jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

more jellyfin + nextcloud tweaking, microbin live

Browse Source
This commit is contained in:
Danilo Reyes 2024-06-14 15:42:41 -06:00
parent 36cb54390f
commit 2eefa0d223
8 changed files with 196 additions and 145 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
hosts/miniserver/configuration.nix
View File

@ -26,6 +26,19 @@
find-dup-episodes.enable = true; find-dup-episodes.enable = true;
update-dns.enable = true; update-dns.enable = true;
}; };
servers = {
jellyfin = {
enable = false;
enableCron = false;
};
nextcloud = {
enable = false;
enableCron = false;
};
collabora.enable = false;
go-vod.enable = false;
microbin.enable = true;
};
}; };
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;
networking = { networking = {

2
hosts/miniserver/nginx.nix
View File

@ -25,7 +25,6 @@ let
# kavitaPort = config.services.kavita.port; # kavitaPort = config.services.kavita.port;
vaultPort = config.services.vaultwarden.config.ROCKET_PORT; vaultPort = config.services.vaultwarden.config.ROCKET_PORT;
audiobookPort = config.services.audiobookshelf.port; audiobookPort = config.services.audiobookshelf.port;
microbinPort = config.services.microbin.settings.MICROBIN_PORT;
in { in {
services.nginx = { services.nginx = {
enable = true; enable = true;
@ -66,7 +65,6 @@ in {
# "subs.${domain}" = proxy bazarrPort // { }; # "subs.${domain}" = proxy bazarrPort // { };
# "series.${domain}" = proxy sonarrPort // { }; # "series.${domain}" = proxy sonarrPort // { };
"vault.${domain}" = proxy vaultPort // { }; "vault.${domain}" = proxy vaultPort // { };
"copy.${domain}" = proxy microbinPort // { };
"mealie.${domain}" = proxy mealiePort // { }; "mealie.${domain}" = proxy mealiePort // { };
"tracker.${domain}" = proxy ryotPort // { }; "tracker.${domain}" = proxy ryotPort // { };
"scrobble.${domain}" = proxy scrobblePort // { }; "scrobble.${domain}" = proxy scrobblePort // { };

12
hosts/miniserver/servers.nix
View File

@ -63,18 +63,6 @@ in {
# mutableSettings = true; # mutableSettings = true;
# openFirewall = true; # openFirewall = true;
# }; # };
microbin = {
enable = true;
settings = {
MICROBIN_HIDE_LOGO = false;
MICROBIN_PORT = 8080;
MICROBIN_HIGHLIGHTSYNTAX = true;
MICROBIN_PRIVATE = true;
MICROBIN_QR = true;
MICROBIN_ENCRYPTION_CLIENT_SIDE = true;
MICROBIN_ENCRYPTION_SERVER_SIDE = true;
};
};
shiori = { shiori = {
enable = true; enable = true;
port = 4368; port = 4368;

