable jellyfin
+  services.jellyfin.enable = true;
+  services.jellyfin.openFirewall = true;
+}
--- a/hosts/crimespoon/configuration.nix
+++ b/hosts/crimespoon/configuration.nix
@ -20,6 +20,7 @@
      ../../common/fragments/minecraft-server.nix
      ../../common/fragments/mosh.nix
      ../../common/fragments/fail2ban.nix
+      ../../common/fragments/mullvad-vpn.nix
    ];

  # Use the systemd-boot EFI boot loader.
--- a/hosts/felonyspork/configuration.nix
+++ b/hosts/felonyspork/configuration.nix
@ -17,6 +17,7 @@
      ../../common/fragments/promtail.nix
      ../../common/fragments/ddclient.nix
      ../../common/fragments/fail2ban.nix
+      ../../common/fragments/vaapi-jellyfin.nix
    ];

  # Use the systemd-boot EFI boot loader.
@ -33,6 +34,16 @@
    fsType = "nfs";
  };

+  fileSystems."/mnt/Download" = {
+    device = "moria.local:/volume1/Download";
+    fsType = "nfs";
+  };
+
+  fileSystems."/mnt/Public" = {
+    device = "moria.local:/volume1/Public";
+    fsType = "nfs";
+  };
+
  # Enable DigitalOcean dynamic DNS
  systemd.services.do_dyndns = {
    enable = true;
@ -107,6 +118,22 @@
        proxyWebsockets = true;
      };
    };
+    virtualHosts."jelly.home.nora.codes" = {
+      addSSL = true;
+      useACMEHost = "home.nora.codes";
+      locations."/" = {
+        proxyPass = "http://localhost:8096";
+        proxyWebsockets = true;
+      };
+    };
+    virtualHosts."torrent.home.nora.codes" = {
+      addSSL = true;
+      useACMEHost = "home.nora.codes";
+      locations."/" = {
+        proxyPass = "http://crimespoon:8088";
+        proxyWebsockets = true;
+      };
+    };
    virtualHosts."felonyspork.local" = {
      locations."/" = {
        root = "/var/www/home.nora.codes";
@ -123,6 +150,8 @@
    certs."home.nora.codes".extraDomainNames = [
      "bluemap.home.nora.codes"
      "dashboard.home.nora.codes"
+      "jelly.home.nora.codes"
+      "torrent.home.nora.codes"
    ];
  };
  networking.firewall.allowedTCPPorts = [ 80 443 ];