From 8a4b539ee21711aaf2be0ed574c25c5ddcffff48 Mon Sep 17 00:00:00 2001
From: Sridhar Ratnakumar <srid@srid.ca>
Date: Sat, 7 Dec 2024 16:57:41 -0500
Subject: [PATCH] home-media

---
 configurations/nixos/pureintent/default.nix   |  34 +-------
 .../nixos/pureintent/home-media.nix           |  75 ++++++++++++++++++
 secrets/pureintent-basic-auth.age             | Bin 0 -> 498 bytes
 secrets/secrets.nix                           |   1 +
 4 files changed, 77 insertions(+), 33 deletions(-)
 create mode 100644 configurations/nixos/pureintent/home-media.nix
 create mode 100644 secrets/pureintent-basic-auth.age

diff --git a/configurations/nixos/pureintent/default.nix b/configurations/nixos/pureintent/default.nix
index e2099fdf..762091cb 100644
--- a/configurations/nixos/pureintent/default.nix
+++ b/configurations/nixos/pureintent/default.nix
@@ -12,6 +12,7 @@ in
     self.nixosModules.default
     ./configuration.nix
     (self + /webapps/host.nix)
+    ./home-media.nix
   ];
 
   services.openssh.enable = true;
@@ -21,39 +22,6 @@ in
     package = pkgs.netdataCloud;
   };
 
-  services.jellyfin = {
-    enable = true;
-    openFirewall = true;
-  };
-  users.users.vinoth = {
-    isNormalUser = true;
-    extraGroups = [ "jellyfin" ];
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGQAoH/iaojJSIHZmPdxZH+CrI8lKqgWA3tMRFlGI41M vinoth.ratna.kumar@gmail.com"
-    ];
-  };
-  environment.systemPackages = with pkgs; [
-    yt-dlp
-    ffmpeg
-    aria2
-    tmux
-    zellij
-  ];
-  /*
-    services.transmission = {
-    enable = true;
-    group = "jellyfin";
-    openRPCPort = true;
-    settings = {
-      rpc-bind-address = "localhost";
-      rpc-whitelist-enabled = false; # ACL managed through Tailscale
-      rpc-host-whitelist = "pureintent pureintent.rooster-blues.ts.net";
-      download-dir = "/Self/Downloads";
-      trash-original-torrent-files = true;
-    };
-    };
-  */
-
   programs.nix-ld.enable = true; # for vscode server
 
   # Workaround the annoying `Failed to start Network Manager Wait Online` error on switch.
diff --git a/configurations/nixos/pureintent/home-media.nix b/configurations/nixos/pureintent/home-media.nix
new file mode 100644
index 00000000..45b855e6
--- /dev/null
+++ b/configurations/nixos/pureintent/home-media.nix
@@ -0,0 +1,75 @@
+{ flake, config, pkgs, ... }:
+
+let
+  inherit (flake) inputs;
+  inherit (inputs) self;
+in
+{
+  services.jellyfin = {
+    enable = true;
+    openFirewall = true;
+  };
+  environment.systemPackages = with pkgs; [
+    yt-dlp
+    ffmpeg
+    aria2
+    tmux
+    zellij
+  ];
+
+  /* Not using this
+    services.transmission = {
+    enable = true;
+    group = "jellyfin";
+    openRPCPort = true;
+    settings = {
+      rpc-bind-address = "localhost";
+      rpc-whitelist-enabled = false; # ACL managed through Tailscale
+      rpc-host-whitelist = "pureintent pureintent.rooster-blues.ts.net";
+      download-dir = "/Self/Downloads";
+      trash-original-torrent-files = true;
+    };
+    };
+  */
+
+  /* Disabled, because jellyfin has issues
+    age.secrets = {
+    "pureintent-basic-auth.age" = {
+      file = self + /secrets/pureintent-basic-auth.age;
+      owner = "nginx";
+    };
+    };
+    services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    # virtualHosts."pureintent.rooster-blues.ts.net" = {
+    virtualHosts = rec {
+      "pureintent.rooster-blues.ts.net" = pureintent;
+      "pureintent" = {
+        locations = {
+          # Return index.html with likns to other two sites
+          "/" = {
+            extraConfig = ''
+              default_type text/html;
+            '';
+            return = "200 '<ul style=\"font-size: 4em;\"><li><a href=\"/web\">Jellyfin</a> (Watch Movies)</li><li><a href=\"/transmission\">Transmission</a> (Torrent Download)</li></ul>'";
+          };
+          # Transmission
+          "/transmission" = {
+            proxyPass = "http://localhost:9091/transmission";
+            proxyWebsockets = true;
+            # transmission has no login page, so use basic auth
+            basicAuthFile = config.age.secrets."pureintent-basic-auth.age".path;
+          };
+          # Jellyfin
+          "/web" = {
+            proxyPass = "http://localhost:8096";
+            proxyWebsockets = true;
+          };
+        };
+      };
+    };
+    };
+  */
+}
diff --git a/secrets/pureintent-basic-auth.age b/secrets/pureintent-basic-auth.age
new file mode 100644
index 0000000000000000000000000000000000000000..1422b23d9e745eab730a5716c08c3b89cec16ed0
GIT binary patch
literal 498
zcmZ9_J&V&|003Z@TjC_>aH4l{uDK*{n>KNfOWU_?ntr8e(l&TVFNsO>oxVxabT}7(
zfZ!scgK)c|IJ@fN;2?s6a)&wz2MX$N;C{~^cxIMKn1Q~?qhuZiJK@42mo!G)#1XOy
z(*O)Zb2wKPCOrvXc@=BXPizwABTyjW0u75s#`hZ#h5fq3nQ~2y)w-)WE+(pZYb~w$
z5}fiS+l%$C&uO)}o=O5xGTH4^S-HxY5!Z6hZau}P77{LMOedT7!$Q5NhsFBJH-cKY
zB>BWh$qs6wDzFQ{_h{6Fm;zmStki_u_hFaik)V|ZxeY{`3dMPv76(DVfu!Qz0qof=
zoy87q;Se-sUo}?}rK~y)VdClod#y5ZI%ExhR+b%hDX%o3uxp6b+G%syZb=bEmeVOc
zjE$h@F^;S5lPbNR<#kl)LQiVXa~>lI0w=qiII<9B#R;<3!)ETpQ6%a)Nsa-?=%6=Y
zBEL_C)~JMCD_%dD{mmX9zWMQIkJ?IJAG|s``1$$xYDwGZ{`&Cg<J)hJdj8Q3C<mwK
zmQP+x?>%KM?)m>V%<ZGe$;(Laq|4vMU3dKa-Thk^wvX*EySJYmK70=@ZC?5PwXyZ!
F?tj?JutNX<

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 118870c6..c2e2e7a6 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -9,4 +9,5 @@ in
 {
   "hedgedoc.env.age".publicKeys = users ++ systems;
   "github-nix-ci/srid.token.age".publicKeys = users ++ systems;
+  "pureintent-basic-auth.age".publicKeys = users ++ systems;
 }