palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

🔧 configure media services to use ipv6 and zerotier

Browse source
This commit is contained in:
Ingolf Wagner 2025-03-28 09:29:27 +01:00
parent 439912b50b
commit 01304d1852
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
2 changed files with 65 additions and 25 deletions

73
machines/chungus/media-audiobookshelf.nix
View file

@ -2,39 +2,68 @@
config,
lib,
pkgs,
zerotierInterface,
...
}:
with pkgs;
let
port = 8000;
group = "media";
port = 9002;
in
{
users.users.audiobookshelf = {
isSystemUser = true;
group = group;
healthchecks.http.audiobookshelf-via-zerotier = {
url = "${config.networking.hostName}.${config.clan.static-hosts.topLevelDomain}:${toString port}";
expectedContent = "audiobookshelf";
};
networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ port ];
networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ port ];
networking.firewall.interfaces.${zerotierInterface}.allowedTCPPorts = [ port ];
networking.firewall.interfaces.wg0.allowedTCPPorts = [ port ];
networking.firewall.interfaces.wg0.allowedUDPPorts = [ port ];
users.users.audiobookshelf = {
isSystemUser = true;
group = lib.mkForce group;
};
systemd.services.audiobookshelf = {
# systemd.services.audiobookshelf = {
# enable = true;
# description = "Self-hosted audiobook server for managing and playing audiobooks";
# serviceConfig = {
# Type = "simple";
# WorkingDirectory = "/srv/audiobookshelf";
# ExecStart = "${audiobookshelf}/bin/audiobookshelf --port ${toString port}";
# ExecReload = "${util-linux}/bin/kill -HUP $MAINPID";
# Restart = "always";
# User = config.users.users.audiobookshelf.name;
# Group = config.users.users.audiobookshelf.group;
# };
# wantedBy = [ "multi-user.target" ];
# requires = [ "network.target" ];
# };
services.audiobookshelf = {
enable = true;
description = "Self-hosted audiobook server for managing and playing audiobooks";
serviceConfig = {
Type = "simple";
WorkingDirectory = "/srv/audiobookshelf";
ExecStart = "${audiobookshelf}/bin/audiobookshelf --port ${toString port}";
ExecReload = "${util-linux}/bin/kill -HUP $MAINPID";
Restart = "always";
User = config.users.users.audiobookshelf.name;
Group = config.users.users.audiobookshelf.group;
};
wantedBy = [ "multi-user.target" ];
requires = [ "network.target" ];
port = 8000;
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts."audiobookshelf.${config.networking.hostName}.${config.clan.static-hosts.topLevelDomain}" =
{
listen = [
{
addr = "[::]";
port = port;
ssl = false;
}
];
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.audiobookshelf.port}";
proxyWebsockets = true;
extraConfig = ''
proxy_redirect http:// $scheme://;
'';
};
};
};
}

17
machines/chungus/media-navidrome.nix
View file

@ -2,21 +2,32 @@
config,
lib,
pkgs,
zerotierInterface,
...
}:
{
healthchecks.http.navidrome = {
url = "${config.networking.hostName}.wg0:${toString config.services.navidrome.settings.Port}/app/#/login";
healthchecks.http.navidrome-tinc = {
url = "${config.networking.hostName}.private:${toString config.services.navidrome.settings.Port}/app/#/login";
expectedContent = "Navidrome";
};
healthchecks.http.navidrome-via-zerotier = {
url = "${config.networking.hostName}.${config.clan.static-hosts.topLevelDomain}:${toString config.services.navidrome.settings.Port}/app/#/login";
expectedContent = "Navidrome";
};
networking.firewall.interfaces.${zerotierInterface}.allowedTCPPorts = [
config.services.navidrome.settings.Port
];
services.navidrome = {
enable = true;
openFirewall = true;
group = "media";
user = "media";
settings.Address = "0.0.0.0";
settings.Address = "[::]";
settings.Port = 4533;
settings.MusicFolder = "/media/arr/lidarr";
};