🔧 configure media services to use ipv6 and zerotier

machines/chungus/media-audiobookshelf.nix

@@ -2,39 +2,68 @@
   config,
   lib,
   pkgs,
+  zerotierInterface,
   ...
 }:
-with pkgs;
 let
-  port = 8000;
   group = "media";
+  port = 9002;
 in
 {
-  users.users.audiobookshelf = {
+
-    isSystemUser = true;
+  healthchecks.http.audiobookshelf-via-zerotier = {
-    group = group;
+    url = "${config.networking.hostName}.${config.clan.static-hosts.topLevelDomain}:${toString port}";
+    expectedContent = "audiobookshelf";
   };
 
-  networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ port ];
+  networking.firewall.interfaces.${zerotierInterface}.allowedTCPPorts = [ port ];
-  networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ port ];
 
-  networking.firewall.interfaces.wg0.allowedTCPPorts = [ port ];
+  users.users.audiobookshelf = {
-  networking.firewall.interfaces.wg0.allowedUDPPorts = [ port ];
+    isSystemUser = true;
+    group = lib.mkForce group;
+  };
 
-  systemd.services.audiobookshelf = {
+  #  systemd.services.audiobookshelf = {
+  #    enable = true;
+  #    description = "Self-hosted audiobook server for managing and playing audiobooks";
+  #    serviceConfig = {
+  #      Type = "simple";
+  #      WorkingDirectory = "/srv/audiobookshelf";
+  #      ExecStart = "${audiobookshelf}/bin/audiobookshelf --port ${toString port}";
+  #      ExecReload = "${util-linux}/bin/kill -HUP $MAINPID";
+  #      Restart = "always";
+  #      User = config.users.users.audiobookshelf.name;
+  #      Group = config.users.users.audiobookshelf.group;
+  #    };
+  #    wantedBy = [ "multi-user.target" ];
+  #    requires = [ "network.target" ];
+  #  };
+
+  services.audiobookshelf = {
     enable = true;
-    description = "Self-hosted audiobook server for managing and playing audiobooks";
+    port = 8000;
-    serviceConfig = {
+  };
-      Type = "simple";
+
-      WorkingDirectory = "/srv/audiobookshelf";
+  services.nginx = {
-      ExecStart = "${audiobookshelf}/bin/audiobookshelf --port ${toString port}";
+    enable = true;
-      ExecReload = "${util-linux}/bin/kill -HUP $MAINPID";
+    recommendedProxySettings = true;
-      Restart = "always";
+    virtualHosts."audiobookshelf.${config.networking.hostName}.${config.clan.static-hosts.topLevelDomain}" =
-      User = config.users.users.audiobookshelf.name;
+      {
-      Group = config.users.users.audiobookshelf.group;
+        listen = [
-    };
+          {
-    wantedBy = [ "multi-user.target" ];
+            addr = "[::]";
-    requires = [ "network.target" ];
+            port = port;
+            ssl = false;
+          }
+        ];
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:${toString config.services.audiobookshelf.port}";
+          proxyWebsockets = true;
+          extraConfig = ''
+            proxy_redirect http:// $scheme://;
+          '';
+        };
+      };
   };
 
 }

machines/chungus/media-navidrome.nix

@@ -2,21 +2,32 @@
   config,
   lib,
   pkgs,
+  zerotierInterface,
   ...
 }:
 {
 
-  healthchecks.http.navidrome = {
+  healthchecks.http.navidrome-tinc = {
-    url = "${config.networking.hostName}.wg0:${toString config.services.navidrome.settings.Port}/app/#/login";
+    url = "${config.networking.hostName}.private:${toString config.services.navidrome.settings.Port}/app/#/login";
     expectedContent = "Navidrome";
   };
 
+  healthchecks.http.navidrome-via-zerotier = {
+    url = "${config.networking.hostName}.${config.clan.static-hosts.topLevelDomain}:${toString config.services.navidrome.settings.Port}/app/#/login";
+    expectedContent = "Navidrome";
+  };
+
+  networking.firewall.interfaces.${zerotierInterface}.allowedTCPPorts = [
+    config.services.navidrome.settings.Port
+  ];
+
   services.navidrome = {
     enable = true;
     openFirewall = true;
     group = "media";
     user = "media";
-    settings.Address = "0.0.0.0";
+    settings.Address = "[::]";
+    settings.Port = 4533;
     settings.MusicFolder = "/media/arr/lidarr";
   };