diff --git a/docs/network.adoc b/docs/network.adoc index 505b68d4..976ae878 100644 --- a/docs/network.adoc +++ b/docs/network.adoc @@ -52,5 +52,6 @@ hakurei:: * ^TCP:^[.value]##80##, ^TCP:^[.value]##443## * ^TCP:^[.value]##636## * ^TCP:^[.value]##41022##, ^TCP:^[.value]##62954## +* ^TCP:^[.value]##41324## * ^UDP:^[.value]##41641## * ^UDP:^[.value]##5353## diff --git a/modules/nixos/plex.nix b/modules/nixos/plex.nix new file mode 100644 index 00000000..b4866a62 --- /dev/null +++ b/modules/nixos/plex.nix @@ -0,0 +1,14 @@ +{ + lib, + ... +}: let + inherit (lib.options) mkOption; +in { + options.services.plex = with lib.types; { + port = mkOption { + type = port; + default = 32400; + readOnly = true; + }; + }; +} diff --git a/nixos/access/plex.nix b/nixos/access/plex.nix index 94dca347..11241278 100644 --- a/nixos/access/plex.nix +++ b/nixos/access/plex.nix @@ -5,8 +5,9 @@ }: let inherit (lib.options) mkOption; inherit (lib.modules) mkIf mkDefault mkOptionDefault; + inherit (config.services) nginx; cfg = config.services.plex; - access = config.services.nginx.access.plex; + access = nginx.access.plex; in { options.services.nginx.access.plex = with lib.types; { url = mkOption { @@ -20,10 +21,14 @@ in { type = str; default = "plex.local.${config.networking.domain}"; }; + externalPort = mkOption { + type = nullOr port; + default = null; + }; }; config.services.nginx = { access.plex = mkIf cfg.enable { - url = mkOptionDefault "http://localhost:32400"; + url = mkOptionDefault "http://localhost:${toString cfg.port}"; }; virtualHosts = let extraConfig = '' @@ -62,6 +67,19 @@ in { kTLS = mkDefault true; inherit extraConfig; }; + plex-external = mkIf (access.externalPort != null) { + serverName = mkDefault access.domain; + default = mkDefault true; + listen = map (addr: { + inherit addr; + port = access.externalPort; + }) nginx.defaultListenAddresses; + locations."/" = location; + inherit extraConfig; + }; }; }; + config.networking.firewall.allowedTCPPorts = mkIf (access.externalPort != null) [ + access.externalPort + ]; } diff --git a/nixos/deluge.nix b/nixos/deluge.nix index 51296bdd..0081486f 100644 --- a/nixos/deluge.nix +++ b/nixos/deluge.nix @@ -3,8 +3,9 @@ lib, ... }: let - inherit (lib.modules) mkIf mkAfter mkDefault; + inherit (lib.modules) mkIf mkMerge mkAfter mkDefault; inherit (lib.strings) hasPrefix removePrefix; + inherit (config.services) mediatomb; cfg = config.services.deluge; in { sops.secrets.deluge-auth = { @@ -57,7 +58,12 @@ in { download (mkIf (completedDir != null && !hasCompletedSubdir) completed) ]); - users.users.deluge = mkIf cfg.enable { - extraGroups = [ "kyuuto" ]; - }; + users.users = mkIf cfg.enable (mkMerge [ + { + deluge.extraGroups = [ "kyuuto" ]; + } + (mkIf mediatomb.enable { + ${mediatomb.user}.extraGroups = [ cfg.group ]; + }) + ]); } diff --git a/nixos/mediatomb.nix b/nixos/mediatomb.nix index a19f2765..634f0c9e 100644 --- a/nixos/mediatomb.nix +++ b/nixos/mediatomb.nix @@ -1,12 +1,17 @@ { + config, lib, ... }: let - inherit (lib.modules) mkDefault; + inherit (lib.modules) mkDefault mkIf; + cfg = config.services.mediatomb; in { config.services.mediatomb = { enable = mkDefault true; port = mkDefault 4152; uuid = mkDefault "082fd344-bf69-5b72-a68f-a5a4d88e76b2"; }; + config.users.users = mkIf cfg.enable { + ${cfg.user}.extraGroups = [ "kyuuto" ]; + }; } diff --git a/nixos/plex.nix b/nixos/plex.nix index 407b4a60..5d0a5ff4 100644 --- a/nixos/plex.nix +++ b/nixos/plex.nix @@ -21,7 +21,7 @@ in { # * 32410, 32412, 32413, 32414 - GDM Network Discovery networking.firewall.interfaces.local = { - allowedTCPPorts = [32400 8324 32469]; + allowedTCPPorts = [cfg.port 8324 32469]; allowedUDPPorts = [1900 32410 32412 32413 32414]; }; } diff --git a/systems/hakurei/nixos.nix b/systems/hakurei/nixos.nix index 6b7a12a9..cc65948d 100644 --- a/systems/hakurei/nixos.nix +++ b/systems/hakurei/nixos.nix @@ -139,7 +139,8 @@ in { inherit (config.services.nginx) access; in { access.plex = assert plex.enable; { - url = "http://${mediabox.networking.access.hostnameForNetwork.local}:32400"; + url = "http://${mediabox.networking.access.hostnameForNetwork.local}:${toString plex.port}"; + externalPort = 41324; }; access.vouch = assert vouch-proxy.enable; { url = "http://${tei.networking.access.hostnameForNetwork.tail}:${toString vouch-proxy.settings.vouch.port}"; diff --git a/systems/mediabox/cloudflared.nix b/systems/mediabox/cloudflared.nix index 27257dff..8b91fb8f 100644 --- a/systems/mediabox/cloudflared.nix +++ b/systems/mediabox/cloudflared.nix @@ -1,5 +1,5 @@ {config, ...}: let - inherit (config.services) deluge plex tautulli ombi sonarr radarr bazarr lidarr readarr prowlarr cloudflared; + inherit (config.services) deluge tautulli ombi sonarr radarr bazarr lidarr readarr prowlarr cloudflared; in { sops.secrets.cloudflare_mediabox_tunnel = { owner = cloudflared.user; diff --git a/systems/mediabox/nixos.nix b/systems/mediabox/nixos.nix index a0e4e419..fb84d0da 100644 --- a/systems/mediabox/nixos.nix +++ b/systems/mediabox/nixos.nix @@ -8,7 +8,7 @@ inherit (lib.modules) mkIf mkMerge; inherit (lib.attrsets) mapAttrs mapAttrsToList; inherit (lib.strings) removePrefix; - inherit (config.services) deluge plex tautulli ombi sonarr radarr bazarr lidarr readarr prowlarr cloudflared; + inherit (config.services) deluge plex; inherit (config) kyuuto; plexLibrary = { "/mnt/Anime".hostPath = kyuuto.libraryDir + "/anime"; @@ -48,10 +48,6 @@ in { services.mediatomb = { serverName = "tewi"; mediaDirectories = let - mkLibraryDir = dir: { - path = kyuuto.libraryDir + "/${dir}"; - mountPoint = kyuuto.libraryDir; - }; libraryDir = { path = kyuuto.libraryDir; mountPoint = kyuuto.libraryDir; @@ -61,10 +57,13 @@ in { removePrefix "${kyuuto.libraryDir}/" hostPath ) plexLibrary - ++ ["tlmc" "music-raw"]; + ++ [ + "music/collections" + "music/raw" + ]; }; in - [libraryDir] ++ map mkLibraryDir ["tlmc" "music-raw" "lewd"]; + [libraryDir]; }; hardware.opengl = {