services: add jellyfin, archivebox, custom dns

- `internal.thegeneralist01.com` and `archive.thegeneralist01.com` are not public. I have Split DNS enabled on them (in Tailscale), with the IP of the DNS server set to a private Tailscale IP of my home server; - CoreDNS (also on my home server) is used to resolve the two private domains' IPs to the home server itself; - nginx only listens to its machine's (home server's) Tailscale IP; - Therefore, all of it is hermetic!
2025-08-03 14:48:21 +02:00 · 2025-08-03 14:48:21 +02:00 · 572647d7c4
commit 572647d7c4
parent 8724801def
9 changed files with 194 additions and 11 deletions
--- a/hosts/thegeneralist-central/archive/default.nix
+++ b/hosts/thegeneralist-central/archive/default.nix
@ -0,0 +1,41 @@
+let
+  acmeDomain = "thegeneralist01.com";
+  domain = "archive.${acmeDomain}";
+
+  ssl = {
+    forceSSL = true;
+    quic = true;
+    useACMEHost = domain;
+  };
+in
+{
+  services.nginx.virtualHosts.${domain} = ssl // {
+    listen = [
+      {
+        addr = "100.86.129.23";
+        port = 443;
+        ssl = true;
+      }
+      {
+        addr = "100.86.129.23";
+        port = 80;
+      }
+    ];
+
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:8000";
+      recommendedProxySettings = true;
+      extraConfig = ''
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+
+        # tell nginx not to buffer the response. send it as it comes.
+        proxy_buffering off;
+
+        # give jellyfin plenty of time to transcode
+        proxy_read_timeout 3600s;
+        proxy_send_timeout 3600s;
+      '';
+    };
+  };
+}