Services overhaul (remove all virtualhosts.nix, ...)

config/services/filehost/default.nix

@@ -0,0 +1,17 @@
+{ config, lib, pkgs, ... }:
+
+{
+  services.nginx.virtualHosts = {
+    "files.kittywit.ch" = {
+      root = "/var/www/files";
+      enableACME = true;
+      forceSSL = true;
+    };
+  };
+
+  deploy.tf.dns.records.kittywitch_files = {
+    tld = "kittywit.ch.";
+    domain = "files";
+    cname.target = "athame.kittywit.ch.";
+  };
+}

config/services/jellyfin/default.nix

@@ -0,0 +1,39 @@
+{ config, lib, pkgs, ... }:
+
+{
+  services.nginx.virtualHosts = {
+    "${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}".locations = {
+        "/jellyfin/".proxyPass = "http://[::1]:8096/jellyfin/";
+        "/jellyfin/socket" = {
+          proxyPass = "http://[::1]:8096/jellyfin/";
+          extraConfig = ''
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+          '';
+        };
+    };
+    ${config.kw.dns.ipv4}.locations = {
+        "/jellyfin/".proxyPass = "http://[::1]:8096/jellyfin/";
+        "/jellyfin/socket" = {
+          proxyPass = "http://[::1]:8096/jellyfin/";
+          extraConfig = ''
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+          '';
+        };
+    };
+  };
+
+  kw.fw = {
+    public.tcp.ranges = [{
+      from = 32768;
+      to = 60999;
+    }];
+    private.tcp.ranges = [{
+      from = 32768;
+      to = 60999;
+    }];
+  };
+
+  services.jellyfin.enable = true;
+}

config/services/kattv-ingest/default.nix

@@ -3,9 +3,27 @@
 with lib;
 
 {
-  kw.fw.public.tcp.ports = [ 4953 1935 ];
+  services.nginx.appendConfig = ''
+      rtmp {
+        server {
+          listen [::]:1935 ipv6only=off;
+          application stream {
+            live on;
+
+            allow publish all;
+            allow play all;
+          }
+        }
+      }
+  '';
+
+  kw.fw = {
+    private.tcp.ports = singleton 1935;
+    public.tcp.ports = [ 4953 1935 ];
+  };
 
   systemd.sockets.kattv = {
+    wantedBy = [ "sockets.target" ];
     listenStreams = [ "0.0.0.0:4953" ];
     socketConfig = {
       Accept = true;
@@ -17,7 +35,6 @@ with lib;
   systemd.services."kattv@" = {
     environment = pkgs.kat-tv-ingest.env;
     script = "exec ${pkgs.gst_all_1.gstreamer.dev}/bin/gst-launch-1.0 -e --no-position ${pkgs.lib.gst.pipelineShellString pkgs.kat-tv-ingest.pipeline}";
-    wantedBy = [ "multi-user.target" ];
     after = [ "nginx.service" ];
     description = "RTMP stream of kat cam";
     serviceConfig = {

config/services/kattv/default.nix

@@ -1,7 +1,6 @@
 { config, pkgs, lib, ... }:
 
 {
-
   services.udev.extraRules = ''
     KERNEL=="video[0-9]*", SUBSYSTEM=="video4linux", SUBSYSTEMS=="usb", ATTR{index}=="0", ATTRS{idVendor}=="045e", ATTRS{idProduct}=="0779", SYMLINK+="videomew", TAG+="systemd"
   '';

config/services/netdata/default.nix

@@ -9,8 +9,6 @@
     enable = true;
     virtualHosts = {
       "${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}" = {
-        useACMEHost = "${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}";
-        forceSSL = true;
         locations = { "/netdata" = { proxyPass = "http://[::1]:19999/"; }; };
       };
     };

config/services/nfs/default.nix

@@ -0,0 +1,22 @@
+{ config, ... }:
+
+{
+  kw.fw = {
+    private.tcp.ports = [ 111 2049 ];
+    public.tcp.ports = [ 111 2049 ];
+  };
+
+  services.nfs.server.enable = true;
+  services.nfs.server.exports = "/mnt/zraw/media 192.168.1.0/24(rw) 200::/7(rw) 2a00:23c7:c597:7400::/56(rw)";
+
+  services.nginx.virtualHosts = {
+    "${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}".locations."/" = {
+      alias = "/mnt/zraw/media/";
+      extraConfig = "autoindex on;";
+    };
+    ${config.kw.dns.ipv4}.locations."/" = {
+      alias = "/mnt/zraw/media/";
+      extraConfig = "autoindex on;";
+    };
+  };
+}

