From 79b6598d0dd83664f380ebc270ca94c658e5b8b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= Date: Sun, 22 Dec 2024 04:33:00 +0100 Subject: [PATCH] Add jellyfin --- .sops.yaml | 2 + flake.nix | 16 ++++ hosts/jelly01/configuration.nix | 65 ++++++++++++++ hosts/jelly01/default.nix | 7 ++ secrets/secrets.yaml | 119 ++++++++++++++------------ services/jellyfin/default.nix | 32 +++++++ services/monitoring/prometheus.nix | 13 ++- services/ns/zones-home-2rjus-net.conf | 10 ++- 8 files changed, 203 insertions(+), 61 deletions(-) create mode 100644 hosts/jelly01/configuration.nix create mode 100644 hosts/jelly01/default.nix create mode 100644 services/jellyfin/default.nix diff --git a/.sops.yaml b/.sops.yaml index 383d07e..f01f0e7 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -10,6 +10,7 @@ keys: - &server_http-proxy age1gq8434ku0xekqmvnseeunv83e779cg03c06gwrusnymdsr3rpufqx6vr3m - &server_ca age1288993th0ge00reg4zqueyvmkrsvk829cs068eekjqfdprsrkeqql7mljk - &server_monitoring01 age1vpns76ykll8jgdlu3h05cur4ew2t3k7u03kxdg8y6ypfhsfhq9fqyurjey + - &server_jelly01 age1hchvlf3apn8g8jq2743pw53sd6v6ay6xu6lqk0qufrjeccan9vzsc7hdfq creation_rules: - path_regex: secrets/[^/]+\.(yaml|json|env|ini) key_groups: @@ -25,6 +26,7 @@ creation_rules: - *server_http-proxy - *server_ca - *server_monitoring01 + - *server_jelly01 - path_regex: secrets/ns3/[^/]+\.(yaml|json|env|ini) key_groups: - age: diff --git a/flake.nix b/flake.nix index ef11c9d..7f62c0c 100644 --- a/flake.nix +++ b/flake.nix @@ -231,6 +231,22 @@ sops-nix.nixosModules.sops ]; }; + jelly01 = nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { + inherit inputs self sops-nix; + }; + modules = [ + ( + { config, pkgs, ... }: + { + nixpkgs.overlays = [ overlay-unstable ]; + } + ) + ./hosts/jelly01 + sops-nix.nixosModules.sops + ]; + }; }; }; } diff --git a/hosts/jelly01/configuration.nix b/hosts/jelly01/configuration.nix new file mode 100644 index 0000000..8341fb0 --- /dev/null +++ b/hosts/jelly01/configuration.nix @@ -0,0 +1,65 @@ +{ + pkgs, + ... +}: + +{ + imports = [ + ../template/hardware-configuration.nix + + ../../system + ../../common/vm + ]; + + nixpkgs.config.allowUnfree = true; + # Use the systemd-boot EFI boot loader. + boot.loader.grub = { + enable = true; + device = "/dev/sda"; + configurationLimit = 3; + }; + + networking.hostName = "jelly01"; + networking.domain = "home.2rjus.net"; + networking.useNetworkd = true; + networking.useDHCP = false; + services.resolved.enable = true; + networking.nameservers = [ + "10.69.13.5" + "10.69.13.6" + ]; + + systemd.network.enable = true; + systemd.network.networks."ens18" = { + matchConfig.Name = "ens18"; + address = [ + "10.69.13.14/24" + ]; + routes = [ + { Gateway = "10.69.13.1"; } + ]; + linkConfig.RequiredForOnline = "routable"; + }; + time.timeZone = "Europe/Oslo"; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + nix.settings.tarball-ttl = 0; + environment.systemPackages = with pkgs; [ + vim + wget + git + ]; + + services.qemuGuest.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + networking.firewall.enable = false; + + system.stateVersion = "23.11"; # Did you read the comment? +} diff --git a/hosts/jelly01/default.nix b/hosts/jelly01/default.nix new file mode 100644 index 0000000..48850f7 --- /dev/null +++ b/hosts/jelly01/default.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + imports = [ + ./configuration.nix + ../../services/jellyfin + ]; +} diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 7dde55d..ca782c0 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -10,101 +10,110 @@ sops: - recipient: age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2bjN4QXozRm1GWDZoajQy - cWVLbjhSUENxM1dwYXpNYVRZcUVBNFlHU3hVClprSEhDNGZmN1ZZViswREY0dkdh - WXoxeWs3MnJ5aVVjejBELzFNS2x4akUKLS0tIHB3VEd6S2gwcWRlcVNUTnJ5S2Z4 - SDJZK2Y5VXpwL1ZaeVlGT3JwN0ZoaWsKvzKiwSXdPW7NL2t8u2lw26+CijlDbhiB - A4WkQAxYud7MPvf5K8mewp2OeCJG35Shw91PIzOhEyJr/HI2G7Jokw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBidFV0Y1VRenczQlBvbTFK + Y0lqcjRXNWNYSnlIZzE3NjVVMUtwTE1iZnljCkNJOE4zekdWV0M1YTduK2pKUjNp + T09DTmdNUzBjZmxPbC83dFZGZElxamsKLS0tIDI0YURWZitxUmc4a1UwMitOUnh1 + UFFkR2FwYnNuYkhUR1UvRXg2ZWx6bmMKZpu3+HOuUak964zpWuiPRNo30NyoFios + BF/so3HhnyCsJw/XGUG9hn1/z6LJQ/UIvlIrttJuaJmHPgl2Db4s+A== -----END AGE ENCRYPTED FILE----- - recipient: age1hz2lz4k050ru3shrk5j3zk3f8azxmrp54pktw5a7nzjml4saudesx6jsl0 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTUg2Z3duYzZRMXVvRExF - dlhsNDVaYStPRlFzbTNuZWZ0OWQ5TmhmNXdjCkpjeUk5b0xwSjcvdHJZd1VkMjhU - ZkFnN2tTUm5IWnVnbU14bzgydFdwbk0KLS0tIFUveDhGZWtpc3VOcFJ6SGgyWi9i - bkNkd2lKWHZKaXFUV2VaaDJiQ3FYTUkKwoYuLCnlUJR3srD8mTzyrmXM7+ZoUV3H - Ib6PyF1Ufl47h3RqibuUP3YkoZ1F1BbiIv4LhzLo7+fi2Y2H3Z3B3w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArNHoxa0hlckdtdWJNdjJ5 + VGErNCtHbjJQS3Axb09MNFJHUXNlSUFuZmtvCkRscXczbXJHdVlkWENHZjMzS2NP + L2EweFhNb29GTEZpQi9GN0g0U09hckUKLS0tIHpIZnQ4SG1VVEJJcm5OT3Z2eHdv + ZVp2aGxYdXlzWmhhbEYxVVhydm1CV0UK3EQ7MkZ+1qgccqQKy1VlzAdBdiPFLS5m + 