nixos/modules/homelab/navidrome.nix

{
  config,
  lib,
  pkgsUnstable,
  ...
}:
lib.mkIf config.fireproof.homelab.enable (let
  domain = "navidrome.nickolaj.com";
in {
  age.secrets.navidrome-env.rekeyFile = ../../secrets/hosts/homelab/navidrome-env.age;

  services.restic.backups.homelab.paths = ["/var/lib/navidrome"];

  services.oauth2-proxy.nginx.virtualHosts."${domain}".allowed_groups = ["default"];

  services.nginx.virtualHosts."${domain}" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://localhost:4533/";
      proxyWebsockets = true;
      extraConfig = ''
        auth_request_set $email  $upstream_http_x_auth_request_email;
        proxy_set_header Remote-User $email;
      '';
    };
    locations."^~ /rest" = {
      proxyPass = "http://localhost:4533";
      proxyWebsockets = true;
      extraConfig = ''
        auth_request off;
      '';
    };
  };

  services.navidrome = {
    enable = true;
    package = pkgsUnstable.navidrome;
    user = "media";
    group = "media";
    environmentFile = config.age.secrets.navidrome-env.path;
    settings = {
      Address = "127.0.0.1";
      Port = 4533;
      MusicFolder = "/mnt/data/music";
      ScanSchedule = "@every 1m";
      LogLevel = "info";
      "ExtAuth.Enabled" = true;
      "ExtAuth.TrustedSources" = "127.0.0.1/32";
      "ExtAuth.UserHeader" = "Remote-User";
    };
  };

  systemd.tmpfiles.rules = [
    "d /mnt/data/music 0775 media media -"
    "Z /var/lib/navidrome 0750 media media -"
  ];
})
feat: add navidrome 2026-01-22 01:46:47 +01:00			`{`
			`config,`
			`lib,`
			`pkgsUnstable,`
			`...`
			`}:`
			`lib.mkIf config.fireproof.homelab.enable (let`
			`domain = "navidrome.nickolaj.com";`
			`in {`
			`age.secrets.navidrome-env.rekeyFile = ../../secrets/hosts/homelab/navidrome-env.age;`

			`services.restic.backups.homelab.paths = ["/var/lib/navidrome"];`

			`services.oauth2-proxy.nginx.virtualHosts."${domain}".allowed_groups = ["default"];`

			`services.nginx.virtualHosts."${domain}" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations."/" = {`
			`proxyPass = "http://localhost:4533/";`
			`proxyWebsockets = true;`
			`extraConfig = ''`
			`auth_request_set $email $upstream_http_x_auth_request_email;`
			`proxy_set_header Remote-User $email;`
			`'';`
			`};`
			`locations."^~ /rest" = {`
			`proxyPass = "http://localhost:4533";`
			`proxyWebsockets = true;`
			`extraConfig = ''`
			`auth_request off;`
			`'';`
			`};`
			`};`

			`services.navidrome = {`
			`enable = true;`
			`package = pkgsUnstable.navidrome;`
			`user = "media";`
			`group = "media";`
			`environmentFile = config.age.secrets.navidrome-env.path;`
			`settings = {`
			`Address = "127.0.0.1";`
			`Port = 4533;`
			`MusicFolder = "/mnt/data/music";`
			`ScanSchedule = "@every 1m";`
			`LogLevel = "info";`
			`"ExtAuth.Enabled" = true;`
			`"ExtAuth.TrustedSources" = "127.0.0.1/32";`
			`"ExtAuth.UserHeader" = "Remote-User";`
			`};`
			`};`

			`systemd.tmpfiles.rules = [`
			`"d /mnt/data/music 0775 media media -"`
			`"Z /var/lib/navidrome 0750 media media -"`
			`];`
			`})`