2025-01-03 01:00:26 +04:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let cfg = config.void.server.media.jellyfin;
|
|
|
|
in {
|
|
|
|
options.void.server.media.jellyfin = { enable = mkEnableOption false; };
|
|
|
|
|
|
|
|
config = mkIf cfg.enable {
|
|
|
|
users.groups.media = { };
|
|
|
|
|
|
|
|
services = {
|
|
|
|
jellyfin = {
|
|
|
|
enable = true;
|
|
|
|
group = "media";
|
|
|
|
};
|
|
|
|
|
|
|
|
nginx.virtualHosts = {
|
|
|
|
"jellyfin.sako.box" = {
|
|
|
|
forceSSL = true;
|
|
|
|
sslCertificate = "/srv/secrets/certs/sako.box.pem";
|
|
|
|
sslCertificateKey = "/srv/secrets/certs/sako.box-key.pem";
|
2025-01-03 12:07:03 +04:00
|
|
|
extraConfig = ''
|
|
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
|
|
add_header X-Content-Type-Options "nosniff";
|
|
|
|
add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always;
|
|
|
|
add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";
|
|
|
|
|
|
|
|
'';
|
|
|
|
locations = {
|
|
|
|
"/" = {
|
|
|
|
proxyPass = "http://localhost:8096";
|
|
|
|
extraConfig = ''
|
|
|
|
# Disable buffering when the nginx proxy gets very resource heavy upon streaming
|
|
|
|
proxy_buffering off;
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
"/socket" = {
|
|
|
|
proxyPass = "http://localhost:8096";
|
|
|
|
proxyWebsockets = true;
|
|
|
|
};
|
|
|
|
};
|
2025-01-03 01:00:26 +04:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
};
|
|
|
|
}
|