Jellyfin

nixos/beefcake.nix

@@ -204,43 +204,43 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
         '';
       };
     }
-    # {
+    {
-    #   services.headscale = {
+      services.headscale = {
-    #     enable = true;
+        enable = false;
-    #     address = "127.0.0.1";
+        address = "127.0.0.1";
-    #     port = 7777;
+        port = 7777;
-    #     settings = {
+        settings = {
-    #       server_url = "https://tailscale.vpn.h.lyte.dev";
+          server_url = "https://tailscale.vpn.h.lyte.dev";
-    #       db_type = "sqlite3";
+          db_type = "sqlite3";
-    #       db_path = "/var/lib/headscale/db.sqlite";
+          db_path = "/var/lib/headscale/db.sqlite";
 
-    #       derp.server = {
+          derp.server = {
-    #         enable = true;
+            enable = true;
-    #         region_id = 999;
+            region_id = 999;
-    #         stun_listen_addr = "0.0.0.0:3478";
+            stun_listen_addr = "0.0.0.0:3478";
-    #       };
+          };
 
-    #       dns_config = {
+          dns_config = {
-    #         magic_dns = true;
+            magic_dns = true;
-    #         base_domain = "vpn.h.lyte.dev";
+            base_domain = "vpn.h.lyte.dev";
-    #         domains = [
+            domains = [
-    #           "ts.vpn.h.lyte.dev"
+              "ts.vpn.h.lyte.dev"
-    #         ];
+            ];
-    #         nameservers = [
+            nameservers = [
-    #           "1.1.1.1"
+              "1.1.1.1"
-    #           # "192.168.0.1"
+              # "192.168.0.1"
-    #         ];
+            ];
-    #         override_local_dns = true;
+            override_local_dns = true;
-    #       };
+          };
-    #     };
+        };
-    #   };
+      };
-    #   services.caddy.virtualHosts."tailscale.vpn.h.lyte.dev" = {
+      services.caddy.virtualHosts."tailscale.vpn.h.lyte.dev" = lib.mkIf config.services.headscale.enable {
-    #     extraConfig = ''
+        extraConfig = ''
-    #       reverse_proxy http://localhost:${toString config.services.headscale.port}
+          reverse_proxy http://localhost:${toString config.services.headscale.port}
-    #     '';
+        '';
-    #   };
+      };
-    #   networking.firewall.allowedUDPPorts = [3478];
+      networking.firewall.allowedUDPPorts = lib.mkIf config.services.headscale.enable [3478];
-    # }
+    }
     {
       services.soju = {
         enable = true;
@@ -491,104 +491,145 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
           "forgejo"
         ];
       };
+      services.postgresql = {
+        ensureDatabases = ["daniel"];
+        ensureUsers = [
+          {
+            name = "daniel";
+            ensureDBOwnership = true;
+          }
+        ];
+      };
     }
-    # {
+    {
-    #   services.jellyfin = {
+      systemd.tmpfiles.settings = {
-    #     enable = true;
+        "10-jellyfin" = {
-    #     openFirewall = false;
+          "/storage/jellyfin" = {
-    #     # uses port 8096 by default, configurable from admin UI
+            "d" = {
-    #   };
+              mode = "0770";
-    #   services.caddy.virtualHosts."video.lyte.dev" = {
+              user = "jellyfin";
-    #     extraConfig = ''reverse_proxy :8096'';
+              group = "wheel";
-    #   };
+            };
-    #   # NOTE: this server's xeon chips DO NOT seem to support quicksync or graphics in general
+          };
-    #   # but I can probably throw in a crappy GPU (or a big, cheap ebay GPU for ML
+          "/storage/jellyfin/movies" = {
-    #   # stuff, too?) and get good transcoding performance
+            "d" = {
+              mode = "0770";
+              user = "jellyfin";
+              group = "wheel";
+            };
+          };
+          "/storage/jellyfin/tv" = {
+            "d" = {
+              mode = "0770";
+              user = "jellyfin";
+              group = "wheel";
+            };
+          };
+          "/storage/jellyfin/music" = {
+            "d" = {
+              mode = "0770";
+              user = "jellyfin";
+              group = "wheel";
+            };
+          };
+        };
+      };
+      services.jellyfin = {
+        enable = true;
+        openFirewall = false;
+        # uses port 8096 by default, configurable from admin UI
+      };
+      services.caddy.virtualHosts."video.lyte.dev" = {
+        extraConfig = ''reverse_proxy :8096'';
+      };
+      # NOTE: this server's xeon chips DO NOT seem to support quicksync or graphics in general
+      # but I can probably throw in a crappy GPU (or a big, cheap ebay GPU for ML
+      # stuff, too?) and get good transcoding performance
 
