# SPDX-FileCopyrightText: 2020 Luke Granger-Brown # # SPDX-License-Identifier: Apache-2.0 { depot, config, pkgs, lib, ... }: let cfg = config.my.plex; in { imports = [ ./content.nix ]; options.my.plex = { customTLS = { enable = lib.mkEnableOption "plex TLS issuance"; domain = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; }; }; }; config = lib.mkMerge [{ users.users.plex.extraGroups = [ "content" ]; services.plex = { enable = true; dataDir = "/store/plex"; openFirewall = true; package = depot.nix.pkgs.plex-pass; }; } (lib.mkIf (cfg.customTLS.enable) { users.groups.plexcert = {}; users.users.plex.extraGroups = lib.mkAfter [ "plexcert" ]; my.vault.acmeCertificates."${cfg.customTLS.domain}" = { group = "plexcert"; hostnames = [ cfg.customTLS.domain ]; reloadOrRestartUnits = [ "plex.service" ]; }; systemd.services.plex.serviceConfig.ExecStartPre = let certPath = "/var/lib/acme/${cfg.customTLS.domain}"; preStartScriptMkData = pkgs.writeScript "plex-pre-start-acme" '' #!${pkgs.bash}/bin/bash # From https://github.com/NixOS/nixpkgs/blob/ef176dcf7e76c3639571d7c6051246c8fbadf12a/nixos/modules/services/misc/plex.nix#L123-L131 # Create data directory if it doesn't exist if ! test -d "$PLEX_DATADIR"; then echo "Creating initial Plex data directory in: $PLEX_DATADIR" install -d -m 0755 -o "${config.services.plex.user}" -g "${config.services.plex.group}" "$PLEX_DATADIR" fi ''; preStartScriptP12 = pkgs.writeScript "plex-copy-cert-to-p12" '' #!${pkgs.bash}/bin/bash umask 0077 "${pkgs.openssl}/bin/openssl" pkcs12 -export \ -out "${config.services.plex.dataDir}/cert.p12" \ -in "${certPath}/fullchain.pem" \ -inkey "${certPath}/privkey.pem" \ -certfile "${certPath}/chain.pem" \ -passout pass:password ''; in lib.mkForce [ "!${preStartScriptMkData}" "${preStartScriptP12}" ]; })]; }