homelab/nixos/services/jellyfin-proxy.nix

{ config, pkgs, ... }: {
  imports = [
    ./nginx.nix
    (import ../acme/get-cert.nix { domain = "*.polsevev.dev"; })
  ];

  services.nginx.virtualHosts."jellyfin.polsevev.dev" = {
    http2 = true;
    extraConfig = ''
      client_max_body_size 20M;
      add_header X-Frame-Options "SAMEORIGIN";
      add_header X-Content-Type-Options "nosniff";
      add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always;
      add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";
    '';
    locations."/" = {
      proxyPass = "http://100.64.0.5:8096";
      recommendedProxySettings = true;
    };
    locations."/socket" = {
      proxyPass = "http://100.64.0.5:8096";
      proxyWebsockets = true;
      recommendedProxySettings = true;
    };
    useACMEHost = "wildcard.polsevev.dev";
    forceSSL = true;
  };
}
Move jellyfin proxy to nixos 2025-06-29 20:21:57 +02:00			`{ config, pkgs, ... }: {`
			`imports = [`
			`./nginx.nix`
			`(import ../acme/get-cert.nix { domain = "*.polsevev.dev"; })`
			`];`

			`services.nginx.virtualHosts."jellyfin.polsevev.dev" = {`
			`http2 = true;`
			`extraConfig = ''`
			`client_max_body_size 20M;`
			`add_header X-Frame-Options "SAMEORIGIN";`
			`add_header X-Content-Type-Options "nosniff";`
			`add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always;`
			`add_header Content-Security-Policy "default-src https: data: blob: ; img-src 'self' https://* ; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'";`
			`'';`
			`locations."/" = {`
			`proxyPass = "http://100.64.0.5:8096";`
			`recommendedProxySettings = true;`
			`};`
			`locations."/socket" = {`
			`proxyPass = "http://100.64.0.5:8096";`
			`proxyWebsockets = true;`
			`recommendedProxySettings = true;`
			`};`
			`useACMEHost = "wildcard.polsevev.dev";`
			`forceSSL = true;`
			`};`
			`}`