-    #   # jellyfin hardware encoding
+      # jellyfin hardware encoding
-    #   # hardware.graphics = {
+      # hardware.graphics = {
-    #   #   enable = true;
+      #   enable = true;
-    #   #   extraPackages = with pkgs; [
+      #   extraPackages = with pkgs; [
-    #   #     intel-media-driver
+      #     intel-media-driver
-    #   #     vaapiIntel
+      #     vaapiIntel
-    #   #     vaapiVdpau
+      #     vaapiVdpau
-    #   #     libvdpau-va-gl
+      #     libvdpau-va-gl
-    #   #     intel-compute-runtime
+      #     intel-compute-runtime
-    #   #   ];
+      #   ];
-    #   # };
+      # };
-    #   # nixpkgs.config.packageOverrides = pkgs: {
+      # nixpkgs.config.packageOverrides = pkgs: {
-    #   #   vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
+      #   vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
-    #   # };
+      # };
-    # }
+    }
-    # {
+    {
-    #   services.postgresql = {
+      services.postgresql = {
-    #     enable = true;
+        enable = true;
-    #     ensureDatabases = [
+        ensureDatabases = [
-    #       "daniel"
+          "daniel"
-    #       "plausible"
+          "plausible"
-    #       "nextcloud"
+          "nextcloud"
-    #       # "atuin"
+          "atuin"
-    #     ];
+        ];
-    #     ensureUsers = [
+        ensureUsers = [
-    #       {
+          {
-    #         name = "daniel";
+            name = "daniel";
-    #         ensureDBOwnership = true;
+            ensureDBOwnership = true;
-    #       }
+          }
-    #       {
+          {
-    #         name = "plausible";
+            name = "plausible";
-    #         ensureDBOwnership = true;
+            ensureDBOwnership = true;
-    #       }
+          }
-    #       {
+          {
-    #         name = "nextcloud";
+            name = "nextcloud";
-    #         ensureDBOwnership = true;
+            ensureDBOwnership = true;
-    #       }
+          }
-    #       # {
+          {
-    #       #   name = "atuin";
+            name = "atuin";
-    #       #   ensureDBOwnership = true;
+            ensureDBOwnership = true;
-    #       # }
+          }
-    #     ];
+        ];
-    #     dataDir = "/storage/postgres";
+        dataDir = "/storage/postgres";
-    #     enableTCPIP = true;
+        enableTCPIP = true;
 
-    #     package = pkgs.postgresql_15;
+        package = pkgs.postgresql_15;
 
-    #     # https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
+        # https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
-    #     authentication = pkgs.lib.mkOverride 10 ''
+        authentication = pkgs.lib.mkOverride 10 ''
-    #       #type database  user      auth-method    auth-options
+          #type database  user      auth-method    auth-options
-    #       local all       postgres  peer           map=superuser_map
+          local all       postgres  peer           map=superuser_map
-    #       local all       daniel    peer           map=superuser_map
+          local all       daniel    peer           map=superuser_map
-    #       local sameuser  all       peer           map=superuser_map
+          local sameuser  all       peer           map=superuser_map
-    #       # local plausible plausible peer
+          # local plausible plausible peer
-    #       # local nextcloud nextcloud peer
+          # local nextcloud nextcloud peer
-    #       # local atuin     atuin     peer
+          # local atuin     atuin     peer
 
-    #       # lan ipv4
+          # lan ipv4
-    #       host  all       daniel    192.168.0.0/16 trust
+          host  all       daniel    192.168.0.0/16 trust
-    #       host  all       daniel    10.0.0.0/24    trust
+          host  all       daniel    10.0.0.0/24    trust
 
-    #       # tailnet ipv4
+          # tailnet ipv4
-    #       host  all       daniel    100.64.0.0/10 trust
+          host  all       daniel    100.64.0.0/10 trust
-    #     '';
+        '';
 
-    #     identMap = ''
+        identMap = ''
-    #       # map            system_user db_user
+          # map            system_user db_user
-    #       superuser_map    root        postgres
+          superuser_map    root        postgres
-    #       superuser_map    postgres    postgres
+          superuser_map    postgres    postgres
-    #       superuser_map    daniel      postgres
+          superuser_map    daniel      postgres
 
-    #       # Let other names login as themselves
+          # Let other names login as themselves
-    #       superuser_map    /^(.*)$     \1
+          superuser_map    /^(.*)$     \1
-    #     '';
+        '';
-    #   };
+      };
 
-    #   services.postgresqlBackup = {
+      services.postgresqlBackup = {
-    #     enable = true;
+        enable = true;
-    #     backupAll = true;
+        backupAll = true;
-    #     compression = "none"; # hoping for deduplication here?
+        compression = "none"; # hoping for deduplication here?
-    #     location = "/storage/postgres-backups";
+        location = "/storage/postgres-backups";
-    #     startAt = "*-*-* 03:00:00";
+        startAt = "*-*-* 03:00:00";
-    #   };
+      };
-    # }
+    }
     # {
     #   # friends
     #   users.users.ben = {