config/services/transmission/default.nix

@@ -0,0 +1,46 @@
+{ config, pkgs, ... }:
+
+{
+  services.nginx.virtualHosts = {
+    "${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}".locations."/transmission" = {
+      proxyPass = "http://[::1]:9091";
+      extraConfig = "proxy_pass_header  X-Transmission-Session-Id;";
+    };
+    ${config.kw.dns.ipv4}.locations."/transmission" = {
+      proxyPass = "http://[::1]:9091";
+      extraConfig = "proxy_pass_header  X-Transmission-Session-Id;";
+    };
+  };
+
+  services.transmission =
+    let
+      transmission-done-script = pkgs.writeScriptBin "script" ''
+        #!${pkgs.bash}/bin/bash
+        set -e
+        if [ "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME" != "/" ]; then
+           cd "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME"
+           if [ ! -z "*.rar" ]; then
+              ${pkgs.unrar}/bin/unrar x "*.rar"
+           fi
+           chmod ugo=rwX .
+        fi'';
+    in
+    {
+      enable = true;
+      home = "/mnt/zraw/transmission";
+      downloadDirPermissions = "777";
+      settings = {
+        download-dir = "/mnt/zraw/media/unsorted";
+        incomplete-dir = "/mnt/zraw/media/.incomplete";
+        incomplete-dir-enabled = true;
+        rpc-bind-address = "::";
+        rpc-whitelist-enabled = false;
+        rpc-host-whitelist-enabled = false;
+        script-torrent-done-enabled = true;
+        dht-enabled = true;
+        pex-enabled = true;
+        script-torrent-done-filename = "${transmission-done-script}/bin/script";
+        umask = 0;
+      };
+    };
+}

config/services/tvheadend/default.nix

@@ -9,11 +9,22 @@
     tcp.ports = [ 9981 9982 ];
   };
 
+  services.nginx.virtualHosts = {
+    "${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}".locations."/tvheadend" = {
+      proxyPass = "http://[::1]:9091";
+      extraConfig = "proxy_pass_header  X-Transmission-Session-Id;";
+    };
+    ${config.kw.dns.ipv4}.locations."/tvheadend" = {
+      proxyPass = "http://[::1]:9091";
+      extraConfig = "proxy_pass_header  X-Transmission-Session-Id;";
+    };
+  };
+
   systemd.services.tvheadend-kat = {
-      description = "Tvheadend TV streaming server";
-      wantedBy    = [ "multi-user.target" ];
-      after       = [ "network.target" ];
-      script   = ''
+    description = "Tvheadend TV streaming server";
+    wantedBy    = [ "multi-user.target" ];
+    after       = [ "network.target" ];
+    script   = ''
                       ${pkgs.tvheadend}/bin/tvheadend \
                       --http_root /tvheadend \
                       --http_port 9981 \
@@ -23,15 +34,15 @@
                       -p ${config.users.users.tvheadend.home}/tvheadend.pid \
                       -u tvheadend \
                       -g video
-                      '';
-      serviceConfig = {
-        Type         = "forking";
-        PIDFile      = "${config.users.users.tvheadend.home}/tvheadend.pid";
-        Restart      = "always";
-        RestartSec   = 5;
-        User         = "tvheadend";
-        Group        = "video";
-        ExecStop     = "${pkgs.coreutils}/bin/rm ${config.users.users.tvheadend.home}/tvheadend.pid";
-      };
+    '';
+    serviceConfig = {
+      Type         = "forking";
+      PIDFile      = "${config.users.users.tvheadend.home}/tvheadend.pid";
+      Restart      = "always";
+      RestartSec   = 5;
+      User         = "tvheadend";
+      Group        = "video";
+      ExecStop     = "${pkgs.coreutils}/bin/rm ${config.users.users.tvheadend.home}/tvheadend.pid";
     };
+  };
 }

config/services/website/default.nix

@@ -0,0 +1,11 @@
+{ config, lib, pkgs, ... }:
+
+{
+  services.nginx.virtualHosts = {
+    "${config.kw.dns.domain}" = {
+      root = pkgs.kat-website;
+      enableACME = true;
+      forceSSL = true;
+    };
+  };
+}