60
modules/servers.nix
View File

@ -4,6 +4,31 @@ let
enable = true; enable = true;
group = "piracy"; group = "piracy";
}; };
proxy = locations: {
inherit locations;
forceSSL = true;
enableACME = true;
http2 = true;
};
proxyReverse = port:
proxy {
"/".proxyPass =
"http://${config.my.servers.settings.localhost}:${toString port}/";
};
proxyReverseArr = port:
proxy port // {
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_redirect off;
proxy_http_version 1.1;
'';
};
enableDocker = lib.any (opt: opt) [ enableDocker = lib.any (opt: opt) [
config.my.servers.collabora.enable config.my.servers.collabora.enable
config.my.servers.go-vod.enable config.my.servers.go-vod.enable
@ -12,11 +37,24 @@ in {
imports = [ imports = [
(import ./servers/jellyfin.nix { inherit lib config pkgs serviceBase; }) (import ./servers/jellyfin.nix { inherit lib config pkgs serviceBase; })
(import ./servers/nextcloud.nix { inherit lib config pkgs serviceBase; }) (import ./servers/nextcloud.nix { inherit lib config pkgs serviceBase; })
(import ./servers/microbin.nix { inherit lib config proxyReverse; })
]; ];
options.my.servers.settings = { options.my.servers.settings = {
localhost = "127.0.0.1"; localhost = lib.mkOption {
domain = "servidos.lat"; type = lib.types.str;
postgresSocket = "/run/postgresql"; default = "127.0.0.1";
description = "The localhost address.";
};
domain = lib.mkOption {
type = lib.types.str;
default = "servidos.lat";
description = "The domain name.";
};
postgresSocket = lib.mkOption {
type = lib.types.str;
default = "/run/postgresql";
description = "The PostgreSQL socket path.";
};
}; };
config = { config = {
my.servers = { my.servers = {
@ -30,17 +68,15 @@ in {
}; };
collabora.enable = lib.mkDefault false; collabora.enable = lib.mkDefault false;
go-vod.enable = lib.mkDefault false; go-vod.enable = lib.mkDefault false;
microbin.enable = lib.mkDefault false;
}; };
virtualisation = lib.mkIf enableDocker { virtualisation.docker = lib.mkIf enableDocker {
oci-containers.backend = "docker"; enable = true;
docker = { enableNvidia = true;
autoPrune = {
enable = true; enable = true;
enableNvidia = true; flags = [ "--all" ];
autoPrune = { dates = "weekly";
enable = true;
flags = [ "--all" ];
dates = "weekly";
};
}; };
}; };
}; };

14
modules/servers/docker.nix
View File

@ -1,14 +0,0 @@
{ ... }: {
virtualization = {
oci-containers.backend = "docker";
docker = {
enable = true;
enableNvidia = true;
autoPrune = {
enable = true;
flags = [ "--all" ];
dates = "weekly";
};
};
};
}

