From 3f3f90c3096425d05631a00ca68b4c76d0056f7a Mon Sep 17 00:00:00 2001
From: Sam <samual.shop@proton.me>
Date: Sun, 26 Jan 2025 11:48:34 +0000
Subject: [PATCH] create jellyfin nixos-container

---
 .../optional/nixos-containers/jellyfin.nix    | 111 ++++++++++++++++++
 vars/default.nix                              |   1 +
 2 files changed, 112 insertions(+)
 create mode 100644 hosts/common/optional/nixos-containers/jellyfin.nix

diff --git a/hosts/common/optional/nixos-containers/jellyfin.nix b/hosts/common/optional/nixos-containers/jellyfin.nix
new file mode 100644
index 0000000..f8cb673
--- /dev/null
+++ b/hosts/common/optional/nixos-containers/jellyfin.nix
@@ -0,0 +1,111 @@
+{
+  pkgs,
+  lib,
+  configVars,
+  ...
+}: let
+  containerName = "jellyfin";
+  containerIp = "10.0.10.44"; #configVars.networking.addresses.jellyfin.ip;
+
+  gatewayIp = configVars.networking.addresses.gateway.ip;
+  homeshareDataLocation = configVars.locations.homeshareDataLocation;
+  jellyfinContainerData = configVars.locations.jellyfinContainerData;
+  pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
+in {
+  networking.nat.enable = true;
+  networking.nat.internalInterfaces = ["ve-+"];
+  networking.nat.externalInterface = "br0";
+
+  environment.persistence."/persist" = {
+    hideMounts = true;
+    directories = [
+      "/var/lib/nixos-containers/${containerName}"
+    ];
+  };
+
+  containers."${containerName}" = {
+    autoStart = true;
+    privateNetwork = true;
+    hostBridge = "br0";
+    nixpkgs = pkgs.path;
+    allowedDevices = [
+      {
+        node = "/dev/nvidia0";
+        modifier = "rwm";
+      }
+      {
+        node = "/dev/nvidiactl";
+        modifier = "rwm";
+      }
+      {
+        node = "/dev/dri/card1";
+        modifier = "rwm";
+      }
+      {
+        node = "/dev/dri/renderD128";
+        modifier = "rwm";
+      }
+    ];
+    bindMounts = {
+      "/media/media" = {
+        hostPath = "${homeshareDataLocation}/media";
+        isReadOnly = true;
+      };
+      "/var/lib/jellyfin" = {
+        hostPath = "${jellyfinContainerData}";
+        isReadOnly = false;
+      };
+    };
+
+    config = {
+      pkgs,
+      lib,
+      ...
+    }: {
+      networking = {
+        defaultGateway = "${gatewayIp}";
+        interfaces.eth0.ipv4.addresses = [
+          {
+            "address" = "${containerIp}";
+            "prefixLength" = 24;
+          }
+        ];
+        firewall = {
+          enable = true;
+          allowedTCPPorts = [
+          ];
+        };
+        useHostResolvConf = lib.mkForce false;
+      };
+
+      services.resolved.enable = true;
+
+      imports = [
+      ];
+
+      environment.systemPackages = [
+        pkgs.vim
+        pkgs.git
+      ];
+
+      services.jellyfin = {
+        enable = true;
+        openFirewall = true;
+        user = "jellyfin";
+      };
+
+      services.openssh = {
+        enable = true;
+        settings.PasswordAuthentication = false;
+      };
+
+      users.users = {
+        root = {
+          openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
+        };
+      };
+
+      system.stateVersion = "24.05";
+    };
+  };
+}
diff --git a/vars/default.nix b/vars/default.nix
index ab16e35..f6973cc 100644
--- a/vars/default.nix
+++ b/vars/default.nix
@@ -19,6 +19,7 @@
     backupContainerData = "/mnt/deepzfs/backup";
     postgresContainerData = "/mnt/nvme-zpool/postgresql";
     semitamapsData = "/mnt/nvme-zpool/semitamaps-data";
+    jellyfinContainerData = "/mnt/main-ssd/jellyfin";
   };
 
 }