Jellyfin

2025-10-03 00:27:36 +00:00 · 2025-10-03 00:27:36 +00:00 · 82cd5fb545
commit 82cd5fb545
parent b8455c491b
2 changed files with 50 additions and 30 deletions
--- a/flake.lock
+++ b/flake.lock
@ -68,11 +68,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1758589230,
-        "narHash": "sha256-zMTCFGe8aVGTEr2RqUi/QzC1nOIQ0N1HRsbqB4f646k=",
+        "lastModified": 1759281824,
+        "narHash": "sha256-FIBE1qXv9TKvSNwst6FumyHwCRH3BlWDpfsnqRDCll0=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "d1d883129b193f0b495d75c148c2c3a7d95789a0",
+        "rev": "5b5be50345d4113d04ba58c444348849f5585b4a",
        "type": "github"
      },
      "original": {
--- a/services/site.nix
+++ b/services/site.nix
@ -5,8 +5,9 @@ let
    #!/usr/bin/env bash
    set -euo pipefail

-    HOSTED_ZONE_ID="Z09728753LLLNSYFXIBIM"  # Get from Route 53 console
-    DOMAIN=${domain}
+    HOSTED_ZONE_ID="Z09728753LLLNSYFXIBIM"
+    DOMAIN="${domain}"
+    SUBDOMAIN="jellyfin.${domain}"

    # Get current public IP
    CURRENT_IP=$(${pkgs.curl}/bin/curl -s https://ifconfig.me)
@ -17,30 +18,37 @@ let
      exit 1
    fi

-    # Get current DNS record
-    DNS_IP=$(${pkgs.dig}/bin/dig +short "$DOMAIN" @8.8.8.8 | tail -n1)
+    # Function to update a DNS record
+    update_record() {
+      local RECORD_NAME=$1
+      local DNS_IP=$(${pkgs.dig}/bin/dig +short "$RECORD_NAME" @8.8.8.8 | tail -n1)

-    if [ "$CURRENT_IP" != "$DNS_IP" ]; then
-      echo "[$(date)] IP changed: $DNS_IP -> $CURRENT_IP"
-      
-      ${pkgs.awscli2}/bin/aws route53 change-resource-record-sets \
-        --hosted-zone-id "$HOSTED_ZONE_ID" \
-        --change-batch "{
-          \"Changes\": [{
-            \"Action\": \"UPSERT\",
-            \"ResourceRecordSet\": {
-              \"Name\": \"$DOMAIN\",
-              \"Type\": \"A\",
-              \"TTL\": 300,
-              \"ResourceRecords\": [{\"Value\": \"$CURRENT_IP\"}]
-            }
-          }]
-        }"
-      
-      echo "[$(date)] DNS updated successfully to $CURRENT_IP"
-    else
-      echo "[$(date)] IP unchanged: $CURRENT_IP"
-    fi
+      if [ "$CURRENT_IP" != "$DNS_IP" ]; then
+        echo "[$(date)] $RECORD_NAME IP changed: $DNS_IP -> $CURRENT_IP"
+
+        ${pkgs.awscli2}/bin/aws route53 change-resource-record-sets \
+          --hosted-zone-id "$HOSTED_ZONE_ID" \
+          --change-batch "{
+            \"Changes\": [{
+              \"Action\": \"UPSERT\",
+              \"ResourceRecordSet\": {
+                \"Name\": \"$RECORD_NAME\",
+                \"Type\": \"A\",
+                \"TTL\": 300,
+                \"ResourceRecords\": [{\"Value\": \"$CURRENT_IP\"}]
+              }
+            }]
+          }"
+
+        echo "[$(date)] $RECORD_NAME DNS updated successfully to $CURRENT_IP"
+      else
+        echo "[$(date)] $RECORD_NAME IP unchanged: $CURRENT_IP"
+      fi
+    }
+
+    # Update both records
+    update_record "$DOMAIN"
+    update_record "$SUBDOMAIN"
  '';
 in {
  networking.firewall.allowedTCPPorts = [ 80 443 ];
@ -54,11 +62,23 @@ in {
    recommendedTlsSettings = true;

    virtualHosts."${domain}" = {
-      forceSSL = false;
-      enableACME = false;
+      forceSSL = true;
+      enableACME = true;

      root = "${inputs.thelenlucas.packages.${pkgs.system}.default}";
    };
+
+    virtualHosts."jellyfin.${domain}" = {
+      forceSSL = true;
+      enableACME = true;
+
+      locations."/" = { proxyPass = "http://localhost:8096"; };
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "thelenlucas@gmail.com";
  };

  environment.systemPackages = [ pkgs.awscli2 ];