3ncNk10SEAVhMTQkJ64id4+adVMjpY7T+30j7Dms0SZd5L/5bpVXOw== -----END AGE ENCRYPTED FILE----- - recipient: age1w2q4gm2lrcgdzscq8du3ssyvk6qtzm4fcszc92z9ftclq23yyydqdga5um enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBndnJETWlrUFNjWGkza2F6 - Sm5zdk9oU2RxaHpLN2kzM1NPSkUzNmVEZlI4CmU0UTdIWGpCR3c0dUJwM3hXYWpp - UmpJdHl6OC9yT0JuQWJtYlFobGJwcE0KLS0tIGJscEx3LzNscUdWeUEzVmpiVEdx - ZDN2K2Z0NUJscmpaSVhOVFM4eDA1OE0KO8YdXVk8/7hhItS3ZAF95Oxi0fOyqX+S - zgpvCGxdF8bBjc7z5ysqoa88khug3k8o4CVbUWudAAFwK/zoxUYQhw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxSE5xejl5djlYeTNxUUVj + eVQ0ZGxmdW1mZm91UmJHTDlxTlN4RDcvWFc0ClJ5cld3Sjk3ejFFOHF1dmk5dk9v + NG5VVVdLZUJCVzdLMitJSUxNSHJVLzAKLS0tIHdnek91SGd0K3NLZVcrSll3ekVz + OWFucUxVV0czV0svTU5PQ0RVQnc0em8K0DoPVwEZVe3FIok/TbcODd/7EQpq17Dt + RG8o9+XIw14LmuESq3DG6Qyfv5VJjOLY0NKC8/tV3nqVoIDWqnWeSw== -----END AGE ENCRYPTED FILE----- - recipient: age1snmhmpavqy7xddmw4nuny0u4xusqmnqxqarjmghkm5zaluff84eq5xatrd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaTTFwME5qVjNkL1V0MU5I - SFNjWUZWL1ZWUlEraWlqNVBzRXhjZHV5ODFjCmNtV0xsMDdLY1dyY256ZkIrMWp2 - U0grbUdFMU9vUHh3SGNSQ1g0ZW5JMjAKLS0tIEMwSEppODFwNzNOK08xTVJMYWxq - c0dKc2xLbEtjbXpyQ21kOVlXajVmdTQKIPKjVq3W3fzbO6V6tsIfDc2TQ9y1SmRs - 7QuQkFlU3NzNeKSaofgecuzzOi9vHEAd36qC42KZjB0lEa7EFCtNpA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjUkNpK25XcE5KNmUreStL + Q3VwakpteGR1bGxMS25QL0hTNytBYzFNSkZBCkdPUHhPVWEyUGo2anhTdG1mU3Ju + TFp4RDQvaXRiYnNkWWM5NEpxMHFJdU0KLS0tIGpsR3RwU1Jxc2xEcHRTZXdIR3Rr + bnROZ1A2WWFoeU10bHlaZ0lXWEVCTzQKyUbRFrQOLypBXb5lwJhnwNdtnoh38A0M + 3YgBcz4n5wQiyvYtu6LyMPjwAcwrvbcxv2VOvAUssFPG/F2tuRcPTg== -----END AGE ENCRYPTED FILE----- - recipient: age12a3nyvjs8jrwmpkf3tgawel3nwcklwsr35ktmytnvhpawqwzrsfqpgcy0q enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnVHJFL2tBNHlTQnV3cTN3 - Y0NHT2U0b0l3ZmdUM3Z5TURGQzVGbE1OZjF3Cm01N0xtQ0tsRUpPejFESGhHcFNM - Zk9FZ2Z1YjZWRU1BWUVRaDB0WGRaVGsKLS0tIFhsNmxUd0dDTHVQalZtV3QzYi9O - Q2VkeEZBYS9CcmZMcldGMWQ2OXozN3MK86HFP9IyNqDg9aIrk9xFBUGB1PLLUpn/ - /V5x3wNUgAOzuRNnKVM45vbdWzg0aHmBefnKNzkXLOxBrflCisPaTw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBObXJMUmpNL2gycGsyRk11 + anpDRmx4aDBpd1U0TithL0Nhc0NKN0x0R3lJCnRHejN2dzlvSUZDczZOVVU4NUFl + Z3BUcUU3ODc5S09OcG8rVjZlanZUN0kKLS0tIERhZGVRdTFuc3lxb2kzK1E2TXhR + WUxybjZEd29scjNGMFIwNTJndTlSZ1UKI+APT1YlrXBh/197ielo5//dO+Vx9WQD + PyW5hOa+TRmIFddje2A08ilafMlkCm78JhsJPWyiVWtJaxKOGL5nPQ== -----END AGE ENCRYPTED FILE----- - recipient: age1d2w5zece9647qwyq4vas9qyqegg96xwmg6c86440a6eg4uj6dd2qrq0w3l enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4dTd1cEg0RHk4eEJPM1RR - a3pJYzdxOGxId05jUkJna0xYZDBKR1dlTmhBCkUrQVJFTkRQbEN6TlA3SDBkVExm - WVdUT1U3bmxDZjlZdjRpRjJQTDNiU1kKLS0tIHkwQUFNa3JTcEt4TzNRdmUvdnlq - aktyd2crdG9NcXZyRXR0MzNESDVCbFUKO+02sMl+U5pfzEQuAiDtyQFqqSelplhw - uymfZz/Wtt5JMu81VUdasPxiwhBMTAbomuvWsm115CuLXrAVaG2goA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1ZXA1N1IvSDgybncyTDht + a01KdDNZM1ZCc3Y3SStRSEJ3dmVHSVg0MXdzCnFGbU1BeHRUVjVPeHFGVFNGc2Jh + OVZZWnFTbjZUa1BWWVoyUHV0NkR5UjgKLS0tIGZid0xablJoazZQNGcxamdGdGRr + SDhlN2ZlQjA2YTY4MXFkOTFsK0RlU1UKTnlHzKDDx1twVAxJREnKx/arQhMgYd0A + 09SMWT4FV0XCt77GIm0DdypHPxzICcDhx36F5ayPceHNvyxkUnV8pg== -----END AGE ENCRYPTED FILE----- - recipient: age1gcyfkxh4fq5zdp0dh484aj82ksz66wrly7qhnpv0r0p576sn9ekse8e9ju enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvRFo3bitzbTJVU1M1S1pI - eWI0V29HU1FwN2R4ZTlzbTdkdzI3a3dCbzMwClhBeGd0aHFMRjNUZktnaGJKdGJK - NWxqSC9vVXNPMEFlWmZ5eXE5WWg0RWcKLS0tIDZkT2sycUJRdnlWOGlQeDVWWmpW - V01zZkw5THVqdWRieG9oaERIVG9BaG8KsSH64d6a8Xrv/Olm02b697wzCc8ONfY9 - 2/7NrrSv9WWg2Rcui6iBpIMSbPvM3hjCLwBMa2BhCmfHXPfWLNyrBg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5eDRkL0ErbmxXRDRIM01m + aEUvWkxLOEhaSVhPYk93SytVUTdla3hmUjA0ClJhL1lRbGg0UFFLUk1VMUxTZ0tr + bjI0OUdOT25peld2UHBEc2xFSWRvbUEKLS0tIC92Ti9RMVdTYjQvNkFPc0I4YkJw + bFIyWmhuSjU3VmU2UHFkT1AraVRrOTQKuFY6JdtBStLIPzc/pKA10+cznrpTbh1E + fApkk4lf+YXmL1wokrzwkQnN5TLf/sRR+j0rqw1jRLmWkns8mv3CJQ== -----END AGE ENCRYPTED FILE----- - recipient: age1g5luz2rtel3surgzuh62rkvtey7lythrvfenyq954vmeyfpxjqkqdj3wt8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOUTRaRDE5dGhQNEVSdmQv - ajdaQ3pIa3UvMjk2dGhpaTVualR0WXNaK2pBCjVOemwxY1Y1NURLSFVEeVNvOEQy - OGI0KzRYY01Oa1U5b1ZvSTF2K3VXUmcKLS0tIDRVYWdQSkZtMnh5ZXhGaWRwamlL - MFJ5ZXc3VHovaFljV1plTWlDbnVYTzAKbs4i40SzygTt1FiL8Mc9bl/k8jVI269U - MgOZbO+Eki/XC/8CRkKKYIsEczvpwDPO/uZQOmIkhUnjHYLdQMoB0g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2bmNSa2VmZzJwbytRS1JN + SDhxeGViRFBDcGVWTHdWbE9ZVmE4ME9KSVNVCjJuREhHbm0wbUV2cjkzbkkvOXc1 + Mmx6RWRWS20yY0Z2K2dRVmIyQnpHS2MKLS0tIG5wZE8rVXIxdm13TW05eW5nVWVy + OUQ2ZmFSWk5aYUhITHArVWV5S2U4TmMK8FYSvPx9yiuzN8WnTfelCzYHibFYaMGN + Ixk02MkEc8SEYmvdQJNwuaAHUe4kryG5fhHKRY2bIZBz4+y66QXPAw== -----END AGE ENCRYPTED FILE----- - recipient: age1gq8434ku0xekqmvnseeunv83e779cg03c06gwrusnymdsr3rpufqx6vr3m enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpU1FYTkRRVGlrVzZ3cE5i - Y0ZvVXRyTHdrNDhESHNOMzV5NTE4WU8vSG1JCkVnczhOdGdLbE9oSjduREpxUHE0 - TnJQd05GdXlIUnBIMUppWmpjQSs2NVkKLS0tIHBOSmp0N1JLTFo3bDE1enVxeGs3 - dXEyV3FHYTkyVERSTHRscU44QklnM0UKUexa2IrP/meLehVA4/DgeLblD5Jt6QE3 - zfPODxYON9NTnLKpzuzEMF3SlcFIZU7jDimwf6SHT8T/bBpgFLA9xQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2NW1RRWpNOEl4bkp3dXpk + Qnl3c2dObnNpN3RBUjhZY0tCY2M3RmkwR3cwCjFBakNQc29KYURCRXlsczNjZ3dK + ZjZPMkhaNmlpcWtaQlh4RllqNzliTmcKLS0tIE9IZk1SOVV5U0xTR1FCQytaaVU3 + ckpGOWdvWWNLemJydmdWR2orZ2prdVUKeFBCToCjAyMIoXQbZa3cBMUu3zU2Wma0 + wzTNmlN+6eqO59YCUQYXD4RKioDImgwnJgOsi+VZyx1BgbQOk0YLQg== -----END AGE ENCRYPTED FILE----- - recipient: age1288993th0ge00reg4zqueyvmkrsvk829cs068eekjqfdprsrkeqql7mljk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3N1pzYmlxOXBRN01MZ0tK - VGxVWmNQQmE4b0hlQStDb0JRQ3pYdytvWUZnCk1xdUQ2d05Ed1lVTWhiOGorQjJn - TzNBRTlXOC9BRTlMYXJncWJQcDFnMDgKLS0tIDRlV2F6V3JTTTNZdW4wQkNrQ2dw - aEpTMUY5blJ3dFBsNzhTaXN6YlFqamMKrIWqnrGd4pa/nND53SPTXqeKbJKjvkQ2 - JLc+q/QsavWqK2CoG1zasIari6i+xZKdfBiJGp8hRIR2o5T/gK2Uqw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3WTdKWk1iVXNGOStVWkh2 + d0hMRzR6NjNndTFPbWhvOGZuR2xGWTBSZDBvCjBtcm04a1pQU0N0dmp3L2dvSHo1 + a1MvV3dha0ExZnNXNUZxR1Q2bzVsVjQKLS0tIGY0RUttamtyZ1k4a3BKaUtwblNm + NUkvcTk2SlN5RzVEQlhORHNXaGNLRTgK5XTn3jK+c50jbfBIo/9E7V0nx+W/KP0k + 3vqCwX2Xn7/KsaT3UbpH7KZnovQHOA0jpmImuLRQh6HgeowYVLdKwg== -----END AGE ENCRYPTED FILE----- - recipient: age1vpns76ykll8jgdlu3h05cur4ew2t3k7u03kxdg8y6ypfhsfhq9fqyurjey enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvVVAvSWFQMXdXZE04eFUw - RWhWOGxpOWhXSC9ETjg1ck9nMlVubThPQzFrCkk2UjNJUmNIMWRMUW96TVpaVUhF - ZU5xRVBrdTFNeXhuT1Z3ODFsWVB1UTAKLS0tIFdtb1BoQXdwbGpJYzFnWDQyWk9N - UVRyeWlUNDFuMmYzU1pITEwxY3FrK3MKA4uFZKYydoQNMIAF/mCqObOU/ornUvXF - XZ3wDScihUoR79Kd/wjEm+Piq1Uaya6MTyXXUvSumN1am5H+XgEJ1w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMVFBZc0dDOXJSZDNJN0tp + VUY4eHNtQ1M3Y2JlYlNRZzl4THdkeis2YkNjCnRadHJqQWIzZHRLb2UyRk1hTXRU + RG8zS0hSNjdqc2trRnRVZkxGNmNtRDQKLS0tIFlGMWhxOVpqNmxBenR0NnozbFFF + ZDdBYllPSlVKeUt3Z3VWd2pyM2dpcjgKcaWnCGOtZkYIPwbX0haU3wK3BkGyzOtu + V3Huvk0TZVQfNVHUqdVtxKOXxl56P8Qn1d2onxiopkXZBeRjRYzZPQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1hchvlf3apn8g8jq2743pw53sd6v6ay6xu6lqk0qufrjeccan9vzsc7hdfq + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2ejFscERxWndHTDFqcGRz + VkwvcGR0VzczOFVOeklQQnhzdzAvZjRDSmw4CjRJaDRRSXFHVS9ERU4wd3RxTUlr + dEhmUThXSGRzWnYwWWxwdmkzbGxMZm8KLS0tIFk0NkFWbzVHVFFpU3NHNVl1dk5C + K0MxNDVEeHp0cnRWR3FvemliM05Cdk0KUpHyugjjbKBf3i67U8FBYFnL8Z0Htc5a + r+dHJEN1B+qrX0s7AH/MlQfI1GcjWZN/FTCtKoDvAjnlha3BVDQJnA== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-06-02T22:09:06Z" mac: