initial refactoring

2025-07-06 19:00:14 +00:00 · 2025-01-20 22:35:40 -05:00
parent a4b5e05f8f
commit c7933f8502
209 changed files with 5998 additions and 5308 deletions
--- a/platforms/nixos/modules/nmasur/presets/services/jellyfin.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/jellyfin.nix
@ -0,0 +1,83 @@
+# Jellyfin is a self-hosted video streaming service. This means I can play my
+# server's videos from a webpage, mobile app, or TV client.
+
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  cfg = config.nmasur.presets.services.jellyfin;
+in
+{
+
+  config = lib.mkIf cfg.enable {
+
+    services.jellyfin.group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
+    users.users.jellyfin = {
+      isSystemUser = true;
+    };
+
+    caddy.routes = [
+      # Prevent public access to Prometheus metrics.
+      {
+        match = [
+          {
+            host = [ config.hostnames.stream ];
+            path = [ "/metrics*" ];
+          }
+        ];
+        handle = [
+          {
+            handler = "static_response";
+            status_code = "403";
+          }
+        ];
+      }
+      # Allow access to normal route.
+      {
+        match = [ { host = [ config.hostnames.stream ]; } ];
+        handle = [
+          {
+            handler = "reverse_proxy";
+            upstreams = [ { dial = "localhost:8096"; } ];
+          }
+        ];
+      }
+    ];
+
+    # Configure Cloudflare DNS to point to this machine
+    services.cloudflare-dyndns.domains = [ config.hostnames.stream ];
+
+    # Create videos directory, allow anyone in Jellyfin group to manage it
+    systemd.tmpfiles.rules = [
+      "d /var/lib/jellyfin 0775 jellyfin shared"
+      "d /var/lib/jellyfin/library 0775 jellyfin shared"
+    ];
+
+    # Enable VA-API for hardware transcoding
+    hardware.graphics = {
+      enable = true;
+      extraPackages = [ pkgs.libva ];
+    };
+    environment.systemPackages = [ pkgs.libva-utils ];
+    environment.variables = {
+      # VAAPI and VDPAU config for accelerated video.
+      # See https://wiki.archlinux.org/index.php/Hardware_video_acceleration
+      "VDPAU_DRIVER" = "radeonsi";
+      "LIBVA_DRIVER_NAME" = "radeonsi";
+    };
+    users.users.jellyfin.extraGroups = [
+      "render"
+      "video"
+    ]; # Access to /dev/dri
+
+    # Fix issue where Jellyfin-created directories don't allow access for media group
+    systemd.services.jellyfin.serviceConfig.UMask = lib.mkForce "0007";
+
+    # Requires MetricsEnable is true in /var/lib/jellyfin/config/system.xml
+    prometheus.scrapeTargets = [ "127.0.0.1:8096" ];
+  };
+}