From a055ce553f4ec3928945b2d4cf7811ef220c356b Mon Sep 17 00:00:00 2001
From: kat witch <kat@kittywit.ch>
Date: Tue, 27 Apr 2021 22:28:40 +0100
Subject: [PATCH] hosts/samhain: Services split-up

---
 hosts/samhain/nixos/default.nix               |  5 +-
 hosts/samhain/nixos/jellyfin.nix              | 15 ++++++
 hosts/samhain/nixos/nfs.nix                   | 12 +++++
 hosts/samhain/nixos/transmission.nix          | 33 ++++++++++++
 .../{torrenting.nix => virtualhosts.nix}      | 52 ++++++-------------
 5 files changed, 79 insertions(+), 38 deletions(-)
 create mode 100644 hosts/samhain/nixos/jellyfin.nix
 create mode 100644 hosts/samhain/nixos/nfs.nix
 create mode 100644 hosts/samhain/nixos/transmission.nix
 rename hosts/samhain/nixos/{torrenting.nix => virtualhosts.nix} (53%)

diff --git a/hosts/samhain/nixos/default.nix b/hosts/samhain/nixos/default.nix
index d5cfb6df..bf596d15 100644
--- a/hosts/samhain/nixos/default.nix
+++ b/hosts/samhain/nixos/default.nix
@@ -17,7 +17,10 @@ in {
     ../../../services/nginx.nix
     ./thermal
     ./vm
-    ./torrenting.nix
+    ./nfs.nix
+    ./transmission.nix
+    ./jellyfin.nix
+    ./virtualhosts.nix
   ];
 
   deploy.target = "personal";
diff --git a/hosts/samhain/nixos/jellyfin.nix b/hosts/samhain/nixos/jellyfin.nix
new file mode 100644
index 00000000..83847c3d
--- /dev/null
+++ b/hosts/samhain/nixos/jellyfin.nix
@@ -0,0 +1,15 @@
+{ config, lib, pkgs, witch, ... }:
+
+{
+  katnet.public.tcp.ranges = [{
+    from = 32768;
+    to = 60999;
+  }];
+
+  katnet.private.tcp.ranges = [{
+    from = 32768;
+    to = 60999;
+  }];
+
+  services.jellyfin.enable = true;
+}
diff --git a/hosts/samhain/nixos/nfs.nix b/hosts/samhain/nixos/nfs.nix
new file mode 100644
index 00000000..66fcada1
--- /dev/null
+++ b/hosts/samhain/nixos/nfs.nix
@@ -0,0 +1,12 @@
+{ config, witch, lib, ... }:
+
+with lib;
+
+{
+  katnet.private.tcp.ports = [ 111 2049 ];
+  katnet.public.tcp.ports = [ 111 2049 ];
+
+  services.nfs.server.enable = true;
+  services.nfs.server.exports =
+    "/mnt/zraw/media 192.168.1.0/24(rw) 200::/7(rw) ${witch.secrets.unscoped.ipv6_prefix}(rw)";
+}
diff --git a/hosts/samhain/nixos/transmission.nix b/hosts/samhain/nixos/transmission.nix
new file mode 100644
index 00000000..d9647d14
--- /dev/null
+++ b/hosts/samhain/nixos/transmission.nix
@@ -0,0 +1,33 @@
+{ config, pkgs, ... }:
+
+{
+  services.transmission = let
+    transmission-done-script = pkgs.writeScriptBin "script" ''
+      #!${pkgs.bash}/bin/bash
+      set -e
+      if [ "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME" != "/" ]; then
+         cd "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME"
+         if [ ! -z "*.rar" ]; then
+            ${pkgs.unrar}/bin/unrar x "*.rar"
+         fi
+         chmod ugo=rwX .
+      fi'';
+  in {
+    enable = true;
+    home = "/mnt/zraw/transmission";
+    downloadDirPermissions = "777";
+    settings = {
+      download-dir = "/mnt/zraw/media/unsorted";
+      incomplete-dir = "/mnt/zraw/media/.incomplete";
+      incomplete-dir-enabled = true;
+      rpc-bind-address = "::";
+      rpc-whitelist-enabled = false;
+      rpc-host-whitelist-enabled = false;
+      script-torrent-done-enabled = true;
+      dht-enabled = true;
+      pex-enabled = true;
+      script-torrent-done-filename = "${transmission-done-script}/bin/script";
+      umask = 0;
+    };
+  };
+}
diff --git a/hosts/samhain/nixos/torrenting.nix b/hosts/samhain/nixos/virtualhosts.nix
similarity index 53%
rename from hosts/samhain/nixos/torrenting.nix
rename to hosts/samhain/nixos/virtualhosts.nix
index 5426f34d..cb225aff 100644
--- a/hosts/samhain/nixos/torrenting.nix
+++ b/hosts/samhain/nixos/virtualhosts.nix
@@ -1,42 +1,6 @@
-{ config, lib, pkgs, witch, ... }:
+{ config, ... }:
 
 {
-  services.transmission = let
-    transmission-done-script = pkgs.writeScriptBin "script" ''
-      #!${pkgs.bash}/bin/bash
-      set -e
-      if [ "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME" != "/" ]; then
-         cd "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME"
-         if [ ! -z "*.rar" ]; then
-            ${pkgs.unrar}/bin/unrar x "*.rar"
-         fi
-         chmod ugo=rwX .
-      fi'';
-  in {
-    enable = true;
-    home = "/mnt/zraw/transmission";
-    downloadDirPermissions = "777";
-    settings = {
-      download-dir = "/mnt/zraw/media/unsorted";
-      incomplete-dir = "/mnt/zraw/media/.incomplete";
-      incomplete-dir-enabled = true;
-      rpc-bind-address = "::";
-      rpc-whitelist-enabled = false;
-      rpc-host-whitelist-enabled = false;
-      script-torrent-done-enabled = true;
-      dht-enabled = true;
-      pex-enabled = true;
-      script-torrent-done-filename = "${transmission-done-script}/bin/script";
-      umask = 0;
-    };
-  };
-
-  services.nfs.server.enable = true;
-  services.nfs.server.exports =
-    "/mnt/zraw/media 192.168.1.0/24(rw) 200::/7(rw) ${witch.secrets.unscoped.ipv6_prefix}(rw)";
-
-  services.jellyfin.enable = true;
-
   services.nginx.virtualHosts = {
     "samhain.net.kittywit.ch" = {
       useACMEHost = "samhain.net.kittywit.ch";
@@ -84,4 +48,18 @@
       };
     };
   };
+
+  services.nginx.appendConfig = ''
+    rtmp {
+      server {
+        listen [::]:1935 ipv6only=off;
+        application kattv {
+          live on;
+
+          allow publish all;
+          allow play all;
+        }
+      }
+    }
+  '';
 }