fix(mediabox): mediatomb

2026-02-09 12:29:19 -08:00 · 2024-02-23 10:37:53 -08:00 · 2024-02-23 10:37:53 -08:00 · ef5306904c
commit ef5306904c
parent 1d038633ce
9 changed files with 61 additions and 17 deletions
--- a/docs/network.adoc
+++ b/docs/network.adoc
@ -52,5 +52,6 @@ hakurei::
 * ^TCP:^[.value]##80##, ^TCP:^[.value]##443##
 * ^TCP:^[.value]##636##
 * ^TCP:^[.value]##41022##, ^TCP:^[.value]##62954##
+* ^TCP:^[.value]##41324##
 * ^UDP:^[.value]##41641##
 * ^UDP:^[.value]##5353##
--- a/modules/nixos/plex.nix
+++ b/modules/nixos/plex.nix
@ -0,0 +1,14 @@
+{
+  lib,
+  ...
+}: let
+  inherit (lib.options) mkOption;
+in {
+  options.services.plex = with lib.types; {
+    port = mkOption {
+      type = port;
+      default = 32400;
+      readOnly = true;
+    };
+  };
+}
--- a/nixos/access/plex.nix
+++ b/nixos/access/plex.nix
@ -5,8 +5,9 @@
 }: let
  inherit (lib.options) mkOption;
  inherit (lib.modules) mkIf mkDefault mkOptionDefault;
+  inherit (config.services) nginx;
  cfg = config.services.plex;
-  access = config.services.nginx.access.plex;
+  access = nginx.access.plex;
 in {
  options.services.nginx.access.plex = with lib.types; {
    url = mkOption {
@ -20,10 +21,14 @@ in {
      type = str;
      default = "plex.local.${config.networking.domain}";
    };
+    externalPort = mkOption {
+      type = nullOr port;
+      default = null;
+    };
  };
  config.services.nginx = {
    access.plex = mkIf cfg.enable {
-      url = mkOptionDefault "http://localhost:32400";
+      url = mkOptionDefault "http://localhost:${toString cfg.port}";
    };
    virtualHosts = let
      extraConfig = ''
@ -62,6 +67,19 @@ in {
        kTLS = mkDefault true;
        inherit extraConfig;
      };
+      plex-external = mkIf (access.externalPort != null) {
+        serverName = mkDefault access.domain;
+        default = mkDefault true;
+        listen = map (addr: {
+          inherit addr;
+          port = access.externalPort;
+        }) nginx.defaultListenAddresses;
+        locations."/" = location;
+        inherit extraConfig;
      };
    };
+  };
+  config.networking.firewall.allowedTCPPorts = mkIf (access.externalPort != null) [
+    access.externalPort
+  ];
 }
--- a/nixos/deluge.nix
+++ b/nixos/deluge.nix
@ -3,8 +3,9 @@
  lib,
  ...
 }: let
-  inherit (lib.modules) mkIf mkAfter mkDefault;
+  inherit (lib.modules) mkIf mkMerge mkAfter mkDefault;
  inherit (lib.strings) hasPrefix removePrefix;
+  inherit (config.services) mediatomb;
  cfg = config.services.deluge;
 in {
  sops.secrets.deluge-auth = {
@ -57,7 +58,12 @@ in {
    download
    (mkIf (completedDir != null && !hasCompletedSubdir) completed)
  ]);
-  users.users.deluge = mkIf cfg.enable {
-    extraGroups = [ "kyuuto" ];
-  };
+  users.users = mkIf cfg.enable (mkMerge [
+    {
+      deluge.extraGroups = [ "kyuuto" ];
+    }
+    (mkIf mediatomb.enable {
+      ${mediatomb.user}.extraGroups = [ cfg.group ];
+    })
+  ]);
 }
--- a/nixos/mediatomb.nix
+++ b/nixos/mediatomb.nix
@ -1,12 +1,17 @@
 {
+  config,
  lib,
  ...
 }: let
-  inherit (lib.modules) mkDefault;
+  inherit (lib.modules) mkDefault mkIf;
+  cfg = config.services.mediatomb;
 in {
  config.services.mediatomb = {
    enable = mkDefault true;
    port = mkDefault 4152;
    uuid = mkDefault "082fd344-bf69-5b72-a68f-a5a4d88e76b2";
  };
+  config.users.users = mkIf cfg.enable {
+    ${cfg.user}.extraGroups = [ "kyuuto" ];
+  };
 }
--- a/nixos/plex.nix
+++ b/nixos/plex.nix
@ -21,7 +21,7 @@ in {
  # * 32410, 32412, 32413, 32414 - GDM Network Discovery

  networking.firewall.interfaces.local = {
-    allowedTCPPorts = [32400 8324 32469];
+    allowedTCPPorts = [cfg.port 8324 32469];
    allowedUDPPorts = [1900 32410 32412 32413 32414];
  };
 }
--- a/systems/hakurei/nixos.nix
+++ b/systems/hakurei/nixos.nix
@ -139,7 +139,8 @@ in {
    inherit (config.services.nginx) access;
  in {
    access.plex = assert plex.enable; {
-      url = "http://${mediabox.networking.access.hostnameForNetwork.local}:32400";
+      url = "http://${mediabox.networking.access.hostnameForNetwork.local}:${toString plex.port}";
+      externalPort = 41324;
    };
    access.vouch = assert vouch-proxy.enable; {
      url = "http://${tei.networking.access.hostnameForNetwork.tail}:${toString vouch-proxy.settings.vouch.port}";
--- a/systems/mediabox/cloudflared.nix
+++ b/systems/mediabox/cloudflared.nix
@ -1,5 +1,5 @@
 {config, ...}: let
-  inherit (config.services) deluge plex tautulli ombi sonarr radarr bazarr lidarr readarr prowlarr cloudflared;
+  inherit (config.services) deluge tautulli ombi sonarr radarr bazarr lidarr readarr prowlarr cloudflared;
 in {
  sops.secrets.cloudflare_mediabox_tunnel = {
    owner = cloudflared.user;
--- a/systems/mediabox/nixos.nix
+++ b/systems/mediabox/nixos.nix
@ -8,7 +8,7 @@
  inherit (lib.modules) mkIf mkMerge;
  inherit (lib.attrsets) mapAttrs mapAttrsToList;
  inherit (lib.strings) removePrefix;
-  inherit (config.services) deluge plex tautulli ombi sonarr radarr bazarr lidarr readarr prowlarr cloudflared;
+  inherit (config.services) deluge plex;
  inherit (config) kyuuto;
  plexLibrary = {
    "/mnt/Anime".hostPath = kyuuto.libraryDir + "/anime";
@ -48,10 +48,6 @@ in {
  services.mediatomb = {
    serverName = "tewi";
    mediaDirectories = let
-      mkLibraryDir = dir: {
-        path = kyuuto.libraryDir + "/${dir}";
-        mountPoint = kyuuto.libraryDir;
-      };
      libraryDir = {
        path = kyuuto.libraryDir;
        mountPoint = kyuuto.libraryDir;
@ -61,10 +57,13 @@ in {
              removePrefix "${kyuuto.libraryDir}/" hostPath
          )
          plexLibrary
-          ++ ["tlmc" "music-raw"];
+          ++ [
+            "music/collections"
+            "music/raw"
+          ];
      };
    in
-      [libraryDir] ++ map mkLibraryDir ["tlmc" "music-raw" "lewd"];
+      [libraryDir];
  };

  hardware.opengl = {