jellyfin: fix webos

This commit is contained in:
emily 2024-12-25 20:22:44 +01:00
parent a4a7a3f444
commit 3d336e7922
Signed by: emily
GPG key ID: F6F4C66207FCF995
3 changed files with 28 additions and 5 deletions

View file

@ -2,8 +2,32 @@
services.jellyfin.enable = true; services.jellyfin.enable = true;
services.nginx.virtualHosts."watch.kyouma.net" = {
forceSSL = true;
http3 = true;
quic = true;
useACMEHost = "fentanyl.trade";
locations = {
"= /".return = "302 https://$host/web/";
"/" = {
proxyPass = "http://[::1]:8096";
recommendedProxySettings = true;
extraConfig = ''
proxy_buffering on;
'';
};
"= /web/" = {
proxyPass = "http://[::1]:8096";
recommendedProxySettings = true;
};
"/socket" = {
proxyPass = "http://[::1]:8096";
recommendedProxySettings = true;
proxyWebsockets = true;
};
};
};
kyouma.nginx.virtualHosts = { kyouma.nginx.virtualHosts = {
"watch.kyouma.net".redirectTo = "fentanyl.trade";
"fentanyl.trade" = { "fentanyl.trade" = {
serverAliases = lib.singleton "frotti.ng"; serverAliases = lib.singleton "frotti.ng";
locations = { locations = {

View file

@ -34,7 +34,6 @@ in {
add_header Strict-Transport-Security $hsts_header; add_header Strict-Transport-Security $hsts_header;
add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always; add_header X-XSS-Protection "1; mode=block" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "same-origin" always; add_header Referrer-Policy "same-origin" always;
add_header Alt-Svc 'h3=":443"; ma=7776000; persist=1, h2=":443"; ma=7776000; persist=1'; add_header Alt-Svc 'h3=":443"; ma=7776000; persist=1, h2=":443"; ma=7776000; persist=1';
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;

View file

@ -5,13 +5,13 @@
add_header Alt-Svc 'h3=":443"; ma=7776000; persist=1, h2=":443"; ma=7776000; persist=1'; add_header Alt-Svc 'h3=":443"; ma=7776000; persist=1, h2=":443"; ma=7776000; persist=1';
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "same-origin" always; add_header Referrer-Policy "same-origin" always;
''; '';
createHost = vhostName: vhostCfg: { createHost = vhostName: vhostCfg: {
extraConfig = lib.optionalString (vhostCfg ? "extraConfig") ( extraConfig = lib.optionalString (vhostCfg ? "extraConfig") (
vhostCfg.extraConfig + "\n" + extraConfig vhostCfg.extraConfig
) + lib.optionalString ( ) + lib.optionalString (
if (vhostCfg ? "verifyClientCert") then if (vhostCfg ? "verifyClientCert") then
vhostCfg.verifyClientCert vhostCfg.verifyClientCert
@ -20,7 +20,7 @@
ssl_client_certificate ${./kyouma_Root_CA.pem}; ssl_client_certificate ${./kyouma_Root_CA.pem};
ssl_verify_client on; ssl_verify_client on;
ssl_verify_depth 1; ssl_verify_depth 1;
''; '' + "\n" + extraConfig;
forceSSL = true; forceSSL = true;
} // } //
lib.optionalAttrs (!(vhostCfg ? "useACMEHost")) { lib.optionalAttrs (!(vhostCfg ? "useACMEHost")) {