From d8bbec67db1de205975da5ac20f8706940a25b3e Mon Sep 17 00:00:00 2001
From: Paul-Henri Froidmont <git.contact-57n2p@froidmont.org>
Date: Tue, 7 Dec 2021 01:55:01 +0100
Subject: [PATCH] Configure Jellyfin

---
 dns.tf                | 10 +++++++++-
 modules/jellyfin.nix  | 33 +++++++++++++++++++++++++++++++++
 modules/nextcloud.nix | 11 ++++-------
 profiles/storage.nix  |  3 +++
 4 files changed, 49 insertions(+), 8 deletions(-)
 create mode 100644 modules/jellyfin.nix

diff --git a/dns.tf b/dns.tf
index 2e0cc14..47c9735 100644
--- a/dns.tf
+++ b/dns.tf
@@ -1,5 +1,6 @@
 locals {
   dmarc_value = "\"v=DMARC1; p=none; rua=mailto:failed-dmarc@banditlair.com; ruf=mailto:dmarc@banditlair.com\""
+  storage1_ip = "78.46.96.243"
 }
 
 data "hetznerdns_zone" "banditlair_zone" {
@@ -25,11 +26,18 @@ resource "hetznerdns_record" "backend1_a" {
 resource "hetznerdns_record" "mail2_a" {
   zone_id = data.hetznerdns_zone.banditlair_zone.id
   name    = "mail2"
-  value   = "78.46.96.243"
+  value   = local.storage1_ip
   type    = "A"
   ttl     = 600
 }
 
+resource "hetznerdns_record" "jellyfin_a" {
+  zone_id = data.hetznerdns_zone.banditlair_zone.id
+  name    = "jellyfin"
+  value   = local.storage1_ip
+  type    = "A"
+  ttl     = 600
+}
 resource "hetznerdns_record" "db1_a" {
   zone_id = data.hetznerdns_zone.banditlair_zone.id
   name    = "db1"
diff --git a/modules/jellyfin.nix b/modules/jellyfin.nix
new file mode 100644
index 0000000..140783b
--- /dev/null
+++ b/modules/jellyfin.nix
@@ -0,0 +1,33 @@
+{ config, lib, pkgs, ... }:
+{
+  services.jellyfin = {
+    enable = true;
+  };
+
+  systemd.services.jellyfin.serviceConfig.ExecStart =
+    lib.mkOverride 10 "${config.services.jellyfin.package}/bin/jellyfin --datadir '/nix/var/data/jellyfin' --cachedir '/var/cache/jellyfin'";
+
+  services.nginx.virtualHosts."jellyfin.${config.networking.domain}" = {
+    enableACME = true;
+    forceSSL = true;
+
+    locations."= /".extraConfig = ''
+      return 302 https://$host/web/;
+    '';
+
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:8096";
+      extraConfig = ''
+        proxy_buffering off;
+      '';
+    };
+
+    locations."= /web/" = {
+      proxyPass = "http://127.0.0.1:8096/web/index.html";
+    };
+
+    locations."/socket" = {
+      proxyPass = "http://127.0.0.1:8096";
+    };
+  };
+}
diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix
index 5e3d262..1cd3eb5 100644
--- a/modules/nextcloud.nix
+++ b/modules/nextcloud.nix
@@ -55,15 +55,12 @@ in
     };
   };
 
-  services.nginx = {
-    virtualHosts = {
-      "${config.services.nextcloud.hostName}" = {
-        enableACME = true;
-        forceSSL = true;
-      };
-    };
+  services.nginx.virtualHosts."${config.services.nextcloud.hostName}" = {
+    enableACME = true;
+    forceSSL = true;
   };
 
+
   services.nextcloud = {
     enable = true;
     package = pkgs.nextcloud22;
diff --git a/profiles/storage.nix b/profiles/storage.nix
index ead78bc..713304b 100644
--- a/profiles/storage.nix
+++ b/profiles/storage.nix
@@ -6,5 +6,8 @@
     ../modules/openssh.nix
     ../modules/mailserver.nix
     ../modules/nginx.nix
+    ../modules/jellyfin.nix
   ];
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }