diff --git a/hosts/architect/jellyfin.nix b/hosts/architect/jellyfin.nix index f302f9d..b84ded5 100644 --- a/hosts/architect/jellyfin.nix +++ b/hosts/architect/jellyfin.nix @@ -17,25 +17,26 @@ in { nginx.virtualHosts.${domain} = { forceSSL = true; enableACME = true; + extraConfig = '' + # External Javascript (such as cast_sender.js for Chromecast) must be whitelisted. + add_header Content-Security-Policy "default-src https: data: blob: http://image.tmdb.org; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/eureka/clank/95/cast_sender.js https://www.gstatic.com/eureka/clank/96/cast_sender.js https://www.gstatic.com/eureka/clank/97/cast_sender.js https://www.youtube.com blob:; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'"; + # Disable buffering when the nginx proxy gets very resource heavy upon streaming + proxy_buffering off; + ''; + locations."/" = { proxyPass = "http://localhost:8096"; extraConfig = '' - # Disable buffering when the nginx proxy gets very resource heavy upon streaming - proxy_buffering off; - allow 10.0.0.0/24; allow 10.3.0.0/24; deny all; ''; }; - + locations."/socket" = { proxyPass = "http://localhost:8096"; proxyWebsockets = true; extraConfig = '' - # Disable buffering when the nginx proxy gets very resource heavy upon streaming - proxy_buffering off; - allow 10.0.0.0/24; allow 10.3.0.0/24; deny all;