140
modules/servers/jellyfin.nix
View File

@ -20,83 +20,81 @@ in {
map $request_uri $h264Level { ~(h264-level=)(.+?)& $2; } map $request_uri $h264Level { ~(h264-level=)(.+?)& $2; }
map $request_uri $h264Profile { ~(h264-profile=)(.+?)& $2; } map $request_uri $h264Profile { ~(h264-profile=)(.+?)& $2; }
''; '';
virtualHosts = { virtualHosts."flix.${config.my.servers.settings.domain}" = {
"flix.${config.my.servers.settings.domain}" = { forceSSL = true;
forceSSL = true; enableACME = true;
enableACME = true; http2 = true;
http2 = true; extraConfig = ''
extraConfig = '' # use a variable to store the upstream proxy
# use a variable to store the upstream proxy # in this example we are using a hostname which is resolved via DNS
# in this example we are using a hostname which is resolved via DNS # (if you aren't using DNS remove the resolver line and change the variable to point to an IP address
# (if you aren't using DNS remove the resolver line and change the variable to point to an IP address resolver ${localhost} valid=30;
resolver ${localhost} valid=30;
location = / { location = / {
return 302 http://$host/web/; return 302 http://$host/web/;
#return 302 https://$host/web/; #return 302 https://$host/web/;
} }
location = /web/ { location = /web/ {
# Proxy main Jellyfin traffic # Proxy main Jellyfin traffic
proxy_pass http://${localhost}:${toString port}/web/index.html; proxy_pass http://${localhost}:${toString port}/web/index.html;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Forwarded-Host $http_host;
} }
''; '';
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://${localhost}:${toString port}"; proxyPass = "http://${localhost}:${toString port}";
proxyWebsockets = true; proxyWebsockets = true;
}; };
"/socket" = { "/socket" = {
proxyPass = "http://${localhost}:${toString port}"; proxyPass = "http://${localhost}:${toString port}";
extraConfig = '' extraConfig = ''
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
''; '';
}; };
"~ /Items/(.*)/Images" = { "~ /Items/(.*)/Images" = {
proxyPass = "http://${localhost}:${toString port}"; proxyPass = "http://${localhost}:${toString port}";
extraConfig = '' extraConfig = ''
proxy_cache jellyfin; proxy_cache jellyfin;
proxy_cache_revalidate on; proxy_cache_revalidate on;
proxy_cache_lock on; proxy_cache_lock on;
''; '';
}; };
"~* ^/Videos/(.*)/(?!live)" = { "~* ^/Videos/(.*)/(?!live)" = {
proxyPass = "http://${localhost}:${toString port}"; proxyPass = "http://${localhost}:${toString port}";
extraConfig = '' extraConfig = ''
# Set size of a slice (this amount will be always requested from the backend by nginx) # Set size of a slice (this amount will be always requested from the backend by nginx)
# Higher value means more latency, lower more overhead # Higher value means more latency, lower more overhead
# This size is independent of the size clients/browsers can request # This size is independent of the size clients/browsers can request
# slice 2m; # slice 2m;
proxy_cache jellyfin-videos; proxy_cache jellyfin-videos;
proxy_cache_valid 200 206 301 302 30d; proxy_cache_valid 200 206 301 302 30d;
proxy_ignore_headers Expires Cache-Control Set-Cookie X-Accel-Expires; proxy_ignore_headers Expires Cache-Control Set-Cookie X-Accel-Expires;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
proxy_connect_timeout 15s; proxy_connect_timeout 15s;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Connection ""; proxy_set_header Connection "";
# Transmit slice range to the backend # Transmit slice range to the backend
proxy_set_header Range 2m; proxy_set_header Range 2m;
# This saves bandwidth between the proxy and jellyfin, as a file is only downloaded one time instead of multiple times when multiple clients want to at the same time # This saves bandwidth between the proxy and jellyfin, as a file is only downloaded one time instead of multiple times when multiple clients want to at the same time
# The first client will trigger the download, the other clients will have to wait until the slice is cached # The first client will trigger the download, the other clients will have to wait until the slice is cached
# Esp. practical during SyncPlay # Esp. practical during SyncPlay
proxy_cache_lock on; proxy_cache_lock on;
proxy_cache_lock_age 60s; proxy_cache_lock_age 60s;
proxy_cache_key "jellyvideo$uri?MediaSourceId=$arg_MediaSourceId&VideoCodec=$arg_VideoCodec&AudioCodec=$arg_AudioCodec&AudioStreamIndex=$arg_AudioStreamIndex&VideoBitrate=$arg_VideoBitrate&AudioBitrate=$arg_AudioBitrate&SubtitleMethod=$arg_SubtitleMethod&TranscodingMaxAudioChannels=$arg_TranscodingMaxAudioChannels&RequireAvc=$arg_RequireAvc&SegmentContainer=$arg_SegmentContainer&MinSegments=$arg_MinSegments&BreakOnNonKeyFrames=$arg_BreakOnNonKeyFrames&h264-profile=$h264Profile&h264-level=$h264Level&slicerange=2m"; proxy_cache_key "jellyvideo$uri?MediaSourceId=$arg_MediaSourceId&VideoCodec=$arg_VideoCodec&AudioCodec=$arg_AudioCodec&AudioStreamIndex=$arg_AudioStreamIndex&VideoBitrate=$arg_VideoBitrate&AudioBitrate=$arg_AudioBitrate&SubtitleMethod=$arg_SubtitleMethod&TranscodingMaxAudioChannels=$arg_TranscodingMaxAudioChannels&RequireAvc=$arg_RequireAvc&SegmentContainer=$arg_SegmentContainer&MinSegments=$arg_MinSegments&BreakOnNonKeyFrames=$arg_BreakOnNonKeyFrames&h264-profile=$h264Profile&h264-level=$h264Level&slicerange=2m";
# add_header X-Cache-Status $upstream_cache_status; # This is only for debugging cache # add_header X-Cache-Status $upstream_cache_status; # This is only for debugging cache
''; '';
};
}; };
}; };
}; };

