hosts/samhain: Services split-up

hosts/samhain/nixos/default.nix

@@ -17,7 +17,10 @@ in {
     ../../../services/nginx.nix
     ./thermal
     ./vm
-    ./torrenting.nix
+    ./nfs.nix
+    ./transmission.nix
+    ./jellyfin.nix
+    ./virtualhosts.nix
   ];
 
   deploy.target = "personal";

hosts/samhain/nixos/jellyfin.nix

@@ -0,0 +1,15 @@
+{ config, lib, pkgs, witch, ... }:
+
+{
+  katnet.public.tcp.ranges = [{
+    from = 32768;
+    to = 60999;
+  }];
+
+  katnet.private.tcp.ranges = [{
+    from = 32768;
+    to = 60999;
+  }];
+
+  services.jellyfin.enable = true;
+}

hosts/samhain/nixos/nfs.nix

@@ -0,0 +1,12 @@
+{ config, witch, lib, ... }:
+
+with lib;
+
+{
+  katnet.private.tcp.ports = [ 111 2049 ];
+  katnet.public.tcp.ports = [ 111 2049 ];
+
+  services.nfs.server.enable = true;
+  services.nfs.server.exports =
+    "/mnt/zraw/media 192.168.1.0/24(rw) 200::/7(rw) ${witch.secrets.unscoped.ipv6_prefix}(rw)";
+}

hosts/samhain/nixos/transmission.nix

@@ -0,0 +1,33 @@
+{ config, pkgs, ... }:
+
+{
+  services.transmission = let
+    transmission-done-script = pkgs.writeScriptBin "script" ''
+      #!${pkgs.bash}/bin/bash
+      set -e
+      if [ "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME" != "/" ]; then
+         cd "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME"
+         if [ ! -z "*.rar" ]; then
+            ${pkgs.unrar}/bin/unrar x "*.rar"
+         fi
+         chmod ugo=rwX .
+      fi'';
+  in {
+    enable = true;
+    home = "/mnt/zraw/transmission";
+    downloadDirPermissions = "777";
+    settings = {
+      download-dir = "/mnt/zraw/media/unsorted";
+      incomplete-dir = "/mnt/zraw/media/.incomplete";
+      incomplete-dir-enabled = true;
+      rpc-bind-address = "::";
+      rpc-whitelist-enabled = false;
+      rpc-host-whitelist-enabled = false;
+      script-torrent-done-enabled = true;
+      dht-enabled = true;
+      pex-enabled = true;
+      script-torrent-done-filename = "${transmission-done-script}/bin/script";
+      umask = 0;
+    };
+  };
+}

hosts/samhain/nixos/virtualhosts.nix

@@ -1,42 +1,6 @@
-{ config, lib, pkgs, witch, ... }:
+{ config, ... }:
 
 {
-  services.transmission = let
-    transmission-done-script = pkgs.writeScriptBin "script" ''
-      #!${pkgs.bash}/bin/bash
-      set -e
-      if [ "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME" != "/" ]; then
-         cd "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME"
-         if [ ! -z "*.rar" ]; then
-            ${pkgs.unrar}/bin/unrar x "*.rar"
-         fi
-         chmod ugo=rwX .
-      fi'';
-  in {
-    enable = true;
-    home = "/mnt/zraw/transmission";
-    downloadDirPermissions = "777";
-    settings = {
-      download-dir = "/mnt/zraw/media/unsorted";
-      incomplete-dir = "/mnt/zraw/media/.incomplete";
-      incomplete-dir-enabled = true;
-      rpc-bind-address = "::";
-      rpc-whitelist-enabled = false;
-      rpc-host-whitelist-enabled = false;
-      script-torrent-done-enabled = true;
-      dht-enabled = true;
-      pex-enabled = true;
-      script-torrent-done-filename = "${transmission-done-script}/bin/script";
-      umask = 0;
-    };
-  };
-
-  services.nfs.server.enable = true;
-  services.nfs.server.exports =
-    "/mnt/zraw/media 192.168.1.0/24(rw) 200::/7(rw) ${witch.secrets.unscoped.ipv6_prefix}(rw)";
-
-  services.jellyfin.enable = true;
-
   services.nginx.virtualHosts = {
     "samhain.net.kittywit.ch" = {
       useACMEHost = "samhain.net.kittywit.ch";
@@ -84,4 +48,18 @@
       };
     };
   };
+
+  services.nginx.appendConfig = ''
+    rtmp {
+      server {
+        listen [::]:1935 ipv6only=off;
+        application kattv {
+          live on;
+
+          allow publish all;
+          allow play all;
+        }
+      }
+    }
+  '';
 }