lytedev/nix
1
0
Fork 1
Code Issues Pull requests 1 Actions Packages Projects Releases Wiki Activity

Jellyfin

Browse source
This commit is contained in:
Daniel Flanagan 2024-09-06 16:36:53 -05:00
parent da602beac6
commit 639aad8c8a
1 changed files with 165 additions and 124 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

289
nixos/beefcake.nix
View file

@ -204,43 +204,43 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
''; '';
}; };
} }
# { {
# services.headscale = { services.headscale = {
# enable = true; enable = false;
# address = "127.0.0.1"; address = "127.0.0.1";
# port = 7777; port = 7777;
# settings = { settings = {
# server_url = "https://tailscale.vpn.h.lyte.dev"; server_url = "https://tailscale.vpn.h.lyte.dev";
# db_type = "sqlite3"; db_type = "sqlite3";
# db_path = "/var/lib/headscale/db.sqlite"; db_path = "/var/lib/headscale/db.sqlite";
# derp.server = { derp.server = {
# enable = true; enable = true;
# region_id = 999; region_id = 999;
# stun_listen_addr = "0.0.0.0:3478"; stun_listen_addr = "0.0.0.0:3478";
# }; };
# dns_config = { dns_config = {
# magic_dns = true; magic_dns = true;
# base_domain = "vpn.h.lyte.dev"; base_domain = "vpn.h.lyte.dev";
# domains = [ domains = [
# "ts.vpn.h.lyte.dev" "ts.vpn.h.lyte.dev"
# ]; ];
# nameservers = [ nameservers = [
# "1.1.1.1" "1.1.1.1"
# # "192.168.0.1" # "192.168.0.1"
# ]; ];
# override_local_dns = true; override_local_dns = true;
# }; };
# }; };
# }; };
# services.caddy.virtualHosts."tailscale.vpn.h.lyte.dev" = { services.caddy.virtualHosts."tailscale.vpn.h.lyte.dev" = lib.mkIf config.services.headscale.enable {
# extraConfig = '' extraConfig = ''
# reverse_proxy http://localhost:${toString config.services.headscale.port} reverse_proxy http://localhost:${toString config.services.headscale.port}
# ''; '';
# }; };
# networking.firewall.allowedUDPPorts = [3478]; networking.firewall.allowedUDPPorts = lib.mkIf config.services.headscale.enable [3478];
# } }
{ {
services.soju = { services.soju = {
enable = true; enable = true;
@ -491,104 +491,145 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
"forgejo" "forgejo"
]; ];
}; };
services.postgresql = {
ensureDatabases = ["daniel"];
ensureUsers = [
{
name = "daniel";
ensureDBOwnership = true;
}
];
};
} }
# { {
# services.jellyfin = { systemd.tmpfiles.settings = {
# enable = true; "10-jellyfin" = {
# openFirewall = false; "/storage/jellyfin" = {
# # uses port 8096 by default, configurable from admin UI "d" = {
# }; mode = "0770";
# services.caddy.virtualHosts."video.lyte.dev" = { user = "jellyfin";
# extraConfig = ''reverse_proxy :8096''; group = "wheel";
# }; };
# # NOTE: this server's xeon chips DO NOT seem to support quicksync or graphics in general };
# # but I can probably throw in a crappy GPU (or a big, cheap ebay GPU for ML "/storage/jellyfin/movies" = {
# # stuff, too?) and get good transcoding performance "d" = {
mode = "0770";
user = "jellyfin";
group = "wheel";
};
};
"/storage/jellyfin/tv" = {
"d" = {
mode = "0770";
user = "jellyfin";
group = "wheel";
};
};
"/storage/jellyfin/music" = {
"d" = {
mode = "0770";
user = "jellyfin";
group = "wheel";
};
};
};
};
services.jellyfin = {
enable = true;
openFirewall = false;
# uses port 8096 by default, configurable from admin UI
};
services.caddy.virtualHosts."video.lyte.dev" = {
extraConfig = ''reverse_proxy :8096'';
};
