feat: Jellyfin media server

2025-02-02 14:51:04 -07:00
parent 41029d72a0
commit 1b0d348533
6 changed files with 148 additions and 37 deletions
--- a/modules/nixos/git-annex.nix
+++ b/modules/nixos/git-annex.nix
@@ -31,6 +31,11 @@ in {
              default = true;
            };

+            symlinkToAnnexHome = lib.mkOption {
+              default = null;
+              type = lib.types.nullOr lib.types.str;
+            };
+
            path = lib.mkOption {
              description = ''
                Path to the repo.
@@ -47,6 +52,9 @@ in {
            user = lib.mkOption {
              type = lib.types.str;
              default = "annex";
+              description = ''
+                The user that the Git-annex assistant will be run as.
+              '';
            };

            group = lib.mkOption {
@@ -81,11 +89,21 @@ in {
      # Necessary to enable cloning over SSH.
      isNormalUser = true;
      group = "annex";
+      # TODO: Don't hardcode extra groups!
+      extraGroups = [ "jellyfin" ];
      home = "/var/sydnix/annex";
+      homeMode = "770";
      createHome = true;
      openssh.authorizedKeys.keyFiles = cfg.keyFiles;
    };

+    # HACK: Some Jellyfin libraries are served by Git-annex.  Give Jellyfin
+    # permission to symlink some of those libraries into the annex user's home
+    # dir.
+    users.users.${config.services.jellyfin.user}.extraGroups =
+      lib.mkIf config.sydnix.deertopia.jellyfin.enable
+        [ "annex" ];
+
    system.activationScripts.initialiseUserAnnex =
      let gitconfig-file = pkgs.writeText "gitconfig" ''
            [user]
@@ -95,23 +113,16 @@ in {
            	defaultBranch = main
            [core]
            	symlinks = true
+            [safe]
+            ${lib.strings.concatMapStrings
+              (repo: "\tdirectory = ${repo.path}\n")
+              (builtins.attrValues cfg.repos)}
          '';
      in ''
        set -e

        annexHome="${config.users.users.annex.home}"
        ln -sf "${gitconfig-file}" "$annexHome/.gitconfig"
-
-        # Symlink repos into annex's home for easy access.  This is particularly nice for cloning:
-        #   git clone annex@deertopia.net:org
-        # instead of
-        #   git clone annex@deertopia.net:/persist/deertopia.net/org
-        # Less assumptions about the host's file system!
-        ${lib.strings.toShellVar "repos" (builtins.attrNames cfg.repos)}
-        for repoPath in ''${!repos[@]}; do
-          target="$annexHome/$(basename "$repoPath")"
-          ln -sf "$repoPath" "$target"
-        done
      '';

    systemd.services =
@@ -124,8 +135,18 @@ in {
            [ -e .git ] || git init
            [ -e .git/annex ] || git annex init

-            # Symlink repo into user `annex` for easy access.
-            ln -sf "$(pwd)" "$HOME/"
+            # git config set user.name "${cfg.user.name}"
+            # git config set user.email "${cfg.user.email}"
+
+            # Symlink repos into annex's home for easy access.  This is
+            # particularly nice for cloning:
+            #   git clone annex@deertopia.net:org
+            # instead of
+            #   git clone annex@deertopia.net:/persist/deertopia.net/dav/org
+            # Less assumptions about the host's file system!
+            annexHome="${config.users.users.annex.home}"
+            ${lib.optionalString (repo.symlinkToAnnexHome != null)
+              ''ln -sf "$PWD" "$annexHome/${repo.symlinkToAnnexHome}"''}

            ${lib.strings.toShellVar "remotes" repo.remotes}
            for remoteName in ''${!remotes[@]}; do
@@ -140,26 +161,26 @@ in {
          '';

        mkAssistantService = repo: {
-            description = "git-annex assistant (${repo.path})";
-            after = [ "network.target" ];
-            wantedBy = [ "multi-user.target" ];
-            serviceConfig.User = repo.user;
-            serviceConfig.WorkingDirectory = repo.path;
-            path = [ pkgs.git pkgs.git-annex pkgs.openssh ];
-            # Set the default file mode for new files created by this process to
-            # 775.  Oddly, `UMask = x` will set the mode to `0777 & x`, so 002
-            # gets us the desired figure of 775.  We want 775 because Nginx,
-            # running under user `nginx` needs to be able to read/write these
-            # files to server them over WebDAV.
-            serviceConfig.UMask = "002";
-            serviceConfig.ExecStartPre =
-              lib.optionalString
-                repo.managed
-                "${pkgs.bash}/bin/bash ${init-if-necessary repo}";
-            serviceConfig.ExecStart = ''
-              ${pkgs.git-annex}/bin/git-annex assistant --foreground
-            '';
-          };
+          description = "git-annex assistant (${repo.path})";
+          after = [ "network.target" ];
+          wantedBy = [ "multi-user.target" ];
+          serviceConfig.User = repo.user;
+          serviceConfig.WorkingDirectory = repo.path;
+          path = [ pkgs.git pkgs.git-annex pkgs.openssh ];
+          # Set the default file mode for new files created by this process to
+          # 775.  Oddly, `UMask = x` will set the mode to `0777 & x`, so 002
+          # gets us the desired figure of 775.  We want 775 because Nginx,
+          # running under user `nginx` needs to be able to read/write these
+          # files to server them over WebDAV.
+          serviceConfig.UMask = "002";
+          serviceConfig.ExecStartPre =
+            lib.optionalString
+              repo.managed
+              "${pkgs.bash}/bin/bash ${init-if-necessary repo}";
+          serviceConfig.ExecStart = ''
+            ${pkgs.git-annex}/bin/git-annex assistant --foreground
+          '';
+        };
      in builtins.listToAttrs
        (builtins.map
          (repo: {