let rootDomain = "dylanblades.net"; hostDomain = rootDomain; in { networking.firewall.allowedTCPPorts = [ 80 443 ]; security.acme = { acceptTerms = true; defaults.email = "acme.evict519@simplelogin.com"; certs.${hostDomain}.extraDomainNames = ["jellyfin.${rootDomain}"]; }; services = { jellyfin.enable = true; nginx = { enable = true; virtualHosts = { ${hostDomain}.enableACME = true; "jellyfin.${rootDomain}" = { forceSSL = true; useACMEHost = hostDomain; locations = { "/" = { proxyPass = "http://localhost:8096"; extraConfig = '' client_max_body_size 20M; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Forwarded-Host $http_host; proxy_buffering off; ''; }; "/socket" = { proxyPass = "http://localhost:8096"; extraConfig = '' client_max_body_size 20M; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Forwarded-Host $http_host; ''; }; }; }; }; }; }; /* Required for an ephemeral system. environment.persistence."/persist" = { hideMounts = true; directories = [ { directory = "/var/lib/jellyfin"; user = "jellyfin"; group = "jellyfin"; mode = "u=rwx,g=rx,o="; } ]; }; */ }