From a1b1610256d6468a31403ac226f20f21bea08dd5 Mon Sep 17 00:00:00 2001 From: Chris Dombroski Date: Mon, 19 Aug 2024 16:41:12 -0400 Subject: [PATCH] jellyfin tailscale --- secrets/secret.yaml | 6 ++++-- systems/zeus/configuration.nix | 22 ++++++++++++++++------ 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/secrets/secret.yaml b/secrets/secret.yaml index 705086f..b7a8772 100644 --- a/secrets/secret.yaml +++ b/secrets/secret.yaml @@ -4,6 +4,8 @@ gmail: password: ENC[AES256_GCM,data:rCL2RzU1INRT5KOyl1JriQ==,iv:jhFDcNHgIJnZTBN9msECQWvy75IH1wO5IFAxqR4Ugng=,tag:cK+A4Os/9xchpNjpb2KAbQ==,type:str] nixremote: sshkey: ENC[AES256_GCM,data:6pAJWLYtor326Z9fuWSLGPg3FNW2blYAN/h+lL5MgOxkPC9i8yAcUfcnel2sZdX/9pcCAPF2xZvdfpqdsq5Yorc7fZqD1JnACp2rPgJxJ7yb/Rh0fsYaxx2g27AQFrFKluygoHynLTwwzIZcChdopsMUsdppQKGhxtIqlZ15bpwfoxnJAEGx5F2DhXQQ4RjuDLH6lwhP43wxZyhLnq8Kwlb2asn1snfWq2CuuB2rkGIIdyHPGtVuJ8JLmY2LqG9gIgtxy7PqRz041wgUxcFkKI8yDrgIuzDV/3XTglYRk4uASWSTfeaH7GyaYuwCTGE7RYPFZCLz8gHGkSdiVre/Ahjx/z3/Gwt6j5GVvfMis/7UiNdu8gIhXWRQwuXO+APRdelcxjViztg+YKj1cH91ORyy4ZDUsggRWhQEoH3xeoYJwWLG+PqbSm0QNzIF4eV9k8HUS6bpuu6qfyksKyPpe3NDs44lokPSY+8h8k6Ng5eK84n4f1jz0UGhergPhVcNHyTSK12tLoz/u6WLXo5JPwA1eZ5zylj40mCm,iv:kgf480Q2uBqgIQZ72mN/OKMwmUEZ0fYYdv6oufSJbYw=,tag:QkuR5slR2EhY3uDB1FLF9A==,type:str] +tailscale: + authkey: ENC[AES256_GCM,data:yzvwo6wt0KhUjq22eUSglh4lFPg4gIY5YCh7OnalPaw5u6tmiKa8Uc5Dxzw44vHlxCIW0WqM5yz5X64TlQ==,iv:i0IVCOCIFyMtUtOGjQlbCPxDw0pi3eptOHUhZRBMdys=,tag:bd+jgZpvf7jWO1g57rJz9A==,type:str] sops: kms: [] gcp_kms: [] @@ -46,8 +48,8 @@ sops: OFd1RTNYcGJGSXJOaFpnbjR6YzhjQzAKUZxz47g2MKCVTS1gGJ7p6XCubBu+/CUM IPQ9uBaW99BB9W9JuIih34/qMVxd/1EHDVk3IDiNB3F3bM8f2LL1yA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-05-11T15:37:59Z" - mac: ENC[AES256_GCM,data:FaV8fj4E0YmNRLu6IskpnZMVo5CRcLutZ8et6+b1nYSN5E8LaZCBAh+l0dDtShXob7MVdhUE+HJMSKbEH02ZpZgvCnU6eNCujtLreojg11RqG63vkp+6ZPRIqQ3TUOMJMgOVxT/Dv5lTxRQAG6u1HJGh47SNsl1Aap2ZHeQIcKg=,iv:0DIbkCllaEPI3dTbU99PG8k3j1twnH2i5LoNfLcJpew=,tag:t/pXkGjzohKc9z9NXp6wmQ==,type:str] + lastmodified: "2024-08-19T20:35:48Z" + mac: ENC[AES256_GCM,data:lOkE5d9A8qgtmLuk1XTw0OjUaEutUVRCTpkoBy5QG0gWCO23/GjT2ZD/igB4fYtiMsXg0JfpDDGZwX0Z/rT8E/orBQKSP9iIyp0Or+qJMSo128Ja6VlC9Z1amQryT6A4ZMA0PxtQs8gxbPDrNpoO2yI3QtEQ2+OXnaOVig42baY=,iv:JXRG6+HvdTh7MssRdNV+koAF2EOQU4RxVewUKUzURsI=,tag:ibMk9Wc/AGIN92hCBQhCYw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/systems/zeus/configuration.nix b/systems/zeus/configuration.nix index b5a7d21..6b59458 100644 --- a/systems/zeus/configuration.nix +++ b/systems/zeus/configuration.nix @@ -34,6 +34,12 @@ kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; }; + sops = { + secrets."tailscale/authkey" = {}; + templates."docker.env".content = '' + TAILSCALE_AUTHKEY=${config.sops.placeholder."tailscale/authkey"} + ''; + }; networking.hostName = "zeus"; # Define your hostname. networking.hostId = "9e95b576"; systemd.network.netdevs = { @@ -120,8 +126,16 @@ }; jellyfin = { image = "lscr.io/linuxserver/jellyfin:latest"; - volumes = [ "jellyfin-config:/config" "/video-data/media:/data/media" ]; - environment.TZ = "America/New_York"; + volumes = [ "jellyfin-config:/config" "/video-data/media:/data/media" "jellyfin-tailscale:/var/lib/tailscale"]; + environment = { + DOCKER_MODS="ghcr.io/tailscale-dev/docker-mod:main"; + TAILSCALE_STATE_DIR="/var/lib/tailscale"; + TAILSCALE_HOSTNAME="jellyfin"; + TAILSCALE_SERVE_PORT="8096"; + TAILSCALE_SERVE_MODE="http"; + TZ = "America/New_York"; + }; + environmentFiles = [ config.sops.templates."docker.env".path ]; labels.swag = "enable"; ports = [ "1900:1900/udp" "7359:7359/udp" ]; extraOptions = [ "--pull=newer" "--network=www" ]; @@ -288,10 +302,6 @@ }; services = { - tailscale = { - enable = true; - openFirewall = true; - }; samba = { enable = true; shares = {