2024-01-10 04:11:11 +00:00
|
|
|
# Jellyfin is a self-hosted video streaming service. This means I can play my
|
|
|
|
# server's videos from a webpage, mobile app, or TV client.
|
|
|
|
|
2024-04-20 13:42:06 +00:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
pkgs,
|
|
|
|
lib,
|
|
|
|
...
|
|
|
|
}:
|
|
|
|
{
|
2022-10-02 17:40:10 +00:00
|
|
|
|
2023-07-04 22:20:43 +00:00
|
|
|
config = lib.mkIf config.services.jellyfin.enable {
|
2022-10-02 17:40:10 +00:00
|
|
|
|
2023-06-06 00:56:52 +00:00
|
|
|
services.jellyfin.group = "media";
|
2024-04-20 13:42:06 +00:00
|
|
|
users.users.jellyfin = {
|
|
|
|
isSystemUser = true;
|
|
|
|
};
|
2022-10-02 17:40:10 +00:00
|
|
|
|
2023-07-16 21:04:07 +00:00
|
|
|
caddy.routes = [
|
2024-01-10 04:11:11 +00:00
|
|
|
# Prevent public access to Prometheus metrics.
|
2023-07-16 21:04:07 +00:00
|
|
|
{
|
2024-04-20 13:42:06 +00:00
|
|
|
match = [
|
|
|
|
{
|
|
|
|
host = [ config.hostnames.stream ];
|
|
|
|
path = [ "/metrics*" ];
|
|
|
|
}
|
|
|
|
];
|
|
|
|
handle = [
|
|
|
|
{
|
|
|
|
handler = "static_response";
|
|
|
|
status_code = "403";
|
|
|
|
}
|
|
|
|
];
|
2023-07-16 21:04:07 +00:00
|
|
|
}
|
2024-01-10 04:11:11 +00:00
|
|
|
# Allow access to normal route.
|
2023-07-16 21:04:07 +00:00
|
|
|
{
|
2024-04-20 13:42:06 +00:00
|
|
|
match = [ { host = [ config.hostnames.stream ]; } ];
|
|
|
|
handle = [
|
|
|
|
{
|
|
|
|
handler = "reverse_proxy";
|
|
|
|
upstreams = [ { dial = "localhost:8096"; } ];
|
|
|
|
}
|
|
|
|
];
|
2023-07-16 21:04:07 +00:00
|
|
|
}
|
|
|
|
];
|
2022-10-04 22:59:28 +00:00
|
|
|
|
2024-03-30 15:41:18 +00:00
|
|
|
# Configure Cloudflare DNS to point to this machine
|
|
|
|
services.cloudflare-dyndns.domains = [ config.hostnames.stream ];
|
|
|
|
|
2022-10-04 22:59:28 +00:00
|
|
|
# Create videos directory, allow anyone in Jellyfin group to manage it
|
2022-10-23 04:16:42 +00:00
|
|
|
systemd.tmpfiles.rules = [
|
2023-06-06 00:56:52 +00:00
|
|
|
"d /var/lib/jellyfin 0775 jellyfin media"
|
|
|
|
"d /var/lib/jellyfin/library 0775 jellyfin media"
|
2022-10-23 04:16:42 +00:00
|
|
|
];
|
2022-10-04 22:59:28 +00:00
|
|
|
|
2023-06-04 14:22:04 +00:00
|
|
|
# Enable VA-API for hardware transcoding
|
|
|
|
hardware.opengl = {
|
|
|
|
enable = true;
|
2023-06-04 16:14:11 +00:00
|
|
|
driSupport = true;
|
2023-06-04 14:22:04 +00:00
|
|
|
extraPackages = [ pkgs.libva ];
|
|
|
|
};
|
2023-06-06 03:13:17 +00:00
|
|
|
environment.systemPackages = [ pkgs.libva-utils ];
|
|
|
|
environment.variables = {
|
|
|
|
# VAAPI and VDPAU config for accelerated video.
|
|
|
|
# See https://wiki.archlinux.org/index.php/Hardware_video_acceleration
|
|
|
|
"VDPAU_DRIVER" = "radeonsi";
|
|
|
|
"LIBVA_DRIVER_NAME" = "radeonsi";
|
|
|
|
};
|
2024-04-20 13:42:06 +00:00
|
|
|
users.users.jellyfin.extraGroups = [
|
|
|
|
"render"
|
|
|
|
"video"
|
|
|
|
]; # Access to /dev/dri
|
2023-06-04 14:22:04 +00:00
|
|
|
|
2024-01-04 03:49:09 +00:00
|
|
|
# Fix issue where Jellyfin-created directories don't allow access for media group
|
|
|
|
systemd.services.jellyfin.serviceConfig.UMask = lib.mkForce "0007";
|
|
|
|
|
2023-07-16 21:04:07 +00:00
|
|
|
# Requires MetricsEnable is true in /var/lib/jellyfin/config/system.xml
|
|
|
|
prometheus.scrapeTargets = [ "127.0.0.1:8096" ];
|
2022-10-02 17:40:10 +00:00
|
|
|
};
|
|
|
|
}
|