Jellyfin

flake.lock

@@ -68,11 +68,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1758589230,
+        "lastModified": 1759281824,
-        "narHash": "sha256-zMTCFGe8aVGTEr2RqUi/QzC1nOIQ0N1HRsbqB4f646k=",
+        "narHash": "sha256-FIBE1qXv9TKvSNwst6FumyHwCRH3BlWDpfsnqRDCll0=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "d1d883129b193f0b495d75c148c2c3a7d95789a0",
+        "rev": "5b5be50345d4113d04ba58c444348849f5585b4a",
         "type": "github"
       },
       "original": {

services/site.nix

@@ -5,8 +5,9 @@ let
     #!/usr/bin/env bash
     set -euo pipefail
 
-    HOSTED_ZONE_ID="Z09728753LLLNSYFXIBIM"  # Get from Route 53 console
+    HOSTED_ZONE_ID="Z09728753LLLNSYFXIBIM"
-    DOMAIN=${domain}
+    DOMAIN="${domain}"
+    SUBDOMAIN="jellyfin.${domain}"
 
     # Get current public IP
     CURRENT_IP=$(${pkgs.curl}/bin/curl -s https://ifconfig.me)
@@ -17,11 +18,13 @@ let
       exit 1
     fi
 
-    # Get current DNS record
+    # Function to update a DNS record
-    DNS_IP=$(${pkgs.dig}/bin/dig +short "$DOMAIN" @8.8.8.8 | tail -n1)
+    update_record() {
+      local RECORD_NAME=$1
+      local DNS_IP=$(${pkgs.dig}/bin/dig +short "$RECORD_NAME" @8.8.8.8 | tail -n1)
 
       if [ "$CURRENT_IP" != "$DNS_IP" ]; then
-      echo "[$(date)] IP changed: $DNS_IP -> $CURRENT_IP"
+        echo "[$(date)] $RECORD_NAME IP changed: $DNS_IP -> $CURRENT_IP"
 
         ${pkgs.awscli2}/bin/aws route53 change-resource-record-sets \
           --hosted-zone-id "$HOSTED_ZONE_ID" \
@@ -29,7 +32,7 @@ let
             \"Changes\": [{
               \"Action\": \"UPSERT\",
               \"ResourceRecordSet\": {
-              \"Name\": \"$DOMAIN\",
+                \"Name\": \"$RECORD_NAME\",
                 \"Type\": \"A\",
                 \"TTL\": 300,
                 \"ResourceRecords\": [{\"Value\": \"$CURRENT_IP\"}]
@@ -37,10 +40,15 @@ let
             }]
           }"
 
-      echo "[$(date)] DNS updated successfully to $CURRENT_IP"
+        echo "[$(date)] $RECORD_NAME DNS updated successfully to $CURRENT_IP"
       else
-      echo "[$(date)] IP unchanged: $CURRENT_IP"
+        echo "[$(date)] $RECORD_NAME IP unchanged: $CURRENT_IP"
       fi
+    }
+
+    # Update both records
+    update_record "$DOMAIN"
+    update_record "$SUBDOMAIN"
   '';
 in {
   networking.firewall.allowedTCPPorts = [ 80 443 ];
@@ -54,11 +62,23 @@ in {
     recommendedTlsSettings = true;
 
     virtualHosts."${domain}" = {
-      forceSSL = false;
+      forceSSL = true;
-      enableACME = false;
+      enableACME = true;
 
       root = "${inputs.thelenlucas.packages.${pkgs.system}.default}";
     };
+
+    virtualHosts."jellyfin.${domain}" = {
+      forceSSL = true;
+      enableACME = true;
+
+      locations."/" = { proxyPass = "http://localhost:8096"; };
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "thelenlucas@gmail.com";
   };
 
   environment.systemPackages = [ pkgs.awscli2 ];