{ config, pkgs, ... }: { imports = [ ./hardware-configuration.nix ../server.nix ]; nixpkgs.hostPlatform = "x86_64-linux"; boot = { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; zfs.extraPools = [ "library" ]; }; networking = { hostId = "d24ae953"; firewall = { enable = true; allowedTCPPorts = [ 22 # SSH ]; }; }; services.zfs = { autoScrub = { enable = true; pools = [ "library" ]; }; autoSnapshot = { enable = true; flags = "-k -p --utc"; frequent = 0; hourly = 0; daily = 7; monthly = 1; }; }; services.nfs.server = { enable = true; }; services.grafana = { enable = true; settings = { server = { domain = "library.mesh.vimium.net"; http_addr = "0.0.0.0"; http_port = 3000; }; }; }; services.prometheus = { enable = true; port = 9001; exporters = { node = { enable = true; enabledCollectors = [ "systemd" ]; port = 9002; }; zfs = { enable = true; port = 9003; }; }; scrapeConfigs = [ { job_name = "node"; static_configs = [ { targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" ]; } ]; } ]; }; systemd.services.vps1-tunnel = { enable = true; description = "vps1.mesh.vimium.net SSH tunnel"; after = [ "network-online.target" "jellyfin.service" ]; wants = [ "network-online.target" ]; serviceConfig = { Type = "simple"; ExecStart = pkgs.lib.mkForce '' ${pkgs.openssh}/bin/ssh \ -NT \ -o ExitOnForwardFailure=yes \ -o ServerAliveInterval=60 \ -o TCPKeepAlive=no \ -i %h/.ssh/id_jellyfin \ -R localhost:8000:localhost:8000 \ jellyfin@vps1.mesh.vimium.net ''; Restart = "always"; RestartSec = 20; }; wantedBy = [ "default.target" ]; }; services.nginx = let proxyConfig = '' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header Range $http_range; proxy_set_header If-Range $http_if_range; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; ''; in { enable = true; package = pkgs.openresty; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedTlsSettings = true; clientMaxBodySize = "2G"; virtualHosts = { "library.mesh.vimium.net" = { locations."/" = { root = "/mnt/library"; extraConfig = '' autoindex on; ''; }; }; "jellyfin.vimium.com" = { default = true; listen = [ { addr = "127.0.0.1"; port = 8000; } ]; locations."/" = { proxyPass = "http://localhost:8096"; extraConfig = proxyConfig; }; locations."/metrics" = { return = "404"; }; }; }; }; hardware.graphics = { enable = true; extraPackages = with pkgs; [ vaapiVdpau ]; }; users.users.jellyfin.extraGroups = [ "video" "render" ]; services.jellyfin = { enable = true; package = pkgs.unstable.jellyfin; cacheDir = "/var/cache/jellyfin"; dataDir = "/var/lib/jellyfin"; }; modules = { podman.enable = true; programs = { gpg.enable = true; }; shell = { zsh.enable = true; }; services = { borgmatic = { enable = true; directories = [ config.services.jellyfin.dataDir "/home/jordan" ]; repoPath = "ssh://b61758r4@b61758r4.repo.borgbase.com/./repo"; }; }; }; system.stateVersion = "22.11"; }