feat(nix): start working on jellyfin

sbulav · Nov 22, 2024 · d08927c · d08927c
1 parent ef6188e
commit d08927c
Show file tree

Hide file tree

Showing 2 changed files with 93 additions and 0 deletions.
diff --git a/nix/modules/nixos/containers/jellyfin/default.nix b/nix/modules/nixos/containers/jellyfin/default.nix
@@ -0,0 +1,87 @@
+{
+  config,
+  lib,
+  namespace,
+  ...
+}:
+with lib;
+with lib.custom; let
+  cfg = config.${namespace}.containers.jellyfin;
+in {
+  options.${namespace}.containers.jellyfin = with types; {
+    enable = mkBoolOpt false "Enable jellyfin nixos-container;";
+    host = mkOpt str "jellyfin.sbulav.ru" "The host to serve jellyfin on";
+    dataPath = mkOpt str "/tank/jellyfin" "Jellyfin data path on host machine";
+    hostAddress = mkOpt str "172.16.64.10" "With private network, which address to use on Host";
+    localAddress = mkOpt str "172.16.64.107" "With privateNetwork, which address to use in container";
+  };
+  imports = [
+    (import ../shared/shared-traefik-route.nix
+      {
+        app = "jellyfin";
+        host = "${cfg.host}";
+        url = "http://${cfg.localAddress}:8096";
+        route_enabled = cfg.enable;
+      })
+    (import ../shared/shared-adguard-dns-rewrite.nix
+      {
+        host = "${cfg.host}";
+        rewrite_enabled = cfg.enable;
+      })
+  ];
+
+  config = mkIf cfg.enable {
+    networking.nat = {
+      enable = true;
+      internalInterfaces = ["ve-jellyfin"];
+      externalInterface = "ens3";
+    };
+    containers.jellyfin = {
+      ephemeral = true;
+      autoStart = true;
+
+      privateNetwork = true;
+      # Need to add 172.16.64.0/18 on router
+      hostAddress = "${cfg.hostAddress}";
+      localAddress = "${cfg.localAddress}";
+
+      bindMounts = {
+        "/var/lib/jellyfin/config/" = {
+          hostPath = "${cfg.dataPath}/config/";
+          isReadOnly = false;
+        };
+        "/var/lib/jellyfin/" = {
+          hostPath = "${cfg.dataPath}/";
+          isReadOnly = false;
+        };
+        "/var/lib/jellyfin/log/" = {
+          "hostPath" = "${cfg.dataPath}/log/";
+          isReadOnly = false;
+        };
+
+        config = {...}: {
+          systemd.tmpfiles.rules = [
+            "d /var/lib/jellyfin 700 jellyfin jellyfin -"
+          ];
+          services.jellyfin = {
+            enable = true;
+          };
+
+          networking = {
+            firewall = {
+              enable = true;
+              # https://jellyfin.org/docs/general/networking/index.html#port-bindings
+              allowedTCPPorts = [8096 8920];
+              allowedUDPPorts = [1900 7359];
+            };
+            # Use systemd-resolved inside the container
+            # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
+            useHostResolvConf = lib.mkForce false;
+          };
+          services.resolved.enable = true;
+          system.stateVersion = "24.11";
+        };
+      };
+    };
+  };
+}
diff --git a/nix/systems/x86_64-linux/serverz/default.nix b/nix/systems/x86_64-linux/serverz/default.nix
@@ -73,6 +73,12 @@ in {
       hostAddress = "172.16.64.10";
       localAddress = "172.16.64.106";
     };
+    jellyfin = {
+      enable = true;
+      host = "jellyfin2.sbulav.ru";
+      hostAddress = "172.16.64.10";
+      localAddress = "172.16.64.107";
+    };
   };
 
   environment.systemPackages = with pkgs; [