29
modules/servers/microbin.nix Normal file
View File

@ -0,0 +1,29 @@
{ lib, config, proxyReverse, ... }:
let port = config.services.microbin.settings.MICROBIN_PORT;
in {
options.my.servers.microbin = {
enable = lib.mkEnableOption "enable";
enableCron = lib.mkEnableOption "enable";
};
config = lib.mkIf config.my.servers.microbin.enable {
services = {
microbin = {
enable = true;
settings = {
MICROBIN_HIDE_LOGO = false;
MICROBIN_PORT = 8080;
MICROBIN_HIGHLIGHTSYNTAX = true;
MICROBIN_PRIVATE = true;
MICROBIN_QR = true;
MICROBIN_ENCRYPTION_CLIENT_SIDE = true;
MICROBIN_ENCRYPTION_SERVER_SIDE = true;
};
};
nginx = {
enable = true;
virtualHosts."copy.${config.my.servers.settings.domain}" =
proxyReverse port // { };
};
};
};
}

71
modules/servers/nextcloud.nix
View File

@ -156,42 +156,45 @@ in {
}; };
}; };
}; };
virtualisation.oci-containers.containers = { virtualisation.oci-containers = {
go-vod = lib.mkIf config.my.servers.go-vod.enable { backend = "docker";
autoStart = true; containers = {
image = "radialapps/go-vod"; go-vod = lib.mkIf config.my.servers.go-vod.enable {
environment = { autoStart = true;
TZ = "America/Mexico_City"; image = "radialapps/go-vod";
NEXTCLOUD_HOST = "https://${config.services.nextcloud.hostName}"; environment = {
NVIDIA_VISIBLE_DEVICES = "all"; TZ = "America/Mexico_City";
NEXTCLOUD_HOST = "https://${config.services.nextcloud.hostName}";
NVIDIA_VISIBLE_DEVICES = "all";
};
volumes = [ "ncdata:/var/www/html:ro" ];
extraOptions = [
"--device=/dev/dri" # VA-API (omit for NVENC)
];
}; };
volumes = [ "ncdata:/var/www/html:ro" ]; collabora = lib.mkIf config.my.servers.collabora.enable {
extraOptions = [ autoStart = true;
"--device=/dev/dri" # VA-API (omit for NVENC) image = "collabora/code";
]; imageFile = pkgs.dockerTools.pullImage {
}; imageName = "collabora/code";
collabora = lib.mkIf config.my.servers.collabora.enable { imageDigest =
autoStart = true; "sha256:aab41379baf5652832e9237fcc06a768096a5a7fccc66cf8bd4fdb06d2cbba7f";
image = "collabora/code"; sha256 = "sha256-M66lynhzaOEFnE15Sy1N6lBbGDxwNw6ap+IUJAvoCLs=";
imageFile = pkgs.dockerTools.pullImage { };
imageName = "collabora/code"; ports = [ "9980:9980" ];
imageDigest = environment = {
"sha256:aab41379baf5652832e9237fcc06a768096a5a7fccc66cf8bd4fdb06d2cbba7f"; TZ = "America/Mexico_City";
sha256 = "sha256-M66lynhzaOEFnE15Sy1N6lBbGDxwNw6ap+IUJAvoCLs="; domain = "cloud.servidos.lat";
aliasgroup1 = "cloud.servidos.lat:443";
aliasgroup2 = "cloud.rotehaare.art:443";
dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru";
extra_params = ''
--o:ssl.enable=false
--o:ssl.termination=true
'';
};
extraOptions = [ "--cap-add" "MKNOD" ];
}; };
ports = [ "9980:9980" ];
environment = {
TZ = "America/Mexico_City";
domain = "cloud.servidos.lat";
aliasgroup1 = "cloud.servidos.lat:443";
aliasgroup2 = "cloud.rotehaare.art:443";
dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru";
extra_params = ''
--o:ssl.enable=false
--o:ssl.termination=true
'';
};
extraOptions = [ "--cap-add" "MKNOD" ];
}; };
}; };
systemd = lib.mkIf config.my.servers.nextcloud.enableCron { systemd = lib.mkIf config.my.servers.nextcloud.enableCron {