services: add jellyfin, archivebox, custom dns

- `internal.thegeneralist01.com` and `archive.thegeneralist01.com` are not public. I have Split DNS enabled on them (in Tailscale), with the IP of the DNS server set to a private Tailscale IP of my home server; - CoreDNS (also on my home server) is used to resolve the two private domains' IPs to the home server itself; - nginx only listens to its machine's (home server's) Tailscale IP; - Therefore, all of it is hermetic!
2025-08-03 14:48:21 +02:00 · 2025-08-03 14:48:21 +02:00 · 572647d7c4
commit 572647d7c4
parent 8724801def
9 changed files with 194 additions and 11 deletions
--- a/hosts/thegeneralist-central/acme/default.nix
+++ b/hosts/thegeneralist-central/acme/default.nix
@ -5,16 +5,24 @@ in {

  security.acme = {
    defaults = {
-      # Options: https://go-acme.github.io/lego/dns/
+      # Options: https://go-acme.github.io/lego/dns/acme
      environmentFile = config.age.secrets.acmeEnvironment.path;
      email = "thegeneralist01@proton.me";
      dnsResolver = "1.1.1.1";
      dnsProvider = "cloudflare";
    };

-    certs.${domain} = {
-      extraDomainNames = [ "*.${domain}" ];
-      group = "acme";
+    certs = {
+      ${domain} = {
+        extraDomainNames = [ "*.${domain}" ];
+        group = "acme";
+      };
+      "internal.${domain}" = {
+        group = "acme";
+      };
+      "archive.${domain}" = {
+        group = "acme";
+      };
    };

    acceptTerms = true;