ENC[AES256_GCM,data:cxJq4EMEMVEw0IUXNwtyQj4MaYIJ/Xo4OaY+3VLgIhYw6oBO9CmJxgLuXcSnGnr23oNE5OQF6ALv+vxF46D1pI0V1zhqKL6zMIs0DzPBwo7Arg166w5kGAT274jK7YWymeJ7fafWXYubLlGUthyVJS1BkvlqIhoe2BlTZ3bPyBs=,iv:Z2Uh9Oo4q/ce6DDLShs7JAX3XFNAVOGBmBPvRbGxaaU=,tag:6qZhZ4+tgtXl60b0Lx7Taw==,type:str] diff --git a/services/jellyfin/default.nix b/services/jellyfin/default.nix new file mode 100644 index 0000000..e2322de --- /dev/null +++ b/services/jellyfin/default.nix @@ -0,0 +1,32 @@ +{ pkgs, ... }: +{ + services.jellyfin = { + enable = true; + }; + + environment.systemPackages = with pkgs; [ + nfs-utils + ]; + + services.rpcbind.enable = true; + systemd.mounts = [ + { + type = "nfs"; + mountConfig = { + Options = "ro,soft,noatime"; + }; + what = "nas.home.2rjus.net:/mnt/hdd-pool/media"; + where = "/mnt/nas/media"; + } + ]; + + systemd.automounts = [ + { + wantedBy = [ "multi-user.target" ]; + automountConfig = { + TimeoutIdleSec = "5min"; + }; + where = "/mnt/nas/media"; + } + ]; +} diff --git a/services/monitoring/prometheus.nix b/services/monitoring/prometheus.nix index 0887081..88bffad 100644 --- a/services/monitoring/prometheus.nix +++ b/services/monitoring/prometheus.nix @@ -5,9 +5,8 @@ alertmanager = { enable = true; configuration = { - global = - { - }; + global = { + }; route = { receiver = "webhook_gunter"; group_wait = "30s"; @@ -171,6 +170,14 @@ } ]; } + { + job_name = "jellyfin"; + static_configs = [ + { + targets = [ "jelly01.home.2rjus.net:8096" ]; + } + ]; + } ]; }; } diff --git a/services/ns/zones-home-2rjus-net.conf b/services/ns/zones-home-2rjus-net.conf index 0a22fb4..d5a9763 100644 --- a/services/ns/zones-home-2rjus-net.conf +++ b/services/ns/zones-home-2rjus-net.conf @@ -1,7 +1,7 @@ $ORIGIN home.2rjus.net. $TTL 1800 @ IN SOA ns1.home.2rjus.net. admin.test.2rjus.net. ( - 2044 ; serial number + 2045 ; serial number 3600 ; refresh 900 ; retry 1209600 ; expire @@ -53,6 +53,11 @@ ns4 IN A 10.69.13.8 ha1 IN A 10.69.13.9 nixos-test1 IN A 10.69.13.10 http-proxy IN A 10.69.13.11 +ca IN A 10.69.13.12 +monitoring01 IN A 10.69.13.13 +jelly01 IN A 10.69.13.14 + +; http-proxy cnames nzbget IN CNAME http-proxy radarr IN CNAME http-proxy sonarr IN CNAME http-proxy @@ -61,8 +66,7 @@ z2m IN CNAME http-proxy grafana IN CNAME http-proxy prometheus IN CNAME http-proxy alertmanager IN CNAME http-proxy -ca IN A 10.69.13.12 -monitoring01 IN A 10.69.13.13 +jelly IN CNAME http-proxy ; 22_WLAN unifi-ctrl IN A 10.69.22.5