# NOTE: this server's xeon chips DO NOT seem to support quicksync or graphics in general
# but I can probably throw in a crappy GPU (or a big, cheap ebay GPU for ML
# stuff, too?) and get good transcoding performance
# # jellyfin hardware encoding # jellyfin hardware encoding
# # hardware.graphics = { # hardware.graphics = {
# # enable = true; # enable = true;
# # extraPackages = with pkgs; [ # extraPackages = with pkgs; [
# # intel-media-driver # intel-media-driver
# # vaapiIntel # vaapiIntel
# # vaapiVdpau # vaapiVdpau
# # libvdpau-va-gl # libvdpau-va-gl
# # intel-compute-runtime # intel-compute-runtime
# # ]; # ];
# # }; # };
# # nixpkgs.config.packageOverrides = pkgs: { # nixpkgs.config.packageOverrides = pkgs: {
# # vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; # vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
# # }; # };
# } }
# { {
# services.postgresql = { services.postgresql = {
# enable = true; enable = true;
# ensureDatabases = [ ensureDatabases = [
# "daniel" "daniel"
# "plausible" "plausible"
# "nextcloud" "nextcloud"
# # "atuin" "atuin"
# ]; ];
# ensureUsers = [ ensureUsers = [
# { {
# name = "daniel"; name = "daniel";
# ensureDBOwnership = true; ensureDBOwnership = true;
# } }
# { {
# name = "plausible"; name = "plausible";
# ensureDBOwnership = true; ensureDBOwnership = true;
# } }
# { {
# name = "nextcloud"; name = "nextcloud";
# ensureDBOwnership = true; ensureDBOwnership = true;
# } }
# # { {
# # name = "atuin"; name = "atuin";
# # ensureDBOwnership = true; ensureDBOwnership = true;
# # } }
# ]; ];
# dataDir = "/storage/postgres"; dataDir = "/storage/postgres";
# enableTCPIP = true; enableTCPIP = true;
# package = pkgs.postgresql_15; package = pkgs.postgresql_15;
# # https://www.postgresql.org/docs/current/auth-pg-hba-conf.html # https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
# authentication = pkgs.lib.mkOverride 10 '' authentication = pkgs.lib.mkOverride 10 ''
# #type database user auth-method auth-options #type database user auth-method auth-options
# local all postgres peer map=superuser_map local all postgres peer map=superuser_map
# local all daniel peer map=superuser_map local all daniel peer map=superuser_map
# local sameuser all peer map=superuser_map local sameuser all peer map=superuser_map
# # local plausible plausible peer # local plausible plausible peer
# # local nextcloud nextcloud peer # local nextcloud nextcloud peer
# # local atuin atuin peer # local atuin atuin peer
# # lan ipv4 # lan ipv4
# host all daniel 192.168.0.0/16 trust host all daniel 192.168.0.0/16 trust
# host all daniel 10.0.0.0/24 trust host all daniel 10.0.0.0/24 trust
# # tailnet ipv4 # tailnet ipv4
# host all daniel 100.64.0.0/10 trust host all daniel 100.64.0.0/10 trust
# ''; '';
# identMap = '' identMap = ''
# # map system_user db_user # map system_user db_user
# superuser_map root postgres superuser_map root postgres
# superuser_map postgres postgres superuser_map postgres postgres
# superuser_map daniel postgres superuser_map daniel postgres
# # Let other names login as themselves # Let other names login as themselves
# superuser_map /^(.*)$ \1 superuser_map /^(.*)$ \1
# ''; '';
# }; };
# services.postgresqlBackup = { services.postgresqlBackup = {
# enable = true; enable = true;
# backupAll = true; backupAll = true;
# compression = "none"; # hoping for deduplication here? compression = "none"; # hoping for deduplication here?
# location = "/storage/postgres-backups"; location = "/storage/postgres-backups";
# startAt = "*-*-* 03:00:00"; startAt = "*-*-* 03:00:00";
# }; };
# } }
# { # {
# # friends # # friends
# users.users.ben = { # users.users.ben = {