From 01304d1852988e7a8317f51cba78438159b6237f Mon Sep 17 00:00:00 2001
From: Ingolf Wagner <contact@ingolf-wagner.de>
Date: Fri, 28 Mar 2025 09:29:27 +0100
Subject: [PATCH] :wrench: configure media services to use ipv6 and zerotier

---
 machines/chungus/media-audiobookshelf.nix | 73 ++++++++++++++++-------
 machines/chungus/media-navidrome.nix      | 17 +++++-
 2 files changed, 65 insertions(+), 25 deletions(-)

diff --git a/machines/chungus/media-audiobookshelf.nix b/machines/chungus/media-audiobookshelf.nix
index e1505c3..41f1717 100644
--- a/machines/chungus/media-audiobookshelf.nix
+++ b/machines/chungus/media-audiobookshelf.nix
@@ -2,39 +2,68 @@
   config,
   lib,
   pkgs,
+  zerotierInterface,
   ...
 }:
-with pkgs;
 let
-  port = 8000;
   group = "media";
+  port = 9002;
 in
 {
-  users.users.audiobookshelf = {
-    isSystemUser = true;
-    group = group;
+
+  healthchecks.http.audiobookshelf-via-zerotier = {
+    url = "${config.networking.hostName}.${config.clan.static-hosts.topLevelDomain}:${toString port}";
+    expectedContent = "audiobookshelf";
   };
 
-  networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ port ];
-  networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ port ];
+  networking.firewall.interfaces.${zerotierInterface}.allowedTCPPorts = [ port ];
 
-  networking.firewall.interfaces.wg0.allowedTCPPorts = [ port ];
-  networking.firewall.interfaces.wg0.allowedUDPPorts = [ port ];
+  users.users.audiobookshelf = {
+    isSystemUser = true;
+    group = lib.mkForce group;
+  };
 
-  systemd.services.audiobookshelf = {
+  #  systemd.services.audiobookshelf = {
+  #    enable = true;
+  #    description = "Self-hosted audiobook server for managing and playing audiobooks";
+  #    serviceConfig = {
+  #      Type = "simple";
+  #      WorkingDirectory = "/srv/audiobookshelf";
+  #      ExecStart = "${audiobookshelf}/bin/audiobookshelf --port ${toString port}";
+  #      ExecReload = "${util-linux}/bin/kill -HUP $MAINPID";
+  #      Restart = "always";
+  #      User = config.users.users.audiobookshelf.name;
+  #      Group = config.users.users.audiobookshelf.group;
+  #    };
+  #    wantedBy = [ "multi-user.target" ];
+  #    requires = [ "network.target" ];
+  #  };
+
+  services.audiobookshelf = {
     enable = true;
-    description = "Self-hosted audiobook server for managing and playing audiobooks";
-    serviceConfig = {
-      Type = "simple";
-      WorkingDirectory = "/srv/audiobookshelf";
-      ExecStart = "${audiobookshelf}/bin/audiobookshelf --port ${toString port}";
-      ExecReload = "${util-linux}/bin/kill -HUP $MAINPID";
-      Restart = "always";
-      User = config.users.users.audiobookshelf.name;
-      Group = config.users.users.audiobookshelf.group;
-    };
-    wantedBy = [ "multi-user.target" ];
-    requires = [ "network.target" ];
+    port = 8000;
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    virtualHosts."audiobookshelf.${config.networking.hostName}.${config.clan.static-hosts.topLevelDomain}" =
+      {
+        listen = [
+          {
+            addr = "[::]";
+            port = port;
+            ssl = false;
+          }
+        ];
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:${toString config.services.audiobookshelf.port}";
+          proxyWebsockets = true;
+          extraConfig = ''
+            proxy_redirect http:// $scheme://;
+          '';
+        };
+      };
   };
 
 }
diff --git a/machines/chungus/media-navidrome.nix b/machines/chungus/media-navidrome.nix
index d0181d7..a8af6a8 100644
--- a/machines/chungus/media-navidrome.nix
+++ b/machines/chungus/media-navidrome.nix
@@ -2,21 +2,32 @@
   config,
   lib,
   pkgs,
+  zerotierInterface,
   ...
 }:
 {
 
-  healthchecks.http.navidrome = {
-    url = "${config.networking.hostName}.wg0:${toString config.services.navidrome.settings.Port}/app/#/login";
+  healthchecks.http.navidrome-tinc = {
+    url = "${config.networking.hostName}.private:${toString config.services.navidrome.settings.Port}/app/#/login";
     expectedContent = "Navidrome";
   };
 
+  healthchecks.http.navidrome-via-zerotier = {
+    url = "${config.networking.hostName}.${config.clan.static-hosts.topLevelDomain}:${toString config.services.navidrome.settings.Port}/app/#/login";
+    expectedContent = "Navidrome";
+  };
+
+  networking.firewall.interfaces.${zerotierInterface}.allowedTCPPorts = [
+    config.services.navidrome.settings.Port
+  ];
+
   services.navidrome = {
     enable = true;
     openFirewall = true;
     group = "media";
     user = "media";
-    settings.Address = "0.0.0.0";
+    settings.Address = "[::]";
+    settings.Port = 4533;
     settings.MusicFolder = "/media/arr/lidarr";
   };