mirror of
https://github.com/nickolaj-jepsen/nixos.git
synced 2026-01-22 08:06:50 +01:00
58 lines
1.5 KiB
Nix
58 lines
1.5 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgsUnstable,
|
|
...
|
|
}:
|
|
lib.mkIf config.fireproof.homelab.enable (let
|
|
domain = "navidrome.nickolaj.com";
|
|
in {
|
|
age.secrets.navidrome-env.rekeyFile = ../../secrets/hosts/homelab/navidrome-env.age;
|
|
|
|
services.restic.backups.homelab.paths = ["/var/lib/navidrome"];
|
|
|
|
services.oauth2-proxy.nginx.virtualHosts."${domain}".allowed_groups = ["default"];
|
|
|
|
services.nginx.virtualHosts."${domain}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
proxyPass = "http://localhost:4533/";
|
|
proxyWebsockets = true;
|
|
extraConfig = ''
|
|
auth_request_set $email $upstream_http_x_auth_request_email;
|
|
proxy_set_header Remote-User $email;
|
|
'';
|
|
};
|
|
locations."^~ /rest" = {
|
|
proxyPass = "http://localhost:4533";
|
|
proxyWebsockets = true;
|
|
extraConfig = ''
|
|
auth_request off;
|
|
'';
|
|
};
|
|
};
|
|
|
|
services.navidrome = {
|
|
enable = true;
|
|
package = pkgsUnstable.navidrome;
|
|
user = "media";
|
|
group = "media";
|
|
environmentFile = config.age.secrets.navidrome-env.path;
|
|
settings = {
|
|
Address = "127.0.0.1";
|
|
Port = 4533;
|
|
MusicFolder = "/mnt/data/music";
|
|
ScanSchedule = "@every 1m";
|
|
LogLevel = "info";
|
|
"ExtAuth.Enabled" = true;
|
|
"ExtAuth.TrustedSources" = "127.0.0.1/32";
|
|
"ExtAuth.UserHeader" = "Remote-User";
|
|
};
|
|
};
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"d /mnt/data/music 0775 media media -"
|
|
"Z /var/lib/navidrome 0750 media media -"
|
|
];
|
|
})
|