fix(mediabox): mediatomb

docs/network.adoc

@@ -52,5 +52,6 @@ hakurei::
 * ^TCP:^[.value]##80##, ^TCP:^[.value]##443##
 * ^TCP:^[.value]##636##
 * ^TCP:^[.value]##41022##, ^TCP:^[.value]##62954##
+* ^TCP:^[.value]##41324##
 * ^UDP:^[.value]##41641##
 * ^UDP:^[.value]##5353##

modules/nixos/plex.nix

@@ -0,0 +1,14 @@
+{
+  lib,
+  ...
+}: let
+  inherit (lib.options) mkOption;
+in {
+  options.services.plex = with lib.types; {
+    port = mkOption {
+      type = port;
+      default = 32400;
+      readOnly = true;
+    };
+  };
+}

nixos/access/plex.nix

@@ -5,8 +5,9 @@
 }: let
   inherit (lib.options) mkOption;
   inherit (lib.modules) mkIf mkDefault mkOptionDefault;
+  inherit (config.services) nginx;
   cfg = config.services.plex;
-  access = config.services.nginx.access.plex;
+  access = nginx.access.plex;
 in {
   options.services.nginx.access.plex = with lib.types; {
     url = mkOption {
@@ -20,10 +21,14 @@ in {
       type = str;
       default = "plex.local.${config.networking.domain}";
     };
+    externalPort = mkOption {
+      type = nullOr port;
+      default = null;
+    };
   };
   config.services.nginx = {
     access.plex = mkIf cfg.enable {
-      url = mkOptionDefault "http://localhost:32400";
+      url = mkOptionDefault "http://localhost:${toString cfg.port}";
     };
     virtualHosts = let
       extraConfig = ''
@@ -62,6 +67,19 @@ in {
         kTLS = mkDefault true;
         inherit extraConfig;
       };
+      plex-external = mkIf (access.externalPort != null) {
+        serverName = mkDefault access.domain;
+        default = mkDefault true;
+        listen = map (addr: {
+          inherit addr;
+          port = access.externalPort;
+        }) nginx.defaultListenAddresses;
+        locations."/" = location;
+        inherit extraConfig;
+      };
     };
   };
+  config.networking.firewall.allowedTCPPorts = mkIf (access.externalPort != null) [
+    access.externalPort
+  ];
 }

nixos/deluge.nix

@@ -3,8 +3,9 @@
   lib,
   ...
 }: let
-  inherit (lib.modules) mkIf mkAfter mkDefault;
+  inherit (lib.modules) mkIf mkMerge mkAfter mkDefault;
   inherit (lib.strings) hasPrefix removePrefix;
+  inherit (config.services) mediatomb;
   cfg = config.services.deluge;
 in {
   sops.secrets.deluge-auth = {
@@ -57,7 +58,12 @@ in {
     download
     (mkIf (completedDir != null && !hasCompletedSubdir) completed)
   ]);
-  users.users.deluge = mkIf cfg.enable {
+  users.users = mkIf cfg.enable (mkMerge [
-    extraGroups = [ "kyuuto" ];
+    {
-  };
+      deluge.extraGroups = [ "kyuuto" ];
+    }
+    (mkIf mediatomb.enable {
+      ${mediatomb.user}.extraGroups = [ cfg.group ];
+    })
+  ]);
 }

nixos/mediatomb.nix

@@ -1,12 +1,17 @@
 {
+  config,
   lib,
   ...
 }: let
-  inherit (lib.modules) mkDefault;
+  inherit (lib.modules) mkDefault mkIf;
+  cfg = config.services.mediatomb;
 in {
   config.services.mediatomb = {
     enable = mkDefault true;
     port = mkDefault 4152;
     uuid = mkDefault "082fd344-bf69-5b72-a68f-a5a4d88e76b2";
   };
+  config.users.users = mkIf cfg.enable {
+    ${cfg.user}.extraGroups = [ "kyuuto" ];
+  };
 }

nixos/plex.nix

@@ -21,7 +21,7 @@ in {
   # * 32410, 32412, 32413, 32414 - GDM Network Discovery
 
   networking.firewall.interfaces.local = {
-    allowedTCPPorts = [32400 8324 32469];
+    allowedTCPPorts = [cfg.port 8324 32469];
     allowedUDPPorts = [1900 32410 32412 32413 32414];
   };
 }

systems/hakurei/nixos.nix

@@ -139,7 +139,8 @@ in {
     inherit (config.services.nginx) access;
   in {
     access.plex = assert plex.enable; {
-      url = "http://${mediabox.networking.access.hostnameForNetwork.local}:32400";
+      url = "http://${mediabox.networking.access.hostnameForNetwork.local}:${toString plex.port}";
+      externalPort = 41324;
     };
     access.vouch = assert vouch-proxy.enable; {
       url = "http://${tei.networking.access.hostnameForNetwork.tail}:${toString vouch-proxy.settings.vouch.port}";

systems/mediabox/cloudflared.nix

@@ -1,5 +1,5 @@
 {config, ...}: let
-  inherit (config.services) deluge plex tautulli ombi sonarr radarr bazarr lidarr readarr prowlarr cloudflared;
+  inherit (config.services) deluge tautulli ombi sonarr radarr bazarr lidarr readarr prowlarr cloudflared;
 in {
   sops.secrets.cloudflare_mediabox_tunnel = {
     owner = cloudflared.user;

systems/mediabox/nixos.nix

@@ -8,7 +8,7 @@
   inherit (lib.modules) mkIf mkMerge;
   inherit (lib.attrsets) mapAttrs mapAttrsToList;
   inherit (lib.strings) removePrefix;
-  inherit (config.services) deluge plex tautulli ombi sonarr radarr bazarr lidarr readarr prowlarr cloudflared;
+  inherit (config.services) deluge plex;
   inherit (config) kyuuto;
   plexLibrary = {
     "/mnt/Anime".hostPath = kyuuto.libraryDir + "/anime";
@@ -48,10 +48,6 @@ in {
   services.mediatomb = {
     serverName = "tewi";
     mediaDirectories = let
-      mkLibraryDir = dir: {
-        path = kyuuto.libraryDir + "/${dir}";
-        mountPoint = kyuuto.libraryDir;
-      };
       libraryDir = {
         path = kyuuto.libraryDir;
         mountPoint = kyuuto.libraryDir;
@@ -61,10 +57,13 @@ in {
               removePrefix "${kyuuto.libraryDir}/" hostPath
           )
           plexLibrary
-          ++ ["tlmc" "music-raw"];
+          ++ [
+            "music/collections"
+            "music/raw"
+          ];
       };
     in
-      [libraryDir] ++ map mkLibraryDir ["tlmc" "music-raw" "lewd"];
+      [libraryDir];
   };
 
   hardware.opengl = {