backwards: Enable jellyseerr for jellyfin

backwards: Enable radarr for jellyfin
backwards: Enable sonarr for jellyfin
2024-09-16 21:34:56 +02:00 · 2024-09-16 21:34:56 +02:00 · 2024-09-16 21:34:56 +02:00 · 2024-09-16 21:34:56 +02:00 · 2024-09-16 21:34:56 +02:00 · 2024-09-16 21:34:56 +02:00
7 changed files with 89 additions and 27 deletions
--- a/hosts/backwards/modules/default.nix
+++ b/hosts/backwards/modules/default.nix
@@ -12,6 +12,7 @@ in

      ssh.enable = true;
      git.enable = true;
+      nginx.enable = true;
      syncthing.enable = true;
      restic.enable = true;
      transmission.enable = true;
--- a/hosts/backwards/modules/jellyfin/default.nix
+++ b/hosts/backwards/modules/jellyfin/default.nix
@@ -1,4 +1,12 @@
-{ pkgs, ... }:
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+let
+  nginxEnabled = config.mod.nginx.enable;
+in
 {
  fileSystems."/home/alex/media" = {
    device = "/dev/disk/by-uuid/ad4acc0f-172c-40f8-8473-777c957e8764";
@@ -26,7 +34,8 @@
    };
  };

-  services.jellyfin = {
+  services = {
+    jellyfin = {
      enable = true;
      openFirewall = true;

@@ -36,6 +45,40 @@
      dataDir = "/home/alex/media/jellyfin";
    };

+    prowlarr.enable = true;
+
+    sonarr = {
+      enable = true;
+
+      user = "alex";
+      group = "users";
+    };
+
+    radarr = {
+      enable = true;
+
+      user = "alex";
+      group = "users";
+    };
+
+    jellyseerr.enable = true;
+
+    nginx = lib.mkIf nginxEnabled {
+      virtualHosts."jelly.ppp.pm" = {
+        locations = {
+          "/" = {
+            proxyPass = "http://127.0.0.1:8096";
+          };
+
+          "/socket" = {
+            proxyPass = "http://127.0.0.1:8096";
+            proxyWebsockets = true;
+          };
+        };
+      };
+    };
+  };
+
  environment.systemPackages = [
    pkgs.jellyfin
    pkgs.jellyfin-web
--- a/hosts/backwards/modules/nginx/default.nix
+++ b/hosts/backwards/modules/nginx/default.nix
@@ -0,0 +1,22 @@
+{ lib, config, ... }:
+let
+  enabled = config.mod.nginx.enable;
+in
+{
+  options = {
+    mod.nginx = {
+      enable = lib.mkEnableOption "Enable nginx module";
+    };
+  };
+
+  config = lib.mkIf enabled {
+    services = {
+      nginx = {
+        enable = true;
+
+        recommendedProxySettings = true;
+        recommendedTlsSettings = true;
+      };
+    };
+  };
+}
--- a/hosts/backwards/modules/transmission/default.nix
+++ b/hosts/backwards/modules/transmission/default.nix
@@ -6,6 +6,8 @@
 }:
 let
  enabled = config.mod.transmission.enable;
+
+  nginxEnabled = config.mod.nginx.enable;
 in
 {
  options = {
@@ -42,6 +44,14 @@ in
          rpc-password = "{55d884e4042db67313da49e05d7089a368eb64b3Br.3X.Xi";
        };
      };
+
+      nginx = lib.mkIf nginxEnabled {
+        virtualHosts."ts.ppp.pm" = {
+          locations."/" = {
+            proxyPass = "http://localhost:9191";
+          };
+        };
+      };
    };
  };
 }
--- a/hosts/tadpole/modules/certs/default.nix
+++ b/hosts/tadpole/modules/certs/default.nix
@@ -1,16 +1,20 @@
 { ... }:
 {
  security.acme = {
+    acceptTerms = true;
+
+    defaults = {
+      email = "acme@ppp.pm";
+    };
+
    certs = {
      "ppp.pm" = {
        webroot = "/var/lib/acme/acme-challenge/";
-        email = "p@ppp.pm";
        group = "nginx";
      };

      "git.ppp.pm" = {
        webroot = "/var/lib/acme/acme-challenge/";
-        email = "p@ppp.pm";
        group = "nginx";
      };
    };
--- a/hosts/tadpole/modules/gitea/default.nix
+++ b/hosts/tadpole/modules/gitea/default.nix
@@ -43,14 +43,6 @@ in
        assertion = conf.baseDomain != "";
        message = "Option 'mod.gitea.baseDomain' cannot be empty";
      }
-      {
-        assertion = builtins.hasAttr gitDomain config.security.acme.certs;
-        message = "There is no cert configured for ${gitDomain} used by gitea";
-      }
-      {
-        assertion = conf.webfingerEnable && builtins.hasAttr conf.baseDomain config.security.acme.certs;
-        message = "There is no cert configured for ${conf.baseDomain} used by webfinger";
-      }
      {
        assertion = conf.webfingerEnable && conf.webfingerAccounts != [ ];
        message = "Option 'mod.gitea.webfingerAccounts' cannot be empty";
--- a/hosts/tadpole/modules/nginx/default.nix
+++ b/hosts/tadpole/modules/nginx/default.nix
@@ -10,16 +10,6 @@ in
  };

  config = lib.mkIf enabled {
-    security = {
-      acme = {
-        acceptTerms = true;
-
-        defaults = {
-          email = "p@ppp.pm";
-        };
-      };
-    };
-
    services = {
      nginx = {
        enable = true;
Author	SHA1	Message	Date
Alexander Heldt	334bc9eb58	backwards: Enable `jellyseerr` for `jellyfin`	2024-09-16 21:34:56 +02:00
Alexander Heldt	441138b1e9	backwards: Enable `radarr` for `jellyfin`	2024-09-16 21:34:56 +02:00
Alexander Heldt	8603ec662f	backwards: Enable `sonarr` for `jellyfin`	2024-09-16 21:34:56 +02:00
Alexander Heldt	daa1d80e33	backwards: Enable `prowlarr` for `jellyfin`	2024-09-16 21:34:56 +02:00
Alexander Heldt	666611af45	backwards: Add reverse proxy for `jellyfin`	2024-09-16 21:34:56 +02:00
Alexander Heldt	96adbf74b6	tadpole: Remove unneeded assertion of existing certs for `gitea`	2024-09-16 21:34:56 +02:00
Alexander Heldt	c0939cb8fc	backwards: Add reverse proxy for `transmission`	2024-09-16 21:34:56 +02:00
Alexander Heldt	54bc15af50	backwards: Add `nginx` module	2024-09-16 21:24:52 +02:00
Alexander Heldt	a843b7accc	tadpole: Clean up `nginx` and `certs` modules	2024-09-16 21:24:43 +02:00
Alexander Heldt	466f3662ee	tadpole: Change default email for `certs`	2024-09-16 21:24:17 +02:00