{ config, lib, pkgs, ... }: with lib; let cfg = config.sydnix.deertopia.jellyfin; in { options = { sydnix.deertopia.jellyfin = { enable = mkEnableOption "Deertopia's Jellyfin media server"; }; }; config = mkIf cfg.enable { sydnix.impermanence = let jcfg = config.services.jellyfin; in { directories = [ jcfg.dataDir jcfg.configDir ]; cache.directories = [ jcfg.cacheDir ]; }; services.jellyfin = { enable = true; openFirewall = true; }; # HACK: Force the mode 664 upon Jellyfin-created files. systemd.services.jellyfin.serviceConfig.UMask = lib.mkForce "002"; sydnix.deertopia.nginx.vhosts."watch".vhost = # Currently no (convenient) way to specify Jellyfin's port from Nix. let port = builtins.toString 8096; in { forceSSL = true; enableACME = true; locations."/".extraConfig = '' # Proxy main Jellyfin traffic. proxy_pass $jellyfin; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Forwarded-Host $http_host; # Disable buffering when the nginx proxy gets very resource heavy upon # streaming. proxy_buffering off; ''; locations."/socket".extraConfig = '' # Proxy Jellyfin Websockets traffic proxy_pass $jellyfin; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Forwarded-Host $http_host; ''; extraConfig = '' set $jellyfin http://127.0.0.1:${port}; ''; }; }; }